Merge remote-tracking branch 'origin/master' into stable

.travis.yml

@@ -5,8 +5,7 @@ sudo: false
 dist: trusty
 
 go:
-  - "1.9.x"
-  - "1.10.x"
+  - "1.11.x"
   - master
 
 before_script: make prepare
@@ -17,10 +16,6 @@ script:
   - make critic
   - make test
 
-cache:
-  directories:
-    - vendor
-
 matrix:
   allow_failures:
     - go: master

Dockerfile

@@ -1,7 +1,7 @@
 ###############################################################################
 # BUILD STAGE
 
-FROM golang:alpine
+FROM golang:1.11-alpine
 
 RUN set -x \
   && apk --no-cache --update add \
@@ -13,14 +13,7 @@ RUN set -x \
     upx \
   && update-ca-certificates
 
-COPY Gopkg.toml Gopkg.lock Makefile /go/src/github.com/9seconds/mtg/
-
-RUN set -x && \
-  cd /go/src/github.com/9seconds/mtg && \
-  make -j 4 prepare && \
-  make vendor
-
-COPY . /go/src/github.com/9seconds/mtg
+COPY . /go/src/github.com/9seconds/mtg/
 
 RUN set -x \
   && cd /go/src/github.com/9seconds/mtg \

Gopkg.lock

@@ -1,154 +0,0 @@
-# This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'.
-
-
-[[projects]]
-  branch = "master"
-  digest = "1:315c5f2f60c76d89b871c73f9bd5fe689cad96597afd50fb9992228ef80bdd34"
-  name = "github.com/alecthomas/template"
-  packages = [
-    ".",
-    "parse",
-  ]
-  pruneopts = "UT"
-  revision = "a0175ee3bccc567396460bf5acd36800cb10c49c"
-
-[[projects]]
-  branch = "master"
-  digest = "1:c198fdc381e898e8fb62b8eb62758195091c313ad18e52a3067366e1dda2fb3c"
-  name = "github.com/alecthomas/units"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "2efee857e7cfd4f3d0138cc3cbb1b4966962b93a"
-
-[[projects]]
-  digest = "1:a8d622a8049a4aa420e1c509873bb85d4c45c5107f420d922f919bfcb8d08694"
-  name = "github.com/beevik/ntp"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "62c80a04de2086884d8296004b6d74ee1846c582"
-  version = "v0.2.0"
-
-[[projects]]
-  digest = "1:a2c1d0e43bd3baaa071d1b9ed72c27d78169b2b269f71c105ac4ba34b1be4a39"
-  name = "github.com/davecgh/go-spew"
-  packages = ["spew"]
-  pruneopts = "UT"
-  revision = "346938d642f2ec3594ed81d874461961cd0faa76"
-  version = "v1.1.0"
-
-[[projects]]
-  branch = "master"
-  digest = "1:6f9339c912bbdda81302633ad7e99a28dfa5a639c864061f1929510a9a64aa74"
-  name = "github.com/dustin/go-humanize"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "9f541cc9db5d55bce703bd99987c9d5cb8eea45e"
-
-[[projects]]
-  branch = "master"
-  digest = "1:53bd4347b151fcbedcdda527f7ebf4924f0e21d672131812f857175d8c7a1051"
-  name = "github.com/juju/errors"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "812b06ada1776ad4dd95d575e18ffffe3a9ac34a"
-
-[[projects]]
-  digest = "1:0028cb19b2e4c3112225cd871870f2d9cf49b9b4276531f03438a88e94be86fe"
-  name = "github.com/pmezard/go-difflib"
-  packages = ["difflib"]
-  pruneopts = "UT"
-  revision = "792786c7400a136282c1664665ae0a8db921c6c2"
-  version = "v1.0.0"
-
-[[projects]]
-  digest = "1:274f67cb6fed9588ea2521ecdac05a6d62a8c51c074c1fccc6a49a40ba80e925"
-  name = "github.com/satori/go.uuid"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "f58768cc1a7a7e77a3bd49e98cdd21419399b6a3"
-  version = "v1.2.0"
-
-[[projects]]
-  digest = "1:18752d0b95816a1b777505a97f71c7467a8445b8ffb55631a7bf779f6ba4fa83"
-  name = "github.com/stretchr/testify"
-  packages = ["assert"]
-  pruneopts = "UT"
-  revision = "f35b8ab0b5a2cef36673838d662e249dd9c94686"
-  version = "v1.2.2"
-
-[[projects]]
-  digest = "1:3c1a69cdae3501bf75e76d0d86dc6f2b0a7421bc205c0cb7b96b19eed464a34d"
-  name = "go.uber.org/atomic"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "1ea20fb1cbb1cc08cbd0d913a96dead89aa18289"
-  version = "v1.3.2"
-
-[[projects]]
-  digest = "1:60bf2a5e347af463c42ed31a493d817f8a72f102543060ed992754e689805d1a"
-  name = "go.uber.org/multierr"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "3c4937480c32f4c13a875a1829af76c98ca3d40a"
-  version = "v1.1.0"
-
-[[projects]]
-  digest = "1:d9a420eae5f76973feeb733fbf58f6a89173255b63b27a7ae4b2124a73dc6c5b"
-  name = "go.uber.org/zap"
-  packages = [
-    ".",
-    "buffer",
-    "internal/bufferpool",
-    "internal/color",
-    "internal/exit",
-    "zapcore",
-  ]
-  pruneopts = "UT"
-  revision = "4d45f9617f7d90f7a663ff21c7a4321dbe78098b"
-  version = "v1.9.0"
-
-[[projects]]
-  branch = "master"
-  digest = "1:becb2131aece71c64ebca5ddfd38cf631784fbb3a678d73ead3b42107c9f41ce"
-  name = "golang.org/x/net"
-  packages = [
-    "bpf",
-    "internal/iana",
-    "internal/socket",
-    "ipv4",
-  ]
-  pruneopts = "UT"
-  revision = "3673e40ba22529d22c3fd7c93e97b0ce50fa7bdd"
-
-[[projects]]
-  digest = "1:c06d9e11d955af78ac3bbb26bd02e01d2f61f689e1a3bce2ef6fb683ef8a7f2d"
-  name = "gopkg.in/alecthomas/kingpin.v2"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "947dcec5ba9c011838740e680966fd7087a71d0d"
-  version = "v2.2.6"
-
-[[projects]]
-  digest = "1:38b469493eb173db9c03321d64adcad4c7991ea0a19b5edc5bdc094f0e8c7384"
-  name = "gopkg.in/alexcesaro/statsd.v2"
-  packages = ["."]
-  pruneopts = "UT"
-  revision = "7fea3f0d2fab1ad973e641e51dba45443a311a90"
-  version = "v2.0.0"
-
-[solve-meta]
-  analyzer-name = "dep"
-  analyzer-version = 1
-  input-imports = [
-    "github.com/beevik/ntp",
-    "github.com/dustin/go-humanize",
-    "github.com/juju/errors",
-    "github.com/satori/go.uuid",
-    "github.com/stretchr/testify/assert",
-    "go.uber.org/zap",
-    "go.uber.org/zap/zapcore",
-    "gopkg.in/alecthomas/kingpin.v2",
-    "gopkg.in/alexcesaro/statsd.v2",
-  ]
-  solver-name = "gps-cdcl"
-  solver-version = 1

