search

v2ray / v2ray-core

A platform for building proxies to bypass network restrictions.
https://www.v2ray.com/
MIT License
45.01k stars 8.95k forks source link

v2ray-core/common/crypto/auth.go:265] - G404: Use of weak random number generator (math/rand instead of crypto/rand) (Confidence: MEDIUM, Severity: HIGH) #1608

Closed hktalent closed 5 years ago

hktalent commented 5 years ago

源码安全审计时发现的一些安全问题

[/root/go/src/github.com/v2ray/v2ray-core/common/crypto/auth.go:265] - G404: Use of weak random number generator (math/rand instead of crypto/rand) (Confidence: MEDIUM, Severity: HIGH)
  > rand.Read(paddingBytes)

[/root/go/src/github.com/v2ray/v2ray-core/proxy/vmess/encoding/auth.go:4] - G501: Blacklisted import crypto/md5: weak cryptographic primitive (Confidence: HIGH, Severity: MEDIUM)
  > "crypto/md5"

[/root/go/src/github.com/v2ray/v2ray-core/proxy/vmess/encoding/server.go:277] - G401: Use of weak cryptographic primitive (Confidence: HIGH, Severity: MEDIUM)
  > md5.Sum(s.requestBodyIV[:])

[/root/go/src/github.com/v2ray/v2ray-core/proxy/vmess/encoding/server.go:276] - G401: Use of weak cryptographic primitive (Confidence: HIGH, Severity: MEDIUM)
  > md5.Sum(s.requestBodyKey[:])

[/root/go/src/github.com/v2ray/v2ray-core/proxy/vmess/encoding/server.go:137] - G401: Use of weak cryptographic primitive (Confidence: HIGH, Severity: MEDIUM)
  > md5.New()

[/root/go/src/github.com/v2ray/v2ray-core/proxy/vmess/encoding/server.go:4] - G501: Blacklisted import crypto/md5: weak cryptographic primitive (Confidence: HIGH, Severity: MEDIUM)
  > "crypto/md5"

[/root/go/src/github.com/v2ray/v2ray-core/proxy/vmess/encoding/client.go:95] - G401: Use of weak cryptographic primitive (Confidence: HIGH, Severity: MEDIUM)
  > md5.New()

[/root/go/src/github.com/v2ray/v2ray-core/proxy/vmess/encoding/client.go:52] - G401: Use of weak cryptographic primitive (Confidence: HIGH, Severity: MEDIUM)
  > md5.Sum(session.requestBodyIV[:])

[/root/go/src/github.com/v2ray/v2ray-core/proxy/vmess/encoding/client.go:51] - G401: Use of weak cryptographic primitive (Confidence: HIGH, Severity: MEDIUM)
  > md5.Sum(session.requestBodyKey[:])

[/root/go/src/github.com/v2ray/v2ray-core/proxy/vmess/encoding/client.go:4] - G501: Blacklisted import crypto/md5: weak cryptographic primitive (Confidence: HIGH, Severity: MEDIUM)
  > "crypto/md5"

[/root/go/src/github.com/v2ray/v2ray-core/proxy/vmess/encoding/auth.go:74] - G401: Use of weak cryptographic primitive (Confidence: HIGH, Severity: MEDIUM)
  > md5.Sum(key[:16])

[/root/go/src/github.com/v2ray/v2ray-core/proxy/vmess/encoding/auth.go:72] - G401: Use of weak cryptographic primitive (Confidence: HIGH, Severity: MEDIUM)
  > md5.Sum(b)

[/root/go/src/github.com/v2ray/v2ray-core/proxy/shadowsocks/ota.go:6] - G505: Blacklisted import crypto/sha1: weak cryptographic primitive (Confidence: HIGH, Severity: MEDIUM)
  > "crypto/sha1"

[/root/go/src/github.com/v2ray/v2ray-core/proxy/shadowsocks/config.go:298] - G401: Use of weak cryptographic primitive (Confidence: HIGH, Severity: MEDIUM)
  > md5.New()

[/root/go/src/github.com/v2ray/v2ray-core/proxy/shadowsocks/config.go:294] - G401: Use of weak cryptographic primitive (Confidence: HIGH, Severity: MEDIUM)
  > md5.Sum(password)

