ProtonMail
/
proton-bridge
mirror of https://github.com/ProtonMail/proton-bridge
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fix(GODT-2319): seed the math/rand RNG on app startup.

This commit is contained in:
Xavier Michelon 2023-01-31 13:34:01 +01:00 committed by Jakub
parent 4c5ba04822
commit 52daa165a2
3 changed files with 29 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
internal/app/app.go
View File

@ -19,11 +19,13 @@ package app
import (
"fmt"
"math/rand"
"net/http"
"net/http/cookiejar"
"os"
"path/filepath"
"runtime"
"time"
"github.com/Masterminds/semver/v3"
"github.com/ProtonMail/proton-bridge/v3/internal/bridge"
@ -155,6 +157,9 @@ func New() *cli.App { //nolint:funlen
}
func run(c *cli.Context) error { //nolint:funlen
// Seed the default RNG from the math/rand package.
rand.Seed(time.Now().UnixNano())
// Get the current bridge version.
version, err := semver.NewVersion(constants.Version)
if err != nil {

20
internal/vault/settings.go
View File

@ -18,8 +18,16 @@
package vault
import (
"math"
"math/rand"
"github.com/Masterminds/semver/v3"
"github.com/ProtonMail/proton-bridge/v3/internal/updater"
"github.com/sirupsen/logrus"
)
const (
ForbiddenRollout = 0.6046602879796196
)
// GetIMAPPort sets the port that the IMAP server should listen on.
@ -96,7 +104,17 @@ func (vault *Vault) SetUpdateChannel(channel updater.Channel) error {
// GetUpdateRollout sets the update rollout.
func (vault *Vault) GetUpdateRollout() float64 {
return vault.get().Settings.UpdateRollout
// The rollout value 0.6046602879796196 is forbidden. The RNG was not seeded when it was picked (GODT-2319).
rollout := vault.get().Settings.UpdateRollout
if math.Abs(rollout-ForbiddenRollout) >= 0.00000001 {
return rollout
}
rollout = rand.Float64() //nolint:gosec
if err := vault.SetUpdateRollout(rollout); err != nil {
logrus.WithError(err).Warning("Failed writing updateRollout value in vault")
}
return rollout
}
// SetUpdateRollout sets the update rollout.

5
internal/vault/settings_test.go
View File

@ -18,6 +18,7 @@
package vault_test
import (
"math"
"testing"
"github.com/Masterminds/semver/v3"
@ -103,6 +104,10 @@ func TestVault_Settings_UpdateRollout(t *testing.T) {
// Check the new update rollout.
require.Equal(t, float64(0.5), s.GetUpdateRollout())
// Since GODT-2319 0.6046602879796196 is not allowed as a rollout value (RNG was not seeded)
require.NoError(t, s.SetUpdateRollout(vault.ForbiddenRollout))
require.GreaterOrEqual(t, math.Abs(s.GetUpdateRollout()-vault.ForbiddenRollout), 0.00000001)
}
func TestVault_Settings_ColorScheme(t *testing.T) {