Merge pull request #64 from Financial-Times/fix-log-level

Fix Snyk vulnarability issue

.circleci/config.yml

@@ -24,8 +24,8 @@ jobs:
       - run:
           name: Download dredd
           command: |
-            curl -sL https://deb.nodesource.com/setup_11.x | bash -
-            DEBIAN_FRONTEND=noninteractive apt-get install -y nodejs=11.\*
+            curl -sL https://deb.nodesource.com/setup_14.x | bash -
+            DEBIAN_FRONTEND=noninteractive apt-get install -y nodejs=14.\*
             npm install -g --unsafe-perm --loglevel warn --user 0 --no-progress [email protected]
             rm -rf /var/lib/apt/lists/*
       - run:

README.md

@@ -231,4 +231,4 @@ At the moment the `/__health` and `/__gtg` check the availability of the UPP Pub
 
 
 ### Change/Rotate sealed secrets
-Please reffer to documentation in [pac-global-sealed-secrets-eks](https://github.com/Financial-Times/pac-global-sealed-secrets-eks/blob/master/README.md). Here are explained details how to create new and change existing sealed secrets
+Please refer to documentation in [pac-global-sealed-secrets-eks](https://github.com/Financial-Times/pac-global-sealed-secrets-eks/blob/master/README.md). Here are explained details how to create new and change existing sealed secrets

annotations/annotations_api_test.go

@@ -12,8 +12,8 @@ import (
 
 	"github.com/Financial-Times/go-ft-http/fthttp"
 	tidUtils "github.com/Financial-Times/transactionid-utils-go"
+	"github.com/google/uuid"
 	"github.com/husobee/vestigo"
-	uuid "github.com/satori/go.uuid"
 	"github.com/stretchr/testify/assert"
 )
 
@@ -66,7 +66,7 @@ func TestAnnotationsAPIGTGConnectionError(t *testing.T) {
 }
 
 func TestHappyAnnotationsAPI(t *testing.T) {
-	uuid := uuid.NewV4().String()
+	uuid := uuid.New().String()
 	tid := "tid_all-good"
 	ctx := tidUtils.TransactionAwareContext(context.TODO(), tid)
 
@@ -80,7 +80,7 @@ func TestHappyAnnotationsAPI(t *testing.T) {
 }
 
 func TestHappyAnnotationsAPIWithLifecycles(t *testing.T) {
-	uuid := uuid.NewV4().String()
+	uuid := uuid.New().String()
 	tid := "tid_all-good"
 	ctx := tidUtils.TransactionAwareContext(context.TODO(), tid)
 
@@ -94,7 +94,7 @@ func TestHappyAnnotationsAPIWithLifecycles(t *testing.T) {
 }
 
 func TestUnhappyAnnotationsAPI(t *testing.T) {
-	uuid := uuid.NewV4().String()
+	uuid := uuid.New().String()
 	tid := "tid_all-good?"
 	ctx := tidUtils.TransactionAwareContext(context.TODO(), tid)
 
@@ -108,7 +108,7 @@ func TestUnhappyAnnotationsAPI(t *testing.T) {
 }
 
 func TestNoTIDAnnotationsAPI(t *testing.T) {
-	uuid := uuid.NewV4().String()
+	uuid := uuid.New().String()
 	annotationsServerMock := newAnnotationsAPIServerMock(t, "", uuid, "", http.StatusServiceUnavailable, "I am definitely not happy!")
 	defer annotationsServerMock.Close()
 
@@ -242,7 +242,7 @@ func TestGetAnnotationsHappy(t *testing.T) {
 
 	for _, test := range testCases {
 		t.Run(test.name, func(t *testing.T) {
-			uuid := uuid.NewV4().String()
+			uuid := uuid.New().String()
 			tid := "tid_all-good"
 			ctx := tidUtils.TransactionAwareContext(context.TODO(), tid)
 

annotations/canonicalizer_test.go

@@ -6,7 +6,7 @@ import (
 	"strings"
 	"testing"
 
-	uuid "github.com/satori/go.uuid"
+	"github.com/google/uuid"
 	"github.com/stretchr/testify/assert"
 )
 
@@ -19,8 +19,8 @@ const (
 
 func TestCanonicalAnnotationSorterOrderByPredicate(t *testing.T) {
 	conceptUuid := []string{
-		uuid.NewV4().String(),
-		uuid.NewV4().String(),
+		uuid.New().String(),
+		uuid.New().String(),
 	}
 