[/root/go/src/github.com/v2ray/v2ray-core/proxy/shadowsocks/config.go:8] - G505: Blacklisted import crypto/sha1: weak cryptographic primitive (Confidence: HIGH, Severity: MEDIUM)
  > "crypto/sha1"

[/root/go/src/github.com/v2ray/v2ray-core/main/confloader/external/external.go:31] - G304: Potential file inclusion via variable (Confidence: HIGH, Severity: MEDIUM)
  > os.Open(fixedFile)

[/root/go/src/github.com/v2ray/v2ray-core/common/protocol/id.go:60] - G401: Use of weak cryptographic primitive (Confidence: HIGH, Severity: MEDIUM)
  > md5.New()

[/root/go/src/github.com/v2ray/v2ray-core/common/protocol/id.go:52] - G401: Use of weak cryptographic primitive (Confidence: HIGH, Severity: MEDIUM)
  > md5.New()

[/root/go/src/github.com/v2ray/v2ray-core/common/protocol/id.go:5] - G501: Blacklisted import crypto/md5: weak cryptographic primitive (Confidence: HIGH, Severity: MEDIUM)
  > "crypto/md5"

[/root/go/src/github.com/v2ray/v2ray-core/common/platform/ctlcmd/ctlcmd.go:23] - G204: Subprocess launched with variable (Confidence: HIGH, Severity: MEDIUM)
  > exec.Command(v2ctl, args...)

[/root/go/src/github.com/v2ray/v2ray-core/proxy/shadowsocks/config.go:7] - G501: Blacklisted import crypto/md5: weak cryptographic primitive (Confidence: HIGH, Severity: MEDIUM)
  > "crypto/md5"

[/root/go/src/github.com/v2ray/v2ray-core/common/errors/errorgen/main.go:25] - G302: Expect file permissions to be 0600 or less (Confidence: HIGH, Severity: MEDIUM)
  > os.OpenFile("errors.generated.go", os.O_WRONLY|os.O_TRUNC|os.O_CREATE, 0644)

[/root/go/src/github.com/v2ray/v2ray-core/app/commander/outbound.go:23] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > conn.Close()

[/root/go/src/github.com/v2ray/v2ray-core/common/buf/readv_posix.go:30] - G103: Use of unsafe calls should be audited (Confidence: HIGH, Severity: LOW)
  > unsafe.Pointer(&r.iovecs[0])

[/root/go/src/github.com/v2ray/v2ray-core/app/stats/command/command.go:89-91] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > core.RequireFeatures(ctx, func(sm feature_stats.Manager) {
            s.statsManager = sm
        })

[/root/go/src/github.com/v2ray/v2ray-core/common/errors/errors.go:47] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > builder.WriteByte('[')

[/root/go/src/github.com/v2ray/v2ray-core/common/errors/errors.go:48] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > builder.WriteString(serial.ToString(prefix))

[/root/go/src/github.com/v2ray/v2ray-core/common/errors/errors.go:49] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > builder.WriteString("] ")

[/root/go/src/github.com/v2ray/v2ray-core/common/errors/errors.go:54] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > builder.WriteString(path)

[/root/go/src/github.com/v2ray/v2ray-core/common/errors/errors.go:55] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > builder.WriteString(": ")

[/root/go/src/github.com/v2ray/v2ray-core/common/errors/errors.go:59] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > builder.WriteString(msg)

[/root/go/src/github.com/v2ray/v2ray-core/common/errors/errors.go:62] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > builder.WriteString(" > ")

[/root/go/src/github.com/v2ray/v2ray-core/common/errors/errors.go:63] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > builder.WriteString(err.inner.Error())

[/root/go/src/github.com/v2ray/v2ray-core/common/errors/multi_error.go:11] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > r.WriteString("multierr: ")

[/root/go/src/github.com/v2ray/v2ray-core/common/errors/multi_error.go:13] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > r.WriteString(err.Error())

[/root/go/src/github.com/v2ray/v2ray-core/common/errors/multi_error.go:14] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > r.WriteString(" | ")

[/root/go/src/github.com/v2ray/v2ray-core/app/reverse/portal.go:247] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > common.Interrupt(w.reader)

