diff --git a/decrypt.go b/decrypt.go index 66976ed..5c3d93e 100644 --- a/decrypt.go +++ b/decrypt.go @@ -33,7 +33,7 @@ func Decrypt(privateKey []byte, doc []byte) ([]byte, error) { return nil, popError() } - // nosec + // #nosec key := C.xmlSecCryptoAppKeyLoadMemory( (*C.xmlSecByte)(unsafe.Pointer(&privateKey[0])), C.xmlSecSize(len(privateKey)), @@ -60,7 +60,7 @@ func Decrypt(privateKey []byte, doc []byte) ([]byte, error) { } defer C.xmlSecEncCtxDestroy(encCtx) - // nosec + // #nosec encDataNode := C.xmlSecFindNode(C.xmlDocGetRootElement(parsedDoc), (*C.xmlChar)(unsafe.Pointer(&C.xmlSecNodeEncryptedData)), (*C.xmlChar)(unsafe.Pointer(&C.xmlSecEncNs))) diff --git a/encrypt.go b/encrypt.go index d0c4c0d..7d71611 100644 --- a/encrypt.go +++ b/encrypt.go @@ -91,7 +91,7 @@ var errInvalidAlgorithm = errors.New("invalid algorithm") // Note: the invocations of C.CString() here return a pointer to a string // allocated from the C heap that would normally need to freed by calling // C.free, but because these are global, we can just leak them. -// nosec +// #nosec var ( constDsigNamespace = (*C.xmlChar)(unsafe.Pointer(C.CString("http://www.w3.org/2000/09/xmldsig#"))) constDigestMethod = (*C.xmlChar)(unsafe.Pointer(C.CString("DigestMethod"))) @@ -118,7 +118,7 @@ func Encrypt(publicKey, doc []byte, opts EncryptOptions) ([]byte, error) { return nil, mustPopError() } - // nosec + // #nosec key := C.xmlSecCryptoAppKeyLoadMemory( (*C.xmlSecByte)(unsafe.Pointer(&publicKey[0])), C.xmlSecSize(len(publicKey)), @@ -128,7 +128,7 @@ func Encrypt(publicKey, doc []byte, opts EncryptOptions) ([]byte, error) { return nil, mustPopError() } - // nosec + // #nosec if rv := C.xmlSecCryptoAppKeyCertLoadMemory(key, (*C.xmlSecByte)(unsafe.Pointer(&publicKey[0])), C.xmlSecSize(len(publicKey)), @@ -165,7 +165,7 @@ func Encrypt(publicKey, doc []byte, opts EncryptOptions) ([]byte, error) { // create encryption template to encrypt XML file and replace // its content with encryption result - // nosec + // #nosec encDataNode := C.xmlSecTmplEncDataCreate(parsedDoc, sessionCipherTransform, nil, (*C.xmlChar)(unsafe.Pointer(&C.xmlSecTypeEncElement)), nil, nil) if encDataNode == nil { diff --git a/thread_darwin.go b/thread_darwin.go index 97d94ba..52a8d7e 100644 --- a/thread_darwin.go +++ b/thread_darwin.go @@ -9,6 +9,6 @@ import "C" func getThreadID() uintptr { // Darwin lacks a meaningful version of gettid() so instead we use // ptread_self() as a proxy. - // nosec + // #nosec return uintptr(unsafe.Pointer(C.pthread_self())) } diff --git a/xmldsig.go b/xmldsig.go index 51c5dab..f48be47 100644 --- a/xmldsig.go +++ b/xmldsig.go @@ -48,7 +48,7 @@ func Sign(key []byte, doc []byte, opts SignatureOptions) ([]byte, error) { } defer C.xmlSecDSigCtxDestroy(ctx) - // nosec + // #nosec ctx.signKey = C.xmlSecCryptoAppKeyLoadMemory( (*C.xmlSecByte)(unsafe.Pointer(&key[0])), C.xmlSecSize(len(key)), @@ -64,7 +64,7 @@ func Sign(key []byte, doc []byte, opts SignatureOptions) ([]byte, error) { } defer closeDoc(parsedDoc) - // nosec + // #nosec node := C.xmlSecFindNode(C.xmlDocGetRootElement(parsedDoc), (*C.xmlChar)(unsafe.Pointer(&C.xmlSecNodeSignature)), (*C.xmlChar)(unsafe.Pointer(&C.xmlSecDSigNs))) @@ -108,7 +108,7 @@ func Verify(publicKey []byte, doc []byte, opts SignatureOptions) error { return mustPopError() } - // nosec + // #nosec key := C.xmlSecCryptoAppKeyLoadMemory( (*C.xmlSecByte)(unsafe.Pointer(&publicKey[0])), C.xmlSecSize(len(publicKey)), @@ -118,7 +118,7 @@ func Verify(publicKey []byte, doc []byte, opts SignatureOptions) error { return mustPopError() } - // nosec + // #nosec if rv := C.xmlSecCryptoAppKeyCertLoadMemory(key, (*C.xmlSecByte)(unsafe.Pointer(&publicKey[0])), C.xmlSecSize(len(publicKey)), @@ -143,7 +143,7 @@ func Verify(publicKey []byte, doc []byte, opts SignatureOptions) error { } defer closeDoc(parsedDoc) - // nosec + // #nosec node := C.xmlSecFindNode(C.xmlDocGetRootElement(parsedDoc), (*C.xmlChar)(unsafe.Pointer(&C.xmlSecNodeSignature)), (*C.xmlChar)(unsafe.Pointer(&C.xmlSecDSigNs))) diff --git a/xmlsec.go b/xmlsec.go index 2a623c0..2d6f20a 100644 --- a/xmlsec.go +++ b/xmlsec.go @@ -40,7 +40,7 @@ func init() { } func newDoc(buf []byte, idattrs []XMLIDOption) (*C.xmlDoc, error) { - // nosec + // #nosec ctx := C.xmlCreateMemoryParserCtxt((*C.char)(unsafe.Pointer(&buf[0])), C.int(len(buf))) if ctx == nil { @@ -77,18 +77,18 @@ func addIDAttr(node *C.xmlNode, attrName, nodeName, nsHref string) { cur = C.xmlSecGetNextElementNode(cur.next) } - // nosec + // #nosec if C.GoString((*C.char)(unsafe.Pointer(node.name))) != nodeName { return } - // nosec + // #nosec if nsHref != "" && node.ns != nil && C.GoString((*C.char)(unsafe.Pointer(node.ns.href))) != nsHref { return } // the attribute with name equal to attrName should exist for attr := node.properties; attr != nil; attr = attr.next { - // nosec + // #nosec if C.GoString((*C.char)(unsafe.Pointer(attr.name))) == attrName { id := C.xmlNodeListGetString(node.doc, attr.children, 1) if id == nil { @@ -108,9 +108,9 @@ func dumpDoc(doc *C.xmlDoc) []byte { var buffer *C.xmlChar var bufferSize C.int C.xmlDocDumpMemory(doc, &buffer, &bufferSize) - defer C.MY_xmlFree(unsafe.Pointer(buffer)) // nosec + defer C.MY_xmlFree(unsafe.Pointer(buffer)) // #nosec - return C.GoBytes(unsafe.Pointer(buffer), bufferSize) // nosec + return C.GoBytes(unsafe.Pointer(buffer), bufferSize) // #nosec } func dumpNode(node *C.xmlNode) []byte { @@ -118,5 +118,5 @@ func dumpNode(node *C.xmlNode) []byte { defer C.xmlBufferFree(buffer) bufferSize := C.xmlNodeDump(buffer, nil, node, 0, 0) - return C.GoBytes(unsafe.Pointer(buffer.content), bufferSize) // nosec + return C.GoBytes(unsafe.Pointer(buffer.content), bufferSize) // #nosec }