Merge pull request #851 from Pangjiping/fix/go-sdk-quality

fix(go-sdk): drain response bodies, add io.Closer, remove deprecated DSA

Author: ninan-nn

sdks/sandbox/go/crypto_policy.go

@@ -15,7 +15,6 @@
 package opensandbox
 
 import (
-	"crypto/dsa"
 	"crypto/ecdsa"
 	"crypto/ed25519"
 	"crypto/rsa"
@@ -25,20 +24,18 @@ import (
 )
 
 const (
-	nistMinRSABits     = 2048
-	nistMinDLKeyBits   = 224
-	nistMinDLGroupBits = 2048
-	nistMinECBits      = 224
-	nistMinHashBits    = 224
+	nistMinRSABits  = 2048
+	nistMinECBits   = 224
+	nistMinHashBits = 224
 )
 
 func minHashBitsForSignatureAlgorithm(algo x509.SignatureAlgorithm) (int, error) {
 	switch algo {
 	case x509.MD2WithRSA, x509.MD5WithRSA:
 		return 128, nil
-	case x509.SHA1WithRSA, x509.DSAWithSHA1, x509.ECDSAWithSHA1:
+	case x509.SHA1WithRSA, x509.ECDSAWithSHA1:
 		return 160, nil
-	case x509.DSAWithSHA256, x509.SHA256WithRSA, x509.ECDSAWithSHA256:
+	case x509.SHA256WithRSA, x509.ECDSAWithSHA256:
 		return 256, nil
 	case x509.SHA384WithRSA, x509.ECDSAWithSHA384:
 		return 384, nil
@@ -103,26 +100,6 @@ func ensureCertPublicKeyMeetsNISTMinimums(cert *x509.Certificate) error {
 				nistMinECBits,
 			)
 		}
-	case *dsa.PublicKey:
-		if pub.Parameters.P == nil || pub.Parameters.Q == nil {
-			return fmt.Errorf("certificate DSA public key parameters are incomplete")
-		}
-		subgroupBits := pub.Parameters.Q.BitLen()
-		groupBits := pub.Parameters.P.BitLen()
-		if subgroupBits < nistMinDLKeyBits {
-			return fmt.Errorf(
-				"certificate DSA subgroup (Q) length %d bits is below NIST minimum %d bits",
-				subgroupBits,
-				nistMinDLKeyBits,
-			)
-		}
-		if groupBits < nistMinDLGroupBits {
-			return fmt.Errorf(
-				"certificate DSA group (P) length %d bits is below NIST minimum %d bits",
-				groupBits,
-				nistMinDLGroupBits,
-			)
-		}
 	case ed25519.PublicKey:
 		bits := len(pub) * 8
 		if bits < nistMinECBits {

sdks/sandbox/go/execd.go

@@ -51,7 +51,9 @@ func (e *ExecdClient) Ping(ctx context.Context) error {
 // ListContexts returns all active code execution contexts for the given language.
 func (e *ExecdClient) ListContexts(ctx context.Context, language string) ([]CodeContext, error) {
 	var result []CodeContext
-	path := "/code/contexts?language=" + url.QueryEscape(language)
+	params := url.Values{}
+	params.Set("language", language)
+	path := "/code/contexts?" + params.Encode()
 	err := e.client.doRequest(ctx, http.MethodGet, path, nil, &result)
 	return result, err
 }
@@ -85,7 +87,9 @@ func (e *ExecdClient) DeleteContext(ctx context.Context, contextID string) error
 
 // DeleteContextsByLanguage deletes all code execution contexts for the given language.
 func (e *ExecdClient) DeleteContextsByLanguage(ctx context.Context, language string) error {
-	path := "/code/contexts?language=" + url.QueryEscape(language)
+	params := url.Values{}
+	params.Set("language", language)
+	path := "/code/contexts?" + params.Encode()
 	return e.client.doRequest(ctx, http.MethodDelete, path, nil, nil)
 }
 
@@ -97,7 +101,9 @@ func (e *ExecdClient) ExecuteCode(ctx context.Context, req RunCodeRequest, handl
 
 // InterruptCode interrupts the currently running code execution.
 func (e *ExecdClient) InterruptCode(ctx context.Context, sessionID string) error {
-	path := "/code?id=" + url.QueryEscape(sessionID)
+	params := url.Values{}
+	params.Set("id", sessionID)
+	path := "/code?" + params.Encode()
 	return e.client.doRequest(ctx, http.MethodDelete, path, nil, nil)
 }
 
@@ -131,7 +137,9 @@ func (e *ExecdClient) RunCommand(ctx context.Context, req RunCommandRequest, han
 
 // InterruptCommand interrupts the currently running command execution.
 func (e *ExecdClient) InterruptCommand(ctx context.Context, sessionID string) error {
-	path := "/command?id=" + url.QueryEscape(sessionID)
+	params := url.Values{}
+	params.Set("id", sessionID)
+	path := "/command?" + params.Encode()
 	return e.client.doRequest(ctx, http.MethodDelete, path, nil, nil)
 }
 
