Merge pull request #37 from 9seconds/default-dcidx

Support of default DC indexes

Dockerfile

 ###############################################################################
 # BUILD STAGE
 
-FROM golang:alpine
+FROM golang:1.10-alpine
 
 RUN set -x \
   && apk --no-cache --update add \

Gopkg.lock

   version = "v0.2.0"
 
 [[projects]]
-  digest = "1:a2c1d0e43bd3baaa071d1b9ed72c27d78169b2b269f71c105ac4ba34b1be4a39"
+  digest = "1:ffe9824d294da03b391f44e1ae8281281b4afc1bdaa9588c9097785e3af10cec"
   name = "github.com/davecgh/go-spew"
   packages = ["spew"]
   pruneopts = "UT"
-  revision = "346938d642f2ec3594ed81d874461961cd0faa76"
-  version = "v1.1.0"
+  revision = "8991bc29aa16c548c550c7ff78260e27b9ab7c73"
+  version = "v1.1.1"
 
 [[projects]]
   branch = "master"
 
 [[projects]]
   branch = "master"
-  digest = "1:53bd4347b151fcbedcdda527f7ebf4924f0e21d672131812f857175d8c7a1051"
+  digest = "1:1261ccace00babbf02bb702e71c85c8e81f65bad7bdb98c12c7a409c14de1d86"
   name = "github.com/juju/errors"
   packages = ["."]
   pruneopts = "UT"
-  revision = "812b06ada1776ad4dd95d575e18ffffe3a9ac34a"
+  revision = "22422dad46e14561a0854ad42497a75af9b61909"
 
 [[projects]]
   digest = "1:0028cb19b2e4c3112225cd871870f2d9cf49b9b4276531f03438a88e94be86fe"
   version = "v1.1.0"
 
 [[projects]]
-  digest = "1:d9a420eae5f76973feeb733fbf58f6a89173255b63b27a7ae4b2124a73dc6c5b"
+  digest = "1:c52caf7bd44f92e54627a31b85baf06a68333a196b3d8d241480a774733dcf8b"
   name = "go.uber.org/zap"
   packages = [
     ".",
     "zapcore",
   ]
   pruneopts = "UT"
-  revision = "4d45f9617f7d90f7a663ff21c7a4321dbe78098b"
-  version = "v1.9.0"
+  revision = "ff33455a0e382e8a81d14dd7c922020b6b5e7982"
+  version = "v1.9.1"
 
 [[projects]]
   branch = "master"
-  digest = "1:becb2131aece71c64ebca5ddfd38cf631784fbb3a678d73ead3b42107c9f41ce"
+  digest = "1:937d8f64b118c494c48b0cc9c990f2163c7483e6c70b5828f20006d81c61412f"
   name = "golang.org/x/net"
   packages = [
     "bpf",
     "ipv4",
   ]
   pruneopts = "UT"
-  revision = "3673e40ba22529d22c3fd7c93e97b0ce50fa7bdd"
+  revision = "2f5d2388922f370f4355f327fcf4cfe9f5583908"
 
 [[projects]]
   digest = "1:c06d9e11d955af78ac3bbb26bd02e01d2f61f689e1a3bce2ef6fb683ef8a7f2d"

Makefile

 CC_BINARIES  := $(shell bash -c "echo -n $(APP_NAME)-{linux,freebsd,openbsd}-{386,amd64} $(APP_NAME)-linux-{arm,arm64}")
 APP_DEPS     := version.go $(VENDOR_FILES)
 
-GOLANGCI_LINT_VERSION := v1.9.2
+GOLANGCI_LINT_VERSION := v1.10.2
 
 COMMON_BUILD_FLAGS := -ldflags="-s -w"
 
 
 .PHONY: prepare
 prepare: install-dep install-lint install-critic
+	@dep ensure --vendor-only
 
 .PHONY: install-dep
 install-dep:

client/direct.go

 		return nil, nil, errors.Annotate(err, "Cannot set write buffer size of client socket")
 	}
 