 	// not in order
@@ -66,8 +66,8 @@ func TestCanonicalAnnotationSorterOrderByPredicate(t *testing.T) {
 
 func TestCanonicalAnnotationSorterEqualPredicateOrderByUUID(t *testing.T) {
 	conceptUuid := []string{
-		uuid.NewV4().String(),
-		uuid.NewV4().String(),
+		uuid.New().String(),
+		uuid.New().String(),
 	}
 
 	if strings.Compare(conceptUuid[0], conceptUuid[1]) == -1 {
@@ -119,8 +119,8 @@ func TestCanonicalAnnotationSorterEqualPredicateOrderByUUID(t *testing.T) {
 
 func TestCanonicalizer(t *testing.T) {
 	conceptUuid := []string{
-		uuid.NewV4().String(),
-		uuid.NewV4().String(),
+		uuid.New().String(),
+		uuid.New().String(),
 	}
 
 	apiUrl := make([]string, len(conceptUuid))
@@ -183,8 +183,8 @@ func TestCanonicalizer(t *testing.T) {
 
 func TestCanonicalizerHash(t *testing.T) {
 	conceptUuid := []string{
-		uuid.NewV4().String(),
-		uuid.NewV4().String(),
+		uuid.New().String(),
+		uuid.New().String(),
 	}
 
 	apiUrl := make([]string, len(conceptUuid))

concept/read_api_test.go

@@ -15,8 +15,8 @@ import (
 	"github.com/Financial-Times/go-ft-http/fthttp"
 	tidUtils "github.com/Financial-Times/transactionid-utils-go"
 	"github.com/Pallinder/go-randomdata"
+	"github.com/google/uuid"
 	"github.com/husobee/vestigo"
-	uuid "github.com/satori/go.uuid"
 	log "github.com/sirupsen/logrus"
 	logTest "github.com/sirupsen/logrus/hooks/test"
 	"github.com/stretchr/testify/assert"
@@ -190,7 +190,7 @@ func TestUnhappyGTG(t *testing.T) {
 func generateConcepts(n int) map[string]Concept {
 	concepts := make(map[string]Concept)
 	for i := 0; i < n; i++ {
-		id := uuid.NewV4().String()
+		id := uuid.New().String()
 		concepts[id] = generateConcept(id)
 	}
 	return concepts

go.mod

@@ -1,6 +1,6 @@
 module github.com/Financial-Times/draft-annotations-api
 
-go 1.13
+go 1.17
 
 require (
 	github.com/Financial-Times/api-endpoint v0.0.0-20170612095945-d9f326a291cc
@@ -11,19 +11,19 @@ require (
 	github.com/Financial-Times/transactionid-utils-go v0.2.0
 	github.com/Pallinder/go-randomdata v0.0.0-20170410161340-8c3362a5e678
 	github.com/davecgh/go-spew v1.1.0 // indirect
+	github.com/google/uuid v1.3.0
 	github.com/hashicorp/go-version v0.0.0-20170202080759-03c5bf6be031 // indirect
 	github.com/husobee/vestigo v1.0.2
 	github.com/jawher/mow.cli v0.0.0-20170712113824-a6088643acff
 	github.com/kr/pretty v0.1.0 // indirect
 	github.com/pkg/errors v0.8.1
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/rcrowley/go-metrics v0.0.0-20161128210544-1f30fe9094a5
-	github.com/satori/go.uuid v1.1.0
 	github.com/sirupsen/logrus v0.0.0-20170713114250-a3f95b5c4235
 	github.com/stretchr/objx v0.1.1 // indirect
 	github.com/stretchr/testify v0.0.0-20180319223459-c679ae2cc0cb
 	golang.org/x/net v0.0.0-20170719084000-02ac38e2528f // indirect
-	golang.org/x/sys v0.0.0-20170718161335-cd2c276457ed // indirect
+	golang.org/x/sys v0.0.0-20211013075003-97ac67df715c // indirect
 	gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 // indirect
 	gopkg.in/yaml.v2 v2.0.0-20170721122051-25c4ec802a7d // indirect
 )

