feat: warn about the use of weak PRNGs (#254)

* feat: warn about the use of weak PRNGs * ci(test): allow access to sum.golang.org
favonia · Nov 11, 2022 · ae2c866 · ae2c866
1 parent c43c4dc
commit ae2c866
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 3 deletions.
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
@@ -21,6 +21,7 @@ jobs:
             github.com:443
             proxy.golang.org:443
             storage.googleapis.com:443
+            sum.golang.org:443
             uploader.codecov.io:443
 
       - uses: actions/cache@1c73980b09e7aea7201f325a7aa3ad00beddcdda

diff --git a/internal/provider/dns.go b/internal/provider/dns.go
@@ -19,10 +19,11 @@ import (
 // randUint16 generates a random uint16, possibly not cryptographically secure.
 //
 //nolint:gosec
-func randUint16() uint16 {
+func randUint16(ppfmt pp.PP) uint16 {
 	buf := make([]byte, binary.Size(uint16(0)))
 	if _, err := rand.Read(buf); err != nil {
-		// DoH + a weak PRNG should be secure enough
+		ppfmt.Warningf(pp.EmojiWarning, "Failed to access a cryptographically secure random number generator")
+		// We couldn't access the strong PRNG, but DoH + a weak PRNG should be secure enough
 		return uint16(mathrand.Uint32())
 	}
 
@@ -141,7 +142,7 @@ func getIPFromDNS(ctx context.Context, ppfmt pp.PP,
 	var invalidIP netip.Addr
 
 	// message ID for the DNS payloads
-	id := randUint16()
+	id := randUint16(ppfmt)
 
 	q, ok := newDNSQuery(ppfmt, id, name, class)
 	if !ok {