mirror of
https://github.com/lukaszraczylo/lolcathost.git
synced 2026-06-10 00:00:40 +00:00
lukaszraczylo
29263dc8a2
* gosec govulncheck runs
* Fix flaky TestRateLimiter_Matrix test
The test was failing due to two issues:
1. Test name generation used invalid character conversion (string(rune('0'+limit)))
which produced non-printable characters for limits >= 10
2. Using 10ms windows with 100 requests caused race conditions - early requests
would expire before all 100 were made, allowing the 101st request
Changed to use struct-based test cases with proper fmt.Sprintf naming and
a consistent 1-second window that won't expire during rapid test execution.
59 lines
1.2 KiB
Go
59 lines
1.2 KiB
Go
//go:build darwin
|
|
|
|
package daemon
|
|
|
|
import (
|
|
"net"
|
|
"syscall"
|
|
"unsafe"
|
|
|
|
"golang.org/x/sys/unix"
|
|
)
|
|
|
|
// getPeerCredentials extracts peer credentials from a Unix socket connection on macOS.
|
|
// Note: macOS Xucred doesn't include PID, so we use LOCAL_PEERPID separately.
|
|
func (s *Server) getPeerCredentials(conn net.Conn) *PeerCredentials {
|
|
unixConn, ok := conn.(*net.UnixConn)
|
|
if !ok {
|
|
return nil
|
|
}
|
|
|
|
rawConn, err := unixConn.SyscallConn()
|
|
if err != nil {
|
|
return nil
|
|
}
|
|
|
|
var creds *PeerCredentials
|
|
_ = rawConn.Control(func(fd uintptr) {
|
|
xucred, err := unix.GetsockoptXucred(int(fd), unix.SOL_LOCAL, unix.LOCAL_PEERCRED)
|
|
if err != nil {
|
|
return
|
|
}
|
|
|
|
// Get PID separately using LOCAL_PEERPID
|
|
var pid int32
|
|
pidLen := uint32(unsafe.Sizeof(pid))
|
|
// #nosec G103 -- unsafe required for low-level syscall to get peer PID
|
|
_, _, errno := syscall.Syscall6(
|
|
syscall.SYS_GETSOCKOPT,
|
|
fd,
|
|
unix.SOL_LOCAL,
|
|
0x002, // LOCAL_PEERPID
|
|
uintptr(unsafe.Pointer(&pid)),
|
|
uintptr(unsafe.Pointer(&pidLen)),
|
|
0,
|
|
)
|
|
if errno != 0 {
|
|
pid = 0
|
|
}
|
|
|
|
creds = &PeerCredentials{
|
|
UID: xucred.Uid,
|
|
GID: xucred.Groups[0],
|
|
PID: pid,
|
|
}
|
|
})
|
|
|
|
return creds
|
|
}
|