-	socket.SetReadDeadline(time.Now().Add(handshakeTimeout)) // nolint: errcheck
+	socket.SetReadDeadline(time.Now().Add(handshakeTimeout)) // nolint: errcheck, gosec
 	frame, err := obfuscated2.ExtractFrame(socket)
 	if err != nil {
 		return nil, nil, errors.Annotate(err, "Cannot extract frame")
 	}
-	socket.SetReadDeadline(time.Time{}) // nolint: errcheck
+	socket.SetReadDeadline(time.Time{}) // nolint: errcheck, gosec
 
 	conn := wrappers.NewConn(ctx, cancel, socket, connID, wrappers.ConnPurposeClient, conf.PublicIPv4, conf.PublicIPv6)
 	obfs2, connOpts, err := obfuscated2.ParseObfuscated2ClientFrame(conf.Secret, frame)

main.go

 }
 
 func usage(msg string) {
-	io.WriteString(os.Stderr, msg+"\n") // nolint: errcheck
+	io.WriteString(os.Stderr, msg+"\n") // nolint: errcheck, gosec
 	os.Exit(1)
 }

mtproto/rpc/handshake_request.go

 	buf := &bytes.Buffer{}
 	buf.Grow(len(TagHandshake) + len(HandshakeFlags) + len(HandshakeSenderPID) + len(HandshakePeerPID))
 
-	buf.Write(TagHandshake)
-	buf.Write(HandshakeFlags)
-	buf.Write(HandshakeSenderPID)
-	buf.Write(HandshakePeerPID)
+	buf.Write(TagHandshake)       // nolint: gosec
+	buf.Write(HandshakeFlags)     // nolint: gosec
+	buf.Write(HandshakeSenderPID) // nolint: gosec
+	buf.Write(HandshakePeerPID)   // nolint: gosec
 
 	return buf.Bytes()
 }

mtproto/rpc/handshake_response.go

 func (r *HandshakeResponse) Bytes() []byte {
 	buf := &bytes.Buffer{}
 
-	buf.Write(r.Type)
-	buf.Write(r.Flags)
-	buf.Write(r.SenderPID)
-	buf.Write(r.PeerPID)
+	buf.Write(r.Type)      // nolint: gosec
+	buf.Write(r.Flags)     // nolint: gosec
+	buf.Write(r.SenderPID) // nolint: gosec
+	buf.Write(r.PeerPID)   // nolint: gosec
 
 	return buf.Bytes()
 }

mtproto/rpc/nonce_request.go

 func (r *NonceRequest) Bytes() []byte {
 	buf := &bytes.Buffer{}
 
-	buf.Write(TagNonce)
-	buf.Write(r.KeySelector)
-	buf.Write(NonceCryptoAES)
-	buf.Write(r.CryptoTS)
-	buf.Write(r.Nonce)
+	buf.Write(TagNonce)       // nolint: gosec
+	buf.Write(r.KeySelector)  // nolint: gosec
+	buf.Write(NonceCryptoAES) // nolint: gosec
+	buf.Write(r.CryptoTS)     // nolint: gosec
+	buf.Write(r.Nonce)        // nolint: gosec
 
 	return buf.Bytes()
 }

mtproto/rpc/nonce_response.go

 func (r *NonceResponse) Bytes() []byte {
 	buf := &bytes.Buffer{}
 
-	buf.Write(r.Type)
-	buf.Write(r.KeySelector)
-	buf.Write(r.Crypto)
-	buf.Write(r.CryptoTS)
-	buf.Write(r.Nonce)
+	buf.Write(r.Type)        // nolint: gosec
+	buf.Write(r.KeySelector) // nolint: gosec
+	buf.Write(r.Crypto)      // nolint: gosec
+	buf.Write(r.CryptoTS)    // nolint: gosec
+	buf.Write(r.Nonce)       // nolint: gosec
 
