GitList

Browse code

linting: suppress false positive for G404 (gosec)

The linter falsely detects this as using "math/rand":

libnetwork/networkdb/cluster.go:721:14: G404: Use of weak random number generator (math/rand instead of crypto/rand) (gosec)
val, err := rand.Int(rand.Reader, big.NewInt(int64(n)))
^

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

Sebastiaan van Stijn authored on 2022/09/04 21:07:32
Showing 1 changed files

libnetwork/networkdb/cluster.go index 49b62fa..879ff52 100644

libnetwork/networkdb/cluster.go

History View file @ 561a010

@@ -718,7 +718,7 @@ func randomOffset(n int) int {
                      		return 0
+                     	}
                     -	val, err := rand.Int(rand.Reader, big.NewInt(int64(n)))
                     +	val, err := rand.Int(rand.Reader, big.NewInt(int64(n))) // #nosec G404 -- False positive; see https://github.com/securego/gosec/issues/862
                      	if err != nil {
                      		logrus.Errorf("Failed to get a random offset: %v", err)
                      		return 0