Merge pull request #32 from wneessen/fix_possible_out-of-index_access

Fix possible out of index access

.github/workflows/codecov.yml

@@ -24,7 +24,7 @@ jobs:
     strategy:
       matrix:
         os: [ubuntu-latest]
-        go: [1.18]
+        go: ['1.22']
     steps:
     - name: Checkout Code
       uses: actions/checkout@master
@@ -34,7 +34,7 @@ jobs:
         go test -v -race --coverprofile=coverage.coverprofile --covermode=atomic .
     
     - name: Upload coverage to Codecov
-      if: success() && matrix.go == 1.18 && matrix.os == 'ubuntu-latest'
+      if: success() && matrix.go == '1.22' && matrix.os == 'ubuntu-latest'
       uses: codecov/codecov-action@v2
       with:
         token: ${{ secrets.CODECOV_TOKEN }} # not required for public repos

.github/workflows/codecov_testonly.yml

@@ -22,7 +22,7 @@ jobs:
     strategy:
       matrix:
         os: [ubuntu-latest, macos-latest, windows-latest]
-        go: [1.15, 1.16, 1.17, 1.18]
+        go: ['1.19', '1.20', '1.21', '1.22']
     steps:
     - name: Checkout Code
       uses: actions/checkout@master

.github/workflows/golangci-lint.yml

@@ -21,7 +21,7 @@ jobs:
     steps:
       - uses: actions/setup-go@v3
         with:
-          go-version: 1.19
+          go-version: '1.22'
       - uses: actions/checkout@v3
       - name: golangci-lint
         uses: golangci/golangci-lint-action@v3

.github/workflows/sonarqube.yml

@@ -17,7 +17,7 @@ jobs:
       - name: Setup Go
         uses: actions/setup-go@v2.1.3
         with:
-          go-version: 1.18.x
+          go-version: 1.22.x
           
       - name: Run unit Tests
         run: |

.gitignore

@@ -15,3 +15,4 @@
 # vendor/
 
 examples/
+.idea/

.idea/.gitignore

@@ -1,8 +0,0 @@
-# Default ignored files
-/shelf/
-/workspace.xml
-# Datasource local storage ignored files
-/dataSources/
-/dataSources.local.xml
-# Editor-based HTTP Client requests
-/httpRequests/

.idea/go-hibp.iml

@@ -1,9 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<module type="WEB_MODULE" version="4">
-  <component name="Go" enabled="true" />
-  <component name="NewModuleRootManager">
-    <content url="file://$MODULE_DIR$" />
-    <orderEntry type="inheritedJdk" />
-    <orderEntry type="sourceFolder" forTests="false" />
-  </component>
-</module>

.idea/inspectionProfiles/Project_Default.xml

@@ -1,12 +0,0 @@
-<component name="InspectionProjectProfileManager">
-  <profile version="1.0">
-    <option name="myName" value="Project Default" />
-    <inspection_tool class="GrazieInspection" enabled="false" level="TYPO" enabled_by_default="false" />
-    <inspection_tool class="LanguageDetectionInspection" enabled="false" level="WARNING" enabled_by_default="false" />
-    <inspection_tool class="SpellCheckingInspection" enabled="false" level="TYPO" enabled_by_default="false">
-      <option name="processCode" value="true" />
-      <option name="processLiterals" value="true" />
-      <option name="processComments" value="true" />
-    </inspection_tool>
-  </profile>
-</component>

.idea/modules.xml

@@ -1,8 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
-  <component name="ProjectModuleManager">
-    <modules>
-      <module fileurl="file://$PROJECT_DIR$/.idea/go-hibp.iml" filepath="$PROJECT_DIR$/.idea/go-hibp.iml" />
-    </modules>
-  </component>
-</project>

.idea/vcs.xml

@@ -1,6 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
-  <component name="VcsDirectoryMappings">
-    <mapping directory="$PROJECT_DIR$" vcs="Git" />
-  </component>
-</project>

password.go

@@ -205,6 +205,9 @@ func (p *PwnedPassAPI) ListHashesPrefix(pf string) ([]Match, *http.Response, err
 	so := bufio.NewScanner(hr.Body)
 	for so.Scan() {
 		hp := strings.SplitN(so.Text(), ":", 2)
+		if len(hp) != 2 {
+			continue
+		}
 		fh := fmt.Sprintf("%s%s", strings.ToLower(pf), strings.ToLower(hp[0]))
 		hc, err := strconv.ParseInt(hp[1], 10, 64)
 		if err != nil {

password_test.go

@@ -431,7 +431,7 @@ func ExamplePwnedPassAPI_CheckPassword() {
 	if m != nil && m.Count != 0 {
 		fmt.Printf("Your password with the hash %q was found %d times in the pwned passwords DB\n",
 			m.Hash, m.Count)
-		// Output: Your password with the hash "a94a8fe5ccb19ba61c4c0873d391e987982fbbd3" was found 86495 times in the pwned passwords DB
+		// Output: Your password with the hash "a94a8fe5ccb19ba61c4c0873d391e987982fbbd3" was found 142835 times in the pwned passwords DB
 	}
 }
 
@@ -446,7 +446,7 @@ func ExamplePwnedPassAPI_CheckPassword_withPadding() {
 	if m != nil && m.Count != 0 {
 		fmt.Printf("Your password with the hash %q was found %d times in the pwned passwords DB\n",
 			m.Hash, m.Count)
-		// Output: Your password with the hash "a94a8fe5ccb19ba61c4c0873d391e987982fbbd3" was found 86495 times in the pwned passwords DB
+		// Output: Your password with the hash "a94a8fe5ccb19ba61c4c0873d391e987982fbbd3" was found 142835 times in the pwned passwords DB
 	}
 }
 
@@ -462,7 +462,7 @@ func ExamplePwnedPassAPI_checkSHA1() {
 	if m != nil && m.Count != 0 {
 		fmt.Printf("Your password with the hash %q was found %d times in the pwned passwords DB\n",
 			m.Hash, m.Count)
-		// Output: Your password with the hash "a94a8fe5ccb19ba61c4c0873d391e987982fbbd3" was found 86495 times in the pwned passwords DB
+		// Output: Your password with the hash "a94a8fe5ccb19ba61c4c0873d391e987982fbbd3" was found 142835 times in the pwned passwords DB
 	}
 }
 
@@ -478,6 +478,6 @@ func ExamplePwnedPassAPI_checkNTLM() {
 	if m != nil && m.Count != 0 {
 		fmt.Printf("Your password with the hash %q was found %d times in the pwned passwords DB\n",
 			m.Hash, m.Count)
-		// Output: Your password with the hash "0cb6948805f797bf2a82807973b89537" was found 86495 times in the pwned passwords DB
+		// Output: Your password with the hash "0cb6948805f797bf2a82807973b89537" was found 142835 times in the pwned passwords DB
 	}
 }