diff options
| author | Shulhan <ms@kilabit.info> | 2024-03-04 03:01:45 +0700 |
|---|---|---|
| committer | Shulhan <ms@kilabit.info> | 2024-03-05 16:21:51 +0700 |
| commit | 7ec26b9f98b5af909e935b69fbaa1db17d89cf6a (patch) | |
| tree | 40e4ba41bc116bfbeb5cb526c8d8b1fcede8d669 | |
| parent | 2fa7605727e90ca323b7b24168632e485d74c583 (diff) | |
| download | pakakeh.go-7ec26b9f98b5af909e935b69fbaa1db17d89cf6a.tar.xz | |
all: comply with linter recommendations #3
For HTTP server that use TLS, set the minimum TLS version and
ReadHeaderTimeout to mitigate slowloris attack.
For HTTP client or server that parameterize the use of InsecureSkipVerify,
annotate the line with "nolint:gosec" to allow the code pass the check.
Library that still use sha1, in example in DKIM and TOTP, skip the
warnings by annotating the line with "nolint:gosec".
A pointer variable now allocated their address before assigning its
value.
Any error that returned now wrapped using "%w".
Also, replace error checking using [errors.Is] or [errors.As] instead of
using equal or not-equal operators.
In "lib/http", replace any usage of "math/rand" with "crypto/rand".
Any call of [math/big.Rat.SetString] now annotated with "nolint:gosec"
since its false positive, the issue has been fixed in Go >= 1.17.7.
Any switch case that does not cover the rest of the possible values now
handled by adding the cases or by replacing the "default" case with
the rest of values.
46 files changed, 265 insertions, 189 deletions
@@ -34,7 +34,14 @@ lint: -go vet ./... -fieldalignment ./... -shadow ./... - -golangci-lint run --presets bugs,metalinter,performance,unused ./... + -golangci-lint run \ + --presets bugs,metalinter,performance,unused \ + --disable exhaustive \ + --disable gosec \ + --disable ineffassign \ + --disable makezero \ + --disable musttag \ + ./... $(CIIGO): go install git.sr.ht/~shulhan/ciigo/cmd/ciigo diff --git a/api/telegram/bot/bot.go b/api/telegram/bot/bot.go index 7cbbdc0a..ce0321bd 100644 --- a/api/telegram/bot/bot.go +++ b/api/telegram/bot/bot.go @@ -13,6 +13,7 @@ import ( stdhttp "net/http" "path" "strconv" + "time" "git.sr.ht/~shulhan/pakakeh.go/lib/errors" "git.sr.ht/~shulhan/pakakeh.go/lib/http" @@ -369,13 +370,16 @@ func (bot *Bot) createServer() (err error) { } if bot.opts.Webhook.ListenCertificate != nil { - tlsConfig := &tls.Config{} + tlsConfig := &tls.Config{ + MinVersion: tls.VersionTLS12, + } tlsConfig.Certificates = append( tlsConfig.Certificates, *bot.opts.Webhook.ListenCertificate, ) serverOpts.Conn = &stdhttp.Server{ - TLSConfig: tlsConfig, + TLSConfig: tlsConfig, + ReadHeaderTimeout: 5 * time.Second, } } diff --git a/lib/dns/doh_client.go b/lib/dns/doh_client.go index 73d5ca59..4a336a6b 100644 --- a/lib/dns/doh_client.go +++ b/lib/dns/doh_client.go @@ -51,7 +51,7 @@ func NewDoHClient(nameserver string, allowInsecure bool) (cl *DoHClient, err err MaxIdleConns: 1, IdleConnTimeout: 30 * time.Second, TLSClientConfig: &tls.Config{ - InsecureSkipVerify: allowInsecure, + InsecureSkipVerify: allowInsecure, //nolint:gosec }, } diff --git a/lib/dns/dot_client.go b/lib/dns/dot_client.go index bd5e362e..42c6a7e2 100644 --- a/lib/dns/dot_client.go +++ b/lib/dns/dot_client.go @@ -43,7 +43,7 @@ func NewDoTClient(nameserver string, allowInsecure bool) (cl *DoTClient, err err nameserver = fmt.Sprintf("%s:%d", remoteIP, port) - tlsConfig.InsecureSkipVerify = allowInsecure + tlsConfig.InsecureSkipVerify = allowInsecure //nolint:gosec cl.conn, err = tls.Dial("tcp", nameserver, &tlsConfig) if err != nil { diff --git a/lib/dns/server.go b/lib/dns/server.go index fcf40cab..1f77f23a 