From 38b0fa6b53c272ef97c921d16beb0b9497bbcf90 Mon Sep 17 00:00:00 2001 From: Christopher Swenson Date: Thu, 19 May 2022 12:27:02 -0700 Subject: [PATCH] Remove spurious fmt.Printf calls including one of a key (#15344) And add a semgrep for fmt.Printf/Println. --- api/auth/azure/azure.go | 1 - builtin/credential/aws/pkcs7/decrypt.go | 1 - builtin/credential/aws/pkcs7/verify_test_dsa.go | 3 +-- builtin/logical/rabbitmq/path_role_create.go | 1 - command/server/config_test_helpers.go | 1 - helper/dhutil/dhutil.go | 2 -- tools/semgrep/ci/fmt-printf.yml | 16 ++++++++++++++++ 7 files changed, 17 insertions(+), 8 deletions(-) create mode 100644 tools/semgrep/ci/fmt-printf.yml diff --git a/api/auth/azure/azure.go b/api/auth/azure/azure.go index 370ec573dd..a09d15a147 100644 --- a/api/auth/azure/azure.go +++ b/api/auth/azure/azure.go @@ -198,7 +198,6 @@ func (a *AzureAuth) getJWT() (string, error) { func getMetadata() (metadataJSON, error) { metadataEndpoint, err := url.Parse(fmt.Sprintf("%s/metadata/instance", metadataEndpoint)) if err != nil { - fmt.Println("Error creating URL: ", err) return metadataJSON{}, err } diff --git a/builtin/credential/aws/pkcs7/decrypt.go b/builtin/credential/aws/pkcs7/decrypt.go index 0d088d6287..acedb1ec92 100644 --- a/builtin/credential/aws/pkcs7/decrypt.go +++ b/builtin/credential/aws/pkcs7/decrypt.go @@ -60,7 +60,6 @@ func (eci encryptedContentInfo) decrypt(key []byte) ([]byte, error) { !alg.Equal(OIDEncryptionAlgorithmAES128CBC) && !alg.Equal(OIDEncryptionAlgorithmAES128GCM) && !alg.Equal(OIDEncryptionAlgorithmAES256GCM) { - fmt.Printf("Unsupported Content Encryption Algorithm: %s\n", alg) return nil, ErrUnsupportedAlgorithm } diff --git a/builtin/credential/aws/pkcs7/verify_test_dsa.go b/builtin/credential/aws/pkcs7/verify_test_dsa.go index 8a365f8acb..857ea4dbf1 100644 --- a/builtin/credential/aws/pkcs7/verify_test_dsa.go +++ b/builtin/credential/aws/pkcs7/verify_test_dsa.go @@ -5,7 +5,6 @@ package pkcs7 import ( "crypto/x509" "encoding/pem" - "fmt" "io/ioutil" "os" "os/exec" @@ -108,7 +107,7 @@ but that's not what ships are built for. if err != nil { t.Fatal(err) } - fmt.Printf("%s\n", pemSignature) + t.Logf("%s\n", pemSignature) derBlock, _ := pem.Decode(pemSignature) if derBlock == nil { t.Fatalf("failed to read DER block from signature PEM %s", tmpSignedFile.Name()) diff --git a/builtin/logical/rabbitmq/path_role_create.go b/builtin/logical/rabbitmq/path_role_create.go index 366e5638a3..5ad1ff6bdf 100644 --- a/builtin/logical/rabbitmq/path_role_create.go +++ b/builtin/logical/rabbitmq/path_role_create.go @@ -74,7 +74,6 @@ func (b *backend) pathCredsRead(ctx context.Context, req *logical.Request, d *fr if err != nil { return nil, fmt.Errorf("failed to generate username: %w", err) } - fmt.Printf("username: %s\n", username) password, err := b.generatePassword(ctx, config.PasswordPolicy) if err != nil { diff --git a/command/server/config_test_helpers.go b/command/server/config_test_helpers.go index 27921c70ca..4cde9b1156 100644 --- a/command/server/config_test_helpers.go +++ b/command/server/config_test_helpers.go @@ -320,7 +320,6 @@ func testParseEntropy(t *testing.T, oss bool) { case err != test.outErr: t.Fatalf("error mismatch: expected %#v got %#v", err, test.outErr) case err == nil && config.Entropy != nil && *config.Entropy != test.outEntropy: - fmt.Printf("\n config.Entropy: %#v", config.Entropy) t.Fatalf("entropy config mismatch: expected %#v got %#v", test.outEntropy, *config.Entropy) } } diff --git a/helper/dhutil/dhutil.go b/helper/dhutil/dhutil.go index a86314c200..a0ddde25bd 100644 --- a/helper/dhutil/dhutil.go +++ b/helper/dhutil/dhutil.go @@ -6,7 +6,6 @@ import ( "crypto/cipher" "crypto/rand" "crypto/sha256" - "encoding/hex" "errors" "fmt" "io" @@ -90,7 +89,6 @@ func DeriveSharedKey(secret, ourPublic, theirPublic []byte) ([]byte, error) { if n != 32 { return nil, errors.New("short read from hkdf") } - fmt.Printf("Key: %s\n", hex.EncodeToString(key[:])) return key[:], nil } diff --git a/tools/semgrep/ci/fmt-printf.yml b/tools/semgrep/ci/fmt-printf.yml new file mode 100644 index 0000000000..18777cabef --- /dev/null +++ b/tools/semgrep/ci/fmt-printf.yml @@ -0,0 +1,16 @@ +rules: + - id: fmt.Printf + languages: [go] + message: fmt.Printf/Println is forbidden outside of cmd and test files + patterns: + - pattern-either: + - pattern: fmt.Printf + - pattern: fmt.Println + severity: ERROR + paths: + exclude: + - "*_test.go" + - "cmd/*.go" + - "cmd/**/*.go" + - sdk/database/dbplugin/server.go # effectively a cmd + - sdk/database/dbplugin/v5/plugin_server.go # effectively a cmd