[/root/go/src/github.com/v2ray/v2ray-core/common/errors/errorgen/main.go:38] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > file.Close()

[/root/go/src/github.com/v2ray/v2ray-core/common/log/access.go:25] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > builder.WriteString(serial.ToString(m.From))

[/root/go/src/github.com/v2ray/v2ray-core/common/log/access.go:26] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > builder.WriteByte(' ')

[/root/go/src/github.com/v2ray/v2ray-core/common/log/access.go:27] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > builder.WriteString(string(m.Status))

[/root/go/src/github.com/v2ray/v2ray-core/common/log/access.go:28] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > builder.WriteByte(' ')

[/root/go/src/github.com/v2ray/v2ray-core/common/log/access.go:29] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > builder.WriteString(serial.ToString(m.To))

[/root/go/src/github.com/v2ray/v2ray-core/common/log/access.go:30] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > builder.WriteByte(' ')

[/root/go/src/github.com/v2ray/v2ray-core/common/log/access.go:31] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > builder.WriteString(serial.ToString(m.Reason))

[/root/go/src/github.com/v2ray/v2ray-core/common/log/logger.go:58] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > logger.Write(msg.String() + platform.LineSeparator())

[/root/go/src/github.com/v2ray/v2ray-core/common/log/logger.go:128] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > file.Close()

[/root/go/src/github.com/v2ray/v2ray-core/common/mux/client.go:215] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > m.sessionManager.Close()

[/root/go/src/github.com/v2ray/v2ray-core/common/mux/client.go:216] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > common.Close(m.link.Writer)

[/root/go/src/github.com/v2ray/v2ray-core/common/mux/client.go:217] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > common.Interrupt(m.link.Reader)

[/root/go/src/github.com/v2ray/v2ray-core/common/mux/client.go:256] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > common.Interrupt(s.input)

[/root/go/src/github.com/v2ray/v2ray-core/common/mux/client.go:263] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > common.Interrupt(s.input)

[/root/go/src/github.com/v2ray/v2ray-core/common/mux/client.go:327] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > closingWriter.Close()

[/root/go/src/github.com/v2ray/v2ray-core/common/mux/client.go:339] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > closingWriter.Close()

[/root/go/src/github.com/v2ray/v2ray-core/common/mux/client.go:342] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > common.Interrupt(s.input)

[/root/go/src/github.com/v2ray/v2ray-core/common/mux/client.go:343] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > s.Close()

[/root/go/src/github.com/v2ray/v2ray-core/common/mux/client.go:353] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > common.Interrupt(s.input)

[/root/go/src/github.com/v2ray/v2ray-core/common/mux/client.go:354] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > common.Interrupt(s.output)

[/root/go/src/github.com/v2ray/v2ray-core/common/mux/client.go:356] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > s.Close()

[/root/go/src/github.com/v2ray/v2ray-core/common/mux/server.go:27-29] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > core.RequireFeatures(ctx, func(d routing.Dispatcher) {
        s.dispatcher = d
    })

[/root/go/src/github.com/v2ray/v2ray-core/common/mux/server.go:92] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > writer.Close()

[/root/go/src/github.com/v2ray/v2ray-core/common/mux/server.go:93] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > s.Close()

[/root/go/src/github.com/v2ray/v2ray-core/common/mux/server.go:127] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > buf.Copy(NewStreamReader(reader), buf.Discard)

[/root/go/src/github.com/v2ray/v2ray-core/common/mux/server.go:149] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > buf.Copy(rr, buf.Discard)

[/root/go/src/github.com/v2ray/v2ray-core/common/mux/server.go:150] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > common.Interrupt(s.input)

[/root/go/src/github.com/v2ray/v2ray-core/common/mux/server.go:165] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > closingWriter.Close()

[/root/go/src/github.com/v2ray/v2ray-core/app/reverse/portal.go:246] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > common.Close(w.writer)

[/root/go/src/github.com/v2ray/v2ray-core/common/mux/server.go:181] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > common.Interrupt(s.input)

[/root/go/src/github.com/v2ray/v2ray-core/common/mux/server.go:182] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > s.Close()