Gopkg.toml

@@ -1,58 +0,0 @@
-# Gopkg.toml example
-#
-# Refer to https://golang.github.io/dep/docs/Gopkg.toml.html
-# for detailed Gopkg.toml documentation.
-#
-# required = ["github.com/user/thing/cmd/thing"]
-# ignored = ["github.com/user/project/pkgX", "bitbucket.org/user/project/pkgA/pkgY"]
-#
-# [[constraint]]
-#   name = "github.com/user/project"
-#   version = "1.0.0"
-#
-# [[constraint]]
-#   name = "github.com/user/project2"
-#   branch = "dev"
-#   source = "github.com/myfork/project2"
-#
-# [[override]]
-#   name = "github.com/x/y"
-#   version = "2.4.0"
-#
-# [prune]
-#   non-go = false
-#   go-tests = true
-#   unused-packages = true
-
-
-[prune]
-  go-tests = true
-  unused-packages = true
-
-[[constraint]]
-  name = "gopkg.in/alecthomas/kingpin.v2"
-  version = "2.2.6"
-
-[[constraint]]
-  branch = "master"
-  name = "github.com/juju/errors"
-
-[[constraint]]
-  name = "github.com/stretchr/testify"
-  version = "1.2.1"
-
-[[constraint]]
-  name = "github.com/satori/go.uuid"
-  version = "1.2.0"
-
-[[constraint]]
-  branch = "master"
-  name = "github.com/dustin/go-humanize"
-
-[[constraint]]
-  name = "github.com/beevik/ntp"
-  version = "0.2.0"
-
-[[constraint]]
-  name = "gopkg.in/alexcesaro/statsd.v2"
-  version = "2.0.0"

Makefile

@@ -2,26 +2,28 @@ ROOT_DIR     := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
 IMAGE_NAME   := mtg
 APP_NAME     := $(IMAGE_NAME)
 
-VENDOR_FILES := $(shell find "$(ROOT_DIR)/vendor" 2>/dev/null || echo -n "vendor")
 CC_BINARIES  := $(shell bash -c "echo -n $(APP_NAME)-{linux,freebsd,openbsd}-{386,amd64} $(APP_NAME)-linux-{arm,arm64}")
-APP_DEPS     := version.go $(VENDOR_FILES)
+APP_DEPS     := version.go
 
-GOLANGCI_LINT_VERSION := v1.9.2
+GOLANGCI_LINT_VERSION := v1.10.2
 
 COMMON_BUILD_FLAGS := -ldflags="-s -w"
 
+MOD_ON  := env GO111MODULE=on
+MOD_OFF := env GO111MODULE=auto
+
 # -----------------------------------------------------------------------------
 
 $(APP_NAME): $(APP_DEPS)
-	@go build $(COMMON_BUILD_FLAGS) -o "$(APP_NAME)"
+	@$(MOD_ON) go build $(COMMON_BUILD_FLAGS) -o "$(APP_NAME)"
 
 static-$(APP_NAME): $(APP_DEPS)
-	@env CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo $(COMMON_BUILD_FLAGS) -o "$(APP_NAME)"
+	@$(MOD_ON) env CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo $(COMMON_BUILD_FLAGS) -o "$(APP_NAME)"
 
 $(APP_NAME)-%: GOOS=$(shell echo -n "$@" | sed 's?$(APP_NAME)-??' | cut -f1 -d-)
 $(APP_NAME)-%: GOARCH=$(shell echo -n "$@" | sed 's?$(APP_NAME)-??' | cut -f2 -d-)
 $(APP_NAME)-%: $(APP_DEPS) ccbuilds
-	@env "GOOS=$(GOOS)" "GOARCH=$(GOARCH)" \
+	@$(MOD_ON) env "GOOS=$(GOOS)" "GOARCH=$(GOARCH)" \
 		go build \
 		$(COMMON_BUILD_FLAGS) \
 		-o "./ccbuilds/$(APP_NAME)-$(GOOS)-$(GOARCH)"
@@ -30,10 +32,10 @@ ccbuilds:
 	@rm -rf ./ccbuilds && mkdir -p ./ccbuilds
 
 version.go:
-	@go generate main.go
+	@$(MOD_ON) go generate main.go
 
-vendor: Gopkg.lock Gopkg.toml
-	@dep ensure --vendor-only
+vendor: go.mod go.sum
+	@$(MOD_ON) go mod vendor
 
 # -----------------------------------------------------------------------------
 
@@ -51,16 +53,16 @@ crosscompile-dir:
 	@rm -rf "$(CC_DIR)" && mkdir -p "$(CC_DIR)"
 
 .PHONY: test
-test: vendor version.go
-	@go test -v ./...
+test: vendor $(APP_DEPS)
+	@$(MOD_ON) go test -v ./...
 