 	return buf.Bytes()
 }

mtproto/rpc/proxy_request.go

 		flags |= proxyRequestFlagsEncrypted
 	}
 
-	buf.Write(TagProxyRequest)
-	buf.Write(flags.Bytes())
-	buf.Write(r.ConnectionID)
-	buf.Write(r.ClientIPPort)
-	buf.Write(r.OurIPPort)
-	buf.Write(ProxyRequestExtraSize)
-	buf.Write(ProxyRequestProxyTag)
-	buf.WriteByte(byte(len(r.ADTag)))
-	buf.Write(r.ADTag)
-	buf.Write(make([]byte, (4-buf.Len()%4)%4))
+	buf.Write(TagProxyRequest)                 // nolint: gosec
+	buf.Write(flags.Bytes())                   // nolint: gosec
+	buf.Write(r.ConnectionID)                  // nolint: gosec
+	buf.Write(r.ClientIPPort)                  // nolint: gosec
+	buf.Write(r.OurIPPort)                     // nolint: gosec
+	buf.Write(ProxyRequestExtraSize)           // nolint: gosec
+	buf.Write(ProxyRequestProxyTag)            // nolint: gosec
+	buf.WriteByte(byte(len(r.ADTag)))          // nolint: gosec
+	buf.Write(r.ADTag)                         // nolint: gosec
+	buf.Write(make([]byte, (4-buf.Len()%4)%4)) // nolint: gosec
 
 	return buf, flags
 }

obfuscated2/frame.go

 		}
 
 		// error has to be checked before calling this function
-		tag, _ := connectionType.Tag() // nolint: errcheck
+		tag, _ := connectionType.Tag() // nolint: errcheck, gosec
 		copy(frame.Magic(), tag)
 
 		return frame

obfuscated2/obfuscated2.go

 // Beware, link above is in russian.
 func ParseObfuscated2ClientFrame(secret []byte, frame Frame) (*Obfuscated2, *mtproto.ConnectionOpts, error) {
 	decHasher := sha256.New()
-	decHasher.Write(frame.Key()) // nolint: errcheck
-	decHasher.Write(secret)      // nolint: errcheck
+	decHasher.Write(frame.Key()) // nolint: errcheck, gosec
+	decHasher.Write(secret)      // nolint: errcheck, gosec
 	decryptor := makeStreamCipher(decHasher.Sum(nil), frame.IV())
 
 	invertedFrame := frame.Invert()
 	encHasher := sha256.New()
-	encHasher.Write(invertedFrame.Key()) // nolint: errcheck
-	encHasher.Write(secret)              // nolint: errcheck
+	encHasher.Write(invertedFrame.Key()) // nolint: errcheck, gosec
+	encHasher.Write(secret)              // nolint: errcheck, gosec
 	encryptor := makeStreamCipher(encHasher.Sum(nil), invertedFrame.IV())
 
 	decryptedFrame := make(Frame, FrameLen)
 }
 
 func makeStreamCipher(key, iv []byte) cipher.Stream {
-	block, _ := aes.NewCipher(key)
+	block, _ := aes.NewCipher(key) // nolint: gosec
 	return cipher.NewCTR(block, iv)
 }

obfuscated2/obfuscated2_test.go

 
 	clientFrame := generateFrame(mtproto.ConnectionTypeIntermediate)
 	clientHasher := sha256.New()
-	clientHasher.Write(clientFrame.Key()) // nolint: errcheck
-	clientHasher.Write(secret)            // nolint: errcheck
+	clientHasher.Write(clientFrame.Key()) // nolint: errcheck, gosec
+	clientHasher.Write(secret)            // nolint: errcheck, gosec
 	clientKey := clientHasher.Sum(nil)
 
 	encryptor := makeStreamCipher(clientKey, clientFrame.IV())
 
 	invertedClientFrame := clientFrame.Invert()
 	clientHasher = sha256.New()
-	clientHasher.Write(invertedClientFrame.Key()) // nolint: errcheck
-	clientHasher.Write(secret)                    // nolint: errcheck
+	clientHasher.Write(invertedClientFrame.Key()) // nolint: errcheck, gosec
+	clientHasher.Write(secret)                    // nolint: errcheck, gosec
 	invertedClientKey := clientHasher.Sum(nil)
 	clientDecryptor := makeStreamCipher(invertedClientKey, invertedClientFrame.IV())
 

proxy/proxy.go

 
 	defer func() {
 		cancel()
-		conn.Close() // nolint: errcheck
+		conn.Close() // nolint: errcheck, gosec
 
 		if err := recover(); err != nil {
 			stats.NewCrash()
 
 	go func() {
 		<-ctx.Done()
-		serverConn.(io.Closer).Close()
-		clientConn.(io.Closer).Close()
+		serverConn.(io.Closer).Close() // nolint: gosec
+		clientConn.(io.Closer).Close() // nolint: gosec
 	}()
 
