phires / go-guerrilla Goto Github PK
View Code? Open in Web Editor NEWLicense: MIT License
License: MIT License
[/go-guerrilla/backends/p_hasher.go:41] - G401 (CWE-326): Use of weak cryptographic primitive (Confidence: HIGH, Severity: MEDIUM)
40: // base hash, use subject from and timestamp-nano
> 41: h := md5.New()
42: ts := fmt.Sprintf("%d", time.Now().UnixNano())
[/Users/Philipp.Resch/dev/go-guerrilla/api.go:93] - G304 (CWE-22): Potential file inclusion via variable (Confidence: HIGH, Severity: MEDIUM)
92: var ac AppConfig
> 93: data, err := ioutil.ReadFile(path)
94: if err != nil {
[/dev/go-guerrilla/backends/util.go:40] - G401 (CWE-326): Use of weak cryptographic primitive (Confidence: HIGH, Severity: MEDIUM)
39: func MD5Hex(stringArguments ...string) string {
> 40: h := md5.New()
41: var r *strings.Reader
[/go-guerrilla/backends/util.go:6] - G501 (CWE-327): Blocklisted import crypto/md5: weak cryptographic primitive (Confidence: HIGH, Severity: MEDIUM)
5: "compress/zlib"
> 6: "crypto/md5"
7: "fmt"
Create a Dockerfile and basic environment configuration for easier deployment
[/dev/go-guerrilla/tests/testcert/generate_cert.go:142] - G304 (CWE-22): Potential file inclusion via variable (Confidence: HIGH, Severity: MEDIUM)
141:
> 142: certOut, err := os.Create(dirPrefix + host + ".cert.pem")
143: if err != nil {
[/go-guerrilla/log/hook.go:116] - G304 (CWE-22): Potential file inclusion via variable (Confidence: HIGH, Severity: MEDIUM)
115: func (hook *LogrusHook) openAppend(dest string) (err error) {
> 116: fd, err := os.OpenFile(dest, os.O_APPEND|os.O_WRONLY, 0644)
117: if err != nil {
[/go-guerrilla/mail/envelope.go:164] - G401 (CWE-326): Use of weak cryptographic primitive (Confidence: HIGH, Severity: MEDIUM)
163: var queueID = fmt.Sprintf("%x%x", time.Now().Unix(), clientID)
> 164: return fmt.Sprintf("%x", md5.Sum([]byte(queueID)))
165: }
Import from original repo issue #228 reported by simonmacklin
Hi
Thanks for this great package! I would like to write a new processor to push each email to s3. This would be to mimic the AWS SES to S3 feature.
Do you see any issues using this package and a S3 processor?
If no would you me to create a PR for the processor to be part of this package?
Thanks
Simon
[/Users/Philipp.Resch/dev/go-guerrilla/backends/p_sql.go:95] - G202 (CWE-89): SQL string concatenation (Confidence: HIGH, Severity: MEDIUM)
94: // do we have permission to access the table?
> 95: _, err = db.Query("SELECT mail_id FROM " + s.config.Table + " LIMIT 1")
96: if err != nil {
[/dev/go-guerrilla/backends/p_guerrilla_db_redis.go:155-173] - G202 (CWE-89): SQL string concatenation (Confidence: HIGH, Severity: MEDIUM)
154: }
> 155: sqlstr := "INSERT INTO " + g.config.Table + "" +
> 156: "(" +
> 157: "`date`, " +
> 158: "`to`, " +
> 159: "`from`, " +
> 160: "`subject`, " +
> 161: "`body`, " +
> 162: "`charset`, " +
> 163: "`mail`, " +
> 164: "`spam_score`, " +
> 165: "`hash`, " +
> 166: "`content_type`, " +
> 167: "`recipient`, " +
> 168: "`has_attach`, " +
> 169: "`ip_addr`, " +
> 170: "`return_path`, " +
> 171: "`is_tls`" +
> 172: ")" +
> 173: " values "
174: values := "(NOW(), ?, ?, ?, ? , 'UTF-8' , ?, 0, ?, '', ?, 0, ?, ?, ?)"
Original issue flashmob/go-guerrilla#230
How to compile the cmd on Windows?? There's a way?
syscall.sigusr1 is not compatible..
Thanks in advance.
[/dev/go-guerrilla/backends/p_guerrilla_db_redis.go:328] - G202 (CWE-89): SQL string concatenation (Confidence: HIGH, Severity: MEDIUM)
327: // do we have access?
