Skip to content
This repository has been archived by the owner on Jul 24, 2024. It is now read-only.

Commit

Permalink
lightning: avoid warn risk for gosec lint (#32127)
Browse files Browse the repository at this point in the history 
ref pingcap/tidb#31310
  • Loading branch information
@joccau
joccau authored Feb 8, 2022
1 parent ef0a27e commit ff12e41
Show file tree
Hide file tree
Showing 5 changed files with 34 additions and 25 deletions.
7 changes: 3 additions & 4 deletions pkg/lightning/checkpoints/checkpoints.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1302,7 +1302,6 @@ func (cpdb *MySQLCheckpointsDB) GetLocalStoringTables(ctx context.Context) (map[
// 2. engine status is earlier than CheckpointStatusImported, and
// 3. chunk has been read

// nolint:gosec
query := fmt.Sprintf(`
SELECT DISTINCT t.table_name, c.engine_id
FROM %s.%s t, %s.%s c, %s.%s e
Expand All @@ -1316,7 +1315,7 @@ func (cpdb *MySQLCheckpointsDB) GetLocalStoringTables(ctx context.Context) (map[

err := common.Retry("get local storing tables", log.L(), func() error {
targetTables = make(map[string][]int32)
rows, err := cpdb.db.QueryContext(ctx, query)
rows, err := cpdb.db.QueryContext(ctx, query) // #nosec G201
if err != nil {
return errors.Trace(err)
}
Expand Down Expand Up @@ -1388,7 +1387,7 @@ func (cpdb *MySQLCheckpointsDB) DestroyErrorCheckpoint(ctx context.Context, tabl
colName = columnTableName
aliasedColName = "t.table_name"
}
// nolint:gosec

selectQuery := fmt.Sprintf(`
SELECT
t.table_name,
Expand Down Expand Up @@ -1418,7 +1417,7 @@ func (cpdb *MySQLCheckpointsDB) DestroyErrorCheckpoint(ctx context.Context, tabl
err := s.Transact(ctx, "destroy error checkpoints", func(c context.Context, tx *sql.Tx) error {
// Obtain the list of tables
targetTables = nil
rows, e := tx.QueryContext(c, selectQuery, tableName)
rows, e := tx.QueryContext(c, selectQuery, tableName) // #nosec G201
if e != nil {
return errors.Trace(e)
}
Expand Down
3 changes: 2 additions & 1 deletion pkg/lightning/common/security.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,10 +72,11 @@ func ToTLSConfig(caPath, certPath, keyPath string) (*tls.Config, error) {
return nil, errors.New("failed to append ca certs")
}

return &tls.Config{ // nolint:gosec
return &tls.Config{
Certificates: certificates,
RootCAs: certPool,
NextProtos: []string{"h2", "http/1.1"}, // specify `h2` to let Go use HTTP/2.
MinVersion: tls.VersionTLS12,
}, nil
}

Expand Down
4 changes: 2 additions & 2 deletions pkg/lightning/lightning.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -789,11 +789,11 @@ func CleanupMetas(ctx context.Context, cfg *config.Config, tableName string) err
func UnsafeCloseEngine(ctx context.Context, importer backend.Backend, engine string) (*backend.ClosedEngine, error) {
if index := strings.LastIndexByte(engine, ':'); index >= 0 {
tableName := engine[:index]
engineID, err := strconv.Atoi(engine[index+1:]) // nolint:gosec
engineID, err := strconv.Atoi(engine[index+1:])
if err != nil {
return nil, errors.Trace(err)
}
ce, err := importer.UnsafeCloseEngine(ctx, nil, tableName, int32(engineID))
ce, err := importer.UnsafeCloseEngine(ctx, nil, tableName, int32(engineID)) // #nosec G109
return ce, errors.Trace(err)
}