 .PHONY: lint
-lint: version.go
-	@golangci-lint run
+lint: vendor $(APP_DEPS)
+	@$(MOD_OFF) golangci-lint run
 
 .PHONY: critic
-critic: version.go
-	@gocritic check-project "$(ROOT_DIR)"
+critic: vendor $(APP_DEPS)
+	@$(MOD_OFF) gocritic check-project "$(ROOT_DIR)"
 
 .PHONY: clean
 clean:
@@ -73,17 +75,13 @@ docker:
 	@docker build --pull -t "$(IMAGE_NAME)" "$(ROOT_DIR)"
 
 .PHONY: prepare
-prepare: install-dep install-lint install-critic
-
-.PHONY: install-dep
-install-dep:
-	@go get -u github.com/golang/dep/cmd/dep
+prepare: install-lint install-critic
 
 .PHONY: install-lint
 install-lint:
 	@curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh \
-		| bash -s -- -b $(GOPATH)/bin $(GOLANGCI_LINT_VERSION)
+		| $(MOD_OFF) bash -s -- -b $(GOPATH)/bin $(GOLANGCI_LINT_VERSION)
 
 .PHONY: install-critic
 install-critic:
-	@go get -u github.com/go-critic/go-critic/...
+	@$(MOD_OFF) go get -u github.com/go-critic/go-critic/...

client/direct.go

@@ -30,12 +30,12 @@ func DirectInit(ctx context.Context, cancel context.CancelFunc, socket net.Conn,
 		return nil, nil, errors.Annotate(err, "Cannot set write buffer size of client socket")
 	}
 
-	socket.SetReadDeadline(time.Now().Add(handshakeTimeout)) // nolint: errcheck
+	socket.SetReadDeadline(time.Now().Add(handshakeTimeout)) // nolint: errcheck, gosec
 	frame, err := obfuscated2.ExtractFrame(socket)
 	if err != nil {
 		return nil, nil, errors.Annotate(err, "Cannot extract frame")
 	}
-	socket.SetReadDeadline(time.Time{}) // nolint: errcheck
+	socket.SetReadDeadline(time.Time{}) // nolint: errcheck, gosec
 
 	conn := wrappers.NewConn(ctx, cancel, socket, connID, wrappers.ConnPurposeClient, conf.PublicIPv4, conf.PublicIPv6)
 	obfs2, connOpts, err := obfuscated2.ParseObfuscated2ClientFrame(conf.Secret, frame)

go.mod

@@ -0,0 +1,26 @@
+module github.com/9seconds/mtg
+
+require (
+	github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc // indirect
+	github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf // indirect
+	github.com/beevik/ntp v0.2.0
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/dustin/go-humanize v0.0.0-20180713052910-9f541cc9db5d
+	github.com/gofrs/uuid v3.1.0+incompatible
+	github.com/juju/errors v0.0.0-20180806074554-22422dad46e1
+	github.com/juju/loggo v0.0.0-20180524022052-584905176618 // indirect
+	github.com/juju/testing v0.0.0-20180920084828-472a3e8b2073 // indirect
+	github.com/kr/pretty v0.1.0 // indirect
+	github.com/pkg/errors v0.8.0 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/stretchr/testify v1.2.2
+	go.uber.org/atomic v1.3.2 // indirect
+	go.uber.org/multierr v1.1.0 // indirect
+	go.uber.org/zap v1.9.1
+	golang.org/x/net v0.0.0-20180921000356-2f5d2388922f // indirect
+	gopkg.in/alecthomas/kingpin.v2 v2.2.6
+	gopkg.in/alexcesaro/statsd.v2 v2.0.0
+	gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 // indirect
+	gopkg.in/mgo.v2 v2.0.0-20180705113604-9856a29383ce // indirect
+	gopkg.in/yaml.v2 v2.2.1 // indirect
+)

go.sum

@@ -0,0 +1,48 @@
+github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc h1:cAKDfWh5VpdgMhJosfJnn5/FoN2SRZ4p7fJNX58YPaU=
+github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
+github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf h1:qet1QNfXsQxTZqLG4oE62mJzwPIB8+Tee4RNCL9ulrY=
+github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
+github.com/beevik/ntp v0.2.0 h1:sGsd+kAXzT0bfVfzJfce04g+dSRfrs+tbQW8lweuYgw=
+github.com/beevik/ntp v0.2.0/go.mod h1:hIHWr+l3+/clUnF44zdK+CWW7fO8dR5cIylAQ76NRpg=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/dustin/go-humanize v0.0.0-20180713052910-9f541cc9db5d h1:lDrio3iIdNb0Gw9CgH7cQF+iuB5mOOjdJ9ERNJCBgb4=
+github.com/dustin/go-humanize v0.0.0-20180713052910-9f541cc9db5d/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
+github.com/gofrs/uuid v3.1.0+incompatible h1:q2rtkjaKT4YEr6E1kamy0Ha4RtepWlQBedyHx0uzKwA=
+github.com/gofrs/uuid v3.1.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
+github.com/juju/errors v0.0.0-20180806074554-22422dad46e1 h1:wnhMXidtb70kDZCeLt/EfsVtkXS5c8zLnE9y/6DIRAU=
+github.com/juju/errors v0.0.0-20180806074554-22422dad46e1/go.mod h1:W54LbzXuIE0boCoNJfwqpmkKJ1O4TCTZMetAt6jGk7Q=
+github.com/juju/loggo v0.0.0-20180524022052-584905176618 h1:MK144iBQF9hTSwBW/9eJm034bVoG30IshVm688T2hi8=
+github.com/juju/loggo v0.0.0-20180524022052-584905176618/go.mod h1:vgyd7OREkbtVEN/8IXZe5Ooef3LQePvuBm9UWj6ZL8U=
+github.com/juju/testing v0.0.0-20180920084828-472a3e8b2073 h1:WQM1NildKThwdP7qWrNAFGzp4ijNLw8RlgENkaI4MJs=
+github.com/juju/testing v0.0.0-20180920084828-472a3e8b2073/go.mod h1:63prj8cnj0tU0S9OHjGJn+b1h0ZghCndfnbQolrYTwA=
+github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
+github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
+github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
+github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/pkg/errors v0.8.0 h1:WdK/asTD0HN+q6hsWO3/vpuAkAr+tw6aNJNDFFf0+qw=
+github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/stretchr/testify v1.2.2 h1:bSDNvY7ZPG5RlJ8otE/7V6gMiyenm9RtJ7IUVIAoJ1w=
+github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
+go.uber.org/atomic v1.3.2 h1:2Oa65PReHzfn29GpvgsYwloV9AVFHPDk8tYxt2c2tr4=
+go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
+go.uber.org/multierr v1.1.0 h1:HoEmRHQPVSqub6w2z2d2EOVs2fjyFRGyofhKuyDq0QI=
+go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
+go.uber.org/zap v1.9.1 h1:XCJQEf3W6eZaVwhRBof6ImoYGJSITeKWsyeh3HFu/5o=
+go.uber.org/zap v1.9.1/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
+golang.org/x/net v0.0.0-20180921000356-2f5d2388922f h1:QM2QVxvDoW9PFSPp/zy9FgxJLfaWTZlS61KEPtBwacM=
+golang.org/x/net v0.0.0-20180921000356-2f5d2388922f/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+gopkg.in/alecthomas/kingpin.v2 v2.2.6 h1:jMFz6MfLP0/4fUyZle81rXUoxOBFi19VUFKVDOQfozc=
+gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
+gopkg.in/alexcesaro/statsd.v2 v2.0.0 h1:FXkZSCZIH17vLCO5sO2UucTHsH9pc+17F6pl3JVCwMc=
+gopkg.in/alexcesaro/statsd.v2 v2.0.0/go.mod h1:i0ubccKGzBVNBpdGV5MocxyA/XlLUJzA7SLonnE4drU=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
+gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/mgo.v2 v2.0.0-20180705113604-9856a29383ce h1:xcEWjVhvbDy+nHP67nPDDpbYrY+ILlfndk4bRioVHaU=
+gopkg.in/mgo.v2 v2.0.0-20180705113604-9856a29383ce/go.mod h1:yeKp02qBN3iKW1OzL3MGk2IdtZzaj7SFntXj72NppTA=
+gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
+gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=