[/root/go/src/github.com/v2ray/v2ray-core/common/mux/server.go:192] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > common.Interrupt(s.input)

[/root/go/src/github.com/v2ray/v2ray-core/common/mux/server.go:193] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > common.Interrupt(s.output)

[/root/go/src/github.com/v2ray/v2ray-core/common/mux/server.go:195] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > s.Close()

[/root/go/src/github.com/v2ray/v2ray-core/common/mux/server.go:245] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > common.Interrupt(input)

[/root/go/src/github.com/v2ray/v2ray-core/common/mux/session.go:129] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > common.Close(s.input)

[/root/go/src/github.com/v2ray/v2ray-core/common/mux/session.go:130] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > common.Close(s.output)

[/root/go/src/github.com/v2ray/v2ray-core/common/mux/session.go:148] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > common.Close(s.output)

[/root/go/src/github.com/v2ray/v2ray-core/common/mux/session.go:149] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > common.Close(s.input)

[/root/go/src/github.com/v2ray/v2ray-core/common/mux/writer.go:124] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > w.writer.WriteMultiBuffer(buf.MultiBuffer{frame})

[/root/go/src/github.com/v2ray/v2ray-core/common/net/connection.go:118] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > common.Close(c.reader)

[/root/go/src/github.com/v2ray/v2ray-core/common/net/connection.go:119] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > common.Close(c.writer)

[/root/go/src/github.com/v2ray/v2ray-core/app/reverse/portal.go:225] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > w.control.Start()

[/root/go/src/github.com/v2ray/v2ray-core/common/protocol/address.go:241] - G103: Use of unsafe calls should be audited (Confidence: HIGH, Severity: LOW)
  > unsafe.Pointer(&s)

[/root/go/src/github.com/v2ray/v2ray-core/common/protocol/address.go:242] - G103: Use of unsafe calls should be audited (Confidence: HIGH, Severity: LOW)
  > unsafe.Pointer(p)

[/root/go/src/github.com/v2ray/v2ray-core/common/protocol/address.go:260] - G103: Use of unsafe calls should be audited (Confidence: HIGH, Severity: LOW)
  > unsafe.Pointer(&s)

[/root/go/src/github.com/v2ray/v2ray-core/common/protocol/address.go:261] - G103: Use of unsafe calls should be audited (Confidence: HIGH, Severity: LOW)
  > unsafe.Pointer(p)

[/root/go/src/github.com/v2ray/v2ray-core/app/reverse/portal.go:124] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > p.cTask.Start()

[/root/go/src/github.com/v2ray/v2ray-core/app/reverse/portal.go:100] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > common.Interrupt(link.Writer)

[/root/go/src/github.com/v2ray/v2ray-core/app/reverse/config.go:13] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > io.ReadFull(rand.Reader, c.Random)

[/root/go/src/github.com/v2ray/v2ray-core/common/mux/server.go:178] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > closingWriter.Close()

[/root/go/src/github.com/v2ray/v2ray-core/common/serial/serial.go:17] - G103: Use of unsafe calls should be audited (Confidence: HIGH, Severity: LOW)
  > unsafe.Pointer(p)

[/root/go/src/github.com/v2ray/v2ray-core/common/serial/serial.go:30] - G103: Use of unsafe calls should be audited (Confidence: HIGH, Severity: LOW)
  > unsafe.Pointer(&s)

[/root/go/src/github.com/v2ray/v2ray-core/common/serial/serial.go:31] - G103: Use of unsafe calls should be audited (Confidence: HIGH, Severity: LOW)
  > unsafe.Pointer(p)

[/root/go/src/github.com/v2ray/v2ray-core/common/serial/serial.go:42] - G103: Use of unsafe calls should be audited (Confidence: HIGH, Severity: LOW)
  > unsafe.Pointer(&s)

[/root/go/src/github.com/v2ray/v2ray-core/common/serial/serial.go:43] - G103: Use of unsafe calls should be audited (Confidence: HIGH, Severity: LOW)
  > unsafe.Pointer(p)

[/root/go/src/github.com/v2ray/v2ray-core/common/serial/string.go:32] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > builder.WriteString(ToString(value))

[/root/go/src/github.com/v2ray/v2ray-core/common/signal/timer.go:48] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > t.checkTask.Close()

