From c83de5201e8b8e2235bc82e148f61ebb587800df Mon Sep 17 00:00:00 2001
From: Ryan Turner <ryan.turner253@icloud.com>
Date: Fri, 13 Dec 2024 13:43:33 -0800
Subject: [PATCH] Bump gopsutil to v4

v3 is no longer maintained other than for security fixes. The breaking
change in v4 that impacts our code is that `process.Uids()` and
`process.Gids()` now returns values of type `uint32` instead of `int32`.

Signed-off-by: Ryan Turner <ryan.turner253@icloud.com>
---
 go.mod                                        |  4 +--
 go.sum                                        | 10 +++----
 .../workloadattestor/unix/unix_posix.go       |  6 ++---
 .../workloadattestor/unix/unix_posix_test.go  | 26 +++++++++----------
 pkg/server/api/middleware/audit.go            |  2 +-
 pkg/server/api/middleware/audit_posix.go      |  6 ++---
 pkg/server/api/middleware/audit_windows.go    |  2 +-
 7 files changed, 26 insertions(+), 30 deletions(-)

diff --git a/go.mod b/go.mod
index 22c17f693d..13fc63ef2f 100644
--- a/go.mod
+++ b/go.mod
@@ -67,7 +67,7 @@ require (
 	github.com/mitchellh/cli v1.1.5
 	github.com/open-policy-agent/opa v0.70.0
 	github.com/prometheus/client_golang v1.20.5
-	github.com/shirou/gopsutil/v3 v3.24.5
+	github.com/shirou/gopsutil/v4 v4.24.11
 	github.com/sigstore/cosign/v2 v2.4.1
 	github.com/sigstore/rekor v1.3.7
 	github.com/sigstore/sigstore v1.8.11
@@ -152,6 +152,7 @@ require (
 	github.com/docker/go-connections v0.4.0 // indirect
 	github.com/docker/go-units v0.5.0 // indirect
 	github.com/dustin/go-humanize v1.0.1 // indirect
+	github.com/ebitengine/purego v0.8.1 // indirect
 	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
 	github.com/envoyproxy/protoc-gen-validate v1.1.0 // indirect
 	github.com/evanphx/json-patch/v5 v5.9.0 // indirect
@@ -265,7 +266,6 @@ require (
 	github.com/secure-systems-lab/go-securesystemslib v0.8.0 // indirect
 	github.com/segmentio/asm v1.2.0 // indirect
 	github.com/shibumi/go-pathspec v1.3.0 // indirect
-	github.com/shoenig/go-m1cpu v0.1.6 // indirect
 	github.com/shopspring/decimal v1.4.0 // indirect
 	github.com/sigstore/protobuf-specs v0.3.2 // indirect
 	github.com/sigstore/timestamp-authority v1.2.2 // indirect
diff --git a/go.sum b/go.sum
index 6ec5f267cc..be91956ea7 100644
--- a/go.sum
+++ b/go.sum
@@ -736,6 +736,8 @@ github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4
 github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
 github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY=
 github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=
+github.com/ebitengine/purego v0.8.1 h1:sdRKd6plj7KYW33EH5As6YKfe8m9zbN9JMrOjNVF/BE=
+github.com/ebitengine/purego v0.8.1/go.mod h1:iIjxzd6CiRiOG0UyXP+V1+jWqUXVjPKLAI0mRfJZTmQ=
 github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g=
 github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
 github.com/emicklei/proto v1.12.1 h1:6n/Z2pZAnBwuhU66Gs8160B8rrrYKo7h2F2sCOnNceE=
@@ -1356,12 +1358,8 @@ github.com/segmentio/ksuid v1.0.4 h1:sBo2BdShXjmcugAMwjugoGUdUV0pcxY5mW4xKRn3v4c
 github.com/segmentio/ksuid v1.0.4/go.mod h1:/XUiZBD3kVx5SmUOl55voK5yeAbBNNIed+2O73XgrPE=
 github.com/shibumi/go-pathspec v1.3.0 h1:QUyMZhFo0Md5B8zV8x2tesohbb5kfbpTi9rBnKh5dkI=
 github.com/shibumi/go-pathspec v1.3.0/go.mod h1:Xutfslp817l2I1cZvgcfeMQJG5QnU2lh5tVaaMCl3jE=
-github.com/shirou/gopsutil/v3 v3.24.5 h1:i0t8kL+kQTvpAYToeuiVk3TgDeKOFioZO3Ztz/iZ9pI=
-github.com/shirou/gopsutil/v3 v3.24.5/go.mod h1:bsoOS1aStSs9ErQ1WWfxllSeS1K5D+U30r2NfcubMVk=
-github.com/shoenig/go-m1cpu v0.1.6 h1:nxdKQNcEB6vzgA2E2bvzKIYRuNj7XNJ4S/aRSwKzFtM=
-github.com/shoenig/go-m1cpu v0.1.6/go.mod h1:1JJMcUBvfNwpq05QDQVAnx3gUHr9IYF7GNg9SUEw2VQ=
-github.com/shoenig/test v0.6.4 h1:kVTaSd7WLz5WZ2IaoM0RSzRsUD+m8wRR+5qvntpn4LU=
-github.com/shoenig/test v0.6.4/go.mod h1:byHiCGXqrVaflBLAMq/srcZIHynQPQgeyvkvXnjqq0k=
+github.com/shirou/gopsutil/v4 v4.24.11 h1:WaU9xqGFKvFfsUv94SXcUPD7rCkU0vr/asVdQOBZNj8=
+github.com/shirou/gopsutil/v4 v4.24.11/go.mod h1:s4D/wg+ag4rG0WO7AiTj2BeYCRhym0vM7DHbZRxnIT8=
 github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
 github.com/shopspring/decimal v1.4.0 h1:bxl37RwXBklmTi0C79JfXCEBD1cqqHt0bbgBAGFp81k=
 github.com/shopspring/decimal v1.4.0/go.mod h1:gawqmDU56v4yIKSwfBSFip1HdCCXN8/+DMd9qYNcwME=
diff --git a/pkg/agent/plugin/workloadattestor/unix/unix_posix.go b/pkg/agent/plugin/workloadattestor/unix/unix_posix.go
index 10547d4c77..5f13b3e218 100644
--- a/pkg/agent/plugin/workloadattestor/unix/unix_posix.go
+++ b/pkg/agent/plugin/workloadattestor/unix/unix_posix.go
@@ -16,7 +16,7 @@ import (
 
