Replace use of github.com/satori/go.uuid with github.com/google/uuid

The old library we've utilized is unmaintained, and there is an old CVE (CVE-2021-3538), that, whilst not a problem for the way the collector uses UUIDs, is still good to clear out to avoid scanner complaints.
pganalyze · Jul 18, 2024 · 4fca9b7 · 4fca9b7
1 parent 04073db
commit 4fca9b7
Show file tree

Hide file tree

Showing 20 changed files with 37 additions and 814 deletions.
diff --git a/go.mod b/go.mod
@@ -26,7 +26,6 @@ require (
 	github.com/ogier/pflag v0.0.0-20160129220114-45c278ab3607
 	github.com/papertrail/go-tail v0.0.0-20180509224916-973c153b0431
 	github.com/pkg/errors v0.9.1
-	github.com/satori/go.uuid v1.2.0
 	github.com/shirou/gopsutil v3.21.10+incompatible
 	github.com/smartystreets/assertions v0.0.0-20160707190355-2063fd1cc7c9 // indirect
 	github.com/smartystreets/goconvey v0.0.0-20160704134950-4622128e06c7 // indirect
@@ -43,6 +42,7 @@ require (
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0
 	github.com/Azure/azure-sdk-for-go/sdk/messaging/azeventhubs v1.0.0
 	github.com/fatih/color v1.16.0
+	github.com/google/uuid v1.6.0
 	github.com/gorilla/websocket v1.5.1
 	github.com/pganalyze/pg_query_go/v5 v5.1.0
 	github.com/prometheus/procfs v0.7.3
@@ -69,7 +69,6 @@ require (
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/google/go-cmp v0.5.9 // indirect
 	github.com/google/s2a-go v0.1.7 // indirect
-	github.com/google/uuid v1.6.0 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.3.1 // indirect
 	github.com/googleapis/gax-go/v2 v2.12.0 // indirect
 	github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 // indirect

diff --git a/go.sum b/go.sum
@@ -168,8 +168,6 @@ github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:
 github.com/prometheus/procfs v0.7.3 h1:4jVXhlkAyzOScmCkXBTOLRLTz8EeU+eyjrwB/EPq0VU=
 github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
 github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
-github.com/satori/go.uuid v1.2.0 h1:0uYX9dsZ2yD7q2RtLRtPSdGDWzjeM3TbMJP9utgA0ww=
-github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
 github.com/shirou/gopsutil v3.21.10+incompatible h1:AL2kpVykjkqeN+MFe1WcwSBVUjGjvdU8/ubvCuXAjrU=
 github.com/shirou/gopsutil v3.21.10+incompatible/go.mod h1:5b4v6he4MtMOwMlS0TUMTu2PcXUg8+E1lC7eC3UO/RA=
 github.com/smartystreets/assertions v0.0.0-20160707190355-2063fd1cc7c9 h1:Kg4w5zDU3jgGRghptweqKKNAADO4nqR0Grd9WomB8H4=

diff --git a/logs/analyze_test.go b/logs/analyze_test.go
@@ -3,12 +3,12 @@ package logs_test
 import (
 	"testing"
 
+	"github.com/google/uuid"
 	"github.com/guregu/null"
 	"github.com/kylelemons/godebug/pretty"
 	"github.com/pganalyze/collector/logs"
 	"github.com/pganalyze/collector/output/pganalyze_collector"
 	"github.com/pganalyze/collector/state"
-	uuid "github.com/satori/go.uuid"
 )
 
 type testpair struct {

diff --git a/logs/debug.go b/logs/debug.go
@@ -7,9 +7,9 @@ import (
 	"io"
 	"regexp"
 
+	"github.com/google/uuid"
 	"github.com/pganalyze/collector/output/pganalyze_collector"
 	"github.com/pganalyze/collector/state"
-	uuid "github.com/satori/go.uuid"
 )
 
 func PrintDebugInfo(logFileContents string, logLines []state.LogLine, samples []state.PostgresQuerySample) {

diff --git a/logs/parse.go b/logs/parse.go
@@ -8,9 +8,9 @@ import (
 	"strings"
 	"time"
 
