fix(Dojo-fixes): Fixed some insecure configurations in the repository

freepik-company · Sep 27, 2024 · bbfaf31 · bbfaf31
1 parent f2b034f
commit bbfaf31
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 7 deletions.
diff --git a/cmd/main.go b/cmd/main.go
@@ -66,7 +66,10 @@ func main() {
 			log.Printf("MIG %s scaled up to its minimum size %d", migName, minSize)
 			if slackWebhookURL != "" {
 				message := fmt.Sprintf("MIG %s scaled up to its minimum size %d", migName, minSize)
-				slack.NotifySlack(message, slackWebhookURL)
+				err = slack.NotifySlack(message, slackWebhookURL)
+				if err != nil {
+					log.Printf("Error sending Slack notification: %v", err)
+				}
 			}
 			time.Sleep(time.Duration(defaultcooldownPeriodSeconds) * time.Second)
 			continue
@@ -99,7 +102,10 @@ func main() {
 			// Notify via Slack that a node has been added
 			if slackWebhookURL != "" {
 				message := fmt.Sprintf("Added new node to MIG %s. Current size is %d nodes and the maximum nodes to create are %d", migName, currentSize, maxSize)
-				slack.NotifySlack(message, slackWebhookURL)
+				err = slack.NotifySlack(message, slackWebhookURL)
+				if err != nil {
+					log.Printf("Error sending Slack notification: %v", err)
+				}
 			}
 			// Sleep for the default cooldown period before checking the conditions again
 			time.Sleep(time.Duration(defaultcooldownPeriodSeconds) * time.Second)
@@ -114,7 +120,10 @@ func main() {
 			// Notify via Slack that a node has been removed
 			if slackWebhookURL != "" {
 				message := fmt.Sprintf("Removed node %s from MIG %s. Current size is %d nodes and the minimum nodes to exist are %d", nodeRemoved, migName, currentSize, minSize)
-				slack.NotifySlack(message, slackWebhookURL)
+				err = slack.NotifySlack(message, slackWebhookURL)
+				if err != nil {
+					log.Printf("Error sending Slack notification: %v", err)
+				}
 			}
 			// Sleep for the scaledown cooldown period before checking the conditions again
 			time.Sleep(time.Duration(scaledowncooldownPeriodSeconds) * time.Second)

diff --git a/examples/docker-compose.yml b/examples/docker-compose.yml
@@ -4,6 +4,7 @@ services:
   prometheus:
     image: prom/prometheus:latest
     container_name: prometheus
+    read_only: true
     ports:
       - "9090:9090"
 

diff --git a/internal/elasticsearch/elasticsearch.go b/internal/elasticsearch/elasticsearch.go
@@ -54,7 +54,7 @@ func DrainElasticsearchNode(elasticURL, nodeName, username, password string) err
 	var tr http.RoundTripper
 	if insecureSkipVerify == "true" {
 		tr = &http.Transport{
-			TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+			TLSClientConfig: &tls.Config{InsecureSkipVerify: true, MinVersion: tls.VersionTLS13},
 		}
 	} else {
 		tr = http.DefaultTransport
@@ -225,7 +225,7 @@ func ClearElasticsearchClusterSettings(elasticURL, username, password string) er
 	var tr http.RoundTripper
 	if insecureSkipVerify == "true" {
 		tr = &http.Transport{
-			TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+			TLSClientConfig: &tls.Config{InsecureSkipVerify: true, MinVersion: tls.VersionTLS13},
 		}
 	} else {
 		tr = http.DefaultTransport

diff --git a/internal/google/mig.go b/internal/google/mig.go
@@ -2,9 +2,10 @@ package google
 
 import (
 	"context"
+	"crypto/rand"
 	"fmt"
 	"log"
-	"math/rand"
+	"math/big"
 	"strconv"
 	"strings"
 	"time"
@@ -201,7 +202,13 @@ func GetInstanceToRemove(ctx context.Context, client *compute.InstanceGroupManag
 	}
 
 	// Randomly select an instance to remove
-	return getInstanceNameFromURL(instanceNames[rand.Intn(len(instanceNames))]), nil
+	randomIndex, err := rand.Int(rand.Reader, big.NewInt(int64(len(instanceNames))))
+	if err != nil {
+		return "", fmt.Errorf("error selecting random instance: %v", err)
+	}
+	randomInstance := int(randomIndex.Int64())
+
+	return getInstanceNameFromURL(instanceNames[randomInstance]), nil
 }
 
 // getMIGInstanceNames retrieves the list of instance names in a Managed Instance Group (MIG).