 	"github.com/hashicorp/go-hclog"
 	"github.com/hashicorp/hcl"
-	"github.com/shirou/gopsutil/v3/process"
+	"github.com/shirou/gopsutil/v4/process"
 	workloadattestorv1 "github.com/spiffe/spire-plugin-sdk/proto/spire/plugin/agent/workloadattestor/v1"
 	configv1 "github.com/spiffe/spire-plugin-sdk/proto/spire/service/common/config/v1"
 	"github.com/spiffe/spire/pkg/common/catalog"
@@ -34,8 +34,8 @@ func builtin(p *Plugin) catalog.BuiltIn {
 }
 
 type processInfo interface {
-	Uids() ([]int32, error)
-	Gids() ([]int32, error)
+	Uids() ([]uint32, error)
+	Gids() ([]uint32, error)
 	Groups() ([]string, error)
 	Exe() (string, error)
 	NamespacedExe() string
diff --git a/pkg/agent/plugin/workloadattestor/unix/unix_posix_test.go b/pkg/agent/plugin/workloadattestor/unix/unix_posix_test.go
index 52017323d0..ce014bf48c 100644
--- a/pkg/agent/plugin/workloadattestor/unix/unix_posix_test.go
+++ b/pkg/agent/plugin/workloadattestor/unix/unix_posix_test.go
@@ -23,9 +23,7 @@ import (
 	"google.golang.org/grpc/codes"
 )
 
-var (
-	ctx = context.Background()
-)
+var ctx = context.Background()
 
 func TestPlugin(t *testing.T) {
 	spiretest.Run(t, new(Suite))
@@ -261,7 +259,7 @@ func (s *Suite) TestAttest() {
 }
 
 func (s *Suite) writeFile(path string, data []byte) {
-	s.Require().NoError(os.WriteFile(filepath.Join(s.dir, path), data, 0600))
+	s.Require().NoError(os.WriteFile(filepath.Join(s.dir, path), data, 0o600))
 }
 
 func (s *Suite) loadPlugin(t *testing.T, trustDomain string, config string) workloadattestor.WorkloadAttestor {
@@ -292,35 +290,35 @@ type fakeProcess struct {
 	dir string
 }
 