+	"github.com/google/uuid"
 	"github.com/pganalyze/collector/output/pganalyze_collector"
 	"github.com/pganalyze/collector/state"
-	uuid "github.com/satori/go.uuid"
 )
 
 const LogPrefixAmazonRds string = "%t:%r:%u@%d:[%p]:"
@@ -620,7 +620,11 @@ func ParseAndAnalyzeBuffer(logStream LineReader, linesNewerThan time.Time, serve
 		logLine.ByteEnd = byteStart + int64(len(line))
 
 		// Generate unique ID that can be used to reference this line
-		logLine.UUID = uuid.NewV4()
+		logLine.UUID, err = uuid.NewRandom()
+		if err != nil {
+			fmt.Printf("Failed to generate log line UUID: %s", err)
+			continue
+		}
 
 		logLines = append(logLines, logLine)
 	}

diff --git a/logs/stream/stream_test.go b/logs/stream/stream_test.go
@@ -8,12 +8,12 @@ import (
 	"testing"
 	"time"
 
+	"github.com/google/uuid"
 	"github.com/kylelemons/godebug/pretty"
 	"github.com/pganalyze/collector/logs/stream"
 	"github.com/pganalyze/collector/output/pganalyze_collector"
 	"github.com/pganalyze/collector/state"
 	"github.com/pganalyze/collector/util"
-	uuid "github.com/satori/go.uuid"
 )
 
 type streamTestpair struct {

diff --git a/output/compact.go b/output/compact.go
@@ -13,10 +13,10 @@ import (
 	"strings"
 	"time"
 
+	"github.com/google/uuid"
 	"github.com/pganalyze/collector/output/pganalyze_collector"
 	"github.com/pganalyze/collector/state"
 	"github.com/pganalyze/collector/util"
-	uuid "github.com/satori/go.uuid"
 	"google.golang.org/protobuf/encoding/protojson"
 	"google.golang.org/protobuf/proto"
 	"google.golang.org/protobuf/types/known/timestamppb"
@@ -26,7 +26,11 @@ func uploadAndSubmitCompactSnapshot(ctx context.Context, s pganalyze_collector.C
 	var err error
 	var data []byte
 
-	snapshotUUID := uuid.NewV4()
+	snapshotUUID, err := uuid.NewRandom()
+	if err != nil {
+		logger.PrintError("Error generating snapshot UUID: %s", err)
+		return err
+	}
 
 	s.SnapshotVersionMajor = 1
 	s.SnapshotVersionMinor = 0

diff --git a/output/full.go b/output/full.go
@@ -12,12 +12,12 @@ import (
 	"strings"
 	"time"
 
+	"github.com/google/uuid"
 	"github.com/pganalyze/collector/output/pganalyze_collector"
 	snapshot "github.com/pganalyze/collector/output/pganalyze_collector"
 	"github.com/pganalyze/collector/output/transform"
 	"github.com/pganalyze/collector/state"
 	"github.com/pganalyze/collector/util"
-	uuid "github.com/satori/go.uuid"
 	"google.golang.org/protobuf/encoding/protojson"
 	"google.golang.org/protobuf/proto"
 	"google.golang.org/protobuf/types/known/timestamppb"
@@ -47,7 +47,11 @@ func submitFull(ctx context.Context, s snapshot.FullSnapshot, server *state.Serv
 	var err error
 	var data []byte
 
-	snapshotUUID := uuid.NewV4()
+	snapshotUUID, err := uuid.NewRandom()
+	if err != nil {
+		logger.PrintError("Error generating snapshot UUID: %s", err)
+		return err
+	}
 
 	s.CollectorErrors = logger.ErrorMessages
 	s.SnapshotVersionMajor = 1

diff --git a/output/transform/logs.go b/output/transform/logs.go
@@ -4,9 +4,9 @@ import (
 	"encoding/json"
 	"fmt"
 