main.go

@@ -227,6 +227,6 @@ func printURLs(data interface{}) {
 }
 
 func usage(msg string) {
-	io.WriteString(os.Stderr, msg+"\n") // nolint: errcheck
+	io.WriteString(os.Stderr, msg+"\n") // nolint: errcheck, gosec
 	os.Exit(1)
 }

mtproto/rpc/handshake_request.go

@@ -12,10 +12,10 @@ func (r *HandshakeRequest) Bytes() []byte {
 	buf := &bytes.Buffer{}
 	buf.Grow(len(TagHandshake) + len(HandshakeFlags) + len(HandshakeSenderPID) + len(HandshakePeerPID))
 
-	buf.Write(TagHandshake)
-	buf.Write(HandshakeFlags)
-	buf.Write(HandshakeSenderPID)
-	buf.Write(HandshakePeerPID)
+	buf.Write(TagHandshake)       // nolint: gosec
+	buf.Write(HandshakeFlags)     // nolint: gosec
+	buf.Write(HandshakeSenderPID) // nolint: gosec
+	buf.Write(HandshakePeerPID)   // nolint: gosec
 
 	return buf.Bytes()
 }

mtproto/rpc/handshake_response.go

@@ -19,10 +19,10 @@ type HandshakeResponse struct {
 func (r *HandshakeResponse) Bytes() []byte {
 	buf := &bytes.Buffer{}
 
-	buf.Write(r.Type)
-	buf.Write(r.Flags)
-	buf.Write(r.SenderPID)
-	buf.Write(r.PeerPID)
+	buf.Write(r.Type)      // nolint: gosec
+	buf.Write(r.Flags)     // nolint: gosec
+	buf.Write(r.SenderPID) // nolint: gosec
+	buf.Write(r.PeerPID)   // nolint: gosec
 
 	return buf.Bytes()
 }

mtproto/rpc/nonce_request.go

@@ -21,11 +21,11 @@ type NonceRequest struct {
 func (r *NonceRequest) Bytes() []byte {
 	buf := &bytes.Buffer{}
 
-	buf.Write(TagNonce)
-	buf.Write(r.KeySelector)
-	buf.Write(NonceCryptoAES)
-	buf.Write(r.CryptoTS)
-	buf.Write(r.Nonce)
+	buf.Write(TagNonce)       // nolint: gosec
+	buf.Write(r.KeySelector)  // nolint: gosec
+	buf.Write(NonceCryptoAES) // nolint: gosec
+	buf.Write(r.CryptoTS)     // nolint: gosec
+	buf.Write(r.Nonce)        // nolint: gosec
 
 	return buf.Bytes()
 }

mtproto/rpc/nonce_response.go

@@ -18,11 +18,11 @@ type NonceResponse struct {
 func (r *NonceResponse) Bytes() []byte {
 	buf := &bytes.Buffer{}
 
-	buf.Write(r.Type)
-	buf.Write(r.KeySelector)
-	buf.Write(r.Crypto)
-	buf.Write(r.CryptoTS)
-	buf.Write(r.Nonce)
+	buf.Write(r.Type)        // nolint: gosec
+	buf.Write(r.KeySelector) // nolint: gosec
+	buf.Write(r.Crypto)      // nolint: gosec
+	buf.Write(r.CryptoTS)    // nolint: gosec
+	buf.Write(r.Nonce)       // nolint: gosec
 
 	return buf.Bytes()
 }

mtproto/rpc/proxy_request.go

@@ -49,16 +49,16 @@ func (r *ProxyRequest) MakeHeader(message []byte) (*bytes.Buffer, fmt.Stringer)
 		flags |= proxyRequestFlagsEncrypted
 	}
 
-	buf.Write(TagProxyRequest)
-	buf.Write(flags.Bytes())
-	buf.Write(r.ConnectionID)
-	buf.Write(r.ClientIPPort)
-	buf.Write(r.OurIPPort)
-	buf.Write(ProxyRequestExtraSize)
-	buf.Write(ProxyRequestProxyTag)
-	buf.WriteByte(byte(len(r.ADTag)))
-	buf.Write(r.ADTag)
-	buf.Write(make([]byte, (4-buf.Len()%4)%4))
+	buf.Write(TagProxyRequest)                 // nolint: gosec
+	buf.Write(flags.Bytes())                   // nolint: gosec
+	buf.Write(r.ConnectionID)                  // nolint: gosec
+	buf.Write(r.ClientIPPort)                  // nolint: gosec
+	buf.Write(r.OurIPPort)                     // nolint: gosec
+	buf.Write(ProxyRequestExtraSize)           // nolint: gosec
+	buf.Write(ProxyRequestProxyTag)            // nolint: gosec
+	buf.WriteByte(byte(len(r.ADTag)))          // nolint: gosec
+	buf.Write(r.ADTag)                         // nolint: gosec
+	buf.Write(make([]byte, (4-buf.Len()%4)%4)) // nolint: gosec
 
 	return buf, flags
 }

obfuscated2/frame.go

@@ -113,7 +113,7 @@ func generateFrame(connectionType mtproto.ConnectionType) Frame {
 		}
 