Expand Down
44 changes: 27 additions & 17 deletions pkg/lightning/restore/meta_manager.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -180,8 +180,11 @@ func (m *dbTableMetaMgr) AllocTableRowIDs(ctx context.Context, rawRowIDMax int64
}
needAutoID := common.TableHasAutoRowID(m.tr.tableInfo.Core) || m.tr.tableInfo.Core.GetAutoIncrementColInfo() != nil || m.tr.tableInfo.Core.ContainsAutoRandomBits()
err = exec.Transact(ctx, "init table allocator base", func(ctx context.Context, tx *sql.Tx) error {
query := fmt.Sprintf("SELECT task_id, row_id_base, row_id_max, total_kvs_base, total_bytes_base, checksum_base, status from %s WHERE table_id = ? FOR UPDATE", m.tableName) // nolint:gosec
rows, err := tx.QueryContext(ctx, query, m.tr.tableInfo.ID)
rows, err := tx.QueryContext(
ctx,
fmt.Sprintf("SELECT task_id, row_id_base, row_id_max, total_kvs_base, total_bytes_base, checksum_base, status from %s WHERE table_id = ? FOR UPDATE", m.tableName),
m.tr.tableInfo.ID,
)
if err != nil {
return errors.Trace(err)
}
Expand Down Expand Up @@ -282,7 +285,7 @@ func (m *dbTableMetaMgr) AllocTableRowIDs(ctx context.Context, rawRowIDMax int64
if needAutoID && newRowIDBase == 0 && newStatus < metaStatusRestoreStarted {
newStatus = metaStatusRestoreStarted
}
query = fmt.Sprintf("update %s set row_id_base = ?, row_id_max = ?, status = ? where table_id = ? and task_id = ?", m.tableName)
query := fmt.Sprintf("update %s set row_id_base = ?, row_id_max = ?, status = ? where table_id = ? and task_id = ?", m.tableName)
_, err := tx.ExecContext(ctx, query, newRowIDBase, newRowIDMax, newStatus.String(), m.tr.tableInfo.ID, m.taskID)
if err != nil {
return errors.Trace(err)
Expand Down Expand Up @@ -381,9 +384,11 @@ func (m *dbTableMetaMgr) CheckAndUpdateLocalChecksum(ctx context.Context, checks
needChecksum = true
needRemoteDupe = true
err = exec.Transact(ctx, "checksum pre-check", func(ctx context.Context, tx *sql.Tx) error {
// nolint:gosec
query := fmt.Sprintf("SELECT task_id, total_kvs_base, total_bytes_base, checksum_base, total_kvs, total_bytes, checksum, status, has_duplicates from %s WHERE table_id = ? FOR UPDATE", m.tableName)
rows, err := tx.QueryContext(ctx, query, m.tr.tableInfo.ID)
rows, err := tx.QueryContext(
ctx,
fmt.Sprintf("SELECT task_id, total_kvs_base, total_bytes_base, checksum_base, total_kvs, total_bytes, checksum, status, has_duplicates from %s WHERE table_id = ? FOR UPDATE", m.tableName),
m.tr.tableInfo.ID,
)
if err != nil {
return errors.Annotate(err, "fetch task meta failed")
}
Expand Down Expand Up @@ -449,7 +454,7 @@ func (m *dbTableMetaMgr) CheckAndUpdateLocalChecksum(ctx context.Context, checks
return errors.Trace(rows.Err())
}

