From d8f00ce5f1fe661b2c16d08d8197106562aeb548 Mon Sep 17 00:00:00 2001 From: Duane Howard Date: Sun, 13 Jul 2025 19:44:32 -0700 Subject: [PATCH 1/8] Addresses new linter findings. --- lex.go | 2 +- parser.go | 4 ++-- rule.go | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lex.go b/lex.go index 05eadef..a625a9e 100644 --- a/lex.go +++ b/lex.go @@ -265,7 +265,7 @@ func lexProtocol(l *lexer) stateFn { case r == ' ': l.emit(itemProtocol, true) return lexSourceAddress - case !(unicode.IsLetter(r) || unicode.IsDigit(r) || (l.len() > 0 && r == '-')): + case !unicode.IsLetter(r) && !unicode.IsDigit(r) && !(l.len() > 0 && r == '-'): return l.errorf("invalid character %q for a rule protocol", r) } } diff --git a/parser.go b/parser.go index e189a6b..a945996 100644 --- a/parser.go +++ b/parser.go @@ -111,7 +111,7 @@ func parseContent(content string) ([]byte, error) { b = hexRE.ReplaceAllStringFunc(b, func(h string) string { - r, err := hex.DecodeString(strings.Replace(strings.Trim(h, "|"), " ", "", -1)) + r, err := hex.DecodeString(strings.ReplaceAll(strings.Trim(h, "|"), " ", "")) if err != nil { panic("invalid hexRE regexp") } @@ -408,7 +408,7 @@ func unquote(s string) string { if strings.IndexByte(s, '"') < 0 { return s } - return strings.Replace(s, `\"`, `"`, -1) + return strings.ReplaceAll(s, `\"`, `"`) } func inSlice(str string, strings []string) bool { diff --git a/rule.go b/rule.go index 086f11c..ce7f593 100644 --- a/rule.go +++ b/rule.go @@ -837,7 +837,7 @@ func (p PCRE) String() string { // escape quote signs, if necessary if bytes.IndexByte(pattern, '"') > -1 { - pattern = bytes.Replace(pattern, []byte(`"`), []byte(`\"`), -1) + pattern = bytes.ReplaceAll(pattern, []byte(`"`), []byte(`\"`)) } var s strings.Builder From fed85b709f3abfb362cb1f092bf72cbb71fe9f32 Mon Sep 17 00:00:00 2001 From: Duane Howard Date: Sun, 13 Jul 2025 19:47:34 -0700 Subject: [PATCH 2/8] One more tweak to address lint findings. --- lex.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lex.go b/lex.go index a625a9e..c170858 100644 --- a/lex.go +++ b/lex.go @@ -265,7 +265,7 @@ func lexProtocol(l *lexer) stateFn { case r == ' ': l.emit(itemProtocol, true) return lexSourceAddress - case !unicode.IsLetter(r) && !unicode.IsDigit(r) && !(l.len() > 0 && r == '-'): + case !unicode.IsLetter(r) && !unicode.IsDigit(r) && (l.len() > 0 || r == '-'): return l.errorf("invalid character %q for a rule protocol", r) } } From d9e690d866b215459e75ed6e95b32f4be47e3233 Mon Sep 17 00:00:00 2001 From: Duane Howard Date: Sun, 13 Jul 2025 19:58:41 -0700 Subject: [PATCH 3/8] maybe getting it right this time. maybe stop coding now. --- lex.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lex.go b/lex.go index c170858..fae70e2 100644 --- a/lex.go +++ b/lex.go @@ -265,7 +265,7 @@ func lexProtocol(l *lexer) stateFn { case r == ' ': l.emit(itemProtocol, true) return lexSourceAddress - case !unicode.IsLetter(r) && !unicode.IsDigit(r) && (l.len() > 0 || r == '-'): + case !unicode.IsLetter(r) && !unicode.IsDigit(r) && !(l.len() > 0 || r == '-'): return l.errorf("invalid character %q for a rule protocol", r) } } From 77187b0ac0beb6967f4f0bcf7fc0cc9c873d49e4 Mon Sep 17 00:00:00 2001 From: Duane Howard Date: Sun, 13 Jul 2025 20:09:57 -0700 Subject: [PATCH 4/8] last one, srsly. --- lex.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lex.go b/lex.go index fae70e2..6d6323b 100644 --- a/lex.go +++ b/lex.go @@ -265,7 +265,7 @@ func lexProtocol(l *lexer) stateFn { case r == ' ': l.emit(itemProtocol, true) return lexSourceAddress - case !unicode.IsLetter(r) && !unicode.IsDigit(r) && !