> 328: _, err = db.Query("SELECT mail_id FROM " + g.config.Table + " LIMIT 1")
329: if err != nil {
[/go-guerrilla/backends/p_guerrilla_db_redis.go:487] - G404 (CWE-338): Use of weak random number generator (math/rand instead of crypto/rand) (Confidence: MEDIUM, Severity: HIGH)
486: // give the values to a random query batcher
> 487: feeders[rand.Intn(len(feeders))] <- vals
488: return p.Process(e, task)
[/go-guerrilla/server.go:130-134] - G402 (CWE-295): TLS MinVersion too low. (Confidence: HIGH, Severity: HIGH)
129: }
> 130: tlsConfig := &tls.Config{
> 131: Certificates: []tls.Certificate{cert},
> 132: ClientAuth: tls.VerifyClientCertIfGiven,
> 133: ServerName: sConfig.Hostname,
> 134: }
135: if len(sConfig.TLS.Protocols) > 0 {
[/go-guerrilla/log/hook.go:130] - G304 (CWE-22): Potential file inclusion via variable (Confidence: HIGH, Severity: MEDIUM)
129: func (hook *LogrusHook) openCreate(dest string) (err error) {
> 130: fd, err := os.OpenFile(dest, os.O_CREATE|os.O_TRUNC|os.O_WRONLY, 0644)
131: if err != nil {
I am using go-guerrilla in my production environment, sending mail with header more than 30K, but getting 4x parser error.
Why we have limit 30KB of email data can be a header, we don;t have such limit in postfix.
Can we increase this limit?
Here attached my mail data
email.txt
Please help me here to increase email header size from 30KB to 1MB
[/go-guerrilla/log/hook.go:130] - G302 (CWE-276): Expect file permissions to be 0600 or less (Confidence: HIGH, Severity: MEDIUM)
129: func (hook *LogrusHook) openCreate(dest string) (err error) {
> 130: fd, err := os.OpenFile(dest, os.O_CREATE|os.O_TRUNC|os.O_WRONLY, 0644)
131: if err != nil {
[/go-guerrilla/response/quote.go:158] - G404 (CWE-338): Use of weak random number generator (math/rand instead of crypto/rand) (Confidence: MEDIUM, Severity: HIGH)
157: rand.Seed(time.Now().UnixNano())
> 158: return quotes.m[rand.Intn(len(quotes.m))]
159: }
[/dev/go-guerrilla/tests/testcert/generate_cert.go:157] - G304 (CWE-22): Potential file inclusion via variable (Confidence: HIGH, Severity: MEDIUM)
156:
> 157: keyOut, err := os.OpenFile(dirPrefix+host+".key.pem", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
158: if err != nil {
Import from original repo issue #224 reported by Sainan
[/go-guerrilla/tests/client.go:21] - G402 (CWE-295): TLS InsecureSkipVerify set true. (Confidence: HIGH, Severity: HIGH)
20: conn, err = tls.Dial("tcp", serverConfig.ListenInterface, &tls.Config{
> 21: InsecureSkipVerify: true,
22: ServerName: "127.0.0.1",
Team,
I have SMTP listener service which use flashmob/go-guerrilla 1.6.1 to receive the mail, I want to know what is the single mail receive time. How can I measure this?
This will give idea what is my service throughout per seconds.
Can you please provide this information ?
[/dev/go-guerrilla/mail/envelope.go:6] - G501 (CWE-327): Blocklisted import crypto/md5: weak cryptographic primitive (Confidence: HIGH, Severity: MEDIUM)
5: "bytes"
> 6: "crypto/md5"
7: "errors"
Getting this error for some messages
Your message contains invalid characters (bare line feed characters) which the email servers don't support.
additional information is referencing BDAT command. Can't seem to find any references to this in the code or existing issues. Any suggestions?
"This error occurs when the email program or device used to create or send an email message adds bare line feed characters into the message. When bare line feed characters are included in a message, the SMTP protocol chunking feature is required to transmit the message between email servers. Chunking uses the SMTP protocol BDAT command, but the recipient's email server doesn't support the BDAT command."
[/go-guerrilla/log/hook.go:116] - G302 (CWE-276): Expect file permissions to be 0600 or less (Confidence: HIGH, Severity: MEDIUM)
115: func (hook *LogrusHook) openAppend(dest string) (err error) {
> 116: fd, err := os.OpenFile(dest, os.O_APPEND|os.O_WRONLY, 0644)
117: if err != nil {
[/go-guerrilla/backends/p_hasher.go:4] - G501 (CWE-327): Blocklisted import crypto/md5: weak cryptographic primitive (Confidence: HIGH, Severity: MEDIUM)
3: import (
> 4: "crypto/md5"
5: "fmt"
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.