 	wait := &sync.WaitGroup{}
 func (p *Proxy) middlePipe(src wrappers.PacketReadCloser, dst io.WriteCloser,
 	wait *sync.WaitGroup, hacks *mtproto.Hacks) {
 	defer func() {
-		src.Close() // nolint: errcheck
-		dst.Close() // nolint: errcheck
+		src.Close() // nolint: errcheck, gosec
+		dst.Close() // nolint: errcheck, gosec
 		wait.Done()
 	}()
 
 func (p *Proxy) directPipe(src wrappers.StreamReadCloser, dst io.WriteCloser,
 	wait *sync.WaitGroup, bufferSize int) {
 	defer func() {
-		src.Close() // nolint: errcheck
-		dst.Close() // nolint: errcheck
+		src.Close() // nolint: errcheck, gosec
+		dst.Close() // nolint: errcheck, gosec
 		wait.Done()
 	}()
 

stats/server.go

 		}
 
 		interm := map[string]interface{}{}
-		json.Unmarshal(first, &interm) // nolint: errcheck
+		json.Unmarshal(first, &interm) // nolint: errcheck, gosec
 
 		encoder := json.NewEncoder(w)
 		encoder.SetEscapeHTML(false)

telegram/direct.go

 	"github.com/9seconds/mtg/wrappers"
 )
 
+const (
+	directV4DefaultIdx = 1
+	directV6DefaultIdx = 1
+)
+
 var (
 	directV4Addresses = map[int16][]string{
 		0: {"149.154.175.50:443"},
 				Dialer: net.Dialer{Timeout: telegramDialTimeout},
 				conf:   conf,
 			},
-			v4Addresses: directV4Addresses,
-			v6Addresses: directV6Addresses,
+			v4DefaultIdx: directV4DefaultIdx,
+			v6DefaultIdx: directV6DefaultIdx,
+			v4Addresses:  directV4Addresses,
+			v6Addresses:  directV6Addresses,
 		},
 	}
 }

telegram/middle_caller.go

 		return errors.Annotate(err, "Cannot get proxy secret")
 	}
 
-	v4Addresses, err := t.getTelegramAddresses(tgAddrProxyV4)
+	v4Addresses, v4DefaultIdx, err := t.getTelegramAddresses(tgAddrProxyV4)
 	if err != nil {
 		return errors.Annotate(err, "Cannot get ipv4 addresses")
 	}
 
-	v6Addresses, err := t.getTelegramAddresses(tgAddrProxyV6)
+	v6Addresses, v6DefaultIdx, err := t.getTelegramAddresses(tgAddrProxyV6)
 	if err != nil {
 		return errors.Annotate(err, "Cannot get ipv6 addresses")
 	}
 
 	t.dialerMutex.Lock()
 	t.proxySecret = secret
+	t.v4DefaultIdx = v4DefaultIdx
+	t.v6DefaultIdx = v6DefaultIdx
 	t.v4Addresses = v4Addresses
 	t.v6Addresses = v6Addresses
 	t.dialerMutex.Unlock()
 	return secret, nil
 }
 
-func (t *middleTelegramCaller) getTelegramAddresses(url string) (map[int16][]string, error) {
+func (t *middleTelegramCaller) getTelegramAddresses(url string) (map[int16][]string, int16, error) { // nolint: gocyclo
 	resp, err := t.call(url)
 	if err != nil {
-		return nil, errors.Annotate(err, "Cannot access telegram server")
+		return nil, 0, errors.Annotate(err, "Cannot access telegram server")
 	}
 	defer resp.Body.Close() // nolint: errcheck
 
 	scanner := bufio.NewScanner(resp.Body)
 	data := map[int16][]string{}
+
+	var defaultIdx int16 = 1
 	for scanner.Scan() {
 		text := strings.TrimSpace(scanner.Text())
-		if strings.HasPrefix(text, "#") {
+		switch {
+		case strings.HasPrefix(text, "#"):
 			continue
+		case strings.HasPrefix(text, "proxy_for"):
+			addr, idx, err2 := t.parseProxyFor(text)
+			if err2 != nil {
+				return nil, 0, errors.Annotate(err2, "Cannot parse 'proxy_for' section")
+			}
+			if addresses, ok := data[idx]; ok {
+				data[idx] = append(addresses, addr)
+			} else {
+				data[idx] = []string{addr}
+			}
+		case strings.HasPrefix(text, "default"):
+			idx, err2 := t.parseDefault(text)
+			if err2 != nil {
+				return nil, 0, errors.Annotate(err2, "Cannot parse 'default' section")
+			}
+			defaultIdx = idx
+		default:
+			return nil, 0, errors.Errorf("Unknown config string '%s'", text)
 		}
+	}
 