go.sum

@@ -14,6 +14,8 @@ github.com/Pallinder/go-randomdata v0.0.0-20170410161340-8c3362a5e678 h1:vIKeNyQ
 github.com/Pallinder/go-randomdata v0.0.0-20170410161340-8c3362a5e678/go.mod h1:yHmJgulpD2Nfrm0cR9tI/+oAgRqCQQixsA8HyRZfV9Y=
 github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
+github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/hashicorp/go-version v0.0.0-20170202080759-03c5bf6be031 h1:c3Xdf5fTpk+hqhxqCO+ymqjfUXV9+GZqNgTtlnVzDos=
 github.com/hashicorp/go-version v0.0.0-20170202080759-03c5bf6be031/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
 github.com/husobee/vestigo v1.0.2 h1:K4Awra33kZsLUQeTwrtdkj/Yf6pIy7b6qMtJH3s5SA4=
@@ -31,8 +33,6 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/rcrowley/go-metrics v0.0.0-20161128210544-1f30fe9094a5 h1:gwcdIpH6NU2iF8CmcqD+CP6+1CkRBOhHaPR+iu6raBY=
 github.com/rcrowley/go-metrics v0.0.0-20161128210544-1f30fe9094a5/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
-github.com/satori/go.uuid v1.1.0 h1:B9KXyj+GzIpJbV7gmr873NsY6zpbxNy24CBtGrk7jHo=
-github.com/satori/go.uuid v1.1.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
 github.com/sirupsen/logrus v0.0.0-20170713114250-a3f95b5c4235 h1:a2XWU6egUZQhD52o2GEKr79zE+OuZmwLybyOQpoqhHQ=
 github.com/sirupsen/logrus v0.0.0-20170713114250-a3f95b5c4235/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc=
 github.com/stretchr/objx v0.1.1 h1:2vfRuCMp5sSVIDSqO8oNnWJq7mPa6KVP3iPIwFBuy8A=
@@ -41,8 +41,8 @@ github.com/stretchr/testify v0.0.0-20180319223459-c679ae2cc0cb h1:Idl4I/YpJ3WG7+
 github.com/stretchr/testify v0.0.0-20180319223459-c679ae2cc0cb/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 golang.org/x/net v0.0.0-20170719084000-02ac38e2528f h1:8TxU+eLCw23NIJ1TwakDJwcN5ikXvWBezX3nPZenP30=
 golang.org/x/net v0.0.0-20170719084000-02ac38e2528f/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/sys v0.0.0-20170718161335-cd2c276457ed h1:E8Urb17nGW+8kKyvrTl+0Rs9GhsQd9nU93B429bmayg=
-golang.org/x/sys v0.0.0-20170718161335-cd2c276457ed/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20211013075003-97ac67df715c h1:taxlMj0D/1sOAuv/CbSD+MMDof2vbyPTqz5FNYKpXt8=
+golang.org/x/sys v0.0.0-20211013075003-97ac67df715c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v2 v2.0.0-20170721122051-25c4ec802a7d h1:2DX7x6HUDGZUyuEDAhUsQQNqkb1zvDyKTjVoTdzaEzo=

handler/handler.go

@@ -14,8 +14,8 @@ import (
 	"github.com/Financial-Times/draft-annotations-api/annotations"
 	"github.com/Financial-Times/draft-annotations-api/mapper"
 	tidutils "github.com/Financial-Times/transactionid-utils-go"
+	"github.com/google/uuid"
 	"github.com/husobee/vestigo"
-	uuid "github.com/satori/go.uuid"
 	log "github.com/sirupsen/logrus"
 )
 
@@ -378,7 +378,7 @@ func handleReadErrors(err error, readLog *log.Entry, w http.ResponseWriter) {
 	var uppErr annotations.UPPError
 	if errors.As(err, &uppErr) {
 		if uppErr.UPPBody() != nil {
-			readLog.Info("UPP responded with a client error, forwarding UPP response back to client.")
+			readLog.WithError(err).Error("UPP responded with a client error, forwarding UPP response back to client.")
 			w.WriteHeader(uppErr.Status())
 			w.Write(uppErr.UPPBody())
 			return
@@ -414,7 +414,7 @@ func isTimeoutErr(err error) bool {
 }
 
 func validateUUID(u string) error {
-	_, err := uuid.FromString(u)
+	_, err := uuid.Parse(u)
 	return err
 }
 

handler/handler_test.go

@@ -5,6 +5,7 @@ import (
 	"context"
 	"encoding/json"
 	"errors"
+	"fmt"
 	"io/ioutil"
 	"net"
 	"net/http"
@@ -1192,7 +1193,7 @@ func TestSaveAnnotationsInvalidContentUUID(t *testing.T) {
 	assert.Equal(t, http.StatusBadRequest, resp.StatusCode)
 	body, err := ioutil.ReadAll(resp.Body)
 	assert.NoError(t, err)
-	assert.JSONEq(t, `{"message":"Invalid content UUID: uuid: UUID string too short: not-a-valid-uuid"}`, string(body))
+	assert.JSONEq(t, fmt.Sprintf(`{"message":"Invalid content UUID: invalid UUID length: %d"}`, len("not-a-valid-uuid")), string(body))
 
 	rw.AssertExpectations(t)
 	aug.AssertExpectations(t)