@@ -207,7 +215,9 @@ func (e *ExecdClient) GetCommandLogs(ctx context.Context, commandID string, curs
 // GetFileInfo retrieves metadata for the file at the given path.
 func (e *ExecdClient) GetFileInfo(ctx context.Context, path string) (map[string]FileInfo, error) {
 	var result map[string]FileInfo
-	reqPath := "/files/info?path=" + url.QueryEscape(path)
+	params := url.Values{}
+	params.Set("path", path)
+	reqPath := "/files/info?" + params.Encode()
 	err := e.client.doRequest(ctx, http.MethodGet, reqPath, nil, &result)
 	return result, err
 }
@@ -365,7 +375,9 @@ func (e *ExecdClient) newUploadFilesRequest(ctx context.Context, entries []Uploa
 // returned io.ReadCloser. Pass rangeHeader (e.g. "bytes=0-1023") for partial
 // content, or empty string for the full file.
 func (e *ExecdClient) DownloadFile(ctx context.Context, remotePath string, rangeHeader string) (io.ReadCloser, error) {
-	reqPath := "/files/download?path=" + url.QueryEscape(remotePath)
+	params := url.Values{}
+	params.Set("path", remotePath)
+	reqPath := "/files/download?" + params.Encode()
 
 	var resp *http.Response
 	err := e.client.withRetry(ctx, func() error {
@@ -421,7 +433,9 @@ func OctalMode(m os.FileMode) int {
 
 // DeleteDirectory deletes a directory and all its contents recursively.
 func (e *ExecdClient) DeleteDirectory(ctx context.Context, path string) error {
-	reqPath := "/directories?path=" + url.QueryEscape(path)
+	params := url.Values{}
+	params.Set("path", path)
+	reqPath := "/directories?" + params.Encode()
 	return e.client.doRequest(ctx, http.MethodDelete, reqPath, nil, nil)
 }
 

sdks/sandbox/go/go.mod

@@ -1,11 +1,3 @@
 module github.com/alibaba/OpenSandbox/sdks/sandbox/go
 
 go 1.20
-
-require github.com/oapi-codegen/runtime v1.2.0
-
-require (
-	github.com/apapsch/go-jsonmerge/v2 v2.0.0 // indirect
-	github.com/google/uuid v1.6.0 // indirect
-	github.com/stretchr/testify v1.11.1 // indirect
-)

sdks/sandbox/go/go.sum

@@ -1,19 +0,0 @@
-github.com/RaveNoX/go-jsoncommentstrip v1.0.0/go.mod h1:78ihd09MekBnJnxpICcwzCMzGrKSKYe4AqU6PDYYpjk=
-github.com/apapsch/go-jsonmerge/v2 v2.0.0 h1:axGnT1gRIfimI7gJifB699GoE/oq+F2MU7Dml6nw9rQ=
-github.com/apapsch/go-jsonmerge/v2 v2.0.0/go.mod h1:lvDnEdqiQrp0O42VQGgmlKpxL1AP2+08jFMw88y4klk=
-github.com/bmatcuk/doublestar v1.1.1/go.mod h1:UD6OnuiIn0yFxxA2le/rnRU1G4RaI4UvFv1sNto9p6w=
-github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
-github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
-github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/juju/gnuflag v0.0.0-20171113085948-2ce1bb71843d/go.mod h1:2PavIy+JPciBPrBUjwbNvtwB6RQlve+hkpll6QSNmOE=
-github.com/oapi-codegen/runtime v1.2.0 h1:RvKc1CVS1QeKSNzO97FBQbSMZyQ8s6rZd+LpmzwHMP4=
-github.com/oapi-codegen/runtime v1.2.0/go.mod h1:Y7ZhmmlE8ikZOmuHRRndiIm7nf3xcVv+YMweKgG1DT0=
-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
-github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/spkg/bom v0.0.0-20160624110644-59b7046e48ad/go.mod h1:qLr4V1qq6nMqFKkMo8ZTx3f+BZEkzsRUY10Xsm2mwU0=
-github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
-github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
-gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=

sdks/sandbox/go/http.go

@@ -167,12 +167,14 @@ func (c *Client) doRequestOnce(ctx context.Context, method, path string, body an
 
 	// No content (e.g. 204)
 	if resp.StatusCode == http.StatusNoContent || result == nil {
+		io.Copy(io.Discard, resp.Body)
 		return nil
 	}
 
 	if err := json.NewDecoder(resp.Body).Decode(result); err != nil {
 		return fmt.Errorf("opensandbox: decode response: %w", err)
 	}
+	io.Copy(io.Discard, resp.Body)
 	return nil
 }
 

sdks/sandbox/go/manager.go

@@ -88,4 +88,4 @@ func (m *SandboxManager) DeleteSnapshot(ctx context.Context, snapshotID string)
 }
 
 // Close releases local resources. Currently a no-op placeholder.
-func (m *SandboxManager) Close() {}
+func (m *SandboxManager) Close() error { return nil }

sdks/sandbox/go/retry_test.go

@@ -22,7 +22,6 @@ import (
 	"crypto/rsa"
 	"crypto/tls"
 	"crypto/x509"
-	"encoding/json"
 	"fmt"
 	"math/big"
 	"net/http"
@@ -637,6 +636,3 @@ func TestRetry_CustomRetryableStatusCodes(t *testing.T) {
 	require.Equal(t, "sbx-500-retried", got.ID)
 	require.Equal(t, int32(2), attempts.Load())
 }
-
-// suppress unused import warning
-var _ = json.Marshal

sdks/sandbox/go/sandbox.go

@@ -227,9 +227,10 @@ func (s *Sandbox) Kill(ctx context.Context) error {
 }
 
 // Close releases local HTTP resources. Does NOT terminate the sandbox.
-func (s *Sandbox) Close() {
+func (s *Sandbox) Close() error {
 	// No-op for now — Go's http.Client doesn't need explicit close.
 	// Placeholder for future transport pooling.
+	return nil
 }
 
 // Pause pauses the sandbox while preserving its state.