Switch uuid package

Use github.com/google/uuid instead of github.com/satori/go.uuid. The latter has a vulnerability, [GO-2020-0018](https://pkg.go.dev/vuln/GO-2020-0018). Although fixed in master, a release has never been tagged.
arnested · Apr 17, 2022 · f305ef2 · f305ef2
1 parent f795fe2
commit f305ef2
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 6 deletions.
diff --git a/go.mod b/go.mod
@@ -4,11 +4,11 @@ go 1.18
 
 require (
 	github.com/google/gops v0.3.22
+	github.com/google/uuid v1.3.0
 	github.com/kevinburke/ssh_config v1.2.0
 	github.com/mattn/go-isatty v0.0.14
 	github.com/mitchellh/go-homedir v1.1.0
 	github.com/rjeczalik/notify v0.9.2
-	github.com/satori/go.uuid v1.2.0
 	github.com/urfave/cli v1.22.5
 	github.com/youtube/vitess v2.1.1+incompatible
 	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b

diff --git a/go.sum b/go.sum
@@ -10,6 +10,8 @@ github.com/go-ole/go-ole v1.2.5/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiU
 github.com/go-ole/go-ole v1.2.6-0.20210915003542-8b1f7f90f6b1/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0=
 github.com/google/gops v0.3.22 h1:lyvhDxfPLHAOR2xIYwjPhN387qHxyU21Sk9sz/GhmhQ=
 github.com/google/gops v0.3.22/go.mod h1:7diIdLsqpCihPSX3fQagksT/Ku/y4RL9LHTlKyEUDl8=
+github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
+github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4=
 github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
 github.com/keybase/go-ps v0.0.0-20190827175125-91aafc93ba19/go.mod h1:hY+WOq6m2FpbvyrI93sMaypsttvaIL5nhVR92dTMUcQ=
@@ -28,8 +30,6 @@ github.com/rjeczalik/notify v0.9.2/go.mod h1:aErll2f0sUX9PXZnVNyeiObbmTlk5jnMoCa
 github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/satori/go.uuid v1.2.0 h1:0uYX9dsZ2yD7q2RtLRtPSdGDWzjeM3TbMJP9utgA0ww=
-github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
 github.com/shirou/gopsutil/v3 v3.21.9/go.mod h1:YWp/H8Qs5fVmf17v7JNZzA0mPJ+mS2e9JdiUF9LlKzQ=
 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=

diff --git a/ssh2iterm2.go b/ssh2iterm2.go
@@ -13,11 +13,11 @@ import (
 	"strings"
 
 	"github.com/google/gops/agent"
+	"github.com/google/uuid"
 	"github.com/kevinburke/ssh_config"
 	"github.com/mattn/go-isatty"
 	"github.com/mitchellh/go-homedir"
 	"github.com/rjeczalik/notify"
-	uuid "github.com/satori/go.uuid"
 	"github.com/urfave/cli"
 	"github.com/urfave/cli/altsrc"
 	"github.com/youtube/vitess/go/ioutil2"
@@ -169,7 +169,7 @@ func main() {
 }
 
 func ssh2iterm2(c *cli.Context) error {
-	ns, err := uuid.FromString("CAAFD038-5E80-4266-B6CF-F4D036E092F4")
+	ns, err := uuid.Parse("CAAFD038-5E80-4266-B6CF-F4D036E092F4")
 	if err != nil {
 		return err
 	}
@@ -261,7 +261,7 @@ func processFile(file string,
 
 			match := r.MatchString(name)
 			if !match {
-				uuid := uuid.NewV5(ns, name).String()
+				uuid := uuid.NewSHA1(ns, []byte(name)).String()
 				log.Printf("Identified %s", name)
 
 				var boundHosts []string