Remove spurious fmt.Printf calls including one of a key (#15344)

And add a semgrep for fmt.Printf/Println.
2022-05-19 12:27:02 -07:00 · 2022-05-19 12:27:02 -07:00 · 38b0fa6b53
commit 38b0fa6b53
parent cbdf16c5a1
7 changed files with 17 additions and 8 deletions
--- a/api/auth/azure/azure.go
+++ b/api/auth/azure/azure.go
@ -198,7 +198,6 @@ func (a *AzureAuth) getJWT() (string, error) {
 func getMetadata() (metadataJSON, error) {
 	metadataEndpoint, err := url.Parse(fmt.Sprintf("%s/metadata/instance", metadataEndpoint))
 	if err != nil {
-		fmt.Println("Error creating URL: ", err)
 		return metadataJSON{}, err
 	}

--- a/builtin/credential/aws/pkcs7/decrypt.go
+++ b/builtin/credential/aws/pkcs7/decrypt.go
@ -60,7 +60,6 @@ func (eci encryptedContentInfo) decrypt(key []byte) ([]byte, error) {
 		!alg.Equal(OIDEncryptionAlgorithmAES128CBC) &&
 		!alg.Equal(OIDEncryptionAlgorithmAES128GCM) &&
 		!alg.Equal(OIDEncryptionAlgorithmAES256GCM) {
-		fmt.Printf("Unsupported Content Encryption Algorithm: %s\n", alg)
 		return nil, ErrUnsupportedAlgorithm
 	}

--- a/builtin/credential/aws/pkcs7/verify_test_dsa.go
+++ b/builtin/credential/aws/pkcs7/verify_test_dsa.go
@ -5,7 +5,6 @@ package pkcs7
 import (
 	"crypto/x509"
 	"encoding/pem"
-	"fmt"
 	"io/ioutil"
 	"os"
 	"os/exec"
@ -108,7 +107,7 @@ but that's not what ships are built for.
 	if err != nil {
 		t.Fatal(err)
 	}
-	fmt.Printf("%s\n", pemSignature)
+	t.Logf("%s\n", pemSignature)
 	derBlock, _ := pem.Decode(pemSignature)
 	if derBlock == nil {
 		t.Fatalf("failed to read DER block from signature PEM %s", tmpSignedFile.Name())
--- a/builtin/logical/rabbitmq/path_role_create.go
+++ b/builtin/logical/rabbitmq/path_role_create.go
@ -74,7 +74,6 @@ func (b *backend) pathCredsRead(ctx context.Context, req *logical.Request, d *fr
 	if err != nil {
 		return nil, fmt.Errorf("failed to generate username: %w", err)
 	}
-	fmt.Printf("username: %s\n", username)

 	password, err := b.generatePassword(ctx, config.PasswordPolicy)
 	if err != nil {
--- a/command/server/config_test_helpers.go
+++ b/command/server/config_test_helpers.go
@ -320,7 +320,6 @@ func testParseEntropy(t *testing.T, oss bool) {
 		case err != test.outErr:
 			t.Fatalf("error mismatch: expected %#v got %#v", err, test.outErr)
 		case err == nil && config.Entropy != nil && *config.Entropy != test.outEntropy:
-			fmt.Printf("\n config.Entropy: %#v", config.Entropy)
 			t.Fatalf("entropy config mismatch: expected %#v got %#v", test.outEntropy, *config.Entropy)
 		}
 	}
--- a/helper/dhutil/dhutil.go
+++ b/helper/dhutil/dhutil.go
@ -6,7 +6,6 @@ import (
 	"crypto/cipher"
 	"crypto/rand"
 	"crypto/sha256"
-	"encoding/hex"
 	"errors"
 	"fmt"
 	"io"
@ -90,7 +89,6 @@ func DeriveSharedKey(secret, ourPublic, theirPublic []byte) ([]byte, error) {
 	if n != 32 {
 		return nil, errors.New("short read from hkdf")
 	}
-	fmt.Printf("Key: %s\n", hex.EncodeToString(key[:]))

 	return key[:], nil
 }
--- a/tools/semgrep/ci/fmt-printf.yml
+++ b/tools/semgrep/ci/fmt-printf.yml
@ -0,0 +1,16 @@
+rules:
+  - id: fmt.Printf
+    languages: [go]
+    message: fmt.Printf/Println is forbidden outside of cmd and test files
+    patterns:
+      - pattern-either:
+        - pattern: fmt.Printf
+        - pattern: fmt.Println
+    severity: ERROR
+    paths:
+      exclude:
+        - "*_test.go"
+        - "cmd/*.go"
+        - "cmd/**/*.go"
+        - sdk/database/dbplugin/server.go # effectively a cmd
+        - sdk/database/dbplugin/v5/plugin_server.go # effectively a cmd