From aa45ccc63e906d8e999d6cac0d27dff2bb016b8d Mon Sep 17 00:00:00 2001 From: Pion <59523206+pionbot@users.noreply.github.com> Date: Thu, 5 Mar 2026 12:09:00 +0000 Subject: [PATCH 1/2] Update CI configs to v0.12.1 Update lint scripts and CI configs. --- .golangci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.golangci.yml b/.golangci.yml index 43af4c3..1fbb8db 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -41,6 +41,7 @@ linters: - maintidx # maintidx measures the maintainability index of each function. - makezero # Finds slice declarations with non-zero initial length - misspell # Finds commonly misspelled English words in comments + - modernize # Replace and suggests simplifications to code - nakedret # Finds naked returns in functions greater than a specified function length - nestif # Reports deeply nested if statements - nilerr # Finds the code that returns nil even if it checks that the error is not nil. From c5fbda1255a7c56acaab0f3291cb4122a338e2b2 Mon Sep 17 00:00:00 2001 From: Alex Snyatkov Date: Fri, 27 Mar 2026 00:54:53 +0000 Subject: [PATCH 2/2] Fix linter warnings - gosec G115: Add nolint for safe bit-shift integer conversions in key derivation and test data - modernize: Use range over int, remove forvar copies - gci: Fix nolint comment alignment --- context_test.go | 2 +- crypto_test.go | 2 +- key_derivation.go | 14 +++++++------- session_srtcp_test.go | 2 +- srtcp_test.go | 12 ------------ srtp_cipher_aes_cm_hmac_sha1.go | 2 +- srtp_test.go | 7 ++----- 7 files changed, 13 insertions(+), 28 deletions(-) diff --git a/context_test.go b/context_test.go index 60af35e..86f0b98 100644 --- a/context_test.go +++ b/context_test.go @@ -197,7 +197,7 @@ func TestInvalidContextOptions(t *testing.T) { assert.ErrorIs(t, err, errTooShortSRTPAuthTag) } - for n := 0; n < 4; n++ { + for n := range 4 { _, err = CreateContext(masterKey, masterSalt, profile, RolloverCounterCarryingTransform(RCCMode2, 10), SRTPAuthenticationTagLength(n)) assert.ErrorIs(t, err, errTooShortSRTPAuthTag) diff --git a/crypto_test.go b/crypto_test.go index 403f137..c41437b 100644 --- a/crypto_test.go +++ b/crypto_test.go @@ -62,7 +62,7 @@ func TestXorBytesCTR(t *testing.T) { require.NoError(t, err) iv := make([]byte, block.BlockSize()) - for i := 0; i < 1500; i++ { + for i := range 1500 { src := make([]byte, i) dst := make([]byte, i) reference := make([]byte, i) diff --git a/key_derivation.go b/key_derivation.go index b709c5c..afd789b 100644 --- a/key_derivation.go +++ b/key_derivation.go @@ -60,15 +60,15 @@ func generateCounter( copy(counter[:], sessionSalt) counter[4] ^= byte(ssrc >> 24) - counter[5] ^= byte(ssrc >> 16) - counter[6] ^= byte(ssrc >> 8) - counter[7] ^= byte(ssrc) + counter[5] ^= byte(ssrc >> 16) //nolint:gosec + counter[6] ^= byte(ssrc >> 8) //nolint:gosec + counter[7] ^= byte(ssrc) //nolint:gosec counter[8] ^= byte(rolloverCounter >> 24) - counter[9] ^= byte(rolloverCounter >> 16) - counter[10] ^= byte(rolloverCounter >> 8) - counter[11] ^= byte(rolloverCounter) + counter[9] ^= byte(rolloverCounter >> 16) //nolint:gosec + counter[10] ^= byte(rolloverCounter >> 8) //nolint:gosec + counter[11] ^= byte(rolloverCounter) //nolint:gosec counter[12] ^= byte(sequenceNumber >> 8) - counter[13] ^= byte(sequenceNumber) + counter[13] ^= byte(sequenceNumber) //nolint:gosec return counter } diff --git a/session_srtcp_test.go b/session_srtcp_test.go index 80199fc..820e220 100644 --- a/session_srtcp_test.go +++ b/session_srtcp_test.go @@ -193,7 +193,7 @@ func TestSessionSRTCPReplayProtection(t *testing.T) { // Generate test packets var packets [][]byte var expectedSSRC []uint32 - for i := uint32(0); i < 0x100; i++ { + for i := range uint32(0x100) { testPacket := &rtcp.PictureLossIndication{ MediaSSRC: testSSRC, SenderSSRC: i, diff --git a/srtcp_test.go b/srtcp_test.go index 2d2de90..1fa92e2 100644 --- a/srtcp_test.go +++ b/srtcp_test.go @@ -121,10 +121,8 @@ func TestRTCPLifecycle(t *testing.T) { } for name, option := range options { - option := option t.Run(name, func(t *testing.T) { for caseName, testCase := range rtcpTestCases() { - testCase := testCase t.Run(caseName, func(t *testing.T) { assertT := assert.New(t) encryptContext, err := CreateContext(testCase.masterKey, testCase.masterSalt, testCase.algo, option...) @@ -151,7 +149,6 @@ func TestRTCPLifecycle(t *testing.T) { func TestRTCPLifecycleInPlace(t *testing.T) { for