chore: Enable gosec G103 (#10474)

* Make YoloBuf non exported and suppress * mimirpb, advance to newer go utilities and suppress * Update to newer go constructs and suppress in s-g indexheader * modernize, avoid deprecated, suppress * enable rule
grafana · Jan 21, 2025 · 9261d7e · 9261d7e
1 parent 557830d
commit 9261d7e
Show file tree

Hide file tree

Showing 8 changed files with 20 additions and 46 deletions.
diff --git a/.golangci.yml b/.golangci.yml
@@ -65,6 +65,7 @@ linters-settings:
 
   gosec:
     includes:
+      - G103
       - G104
       - G108
       - G109

diff --git a/pkg/mimirpb/timeseries.go b/pkg/mimirpb/timeseries.go
@@ -416,7 +416,7 @@ func (bs *LabelAdapter) Unmarshal(dAtA []byte) error {
 }
 
 func yoloString(buf []byte) string {
-	return *((*string)(unsafe.Pointer(&buf)))
+	return unsafe.String(unsafe.SliceData(buf), len(buf)) // nolint:gosec
 }
 
 // Size implements proto.Sizer.
@@ -673,7 +673,7 @@ func copyToYoloLabels(buf []byte, dst, src []LabelAdapter) ([]LabelAdapter, []by
 // It requires that the buffer has a capacity which is greater than or equal to the length of the source string.
 func copyToYoloString(buf []byte, src string) (string, []byte) {
 	buf = buf[:len(src)]
-	copy(buf, *((*[]byte)(unsafe.Pointer(&src))))
+	copy(buf, unsafe.Slice(unsafe.StringData(src), len(src))) // nolint:gosec
 	return yoloString(buf), buf[len(buf):]
 }
 

diff --git a/pkg/storegateway/indexcache/cache.go b/pkg/storegateway/indexcache/cache.go
@@ -8,7 +8,6 @@ package indexcache
 import (
 	"context"
 	"encoding/base64"
-	"reflect"
 	"sort"
 	"strings"
 	"time"
@@ -157,16 +156,8 @@ const bytesPerPosting = int(unsafe.Sizeof(storage.SeriesRef(0)))
 // unsafeCastPostingsToBytes returns the postings as a slice of bytes with minimal allocations.
 // It casts the memory region of the underlying array to a slice of bytes. The resulting byte slice is only valid as long as the postings slice exists and is unmodified.
 func unsafeCastPostingsToBytes(postings []storage.SeriesRef) []byte {
-	byteSlice := make([]byte, 0)
-	// Ignore deprecation warning for now
-	//nolint:staticcheck
-	slicePtr := (*reflect.SliceHeader)(unsafe.Pointer(&byteSlice))
-	// Ignore deprecation warning for now
-	//nolint:staticcheck
-	slicePtr.Data = (*reflect.SliceHeader)(unsafe.Pointer(&postings)).Data
-	slicePtr.Len = len(postings) * bytesPerPosting
-	slicePtr.Cap = slicePtr.Len
-	return byteSlice
+	underlying := unsafe.Pointer(unsafe.SliceData(postings))                //nolint:gosec
+	return unsafe.Slice((*byte)(underlying), len(postings)*bytesPerPosting) //nolint:gosec
 }
 
 // LabelMatchersKey represents a canonical key for a []*matchers.Matchers slice

diff --git a/pkg/storegateway/indexheader/index/symbols.go b/pkg/storegateway/indexheader/index/symbols.go
@@ -351,5 +351,5 @@ func (r *SymbolsTableReaderV2) Read(o uint32) (string, error) {
 }
 
 func yoloString(b []byte) string {
-	return *((*string)(unsafe.Pointer(&b)))
+	return unsafe.String(unsafe.SliceData(b), len(b)) // nolint:gosec
 }
diff --git a/pkg/util/shard.go b/pkg/util/shard.go
@@ -9,6 +9,7 @@ import (
 	"crypto/md5"
 	"encoding/binary"
 	"math"
+	"unsafe"
 )
 
 const (
@@ -25,10 +26,10 @@ var (
 func ShuffleShardSeed(identifier, zone string) int64 {
 	// Use the identifier to compute an hash we'll use to seed the random.
 	hasher := md5.New()               //nolint:gosec
-	hasher.Write(YoloBuf(identifier)) // nolint:errcheck
+	hasher.Write(yoloBuf(identifier)) // nolint:errcheck
 	if zone != "" {
 		hasher.Write(seedSeparator) // nolint:errcheck
-		hasher.Write(YoloBuf(zone)) // nolint:errcheck
+		hasher.Write(yoloBuf(zone)) // nolint:errcheck
 	}
 	checksum := hasher.Sum(nil)
 
@@ -48,3 +49,7 @@ func ShuffleShardExpectedInstancesPerZone(shardSize, numZones int) int {
 func ShuffleShardExpectedInstances(shardSize, numZones int) int {
 	return ShuffleShardExpectedInstancesPerZone(shardSize, numZones) * numZones
 }
+
+func yoloBuf(s string) []byte {
+	return unsafe.Slice(unsafe.StringData(s), len(s)) // nolint:gosec
+}
diff --git a/pkg/util/shard_test.go b/pkg/util/shard_test.go
@@ -9,6 +9,7 @@ import (
 	"testing"
 
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 func TestShuffleShardExpectedInstancesPerZone(t *testing.T) {
@@ -86,3 +87,9 @@ func TestShuffleShardExpectedInstances(t *testing.T) {
 		assert.Equal(t, test.expected, ShuffleShardExpectedInstances(test.shardSize, test.numZones))
 	}
 }
+
+func TestYoloBuf(t *testing.T) {
+	s := yoloBuf("hello world")
+
+	require.Equal(t, []byte("hello world"), s)
+}
diff --git a/pkg/util/yolo.go b/pkg/util/yolo.go
diff --git a/pkg/util/yolo_test.go b/pkg/util/yolo_test.go
-Original file line number
+Diff line change
@@ Expand Up / @@ -65,6 +65,7 @@ linters-settings: @@
       gosec:
         includes:
+          - G103
           - G104
           - G108
           - G109
@@ Expand Down @@