 		// error has to be checked before calling this function
-		tag, _ := connectionType.Tag() // nolint: errcheck
+		tag, _ := connectionType.Tag() // nolint: errcheck, gosec
 		copy(frame.Magic(), tag)
 
 		return frame

obfuscated2/obfuscated2.go

@@ -23,14 +23,14 @@ type Obfuscated2 struct {
 // Beware, link above is in russian.
 func ParseObfuscated2ClientFrame(secret []byte, frame Frame) (*Obfuscated2, *mtproto.ConnectionOpts, error) {
 	decHasher := sha256.New()
-	decHasher.Write(frame.Key()) // nolint: errcheck
-	decHasher.Write(secret)      // nolint: errcheck
+	decHasher.Write(frame.Key()) // nolint: errcheck, gosec
+	decHasher.Write(secret)      // nolint: errcheck, gosec
 	decryptor := makeStreamCipher(decHasher.Sum(nil), frame.IV())
 
 	invertedFrame := frame.Invert()
 	encHasher := sha256.New()
-	encHasher.Write(invertedFrame.Key()) // nolint: errcheck
-	encHasher.Write(secret)              // nolint: errcheck
+	encHasher.Write(invertedFrame.Key()) // nolint: errcheck, gosec
+	encHasher.Write(secret)              // nolint: errcheck, gosec
 	encryptor := makeStreamCipher(encHasher.Sum(nil), invertedFrame.IV())
 
 	decryptedFrame := make(Frame, FrameLen)
@@ -76,6 +76,6 @@ func MakeTelegramObfuscated2Frame(opts *mtproto.ConnectionOpts) (*Obfuscated2, F
 }
 
 func makeStreamCipher(key, iv []byte) cipher.Stream {
-	block, _ := aes.NewCipher(key)
+	block, _ := aes.NewCipher(key) // nolint: gosec
 	return cipher.NewCTR(block, iv)
 }

obfuscated2/obfuscated2_test.go

@@ -47,8 +47,8 @@ func TestObfs2Full(t *testing.T) {
 
 	clientFrame := generateFrame(mtproto.ConnectionTypeIntermediate)
 	clientHasher := sha256.New()
-	clientHasher.Write(clientFrame.Key()) // nolint: errcheck
-	clientHasher.Write(secret)            // nolint: errcheck
+	clientHasher.Write(clientFrame.Key()) // nolint: errcheck, gosec
+	clientHasher.Write(secret)            // nolint: errcheck, gosec
 	clientKey := clientHasher.Sum(nil)
 
 	encryptor := makeStreamCipher(clientKey, clientFrame.IV())
@@ -58,8 +58,8 @@ func TestObfs2Full(t *testing.T) {
 
 	invertedClientFrame := clientFrame.Invert()
 	clientHasher = sha256.New()
-	clientHasher.Write(invertedClientFrame.Key()) // nolint: errcheck
-	clientHasher.Write(secret)                    // nolint: errcheck
+	clientHasher.Write(invertedClientFrame.Key()) // nolint: errcheck, gosec
+	clientHasher.Write(secret)                    // nolint: errcheck, gosec
 	invertedClientKey := clientHasher.Sum(nil)
 	clientDecryptor := makeStreamCipher(invertedClientKey, invertedClientFrame.IV())
 

proxy/proxy.go

@@ -6,8 +6,8 @@ import (
 	"net"
 	"sync"
 
+	"github.com/gofrs/uuid"
 	"github.com/juju/errors"
-	uuid "github.com/satori/go.uuid"
 	"go.uber.org/zap"
 
 	"github.com/9seconds/mtg/client"
@@ -42,13 +42,13 @@ func (p *Proxy) Serve() error {
 }
 
 func (p *Proxy) accept(conn net.Conn) {
-	connID := uuid.NewV4().String()
+	connID := uuid.Must(uuid.NewV4()).String()
 	log := zap.S().With("connection_id", connID).Named("main")
 	ctx, cancel := context.WithCancel(context.Background())
 
 	defer func() {
 		cancel()
-		conn.Close() // nolint: errcheck
+		conn.Close() // nolint: errcheck, gosec
 
 		if err := recover(); err != nil {
 			stats.NewCrash()
@@ -77,8 +77,8 @@ func (p *Proxy) accept(conn net.Conn) {
 
 	go func() {
 		<-ctx.Done()
-		serverConn.(io.Closer).Close()
-		clientConn.(io.Closer).Close()
+		serverConn.(io.Closer).Close() // nolint: gosec
+		clientConn.(io.Closer).Close() // nolint: gosec
 	}()
 
 	wait := &sync.WaitGroup{}
@@ -119,8 +119,8 @@ func (p *Proxy) getTelegramConn(ctx context.Context, cancel context.CancelFunc,
 func (p *Proxy) middlePipe(src wrappers.PacketReadCloser, dst io.WriteCloser,
 	wait *sync.WaitGroup, hacks *mtproto.Hacks) {
 	defer func() {
-		src.Close() // nolint: errcheck
-		dst.Close() // nolint: errcheck
+		src.Close() // nolint: errcheck, gosec
+		dst.Close() // nolint: errcheck, gosec
 		wait.Done()
 	}()
 