query = fmt.Sprintf("update %s set total_kvs = ?, total_bytes = ?, checksum = ?, status = ?, has_duplicates = ? where table_id = ? and task_id = ?", m.tableName)
query := fmt.Sprintf("update %s set total_kvs = ?, total_bytes = ?, checksum = ?, status = ?, has_duplicates = ? where table_id = ? and task_id = ?", m.tableName)
_, err = tx.ExecContext(ctx, query, checksum.SumKVS(), checksum.SumSize(), checksum.Sum(), newStatus.String(), hasLocalDupes, m.tr.tableInfo.ID, m.taskID)
return errors.Annotate(err, "update local checksum failed")
})
Expand Down Expand Up @@ -594,8 +599,10 @@ func (m *dbTaskMetaMgr) CheckTaskExist(ctx context.Context) (bool, error) {
// avoid override existing metadata if the meta is already inserted.
exist := false
err := exec.Transact(ctx, "check whether this task has started before", func(ctx context.Context, tx *sql.Tx) error {
query := fmt.Sprintf("SELECT task_id from %s WHERE task_id = %d", m.tableName, m.taskID) // nolint:gosec
rows, err := tx.QueryContext(ctx, query)
rows, err := tx.QueryContext(ctx,
fmt.Sprintf("SELECT task_id from %s WHERE task_id = ?", m.tableName),
m.taskID,
)
if err != nil {
return errors.Annotate(err, "fetch task meta failed")
}
Expand Down Expand Up @@ -636,8 +643,10 @@ func (m *dbTaskMetaMgr) CheckTasksExclusively(ctx context.Context, action func(t
return errors.Annotate(err, "enable pessimistic transaction failed")
}
return exec.Transact(ctx, "check tasks exclusively", func(ctx context.Context, tx *sql.Tx) error {
query := fmt.Sprintf("SELECT task_id, pd_cfgs, status, state, source_bytes, cluster_avail from %s FOR UPDATE", m.tableName) // nolint:gosec
rows, err := tx.QueryContext(ctx, query)
rows, err := tx.QueryContext(
ctx,
fmt.Sprintf("SELECT task_id, pd_cfgs, status, state, source_bytes, cluster_avail from %s FOR UPDATE", m.tableName),
)
if err != nil {
return errors.Annotate(err, "fetch task metas failed")
}
Expand Down Expand Up @@ -696,8 +705,10 @@ func (m *dbTaskMetaMgr) CheckAndPausePdSchedulers(ctx context.Context) (pdutil.U
paused := false
var pausedCfg storedCfgs
err = exec.Transact(ctx, "check and pause schedulers", func(ctx context.Context, tx *sql.Tx) error {
query := fmt.Sprintf("SELECT task_id, pd_cfgs, status, state from %s FOR UPDATE", m.tableName) // nolint:gosec
rows, err := tx.QueryContext(ctx, query)
rows, err := tx.QueryContext(
ctx,
fmt.Sprintf("SELECT task_id, pd_cfgs, status, state from %s FOR UPDATE", m.tableName),
)
if err != nil {
return errors.Annotate(err, "fetch task meta failed")
}
Expand Down Expand Up @@ -770,7 +781,7 @@ func (m *dbTaskMetaMgr) CheckAndPausePdSchedulers(ctx context.Context) (pdutil.U
return errors.Trace(err)
}

query = fmt.Sprintf("update %s set pd_cfgs = ?, status = ? where task_id = ?", m.tableName)
query := fmt.Sprintf("update %s set pd_cfgs = ?, status = ? where task_id = ?", m.tableName)
_, err = tx.ExecContext(ctx, query, string(jsonByts), taskMetaStatusScheduleSet.String(), m.taskID)

return errors.Annotate(err, "update task pd configs failed")
Expand Down Expand Up @@ -822,8 +833,7 @@ func (m *dbTaskMetaMgr) CheckAndFinishRestore(ctx context.Context, finished bool
switchBack := true
allFinished := finished
err = exec.Transact(ctx, "check and finish schedulers", func(ctx context.Context, tx *sql.Tx) error {
query := fmt.Sprintf("SELECT task_id, status, state from %s FOR UPDATE", m.tableName) // nolint:gosec
rows, err := tx.QueryContext(ctx, query)
rows, err := tx.QueryContext(ctx, fmt.Sprintf("SELECT task_id, status, state from %s FOR UPDATE", m.tableName))
if err != nil {
return errors.Annotate(err, "fetch task meta failed")
}
Expand Down Expand Up @@ -883,7 +893,7 @@ func (m *dbTaskMetaMgr) CheckAndFinishRestore(ctx context.Context, finished bool
newStatus = taskMetaStatusSwitchSkipped
}

query = fmt.Sprintf("update %s set status = ?, state = ? where task_id = ?", m.tableName)
query := fmt.Sprintf("update %s set status = ?, state = ? where task_id = ?", m.tableName)
if _, err = tx.ExecContext(ctx, query, newStatus.String(), newState, m.taskID); err != nil {
return errors.Trace(err)
}
Expand Down
1 change: 0 additions & 1 deletion pkg/utils/pprof.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,6 @@ import (
// #nosec
// register HTTP handler for /debug/pprof
"net/http"
_ "net/http/pprof" // nolint:gosec

"github.com/pingcap/errors"
"github.com/pingcap/failpoint"
Expand Down

0 comments on commit ff12e41

Please sign in to comment.