-		chunks := middleTelegramProxyConfigSplitter.Split(text, 3)
-		if len(chunks) != 3 || chunks[0] != "proxy_for" {
-			return nil, errors.Errorf("Incorrect config '%s'", text)
-		}
-		dcIdx64, err2 := strconv.ParseInt(chunks[1], 10, 16)
-		if err2 != nil {
-			return nil, errors.Errorf("Incorrect config '%s'", text)
-		}
-		dcIdx := int16(dcIdx64)
+	err = scanner.Err()
+	if err != nil {
+		return nil, 0, errors.Annotate(err, "Cannot read response from the telegram")
+	}
 
-		addr := strings.TrimRight(chunks[2], ";")
-		if _, _, err2 = net.SplitHostPort(addr); err != nil {
-			return nil, errors.Annotatef(err2, "Incorrect config '%s'", text)
-		}
+	return data, defaultIdx, nil
+}
 
-		if addresses, ok := data[dcIdx]; ok {
-			data[dcIdx] = append(addresses, addr)
-		} else {
-			data[dcIdx] = []string{addr}
-		}
+func (t *middleTelegramCaller) parseProxyFor(text string) (string, int16, error) {
+	chunks := middleTelegramProxyConfigSplitter.Split(text, 3)
+	if len(chunks) != 3 || chunks[0] != "proxy_for" {
+		return "", 0, errors.Errorf("Incorrect config '%s'", text)
 	}
-	err = scanner.Err()
+
+	dcIdx, err := strconv.ParseInt(chunks[1], 10, 16)
+	if err != nil {
+		return "", 0, errors.Annotatef(err, "Incorrect config '%s'", text)
+	}
+
+	addr := strings.TrimRight(chunks[2], ";")
+	if _, _, err = net.SplitHostPort(addr); err != nil {
+		return "", 0, errors.Annotatef(err, "Incorrect config '%s'", text)
+	}
+
+	return addr, int16(dcIdx), nil
+}
+
+func (t *middleTelegramCaller) parseDefault(text string) (int16, error) {
+	chunks := middleTelegramProxyConfigSplitter.Split(text, 2)
+	if len(chunks) != 2 || chunks[0] != "default" {
+		return 0, errors.Errorf("Incorrect config '%s'", text)
+	}
+
+	dcIdxString := strings.TrimRight(chunks[1], ";")
+	dcIdx, err := strconv.ParseInt(dcIdxString, 10, 16)
 	if err != nil {
-		return nil, errors.Annotate(err, "Cannot read response from the telegram")
+		return 0, errors.Annotatef(err, "Incorrect config '%s'", text)
 	}
 
-	return data, nil
+	return int16(dcIdx), nil
 }
 
 func (t *middleTelegramCaller) call(url string) (*http.Response, error) {
-	req, _ := http.NewRequest("GET", url, nil)
+	req, _ := http.NewRequest("GET", url, nil) // nolint: gosec
 	req.Header.Set("Accept", "text/plain")
 	req.Header.Set("User-Agent", tgUserAgent)
 

telegram/telegram.go

 type baseTelegram struct {
 	dialer tgDialer
 
-	v4Addresses map[int16][]string
-	v6Addresses map[int16][]string
+	v4DefaultIdx int16
+	v6DefaultIdx int16
+	v4Addresses  map[int16][]string
+	v6Addresses  map[int16][]string
 }
 
 func (b *baseTelegram) dial(ctx context.Context, cancel context.CancelFunc, dcIdx int16, connID string,
 	addrs := make([]string, 2)
 
 	if proto&mtproto.ConnectionProtocolIPv6 != 0 {
-		if addr, ok := b.v6Addresses[dcIdx]; ok && len(addr) > 0 {
-			addrs = append(addrs, addr[rand.Intn(len(addr))])
+		if addr := b.chooseAddress(b.v6Addresses, dcIdx, b.v6DefaultIdx); addr != "" {
+			addrs = append(addrs, addr)
 		}
 	}
 	if proto&mtproto.ConnectionProtocolIPv4 != 0 {
-		if addr, ok := b.v4Addresses[dcIdx]; ok && len(addr) > 0 {
-			addrs = append(addrs, addr[rand.Intn(len(addr))])
+		if addr := b.chooseAddress(b.v4Addresses, dcIdx, b.v4DefaultIdx); addr != "" {
+			addrs = append(addrs, addr)
 		}
 	}
 