100644 --- a/lib/dns/server.go +++ b/lib/dns/server.go @@ -132,7 +132,7 @@ func NewServer(opts *ServerOptions) (srv *Server, err error) { Certificates: []tls.Certificate{ cert, }, - InsecureSkipVerify: opts.TLSAllowInsecure, + InsecureSkipVerify: opts.TLSAllowInsecure, //nolint:gosec } } @@ -239,8 +239,9 @@ func (srv *Server) serveDoH() { ) srv.doh = &http.Server{ - Addr: addr, - IdleTimeout: srv.opts.HTTPIdleTimeout, + Addr: addr, + IdleTimeout: srv.opts.HTTPIdleTimeout, + ReadHeaderTimeout: 5 * time.Second, } http.Handle("/dns-query", srv) diff --git a/lib/dsv/metadata_test.go b/lib/dsv/metadata_test.go index 46630c11..373bfddd 100644 --- a/lib/dsv/metadata_test.go +++ b/lib/dsv/metadata_test.go @@ -39,9 +39,8 @@ func TestMetadataIsEqual(t *testing.T) { } for _, c := range cases { - r := c.in.IsEqual(&c.out) - - if r != c.result { + var got = c.in.IsEqual(&c.out) + if got != c.result { t.Error("Test failed on ", c.in, c.out) } } diff --git a/lib/email/dkim/signature.go b/lib/email/dkim/signature.go index b6f15bfb..fb155753 100644 --- a/lib/email/dkim/signature.go +++ b/lib/email/dkim/signature.go @@ -9,7 +9,7 @@ import ( "crypto" "crypto/rand" "crypto/rsa" - "crypto/sha1" + "crypto/sha1" //nolint:gosec "crypto/sha256" "encoding/base64" "errors" @@ -154,7 +154,7 @@ func (sig *Signature) Hash(in []byte) (h, h64 []byte) { h256 := sha256.Sum256(in) h = h256[:] } else { - h1 := sha1.Sum(in) + h1 := sha1.Sum(in) //nolint:gosec h = h1[:] } diff --git a/lib/email/dkim/signature_test.go b/lib/email/dkim/signature_test.go index e8a857b4..cd49902e 100644 --- a/lib/email/dkim/signature_test.go +++ b/lib/email/dkim/signature_test.go @@ -273,7 +273,8 @@ func TestSignatureHash(t *testing.T) { for _, c := range cases { t.Log(c.desc) - sig.Alg = &c.alg + sig.Alg = new(SignAlg) + *sig.Alg = c.alg _, got64 := sig.Hash([]byte(c.in)) @@ -343,11 +344,13 @@ func TestSignatureSign(t *testing.T) { for _, c := range cases { t.Log(c.desc) - sig.Alg = &c.hashAlg + sig.Alg = new(SignAlg) + *sig.Alg = c.hashAlg hashed, _ := sig.Hash(c.input) - sig.Alg = &c.signAlg + sig.Alg = new(SignAlg) + *sig.Alg = c.signAlg err := sig.Sign(c.pk, hashed) if err != nil { @@ -562,7 +565,8 @@ func TestSignatureVerify(t *testing.T) { for _, c := range cases { t.Log(c.desc) - sig.Alg = &c.sigAlg + sig.Alg = new(SignAlg) + *sig.Alg = c.sigAlg sig.Value = []byte(c.sigValue) bhash, _ := sig.Hash([]byte(c.input)) diff --git a/lib/email/maildir/manager.go b/lib/email/maildir/manager.go index 5b829596..e0000dd3 100644 --- a/lib/email/maildir/manager.go +++ b/lib/email/maildir/manager.go @@ -78,19 +78,19 @@ func (mg *Manager) initDirs(dir string) (err error) { mg.dirCur = filepath.Join(dir, maildirCur) err = os.MkdirAll(mg.dirCur, 0750) if err != nil { - return fmt.Errorf(`%s: %s`, logp, err) + return fmt.Errorf(`%s: %w`, logp, err) } mg.dirNew = filepath.Join(dir, maildirNew) err = os.MkdirAll(mg.dirNew, 0750) if err != nil { - return fmt.Errorf(`%s: %s`, logp, err) + return fmt.Errorf(`%s: %w`, logp, err) } mg.dirTmp = filepath.Join(dir, maildirTmp) err = os.MkdirAll(mg.dirTmp, 0700) if err != nil { - return fmt.Errorf(`%s: %s`, logp, err) + return fmt.Errorf(`%s: %w`, logp, err) } return nil @@ -168,7 +168,7 @@ func (mg *Manager) Incoming(msg []byte) (fnNew string, err error) { } } - err = os.WriteFile(pathTmp, msg, 0660) + err = os.WriteFile(pathTmp, msg, 0600) if err != nil { return ``, fmt.Errorf(`%s: %w`, logp, err) } diff --git a/lib/git/git.go b/lib/git/git.go index 0f73b2b7..151e077a 100644 --- a/lib/git/git.go +++ b/lib/git/git.go @@ -58,8 +58,7 @@ func