Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
github.com/influxdata/gosnowflake
For official support and urgent, production-impacting issues, please contact Snowflake Support.
This topic provides instructions for installing, running, and modifying the Go Snowflake Driver. The driver supports Go's database/sql package.
The following software packages are required to use the Go Snowflake Driver.
The latest driver requires the Go language 1.19 or higher. The supported operating systems are Linux, Mac OS, and Windows, but you may run the driver on other platforms if the Go language works correctly on those platforms.
If you don't have a project initialized, set it up.
go mod init example.com/snowflake
Get Gosnowflake source code, if not installed.
go get -u github.com/snowflakedb/gosnowflake
For detailed documentation and basic usage examples, please see the documentation at godoc.org.
Snowflake provides a set of sample programs to test with. Set the environment variable $GOPATH
to the top directory of your workspace, e.g., ~/go
and make certain to
include $GOPATH/bin
in the environment variable $PATH
. Run the make
command to build all sample programs.
make install
In the following example, the program select1.go
is built and installed in $GOPATH/bin
and can be run from the command line:
SNOWFLAKE_TEST_ACCOUNT=<your_account> \
SNOWFLAKE_TEST_USER=<your_user> \
SNOWFLAKE_TEST_PASSWORD=<your_password> \
select1
Congrats! You have successfully run SELECT 1 with Snowflake DB!
The developer notes are hosted with the source code on GitHub.
Set the Snowflake connection info in parameters.json
:
{
"testconnection": {
"SNOWFLAKE_TEST_USER": "<your_user>",
"SNOWFLAKE_TEST_PASSWORD": "<your_password>",
"SNOWFLAKE_TEST_ACCOUNT": "<your_account>",
"SNOWFLAKE_TEST_WAREHOUSE": "<your_warehouse>",
"SNOWFLAKE_TEST_DATABASE": "<your_database>",
"SNOWFLAKE_TEST_SCHEMA": "<your_schema>",
"SNOWFLAKE_TEST_ROLE": "<your_role>"
}
}
Install jq so that the parameters can get parsed correctly, and run make test
in your Go development environment:
make test
Configure your testing environment as described above and run make cov
. The coverage percentage will be printed on the console when the testing completes.
make cov
For more detailed analysis, results are printed to coverage.txt
in the project directory.
To read the coverage report, run:
go tool cover -html=coverage.txt
You may use your preferred editor to edit the driver code. Make certain to run make fmt lint
before submitting any pull request to Snowflake. This command formats your source code according to the standard Go style and detects any coding style issues.
dbus-daemon
processes on certain OSThis only affects certain Linux distributions, one of them is confirmed to be RHEL. Due to a bug in one of the dependencies (keyring
),
on the affected OS, each invocation of a program depending on gosnowflake (or any other program depending on the same keyring
),
will generate a new instance of dbus-daemon
fork which can, due to not being cleaned up, eventually fill the fd limits.
Until we replace the offending dependency with one which doesn't have the bug, a workaround needs to be applied, which can be:
DBUS_SESSION_BUS_ADDRESS=$XDG_RUNTIME_DIR/bus
(if that socket exists, or create it) or even DBUS_SESSION_BUS_ADDRESS=/dev/null
The driver will try to detect automatically, whether your runtime is susceptible for this bug or not, and if so, log a message on Warning
loglevel.
Details in issue 773
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.