@@ -143,8 +143,8 @@ func (p *Proxy) middlePipe(src wrappers.PacketReadCloser, dst io.WriteCloser,
 func (p *Proxy) directPipe(src wrappers.StreamReadCloser, dst io.WriteCloser,
 	wait *sync.WaitGroup, bufferSize int) {
 	defer func() {
-		src.Close() // nolint: errcheck
-		dst.Close() // nolint: errcheck
+		src.Close() // nolint: errcheck, gosec
+		dst.Close() // nolint: errcheck, gosec
 		wait.Done()
 	}()
 

stats/server.go

@@ -49,7 +49,7 @@ func Start(conf *config.Config) error {
 		}
 
 		interm := map[string]interface{}{}
-		json.Unmarshal(first, &interm) // nolint: errcheck
+		json.Unmarshal(first, &interm) // nolint: errcheck, gosec
 
 		encoder := json.NewEncoder(w)
 		encoder.SetEscapeHTML(false)

telegram/direct.go

@@ -12,6 +12,11 @@ import (
 	"github.com/9seconds/mtg/wrappers"
 )
 
+const (
+	directV4DefaultIdx = 1
+	directV6DefaultIdx = 1
+)
+
 var (
 	directV4Addresses = map[int16][]string{
 		0: {"149.154.175.50:443"},
@@ -65,8 +70,10 @@ func NewDirectTelegram(conf *config.Config) Telegram {
 				Dialer: net.Dialer{Timeout: telegramDialTimeout},
 				conf:   conf,
 			},
-			v4Addresses: directV4Addresses,
-			v6Addresses: directV6Addresses,
+			v4DefaultIdx: directV4DefaultIdx,
+			v6DefaultIdx: directV6DefaultIdx,
+			v4Addresses:  directV4Addresses,
+			v6Addresses:  directV6Addresses,
 		},
 	}
 }

telegram/middle_caller.go

@@ -65,18 +65,20 @@ func (t *middleTelegramCaller) update() error {
 		return errors.Annotate(err, "Cannot get proxy secret")
 	}
 
-	v4Addresses, err := t.getTelegramAddresses(tgAddrProxyV4)
+	v4Addresses, v4DefaultIdx, err := t.getTelegramAddresses(tgAddrProxyV4)
 	if err != nil {
 		return errors.Annotate(err, "Cannot get ipv4 addresses")
 	}
 
-	v6Addresses, err := t.getTelegramAddresses(tgAddrProxyV6)
+	v6Addresses, v6DefaultIdx, err := t.getTelegramAddresses(tgAddrProxyV6)
 	if err != nil {
 		return errors.Annotate(err, "Cannot get ipv6 addresses")
 	}
 
 	t.dialerMutex.Lock()
 	t.proxySecret = secret
+	t.v4DefaultIdx = v4DefaultIdx
+	t.v6DefaultIdx = v6DefaultIdx
 	t.v4Addresses = v4Addresses
 	t.v6Addresses = v6Addresses
 	t.dialerMutex.Unlock()
@@ -101,52 +103,87 @@ func (t *middleTelegramCaller) getTelegramProxySecret() ([]byte, error) {
 	return secret, nil
 }
 
-func (t *middleTelegramCaller) getTelegramAddresses(url string) (map[int16][]string, error) {
+func (t *middleTelegramCaller) getTelegramAddresses(url string) (map[int16][]string, int16, error) { // nolint: gocyclo
 	resp, err := t.call(url)
 	if err != nil {
-		return nil, errors.Annotate(err, "Cannot access telegram server")
+		return nil, 0, errors.Annotate(err, "Cannot access telegram server")
 	}
 	defer resp.Body.Close() // nolint: errcheck
 
 	scanner := bufio.NewScanner(resp.Body)
 	data := map[int16][]string{}
+
+	var defaultIdx int16 = 1
 	for scanner.Scan() {
 		text := strings.TrimSpace(scanner.Text())
-		if strings.HasPrefix(text, "#") {
+		switch {
+		case strings.HasPrefix(text, "#"):
 			continue
+		case strings.HasPrefix(text, "proxy_for"):
+			addr, idx, err2 := t.parseProxyFor(text)
+			if err2 != nil {
+				return nil, 0, errors.Annotate(err2, "Cannot parse 'proxy_for' section")
+			}
+			if addresses, ok := data[idx]; ok {
+				data[idx] = append(addresses, addr)
+			} else {
+				data[idx] = []string{addr}
+			}
+		case strings.HasPrefix(text, "default"):
+			idx, err2 := t.parseDefault(text)
+			if err2 != nil {
+				return nil, 0, errors.Annotate(err2, "Cannot parse 'default' section")
+			}
+			defaultIdx = idx
+		default:
+			return nil, 0, errors.Errorf("Unknown config string '%s'", text)
 		}
+	}
 
-		chunks := middleTelegramProxyConfigSplitter.Split(text, 3)
-		if len(chunks) != 3 || chunks[0] != "proxy_for" {
-			return nil, errors.Errorf("Incorrect config '%s'", text)
-		}
-		dcIdx64, err2 := strconv.ParseInt(chunks[1], 10, 16)
-		if err2 != nil {
-			return nil, errors.Errorf("Incorrect config '%s'", text)
-		}
-		dcIdx := int16(dcIdx64)
+	err = scanner.Err()
+	if err != nil {
+		return nil, 0, errors.Annotate(err, "Cannot read response from the telegram")
+	}
 
-		addr := strings.TrimRight(chunks[2], ";")
-		if _, _, err2 = net.SplitHostPort(addr); err != nil {
-			return nil, errors.Annotatef(err2, "Incorrect config '%s'", text)
-		}
+	return data, defaultIdx, nil
+}
 