+	"github.com/google/uuid"
 	snapshot "github.com/pganalyze/collector/output/pganalyze_collector"
 	"github.com/pganalyze/collector/state"
-	uuid "github.com/satori/go.uuid"
 	"google.golang.org/protobuf/types/known/timestamppb"
 )
 

diff --git a/runner/logs.go b/runner/logs.go
@@ -11,6 +11,7 @@ import (
 	"github.com/pganalyze/collector/input/system/tembo"
 	"github.com/pganalyze/collector/selftest"
 
+	"github.com/google/uuid"
 	"github.com/guregu/null"
 	"github.com/pganalyze/collector/config"
 	"github.com/pganalyze/collector/grant"
@@ -27,7 +28,6 @@ import (
 	"github.com/pganalyze/collector/state"
 	"github.com/pganalyze/collector/util"
 	"github.com/pkg/errors"
-	uuid "github.com/satori/go.uuid"
 )
 
 const LogDownloadInterval time.Duration = 30 * time.Second
@@ -211,12 +211,17 @@ func setupLogStreamer(ctx context.Context, wg *sync.WaitGroup, globalCollectionO
 					logLinesByServer[identifier] = processLogStream(ctx, server, logLinesByServer[identifier], t, globalCollectionOpts, prefixedLogger, logTestSucceeded, logTestFunc)
 				}
 			case in, ok := <-parsedLogStream:
+				var err error
 				if !ok {
 					return
 				}
 
 				in.LogLine.CollectedAt = time.Now()
-				in.LogLine.UUID = uuid.NewV4()
+				in.LogLine.UUID, err = uuid.NewRandom()
+				if err != nil {
+					logger.PrintError("Could not generate log line UUID: %s", err)
+					continue
+				}
 				logLinesByServer[in.Identifier] = append(logLinesByServer[in.Identifier], in.LogLine)
 			}
 		}

diff --git a/state/logs.go b/state/logs.go
@@ -7,10 +7,10 @@ import (
 	"strings"
 	"time"
 
+	"github.com/google/uuid"
 	"github.com/pganalyze/collector/config"
 	"github.com/pganalyze/collector/output/pganalyze_collector"
 	"github.com/pganalyze/collector/util"
-	uuid "github.com/satori/go.uuid"
 )
 
 type GrantLogs struct {
@@ -191,8 +191,12 @@ func NewLogFile(tmpFile *os.File, originalName string) (LogFile, error) {
 			return LogFile{}, fmt.Errorf("error allocating tempfile for logs: %s", err)
 		}
 	}
+	uuid, err := uuid.NewRandom()
+	if err != nil {
+		return LogFile{}, fmt.Errorf("error generating log file UUID: %s", err)
+	}
 	return LogFile{
-		UUID:         uuid.NewV4(),
+		UUID:         uuid,
 		TmpFile:      tmpFile,
 		OriginalName: originalName,
 	}, nil

diff --git a/state/postgres_query_sample.go b/state/postgres_query_sample.go
@@ -4,9 +4,9 @@ import (
 	"encoding/json"
 	"time"
 
+	"github.com/google/uuid"
 	"github.com/guregu/null"
 	"github.com/pganalyze/collector/output/pganalyze_collector"
-	uuid "github.com/satori/go.uuid"
 )
 
 type ExplainPlanTrigger struct {

diff --git a/vendor/github.com/satori/go.uuid/.travis.yml b/vendor/github.com/satori/go.uuid/.travis.yml
diff --git a/vendor/github.com/satori/go.uuid/LICENSE b/vendor/github.com/satori/go.uuid/LICENSE
diff --git a/vendor/github.com/satori/go.uuid/README.md b/vendor/github.com/satori/go.uuid/README.md