 
 	return nil, errors.New("Cannot connect to Telegram")
 }
+
+func (b *baseTelegram) chooseAddress(addresses map[int16][]string, idx, defaultIdx int16) string {
+	if addr, ok := addresses[idx]; ok {
+		return b.chooseRandomAddress(addr)
+	} else if addr, ok := addresses[defaultIdx]; ok {
+		return b.chooseRandomAddress(addr)
+	}
+
+	return ""
+}
+
+func (b *baseTelegram) chooseRandomAddress(addresses []string) string {
+	if len(addresses) > 0 {
+		return addresses[rand.Intn(len(addresses))]
+	}
+
+	return ""
+}

wrappers/blockcipher.go

 	}
 
 	b.decryptor.CryptBlocks(buf, buf)
-	b.buf.Write(buf)
+	b.buf.Write(buf) // nolint: gosec
 
 	return b.flush(p)
 }

wrappers/conn.go

 	case res := <-resChan:
 		timer.Stop()
 		if res.err != nil {
-			c.Close()
+			c.Close() // nolint: gosec
 		}
 		return res.n, res.err
 	case <-c.ctx.Done():
 		timer.Stop()
-		c.Close()
+		c.Close() // nolint: gosec
 		return 0, errors.Annotate(c.ctx.Err(), "Cannot do IO because context is closed")
 	case <-timer.C:
-		c.Close()
+		c.Close() // nolint: gosec
 		return 0, errors.Annotate(c.ctx.Err(), "Timeout on IO operation")
 	}
 }

wrappers/mtproto_abridged.go

 		buf := &bytes.Buffer{}
 		buf.Grow(1 + 3 + len(p))
 
-		buf.WriteByte(byte(mtprotoAbridgedSmallPacketLength))
-		buf.Write(length24[:])
-		buf.Write(p)
+		buf.WriteByte(byte(mtprotoAbridgedSmallPacketLength)) // nolint: gosec
+		buf.Write(length24[:])                                // nolint: gosec
+		buf.Write(p)                                          // nolint: gosec
 
 		return m.conn.Write(buf.Bytes())
 	}

wrappers/mtproto_cipher.go

 	"bytes"
 	"crypto/aes"
 	"crypto/cipher"
-	"crypto/md5" // nolint: gas
-	"crypto/sha1"
+	"crypto/md5"  // nolint: gas
+	"crypto/sha1" // nolint: gosec
 	"encoding/binary"
 	"net"
 
 func deriveKeys(purpose cipherPurpose, req *rpc.NonceRequest, resp *rpc.NonceResponse,
 	client, remote *net.TCPAddr, secret []byte) ([]byte, []byte) {
 	message := bytes.Buffer{}
-	message.Write(resp.Nonce)
-	message.Write(req.Nonce)
-	message.Write(req.CryptoTS)
+	message.Write(resp.Nonce)   // nolint: gosec
+	message.Write(req.Nonce)    // nolint: gosec
+	message.Write(req.CryptoTS) // nolint: gosec
 
 	clientIPv4 := emptyIP[:]
 	serverIPv4 := emptyIP[:]
 		clientIPv4 = utils.ReverseBytes(client.IP.To4())
 		serverIPv4 = utils.ReverseBytes(remote.IP.To4())
 	}
-	message.Write(serverIPv4)
+	message.Write(serverIPv4) // nolint: gosec
 
 	var port [2]byte
 	binary.LittleEndian.PutUint16(port[:], uint16(client.Port))
-	message.Write(port[:])
+	message.Write(port[:]) // nolint: gosec
 
 	switch purpose {
 	case cipherPurposeClient:
-		message.WriteString("CLIENT")
+		message.WriteString("CLIENT") // nolint: gosec
 	case cipherPurposeServer:
-		message.WriteString("SERVER")
+		message.WriteString("SERVER") // nolint: gosec
 	default:
 		panic("Unexpected cipher purpose")
 	}
 