[/root/go/src/github.com/v2ray/v2ray-core/common/signal/timer.go:67] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > t.checkTask.Close()

[/root/go/src/github.com/v2ray/v2ray-core/common/task/periodic.go:47] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > t.checkedExecute()

[/root/go/src/github.com/v2ray/v2ray-core/app/proxyman/outbound/handler.go:173] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > common.Close(h.mux)

[/root/go/src/github.com/v2ray/v2ray-core/main/distro/debug/debug.go:8] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > http.ListenAndServe(":6060", nil)

[/root/go/src/github.com/v2ray/v2ray-core/proxy/blackhole/blackhole.go:38] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > common.Interrupt(link.Writer)

[/root/go/src/github.com/v2ray/v2ray-core/proxy/blackhole/config.go:32] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > writer.WriteMultiBuffer(buf.MultiBuffer{b})

[/root/go/src/github.com/v2ray/v2ray-core/proxy/dokodemo/dokodemo.go:150] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > common.Interrupt(link.Reader)

[/root/go/src/github.com/v2ray/v2ray-core/proxy/dokodemo/dokodemo.go:151] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > common.Interrupt(link.Writer)

[/root/go/src/github.com/v2ray/v2ray-core/proxy/http/server.go:194] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > common.Interrupt(link.Reader)

[/root/go/src/github.com/v2ray/v2ray-core/proxy/http/server.go:195] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > common.Interrupt(link.Writer)

[/root/go/src/github.com/v2ray/v2ray-core/proxy/http/server.go:290] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > common.Interrupt(link.Reader)

[/root/go/src/github.com/v2ray/v2ray-core/proxy/http/server.go:291] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > common.Interrupt(link.Writer)

[/root/go/src/github.com/v2ray/v2ray-core/proxy/mtproto/server.go:145] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > common.Interrupt(link.Reader)

[/root/go/src/github.com/v2ray/v2ray-core/proxy/mtproto/server.go:146] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > common.Interrupt(link.Writer)

[/root/go/src/github.com/v2ray/v2ray-core/common/serial/serial.go:16] - G103: Use of unsafe calls should be audited (Confidence: HIGH, Severity: LOW)
  > unsafe.Pointer(&s)

[/root/go/src/github.com/v2ray/v2ray-core/app/proxyman/outbound/handler.go:113] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > common.Interrupt(link.Reader)

[/root/go/src/github.com/v2ray/v2ray-core/app/proxyman/outbound/handler.go:109] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > common.Interrupt(link.Writer)

[/root/go/src/github.com/v2ray/v2ray-core/app/proxyman/outbound/handler.go:103] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > common.Interrupt(link.Writer)

[/root/go/src/github.com/v2ray/v2ray-core/app/proxyman/inbound/worker.go:332] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > conn.Close()

[/root/go/src/github.com/v2ray/v2ray-core/proxy/shadowsocks/protocol.go:209] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > buffer.Write(payload)

[/root/go/src/github.com/v2ray/v2ray-core/proxy/shadowsocks/server.go:86] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > conn.Write(data.Bytes())

[/root/go/src/github.com/v2ray/v2ray-core/proxy/shadowsocks/server.go:152] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > conn.SetReadDeadline(time.Now().Add(sessionPolicy.Timeouts.Handshake))

[/root/go/src/github.com/v2ray/v2ray-core/proxy/shadowsocks/server.go:165] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > conn.SetReadDeadline(time.Time{})

[/root/go/src/github.com/v2ray/v2ray-core/proxy/shadowsocks/server.go:233] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > common.Interrupt(link.Reader)

[/root/go/src/github.com/v2ray/v2ray-core/proxy/shadowsocks/server.go:234] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > common.Interrupt(link.Writer)

[/root/go/src/github.com/v2ray/v2ray-core/proxy/socks/protocol.go:48] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > writeSocks4Response(writer, socks4RequestRejected, net.AnyIP, net.Port(0))

[/root/go/src/github.com/v2ray/v2ray-core/proxy/socks/protocol.go:90] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > writeSocks4Response(writer, socks4RequestRejected, net.AnyIP, net.Port(0))