-		if addresses, ok := data[dcIdx]; ok {
-			data[dcIdx] = append(addresses, addr)
-		} else {
-			data[dcIdx] = []string{addr}
-		}
+func (t *middleTelegramCaller) parseProxyFor(text string) (string, int16, error) {
+	chunks := middleTelegramProxyConfigSplitter.Split(text, 3)
+	if len(chunks) != 3 || chunks[0] != "proxy_for" {
+		return "", 0, errors.Errorf("Incorrect config '%s'", text)
 	}
-	err = scanner.Err()
+
+	dcIdx, err := strconv.ParseInt(chunks[1], 10, 16)
+	if err != nil {
+		return "", 0, errors.Annotatef(err, "Incorrect config '%s'", text)
+	}
+
+	addr := strings.TrimRight(chunks[2], ";")
+	if _, _, err = net.SplitHostPort(addr); err != nil {
+		return "", 0, errors.Annotatef(err, "Incorrect config '%s'", text)
+	}
+
+	return addr, int16(dcIdx), nil
+}
+
+func (t *middleTelegramCaller) parseDefault(text string) (int16, error) {
+	chunks := middleTelegramProxyConfigSplitter.Split(text, 2)
+	if len(chunks) != 2 || chunks[0] != "default" {
+		return 0, errors.Errorf("Incorrect config '%s'", text)
+	}
+
+	dcIdxString := strings.TrimRight(chunks[1], ";")
+	dcIdx, err := strconv.ParseInt(dcIdxString, 10, 16)
 	if err != nil {
-		return nil, errors.Annotate(err, "Cannot read response from the telegram")
+		return 0, errors.Annotatef(err, "Incorrect config '%s'", text)
 	}
 
-	return data, nil
+	return int16(dcIdx), nil
 }
 
 func (t *middleTelegramCaller) call(url string) (*http.Response, error) {
-	req, _ := http.NewRequest("GET", url, nil)
+	req, _ := http.NewRequest("GET", url, nil) // nolint: gosec
 	req.Header.Set("Accept", "text/plain")
 	req.Header.Set("User-Agent", tgUserAgent)
 

telegram/telegram.go

@@ -19,8 +19,10 @@ type Telegram interface {
 type baseTelegram struct {
 	dialer tgDialer
 
-	v4Addresses map[int16][]string
-	v6Addresses map[int16][]string
+	v4DefaultIdx int16
+	v6DefaultIdx int16
+	v4Addresses  map[int16][]string
+	v6Addresses  map[int16][]string
 }
 
 func (b *baseTelegram) dial(ctx context.Context, cancel context.CancelFunc, dcIdx int16, connID string,
@@ -28,13 +30,13 @@ func (b *baseTelegram) dial(ctx context.Context, cancel context.CancelFunc, dcId
 	addrs := make([]string, 2)
 
 	if proto&mtproto.ConnectionProtocolIPv6 != 0 {
-		if addr, ok := b.v6Addresses[dcIdx]; ok && len(addr) > 0 {
-			addrs = append(addrs, addr[rand.Intn(len(addr))])
+		if addr := b.chooseAddress(b.v6Addresses, dcIdx, b.v6DefaultIdx); addr != "" {
+			addrs = append(addrs, addr)
 		}
 	}
 	if proto&mtproto.ConnectionProtocolIPv4 != 0 {
-		if addr, ok := b.v4Addresses[dcIdx]; ok && len(addr) > 0 {
-			addrs = append(addrs, addr[rand.Intn(len(addr))])
+		if addr := b.chooseAddress(b.v4Addresses, dcIdx, b.v4DefaultIdx); addr != "" {
+			addrs = append(addrs, addr)
 		}
 	}
 
@@ -46,3 +48,21 @@ func (b *baseTelegram) dial(ctx context.Context, cancel context.CancelFunc, dcId
 
 	return nil, errors.New("Cannot connect to Telegram")
 }
+
+func (b *baseTelegram) chooseAddress(addresses map[int16][]string, idx, defaultIdx int16) string {
+	if addr, ok := addresses[idx]; ok {
+		return b.chooseRandomAddress(addr)
+	} else if addr, ok := addresses[defaultIdx]; ok {
+		return b.chooseRandomAddress(addr)
+	}
+
+	return ""
+}
+
+func (b *baseTelegram) chooseRandomAddress(addresses []string) string {
+	if len(addresses) > 0 {
+		return addresses[rand.Intn(len(addresses))]
+	}
+
+	return ""
+}

wrappers/blockcipher.go

@@ -40,7 +40,7 @@ func (b *BlockCipher) Read(p []byte) (int, error) {
 	}
 
 	b.decryptor.CryptBlocks(buf, buf)
-	b.buf.Write(buf)
+	b.buf.Write(buf) // nolint: gosec
 
 	return b.flush(p)
 }

wrappers/conn.go

@@ -99,15 +99,15 @@ func (c *Conn) doIO(callback ioFunc, p []byte, timeout time.Duration) (int, erro
 	case res := <-resChan:
 		timer.Stop()
 		if res.err != nil {
-			c.Close()
+			c.Close() // nolint: gosec
 		}
 		return res.n, res.err
 	case <-c.ctx.Done():
 		timer.Stop()
-		c.Close()
+		c.Close() // nolint: gosec
 		return 0, errors.Annotate(c.ctx.Err(), "Cannot do IO because context is closed")
 	case <-timer.C:
-		c.Close()
+		c.Close() // nolint: gosec
 		return 0, errors.Annotate(c.ctx.Err(), "Timeout on IO operation")
 	}
 }

wrappers/mtproto_abridged.go

@@ -119,9 +119,9 @@ func (m *MTProtoAbridged) Write(p []byte) (int, error) {
 		buf := &bytes.Buffer{}
 		buf.Grow(1 + 3 + len(p))
 
-		buf.WriteByte(byte(mtprotoAbridgedSmallPacketLength))
-		buf.Write(length24[:])
-		buf.Write(p)
+		buf.WriteByte(byte(mtprotoAbridgedSmallPacketLength)) // nolint: gosec
+		buf.Write(length24[:])                                // nolint: gosec
+		buf.Write(p)                                          // nolint: gosec
 
 		return m.conn.Write(buf.Bytes())
 	}

wrappers/mtproto_cipher.go

@@ -4,8 +4,8 @@ import (
 	"bytes"
 	"crypto/aes"
 	"crypto/cipher"
-	"crypto/md5" // nolint: gas
-	"crypto/sha1"
+	"crypto/md5"  // nolint: gas
+	"crypto/sha1" // nolint: gosec
 	"encoding/binary"
 	"net"
 