-	message.Write(clientIPv4)
+	message.Write(clientIPv4) // nolint: gosec
 	binary.LittleEndian.PutUint16(port[:], uint16(remote.Port))
-	message.Write(port[:])
-	message.Write(secret)
-	message.Write(resp.Nonce)
+	message.Write(port[:])    // nolint: gosec
+	message.Write(secret)     // nolint: gosec
+	message.Write(resp.Nonce) // nolint: gosec
 
 	if client.IP.To4() == nil {
-		message.Write(client.IP.To16())
-		message.Write(remote.IP.To16())
+		message.Write(client.IP.To16()) // nolint: gosec
+		message.Write(remote.IP.To16()) // nolint: gosec
 	}
-	message.Write(req.Nonce)
+	message.Write(req.Nonce) // nolint: gosec
 
 	data := message.Bytes()
 	md5sum := md5.Sum(data[1:]) // nolint: gas
-	sha1sum := sha1.Sum(data)
+	sha1sum := sha1.Sum(data)   // nolint: gosec
 
 	key := append(md5sum[:12], sha1sum[:]...)
 	iv := md5.Sum(data[2:]) // nolint: gas

wrappers/mtproto_frame.go

 	}
 
 	var seqNo int32
-	binary.Read(buf, binary.LittleEndian, &seqNo) // nolint: errcheck
+	binary.Read(buf, binary.LittleEndian, &seqNo) // nolint: errcheck, gosec
 	if seqNo != m.readSeqNo {
 		return nil, errors.Errorf("Unexpected sequence number %d (wait for %d)", seqNo, m.readSeqNo)
 	}
 
-	data, _ := ioutil.ReadAll(buf)
+	data, _ := ioutil.ReadAll(buf) // nolint: gosec
 	buf.Reset()
 	// write to buf, not to writer. This is because we are going to fetch
 	// crc32 checksum.
 	buf := &bytes.Buffer{}
 	buf.Grow(messageLength + paddingLength)
 
-	binary.Write(buf, binary.LittleEndian, uint32(messageLength)) // nolint: errcheck
-	binary.Write(buf, binary.LittleEndian, m.writeSeqNo)          // nolint: errcheck
-	buf.Write(p)
+	binary.Write(buf, binary.LittleEndian, uint32(messageLength)) // nolint: errcheck, gosec
+	binary.Write(buf, binary.LittleEndian, m.writeSeqNo)          // nolint: errcheck, gosec
+	buf.Write(p)                                                  // nolint: gosec
 
 	checksum := crc32.ChecksumIEEE(buf.Bytes())
-	binary.Write(buf, binary.LittleEndian, checksum) // nolint: errcheck
-	buf.Write(bytes.Repeat(mtprotoFramePadding, paddingLength/4))
+	binary.Write(buf, binary.LittleEndian, checksum)              // nolint: errcheck, gosec
+	buf.Write(bytes.Repeat(mtprotoFramePadding, paddingLength/4)) // nolint: gosec
 
 	m.logger.Debugw("Write MTProto frame",
 		"length", len(p),

wrappers/mtproto_intermediate_secure.go

 	paddingLength := rand.Intn(4)
 	buf.Grow(4 + len(p) + paddingLength)
 
-	binary.Write(buf, binary.LittleEndian, uint32(len(p)+paddingLength)) // nolint: errcheck
-	buf.Write(p)
-	buf.Write(make([]byte, paddingLength))
+	binary.Write(buf, binary.LittleEndian, uint32(len(p)+paddingLength)) // nolint: errcheck, gosec
+	buf.Write(p)                                                         // nolint: gosec
+	buf.Write(make([]byte, paddingLength))                               // nolint: gosec
 
 	m.logger.Debugw("Write packet with padding",
 		"simple_ack", m.opts.WriteHacks.SimpleAck,

wrappers/mtproto_proxy.go

 			zap.Stringer("flags", flags),
 		)
 	}
-	header.Write(p)
+	header.Write(p) // nolint: gosec
 
 	if _, err := m.conn.Write(header.Bytes()); err != nil {
 		return 0, err

wrappers/streamcipher.go

 
 	buf.Reset()
 	buf.Grow(len(p))
-	buf.Write(p)
+	buf.Write(p) // nolint: gosec
 
 	data := buf.Bytes()
 	s.encryptor.XORKeyStream(data, data)