[/root/go/src/github.com/v2ray/v2ray-core/proxy/socks/protocol.go:109] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > writeSocks5AuthenticationResponse(writer, socks5Version, authNoMatchingMethod)

[/root/go/src/github.com/v2ray/v2ray-core/proxy/socks/protocol.go:124] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > writeSocks5AuthenticationResponse(writer, 0x01, 0xFF)

[/root/go/src/github.com/v2ray/v2ray-core/proxy/socks/protocol.go:159] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > writeSocks5Response(writer, statusCmdNotSupport, net.AnyIP, net.Port(0))

[/root/go/src/github.com/v2ray/v2ray-core/proxy/socks/protocol.go:164] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > writeSocks5Response(writer, statusCmdNotSupport, net.AnyIP, net.Port(0))

[/root/go/src/github.com/v2ray/v2ray-core/proxy/socks/protocol.go:167] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > writeSocks5Response(writer, statusCmdNotSupport, net.AnyIP, net.Port(0))

[/root/go/src/github.com/v2ray/v2ray-core/proxy/socks/server.go:168] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > common.Interrupt(link.Reader)

[/root/go/src/github.com/v2ray/v2ray-core/proxy/socks/server.go:169] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > common.Interrupt(link.Writer)

[/root/go/src/github.com/v2ray/v2ray-core/proxy/socks/server.go:192] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > conn.Write(udpMessage.Bytes())

[/root/go/src/github.com/v2ray/v2ray-core/app/proxyman/inbound/worker.go:301] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > conn.Close()

[/root/go/src/github.com/v2ray/v2ray-core/transport/internet/udp/hub.go:73] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > h.conn.Close()

[/root/go/src/github.com/v2ray/v2ray-core/app/proxyman/inbound/worker.go:278] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > conn.writer.WriteMultiBuffer(buf.MultiBuffer{b})

[/root/go/src/github.com/v2ray/v2ray-core/app/log/log.go:130] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > common.Close(g.errorLogger)

[/root/go/src/github.com/v2ray/v2ray-core/app/log/log.go:127] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > common.Close(g.accessLogger)

[/root/go/src/github.com/v2ray/v2ray-core/app/dispatcher/stats.go:24] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > common.Interrupt(w.Writer)

[/root/go/src/github.com/v2ray/v2ray-core/app/dispatcher/default.go:270] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > common.Interrupt(link.Reader)

[/root/go/src/github.com/v2ray/v2ray-core/app/dispatcher/default.go:269] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > common.Close(link.Writer)

[/root/go/src/github.com/v2ray/v2ray-core/app/commander/outbound.go:76] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > common.Interrupt(link.Writer)

[/root/go/src/github.com/v2ray/v2ray-core/app/commander/outbound.go:75] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > common.Interrupt(link.Reader)

[/root/go/src/github.com/v2ray/v2ray-core/app/commander/outbound.go:46] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > c.Close()

[/root/go/src/github.com/v2ray/v2ray-core/proxy/vmess/inbound/inbound.go:155] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > h.clients.Add(user)

[/root/go/src/github.com/v2ray/v2ray-core/proxy/vmess/inbound/inbound.go:306] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > common.Interrupt(link.Reader)

[/root/go/src/github.com/v2ray/v2ray-core/proxy/vmess/inbound/inbound.go:307] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > common.Interrupt(link.Writer)

[/root/go/src/github.com/v2ray/v2ray-core/testing/scenarios/common.go:36] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > conn.SetReadDeadline(deadline)

[/root/go/src/github.com/v2ray/v2ray-core/testing/scenarios/common.go:117] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > server.Process.Kill()

[/root/go/src/github.com/v2ray/v2ray-core/testing/scenarios/common.go:119] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > server.Process.Signal(syscall.SIGTERM)

[/root/go/src/github.com/v2ray/v2ray-core/testing/scenarios/common.go:123] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > server.Process.Wait()

[/root/go/src/github.com/v2ray/v2ray-core/testing/scenarios/common_regular.go:19] - G204: Subprocess launching should be audited (Confidence: HIGH, Severity: LOW)
  > exec.Command("go", "build", "-o="+testBinaryPath, GetSourcePath())