(l.len() > 0 || r == '-'): + case !unicode.IsLetter(r) && !unicode.IsDigit(r) && l.len() > 0 && r != '-': return l.errorf("invalid character %q for a rule protocol", r) } } From 1e8ee84defa3c9c59584cd014e999c059dda744c Mon Sep 17 00:00:00 2001 From: Duane Howard Date: Sun, 13 Jul 2025 20:29:38 -0700 Subject: [PATCH 5/8] see if we can fix the fuzzer config. --- .github/workflows/fuzz.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/fuzz.yml b/.github/workflows/fuzz.yml index 6ff09bf..ee308f1 100644 --- a/.github/workflows/fuzz.yml +++ b/.github/workflows/fuzz.yml @@ -16,7 +16,7 @@ jobs: fuzz-seconds: 600 dry-run: false - name: Upload Crash - uses: actions/upload-artifact@v1 + uses: actions/upload-artifact@v3 if: failure() with: name: artifacts From afd497e61c64d296d771631f7274fde1c47c95fc Mon Sep 17 00:00:00 2001 From: Duane Howard Date: Sun, 13 Jul 2025 20:34:29 -0700 Subject: [PATCH 6/8] trying v4, not changing any syntax, probably still wont work. --- .github/workflows/fuzz.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/fuzz.yml b/.github/workflows/fuzz.yml index ee308f1..8d90f7f 100644 --- a/.github/workflows/fuzz.yml +++ b/.github/workflows/fuzz.yml @@ -16,7 +16,7 @@ jobs: fuzz-seconds: 600 dry-run: false - name: Upload Crash - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 if: failure() with: name: artifacts From eff84366ee1a20ff8c2d58c8cebea6b242ad6503 Mon Sep 17 00:00:00 2001 From: Duane Howard Date: Thu, 17 Jul 2025 20:07:28 -0700 Subject: [PATCH 7/8] updating to align with current CI docs https://google.github.io/oss-fuzz/getting-started/continuous-integration/ --- .github/workflows/fuzz.yml | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/.github/workflows/fuzz.yml b/.github/workflows/fuzz.yml index 8d90f7f..1f4d189 100644 --- a/.github/workflows/fuzz.yml +++ b/.github/workflows/fuzz.yml @@ -3,21 +3,34 @@ on: [pull_request] jobs: Fuzzing: runs-on: ubuntu-latest + permissions: + security-events: write steps: - name: Build Fuzzers + id: build uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master with: oss-fuzz-project-name: 'gonids' + language: go dry-run: false - name: Run Fuzzers uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master with: oss-fuzz-project-name: 'gonids' + language: go fuzz-seconds: 600 dry-run: false + output-sarif: true - name: Upload Crash uses: actions/upload-artifact@v4 - if: failure() + if: failure() && steps.build.outcome == 'success' with: name: artifacts path: ./out/artifacts + - name: Upload Sarif + if: always() && steps.build.outcome == 'success' + uses: github/codeql-action/upload-sarif@v2 + with: + # Path to SARIF file relative to the root of the repository + sarif_file: cifuzz-sarif/results.sarif + checkout_path: cifuzz-sarif From 2ce453f4ae1c58b6104479544108118816b910af Mon Sep 17 00:00:00 2001 From: Duane Howard Date: Thu, 17 Jul 2025 20:16:08 -0700 Subject: [PATCH 8/8] flip `upload-sarif` to v3 to avoid Error in logs. --- .github/workflows/fuzz.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/fuzz.yml b/.github/workflows/fuzz.yml index 1f4d189..39e9c99 100644 --- a/.github/workflows/fuzz.yml +++ b/.github/workflows/fuzz.yml @@ -29,7 +29,7 @@ jobs: path: ./out/artifacts - name: Upload Sarif if: always() && steps.build.outcome == 'success' - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: # Path to SARIF file relative to the root of the repository sarif_file: cifuzz-sarif/results.sarif