caseName, testCase := range rtcpTestCases() { - testCase := testCase t.Run(caseName, func(t *testing.T) { assertT := assert.New(t) authTagLen, err := testCase.algo.AuthTagRTCPLen() @@ -202,7 +199,6 @@ func TestRTCPLifecycleInPlace(t *testing.T) { // Assert that passing a dst buffer that is too short doesn't result in a failure. func TestRTCPLifecyclePartialAllocation(t *testing.T) { for caseName, testCase := range rtcpTestCases() { - testCase := testCase t.Run(caseName, func(t *testing.T) { assertT := assert.New(t) encryptHeader := &rtcp.Header{} @@ -237,7 +233,6 @@ func TestRTCPLifecyclePartialAllocation(t *testing.T) { func TestRTCPInvalidAuthTag(t *testing.T) { for caseName, testCase := range rtcpTestCases() { - testCase := testCase t.Run(caseName, func(t *testing.T) { assertT := assert.New(t) authTagLen, err := testCase.algo.AuthTagRTCPLen() @@ -272,7 +267,6 @@ func TestRTCPInvalidAuthTag(t *testing.T) { func TestRTCPReplayDetectorSeparation(t *testing.T) { for caseName, testCase := range rtcpTestCases() { - testCase := testCase t.Run(caseName, func(t *testing.T) { assertT := assert.New(t) decryptContext, err := CreateContext( @@ -306,7 +300,6 @@ func getRTCPIndex(encrypted []byte, authTagLen int) uint32 { func TestEncryptRTCPSeparation(t *testing.T) { for caseName, testCase := range rtcpTestCases() { - testCase := testCase t.Run(caseName, func(t *testing.T) { assertT := assert.New(t) encryptContext, err := CreateContext(testCase.masterKey, testCase.masterSalt, testCase.algo) @@ -359,7 +352,6 @@ func TestEncryptRTCPSeparation(t *testing.T) { func TestRTCPDecryptShortenedPacket(t *testing.T) { for caseName, testCase := range rtcpTestCases() { - testCase := testCase t.Run(caseName, func(t *testing.T) { pkt := testCase.packets[0] for i := 1; i < len(pkt.encrypted)-1; i++ { @@ -486,7 +478,6 @@ func TestRTCPMaxPackets(t *testing.T) { } for caseName, testCase := range testCases { - testCase := testCase t.Run(caseName, func(t *testing.T) { assertT := assert.New(t) encryptContext, err := CreateContext(testCase.masterKey, testCase.masterSalt, testCase.algo) @@ -571,7 +562,6 @@ func TestRTCPInvalidMKI(t *testing.T) { mki2 := []byte{0x02, 0x03, 0x04, 0x05} for caseName, testCase := range rtcpTestCases() { - testCase := testCase t.Run(caseName, func(t *testing.T) { encryptContext, err := CreateContext( testCase.masterKey, @@ -606,7 +596,6 @@ func TestRTCPHandleMultipleMKI(t *testing.T) { //nolint:cyclop mki2 := []byte{0x02, 0x03, 0x04, 0x05} for caseName, testCase := range rtcpTestCases() { - testCase := testCase t.Run(caseName, func(t *testing.T) { masterKey2 := make([]byte, len(testCase.masterKey)) copy(masterKey2, testCase.masterKey) @@ -660,7 +649,6 @@ func TestRTCPSwitchMKI(t *testing.T) { //nolint:cyclop mki2 := []byte{0x02, 0x03, 0x04, 0x05} for caseName, testCase := range rtcpTestCases() { - testCase := testCase t.Run(caseName, func(t *testing.T) { masterKey2 := make([]byte, len(testCase.masterKey)) copy(masterKey2, testCase.masterKey) diff --git a/srtp_cipher_aes_cm_hmac_sha1.go b/srtp_cipher_aes_cm_hmac_sha1.go index 94a936e..cd43ffa 100644 --- a/srtp_cipher_aes_cm_hmac_sha1.go +++ b/srtp_cipher_aes_cm_hmac_sha1.go @@ -3,7 +3,7 @@ package srtp -import ( //nolint:gci +import ( "crypto/aes" "crypto/cipher" "crypto/hmac" diff --git a/srtp_test.go b/srtp_test.go index c813d98..95c0cb6 100644 --- a/srtp_test.go +++ b/srtp_test.go @@ -652,7 +652,6 @@ func TestRTPDecryptShotenedPacket(t *testing.T) { "GCM": profileGCM, } for name, profile := range profiles { - profile := profile t.Run(name, func(t *testing.T) { for _, testCase := range rtpTestCases() { decryptContext, err := buildTestContext(profile) @@ -682,7 +681,6 @@ func TestRTPMaxPackets(t *testing.T) { "GCM": profileGCM, } for name, profile := range profiles { - profile := profile t.Run(name, func(t *testing.T) { context, err := buildTestContext(profile) assert.NoError(t, err) @@ -724,7 +722,6 @@ func TestRTPBurstLossWithSetROC(t *testing.T) { //nolint:cyclop "GCM": profileGCM, } for name, profile := range profiles { - profile := profile t.Run(name, func(t *testing.T) { assertT := assert.New(t) @@ -746,8 +743,8 @@ func TestRTPBurstLossWithSetROC(t *testing.T) { //nolint:cyclop pkt: rtp.Packet{ Payload: []byte{ byte(i >> 16), - byte(i >> 8), - byte(i), + byte(i >> 8), //nolint:gosec + byte(i), //nolint:gosec }, Header: rtp.Header{ Marker: true,