[/root/go/src/github.com/v2ray/v2ray-core/testing/scenarios/common_regular.go:25] - G204: Subprocess launching should be audited (Confidence: HIGH, Severity: LOW)
  > exec.Command(testBinaryPath, "-config=stdin:", "-format=pb")

[/root/go/src/github.com/v2ray/v2ray-core/testing/servers/http/http.go:20] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > resp.Write([]byte("Home"))

[/root/go/src/github.com/v2ray/v2ray-core/testing/servers/tcp/tcp.go:63] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > conn.Write(server.SendFirst)

[/root/go/src/github.com/v2ray/v2ray-core/testing/servers/tcp/tcp.go:105] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > conn.Close()

[/root/go/src/github.com/v2ray/v2ray-core/app/commander/outbound.go:25] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > conn.Close()

[/root/go/src/github.com/v2ray/v2ray-core/transport/internet/domainsocket/listener.go:107] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > f.Close()

[/root/go/src/github.com/v2ray/v2ray-core/transport/internet/headers/http/http.go:168] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > c.errorWriter.Write(c.Conn)

[/root/go/src/github.com/v2ray/v2ray-core/transport/internet/kcp/connection.go:537] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > c.closer.Close()

[/root/go/src/github.com/v2ray/v2ray-core/transport/internet/kcp/connection.go:612] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > c.Close()

[/root/go/src/github.com/v2ray/v2ray-core/transport/internet/kcp/connection.go:658] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > c.output.Write(seg)

[/root/go/src/github.com/v2ray/v2ray-core/transport/internet/kcp/io.go:90] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > bb.Write(b)

[/root/go/src/github.com/v2ray/v2ray-core/transport/internet/kcp/listener.go:150] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > l.hub.Close()

[/root/go/src/github.com/v2ray/v2ray-core/transport/internet/kcp/receiving.go:110] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > l.writer.Write(seg)

[/root/go/src/github.com/v2ray/v2ray-core/transport/internet/kcp/receiving.go:124] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > l.writer.Write(seg)

[/root/go/src/github.com/v2ray/v2ray-core/transport/internet/kcp/segment.go:80] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > s.Data().Write(buf[:dataLen])

[/root/go/src/github.com/v2ray/v2ray-core/transport/internet/kcp/sending.go:120] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > sw.writer.Write(segment)

[/root/go/src/github.com/v2ray/v2ray-core/transport/internet/quic/dialer.go:157] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > rawConn.Close()

[/root/go/src/github.com/v2ray/v2ray-core/transport/internet/quic/dialer.go:163] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > conn.Close()

[/root/go/src/github.com/v2ray/v2ray-core/transport/internet/quic/hub.go:33] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > session.Close()

[/root/go/src/github.com/v2ray/v2ray-core/transport/internet/quic/hub.go:74] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > l.done.Close()

[/root/go/src/github.com/v2ray/v2ray-core/transport/internet/quic/hub.go:75] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > l.listener.Close()

[/root/go/src/github.com/v2ray/v2ray-core/transport/internet/quic/hub.go:76] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > l.rawConn.Close()

[/root/go/src/github.com/v2ray/v2ray-core/transport/internet/quic/hub.go:113] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > conn.Close()

[/root/go/src/github.com/v2ray/v2ray-core/transport/internet/quic/hub.go:119] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > conn.Close()

[/root/go/src/github.com/v2ray/v2ray-core/transport/internet/udp/dispatcher.go:44] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > common.Close(conn.link.Reader)

[/root/go/src/github.com/v2ray/v2ray-core/transport/internet/udp/dispatcher.go:45] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > common.Close(conn.link.Writer)

[/root/go/src/github.com/v2ray/v2ray-core/transport/internet/domainsocket/listener.go:52] - G104: Errors unhandled. (Confidence: HIGH, Severity: LOW)
  > unixListener.Close()

Summary:
   Files: 375
   Lines: 36644
   Nosec: 0
  Issues: 178
slanterns commented 5 years ago

话说和当年ss那边的讨论一样,梯子的首要目标是传送流量而不是保证安全,安全仍然依靠上层协议来实现吧? 所以使用了md5可能无伤大雅,有几个没有处理的异常关系可能也不是太大(当然没有总是更好)