sendnrw/netbird
2
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2026-04-18 08:16:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix gosec and staticcheck lint errors from proto deprecation

Browse Source
This commit is contained in:
Viktor Liu
2026-03-19 13:36:29 +01:00
parent e916e0d7fa
commit 01c4d5761d
5 changed files with 10 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
client/internal/acl/manager.go
View File

@@ -216,6 +216,7 @@ func (d *DefaultManager) protoRuleToFirewallRule(
r *mgmProto.FirewallRule, r *mgmProto.FirewallRule,
ipsetName string, ipsetName string,
) (id.RuleID, []firewall.Rule, error) { ) (id.RuleID, []firewall.Rule, error) {
//nolint:staticcheck // PeerIP used for backward compatibility with old management
ip := net.ParseIP(r.PeerIP) ip := net.ParseIP(r.PeerIP)
if ip == nil { if ip == nil {
return "", nil, fmt.Errorf("invalid IP address, skipping firewall rule") return "", nil, fmt.Errorf("invalid IP address, skipping firewall rule")

3
client/internal/debug/debug.go
View File

@@ -1231,8 +1231,9 @@ func anonymizeFirewallRule(rule *mgmProto.FirewallRule, anonymizer *anonymize.An
return return
} }
//nolint:staticcheck // PeerIP used for backward compatibility
if addr, err := netip.ParseAddr(rule.PeerIP); err == nil { if addr, err := netip.ParseAddr(rule.PeerIP); err == nil {
rule.PeerIP = anonymizer.AnonymizeIP(addr).String() rule.PeerIP = anonymizer.AnonymizeIP(addr).String() //nolint:staticcheck
} }
} }

3
management/internals/shared/grpc/conversion.go
View File

@@ -284,7 +284,8 @@ func toProtocolFirewallRules(rules []*types.FirewallRule) []*proto.FirewallRule
fwRule := &proto.FirewallRule{ fwRule := &proto.FirewallRule{
PolicyID: []byte(rule.PolicyID), PolicyID: []byte(rule.PolicyID),
PeerIP: rule.PeerIP, PeerIP: rule.PeerIP, //nolint:staticcheck // populated for backward compatibility
Direction: getProtoDirection(rule.Direction), Direction: getProtoDirection(rule.Direction),
Action: getProtoAction(rule.Action), Action: getProtoAction(rule.Action),
Protocol: getProtoProtocol(rule.Protocol), Protocol: getProtoProtocol(rule.Protocol),

1
management/server/peer_test.go
View File

@@ -1252,6 +1252,7 @@ func TestToSyncResponse(t *testing.T) {
assert.Equal(t, int64(53), response.NetworkMap.DNSConfig.NameServerGroups[0].NameServers[0].GetPort()) assert.Equal(t, int64(53), response.NetworkMap.DNSConfig.NameServerGroups[0].NameServers[0].GetPort())
// assert network map Firewall // assert network map Firewall
assert.Equal(t, 1, len(response.NetworkMap.FirewallRules)) assert.Equal(t, 1, len(response.NetworkMap.FirewallRules))
//nolint:staticcheck // testing backward-compatible field
assert.Equal(t, "192.168.1.2", response.NetworkMap.FirewallRules[0].PeerIP) assert.Equal(t, "192.168.1.2", response.NetworkMap.FirewallRules[0].PeerIP)
assert.Equal(t, proto.RuleDirection_IN, response.NetworkMap.FirewallRules[0].Direction) assert.Equal(t, proto.RuleDirection_IN, response.NetworkMap.FirewallRules[0].Direction)
assert.Equal(t, proto.RuleAction_ACCEPT, response.NetworkMap.FirewallRules[0].Action) assert.Equal(t, proto.RuleAction_ACCEPT, response.NetworkMap.FirewallRules[0].Action)

6
shared/netiputil/compact.go
View File

@@ -36,10 +36,12 @@ func EncodePrefix(p netip.Prefix) []byte {
func DecodePrefix(b []byte) (netip.Prefix, error) { func DecodePrefix(b []byte) (netip.Prefix, error) {
switch len(b) { switch len(b) {
case 5: case 5:
addr := netip.AddrFrom4([4]byte(b[:4])) ip4 := [4]byte(b[:4])
addr := netip.AddrFrom4(ip4)
return netip.PrefixFrom(addr, int(b[4])), nil return netip.PrefixFrom(addr, int(b[4])), nil
case 17: case 17:
addr := netip.AddrFrom16([16]byte(b[:16])).Unmap() ip6 := [16]byte(b[:16])
addr := netip.AddrFrom16(ip6).Unmap()
bits := int(b[16]) bits := int(b[16])
// Clamp prefix length when unmapping v4-mapped v6 to v4 // Clamp prefix length when unmapping v4-mapped v6 to v4
if addr.Is4() && bits > 32 { if addr.Is4() && bits > 32 {