@@ -41,9 +41,9 @@ func NewMiddleProxyCipher(conn StreamReadWriteCloser,
 func deriveKeys(purpose cipherPurpose, req *rpc.NonceRequest, resp *rpc.NonceResponse,
 	client, remote *net.TCPAddr, secret []byte) ([]byte, []byte) {
 	message := bytes.Buffer{}
-	message.Write(resp.Nonce)
-	message.Write(req.Nonce)
-	message.Write(req.CryptoTS)
+	message.Write(resp.Nonce)   // nolint: gosec
+	message.Write(req.Nonce)    // nolint: gosec
+	message.Write(req.CryptoTS) // nolint: gosec
 
 	clientIPv4 := emptyIP[:]
 	serverIPv4 := emptyIP[:]
@@ -51,36 +51,36 @@ func deriveKeys(purpose cipherPurpose, req *rpc.NonceRequest, resp *rpc.NonceRes
 		clientIPv4 = utils.ReverseBytes(client.IP.To4())
 		serverIPv4 = utils.ReverseBytes(remote.IP.To4())
 	}
-	message.Write(serverIPv4)
+	message.Write(serverIPv4) // nolint: gosec
 
 	var port [2]byte
 	binary.LittleEndian.PutUint16(port[:], uint16(client.Port))
-	message.Write(port[:])
+	message.Write(port[:]) // nolint: gosec
 
 	switch purpose {
 	case cipherPurposeClient:
-		message.WriteString("CLIENT")
+		message.WriteString("CLIENT") // nolint: gosec
 	case cipherPurposeServer:
-		message.WriteString("SERVER")
+		message.WriteString("SERVER") // nolint: gosec
 	default:
 		panic("Unexpected cipher purpose")
 	}
 
-	message.Write(clientIPv4)
+	message.Write(clientIPv4) // nolint: gosec
 	binary.LittleEndian.PutUint16(port[:], uint16(remote.Port))
-	message.Write(port[:])
-	message.Write(secret)
-	message.Write(resp.Nonce)
+	message.Write(port[:])    // nolint: gosec
+	message.Write(secret)     // nolint: gosec
+	message.Write(resp.Nonce) // nolint: gosec
 
 	if client.IP.To4() == nil {
-		message.Write(client.IP.To16())
-		message.Write(remote.IP.To16())
+		message.Write(client.IP.To16()) // nolint: gosec
+		message.Write(remote.IP.To16()) // nolint: gosec
 	}
-	message.Write(req.Nonce)
+	message.Write(req.Nonce) // nolint: gosec
 
 	data := message.Bytes()
 	md5sum := md5.Sum(data[1:]) // nolint: gas
-	sha1sum := sha1.Sum(data)
+	sha1sum := sha1.Sum(data)   // nolint: gosec
 
 	key := append(md5sum[:12], sha1sum[:]...)
 	iv := md5.Sum(data[2:]) // nolint: gas

wrappers/mtproto_frame.go

@@ -73,12 +73,12 @@ func (m *MTProtoFrame) Read() ([]byte, error) { // nolint: gocyclo
 	}
 
 	var seqNo int32
-	binary.Read(buf, binary.LittleEndian, &seqNo) // nolint: errcheck
+	binary.Read(buf, binary.LittleEndian, &seqNo) // nolint: errcheck, gosec
 	if seqNo != m.readSeqNo {
 		return nil, errors.Errorf("Unexpected sequence number %d (wait for %d)", seqNo, m.readSeqNo)
 	}
 
-	data, _ := ioutil.ReadAll(buf)
+	data, _ := ioutil.ReadAll(buf) // nolint: gosec
 	buf.Reset()
 	// write to buf, not to writer. This is because we are going to fetch
 	// crc32 checksum.
@@ -109,13 +109,13 @@ func (m *MTProtoFrame) Write(p []byte) (int, error) {
 	buf := &bytes.Buffer{}
 	buf.Grow(messageLength + paddingLength)
 
-	binary.Write(buf, binary.LittleEndian, uint32(messageLength)) // nolint: errcheck
-	binary.Write(buf, binary.LittleEndian, m.writeSeqNo)          // nolint: errcheck
-	buf.Write(p)
+	binary.Write(buf, binary.LittleEndian, uint32(messageLength)) // nolint: errcheck, gosec
+	binary.Write(buf, binary.LittleEndian, m.writeSeqNo)          // nolint: errcheck, gosec
+	buf.Write(p)                                                  // nolint: gosec
 
 	checksum := crc32.ChecksumIEEE(buf.Bytes())
-	binary.Write(buf, binary.LittleEndian, checksum) // nolint: errcheck
-	buf.Write(bytes.Repeat(mtprotoFramePadding, paddingLength/4))
+	binary.Write(buf, binary.LittleEndian, checksum)              // nolint: errcheck, gosec
+	buf.Write(bytes.Repeat(mtprotoFramePadding, paddingLength/4)) // nolint: gosec
 
 	m.logger.Debugw("Write MTProto frame",
 		"length", len(p),

wrappers/mtproto_intermediate_secure.go

@@ -44,9 +44,9 @@ func (m *MTProtoIntermediateSecure) Write(p []byte) (int, error) {
 	paddingLength := rand.Intn(4)
 	buf.Grow(4 + len(p) + paddingLength)
 
-	binary.Write(buf, binary.LittleEndian, uint32(len(p)+paddingLength)) // nolint: errcheck
-	buf.Write(p)
-	buf.Write(make([]byte, paddingLength))
+	binary.Write(buf, binary.LittleEndian, uint32(len(p)+paddingLength)) // nolint: errcheck, gosec
+	buf.Write(p)                                                         // nolint: gosec
+	buf.Write(make([]byte, paddingLength))                               // nolint: gosec
 
 	m.logger.Debugw("Write packet with padding",
 		"simple_ack", m.opts.WriteHacks.SimpleAck,

wrappers/mtproto_proxy.go

@@ -120,7 +120,7 @@ func (m *MTProtoProxy) Write(p []byte) (int, error) {
 			zap.Stringer("flags", flags),
 		)
 	}
-	header.Write(p)
+	header.Write(p) // nolint: gosec
 
 	if _, err := m.conn.Write(header.Bytes()); err != nil {
 		return 0, err

wrappers/streamcipher.go

@@ -34,7 +34,7 @@ func (s *StreamCipher) Write(p []byte) (int, error) {
 
 	buf.Reset()
 	buf.Grow(len(p))
-	buf.Write(p)
+	buf.Write(p) // nolint: gosec
 
 	data := buf.Bytes()
 	s.encryptor.XORKeyStream(data, data)