-func (p fakeProcess) Uids() ([]int32, error) {
+func (p fakeProcess) Uids() ([]uint32, error) {
 	switch p.pid {
 	case 1:
-		return []int32{}, nil
+		return []uint32{}, nil
 	case 2:
 		return nil, fmt.Errorf("unable to get UIDs for PID %d", p.pid)
 	case 3:
-		return []int32{1999}, nil
+		return []uint32{1999}, nil
 	case 4, 5, 6, 7, 9, 10, 11, 12, 13, 14:
-		return []int32{1000}, nil
+		return []uint32{1000}, nil
 	case 8:
-		return []int32{1000, 1100}, nil
+		return []uint32{1000, 1100}, nil
 	default:
 		return nil, fmt.Errorf("unhandled uid test case %d", p.pid)
 	}
 }
 
-func (p fakeProcess) Gids() ([]int32, error) {
+func (p fakeProcess) Gids() ([]uint32, error) {
 	switch p.pid {
 	case 4:
-		return []int32{}, nil
+		return []uint32{}, nil
 	case 5:
 		return nil, fmt.Errorf("unable to get GIDs for PID %d", p.pid)
 	case 6:
-		return []int32{2999}, nil
+		return []uint32{2999}, nil
 	case 3, 7, 9, 10, 11, 12, 13, 14:
-		return []int32{2000}, nil
+		return []uint32{2000}, nil
 	case 8:
-		return []int32{2000, 2100}, nil
+		return []uint32{2000, 2100}, nil
 	default:
 		return nil, fmt.Errorf("unhandled gid test case %d", p.pid)
 	}
diff --git a/pkg/server/api/middleware/audit.go b/pkg/server/api/middleware/audit.go
index a8c8f1dca7..c72df52d39 100644
--- a/pkg/server/api/middleware/audit.go
+++ b/pkg/server/api/middleware/audit.go
@@ -3,7 +3,7 @@ package middleware
 import (
 	"context"
 
-	"github.com/shirou/gopsutil/v3/process"
+	"github.com/shirou/gopsutil/v4/process"
 	"github.com/sirupsen/logrus"
 	"github.com/spiffe/spire/pkg/common/peertracker"
 	"github.com/spiffe/spire/pkg/common/telemetry"
diff --git a/pkg/server/api/middleware/audit_posix.go b/pkg/server/api/middleware/audit_posix.go
index 7a6239596c..e7dd74873d 100644
--- a/pkg/server/api/middleware/audit_posix.go
+++ b/pkg/server/api/middleware/audit_posix.go
@@ -3,7 +3,7 @@
 package middleware
 
 import (
-	"github.com/shirou/gopsutil/v3/process"
+	"github.com/shirou/gopsutil/v4/process"
 	"github.com/sirupsen/logrus"
 	"github.com/spiffe/spire/pkg/common/telemetry"
 	"google.golang.org/grpc/codes"
@@ -27,7 +27,7 @@ func setFields(p *process.Process, fields logrus.Fields) error {
 	return nil
 }
 
-func getUID(p *process.Process) (int32, error) {
+func getUID(p *process.Process) (uint32, error) {
 	uids, err := p.Uids()
 	if err != nil {
 		return 0, status.Errorf(codes.Internal, "failed UIDs lookup: %v", err)
@@ -43,7 +43,7 @@ func getUID(p *process.Process) (int32, error) {
 	}
 }
 
-func getGID(p *process.Process) (int32, error) {
+func getGID(p *process.Process) (uint32, error) {
 	gids, err := p.Gids()
 	if err != nil {
 		return 0, status.Errorf(codes.Internal, "failed GIDs lookup: %v", err)
diff --git a/pkg/server/api/middleware/audit_windows.go b/pkg/server/api/middleware/audit_windows.go
index 563df7655e..7cd1e0f9ad 100644
--- a/pkg/server/api/middleware/audit_windows.go
+++ b/pkg/server/api/middleware/audit_windows.go
@@ -5,7 +5,7 @@ package middleware
 import (
 	"fmt"
 
-	"github.com/shirou/gopsutil/v3/process"
+	"github.com/shirou/gopsutil/v4/process"
 	"github.com/sirupsen/logrus"
 	"github.com/spiffe/spire/pkg/common/telemetry"
 	"golang.org/x/sys/windows"