Merge branch 'main' into sast

2025-04-29 10:16:50 +02:00 · 2022-02-13 15:57:06 +01:00 · 2022-02-13 15:57:06 +01:00 · 66a2e74241
commit 66a2e74241
parent 23e64b8380 21afef0128
3 changed files with 15 additions and 14 deletions
--- a/6
+++ b/6
@ -5,16 +5,14 @@ build:

 .PHONY: test
 test:
-	stdout=$$(gofmt -l . 2>&1); \
-	if [ "$$stdout" ]; then \
-		exit 1; \
-	fi
+	stdout=$$(gofmt -l . 2>&1); if [ "$$stdout" ]; then exit 1; fi
 	go vet ./...
 	gocyclo -over 10 $(shell find . -iname '*.go' -type f)
 	staticcheck ./...
 	go test -v -cover ./...
 	gosec -exclude-dir=tests ./...
 	semgrep --lang=go --config=tests/semgrep
+	@printf '\n%s\n' "> Test successful"

 .PHONY: setup
 setup:
--- a/internal/authentication/token.go
+++ b/internal/authentication/token.go
@ -53,5 +53,7 @@ func GenerateApplicationToken(compat bool) string {
 		tokenLength = compatTokenLength
 	}

+	tokenLength -= len(applicationTokenPrefix)
+
 	return applicationTokenPrefix + generateRandomString(tokenLength)
 }
--- a/internal/authentication/token_test.go
+++ b/internal/authentication/token_test.go
@ -1,28 +1,29 @@
 package authentication

 import (
-	"log"
 	"testing"

 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )

-func isGoodToken(assert *assert.Assertions, require *require.Assertions, token string, compat bool) {
-	prefix := token[0:len(applicationTokenPrefix)]
-	token = token[len(applicationTokenPrefix):]
+const (
+	minRandomChars = 14
+)

-	// Although constant at the time of writing, this check should prevent future changes from generating insecure tokens.
-	if len(token) < 14 {
-		log.Fatalf("Tokens should have more random characters")
-	}
+func isGoodToken(assert *assert.Assertions, require *require.Assertions, token string, compat bool) {
+	tokenLength := len(token)

 	if compat {
-		assert.Equal(len(token), compatTokenLength, "Unexpected compatibility token length")
+		assert.Equal(tokenLength, compatTokenLength, "Unexpected compatibility token length")
 	} else {
-		assert.Equal(len(token), regularTokenLength, "Unexpected regular token length")
+		assert.Equal(tokenLength, regularTokenLength, "Unexpected regular token length")
 	}

+	randomChars := tokenLength - len(applicationTokenPrefix)
+	assert.GreaterOrEqual(randomChars, minRandomChars, "Token is too short to give sufficient entropy")
+
+	prefix := token[0:len(applicationTokenPrefix)]
 	assert.Equal(prefix, applicationTokenPrefix, "Invalid token prefix")

 	for _, c := range []byte(token) {