CheckoutRevision(repoDir, remoteName, branch, revision string) error { err := cmd.Run() if err != nil { - err = fmt.Errorf("CheckoutRevision: %s", err) - return err + return fmt.Errorf(`CheckoutRevision: %w`, err) } cmd = exec.Command("git", "checkout") @@ -71,8 +70,7 @@ func CheckoutRevision(repoDir, remoteName, branch, revision string) error { err = cmd.Run() if err != nil { - err = fmt.Errorf("CheckoutRevision: %s", err) - return err + return fmt.Errorf(`CheckoutRevision: %w`, err) } cmd = exec.Command("git", "reset") @@ -84,10 +82,10 @@ func CheckoutRevision(repoDir, remoteName, branch, revision string) error { err = cmd.Run() if err != nil { - err = fmt.Errorf("CheckoutRevision: %s", err) + return fmt.Errorf(`CheckoutRevision: %w`, err) } - return err + return nil } // Clone the repository into destination directory. @@ -96,8 +94,7 @@ func CheckoutRevision(repoDir, remoteName, branch, revision string) error { func Clone(remoteURL, dest string) (err error) { err = os.MkdirAll(dest, 0700) if err != nil { - err = fmt.Errorf("Clone: %s", err) - return + return fmt.Errorf(`Clone: %w`, err) } cmd := exec.Command("git", "clone") @@ -109,10 +106,9 @@ func Clone(remoteURL, dest string) (err error) { err = cmd.Run() if err != nil { - err = fmt.Errorf("Clone: %s", err) + return fmt.Errorf(`Clone: %w`, err) } - - return + return nil } // FetchAll will fetch the latest commits and tags from remote. @@ -126,14 +122,13 @@ func FetchAll(repoDir string) (err error) { err = cmd.Run() if err != nil { - err = fmt.Errorf("FetchAll: %s", err) + return fmt.Errorf(`FetchAll: %w`, err) } - - return + return nil } // FetchTags will fetch all tags from remote. -func FetchTags(repoDir string) error { +func FetchTags(repoDir string) (err error) { cmd := exec.Command("git", "fetch") cmd.Args = append(cmd.Args, "--quiet") cmd.Args = append(cmd.Args, "--tags", "--force") @@ -141,12 +136,11 @@ func FetchTags(repoDir string) error { cmd.Stdout = _stdout cmd.Stderr = _stderr - err := cmd.Run() + err = cmd.Run() if err != nil { - err = fmt.Errorf("FetchTags: %s", err) + return fmt.Errorf(`FetchTags: %w`, err) } - - return err + return nil } // GetRemoteURL return remote URL or error if repository is not git or url is @@ -161,8 +155,7 @@ func GetRemoteURL(repoDir, remoteName string) (url string, err error) { gitIni, err := ini.Open(gitConfig) if err != nil { - err = fmt.Errorf("GetRemote: %s", err) - return + return ``, fmt.Errorf(`GetRemote: %w`, err) } url, ok := gitIni.Get("remote", remoteName, "url", "") @@ -187,13 +180,12 @@ func GetTag(repoDir, revision string) (tag string, err error) { btag, err := cmd.Output() if err != nil { - err = fmt.Errorf("GetTag: %s", err) - return + return ``, fmt.Errorf(`GetTag: %w`, err) } tag = string(bytes.TrimSpace(btag)) - return + return tag, nil } // LatestCommit get the latest commit hash in short format from "ref". @@ -210,13 +202,12 @@ func LatestCommit(repoDir, ref string) (commit string, err error) { bcommit, err := cmd.Output() if err != nil { - err = fmt.Errorf("LatestCommit: %s", err) - return + return ``, fmt.Errorf(`LatestCommit: %w`, err) } commit = string(bytes.TrimSpace(bcommit)) - return + return commit, nil } // LatestTag get latest tag. @@ -228,7 +219,7 @@ func LatestTag(repoDir string) (tag string, err error) { bout, err := cmd.Output() if err != nil { - return "", fmt.Errorf("LatestTag: %s", err) + return ``, fmt.Errorf(`LatestTag: %w`, err) } out := string(bytes.TrimSpace(bout)) @@ -243,7 +234,7 @@ func LatestTag(repoDir string) (tag string, err error) { bout, err = cmd.Output() if err != nil { - return "", fmt.Errorf("LatestTag: %s", err) + return ``, fmt.Errorf(`LatestTag: %w`, err) } tag = string(bytes.TrimSpace(bout)) @@ -254,18 +245,19 @@ func LatestTag(repoDir string) (tag string, err error) { // LatestVersion will try to get latest tag from repository. // If it's fail get the latest commit hash. func LatestVersion(repoDir string) (version string, err error) { + var logp = `LatestVersion` + version, err = LatestTag(repoDir) if err == nil && len(version) > 0 { - return + return version, nil } version, err = LatestCommit(repoDir, "") - if err == nil { - return + if err != nil { + return ``, fmt.Errorf(`%s: %w`, logp, err) } - err = fmt.Errorf("GetVersion: %s", err) - return + return version, nil } // ListTags get all tags from repository. @@ -282,8 +274,7 @@ func ListTags(repoDir string) (tags []string, err error) { bout, err := cmd.Output() if err != nil { - err = fmt.Errorf("ListTag: %s", err) - return nil, err + return nil, fmt.Errorf(`ListTag: %w`, err) } sep := []byte{'\n'} @@ -300,7 +291,7 @@ func ListTags(repoDir string) (tags []string, err error) { } // LogRevisions get commits between two revisions. -func LogRevisions(repoDir, prevRevision, nextRevision string) error { +func LogRevisions(repoDir, prevRevision, nextRevision string) (err error) { cmd := exec.Command("git") cmd.Args = append(cmd.Args, "--no-pager", "log", "--oneline", prevRevision+"..."+nextRevision) @@ -308,17 +299,17 @@ func LogRevisions(repoDir, prevRevision, nextRevision string) error { cmd.Stdout = _stdout cmd.Stderr = _stderr - err := cmd.Run() + err = cmd.Run() if err != nil { - err = fmt.Errorf("CompareRevisions: %s", err) + return fmt.Errorf(`CompareRevisions: %w`, err) } - return err + return nil } // RemoteChange change current repository remote name (e.g. "origin") to new // remote name and URL. -func RemoteChange(repoDir, oldName, newName, newURL string) error { +func RemoteChange(repoDir, oldName, newName, newURL string) (err error) { if len(repoDir) == 0 { return nil } @@ -329,10 +320,9 @@ func RemoteChange(repoDir, oldName, newName, newURL string) error { cmd.Stdout = _stdout cmd.Stderr = _stderr - err := cmd.Run() + err = cmd.Run() if err != nil { - err = fmt.Errorf("RemoteChange: %s", err) - return err + return fmt.Errorf(`RemoteChange: %w`, err) } cmd = exec.Command("git") @@ -343,10 +333,10 @@ func RemoteChange(repoDir, oldName, newName, newURL string) error { err = cmd.Run() if err != nil { - err = fmt.Errorf("RemoteChange: %s", err) + return fmt.Errorf(`RemoteChange: %w`, err) } - return err + return nil } // RemoteBranches return list of remote branches. @@ -361,13 +351,12 @@ func RemoteBranches(repoDir string) ([]string, error) { bout, err := cmd.Output() if err != nil { - err = fmt.Errorf("RemoteBranches: %s", err) - return nil, err + return nil, fmt.Errorf(`RemoteBranches: %w`, err) } bbranches := bytes.Split(bout, []byte{'\n'}) if len(bbranches) == 0 { - return nil, err + return nil, nil } var branches []string diff --git a/lib/http/client.go b/lib/http/client.go index 2f9c4336..eeb26e44 100644 --- a/lib/http/client.go +++ b/lib/http/client.go @@ -71,7 +71,7 @@ func NewClient(opts *ClientOptions) (client *Client) { } if opts.AllowInsecure { httpTransport.TLSClientConfig = &tls.Config{ - InsecureSkipVerify: opts.AllowInsecure, + InsecureSkipVerify: opts.AllowInsecure, //nolint:gosec } } client.Client.Transport = httpTransport @@ -145,7 +145,7 @@ func (client *Client) Download(req DownloadRequest) (res *http.Response, err err httpReq, err = req.toHTTPRequest(client) if err != nil { - return nil, fmt.Errorf("%s: %s", logp, err) + return nil, fmt.Errorf(`%s: %w`, logp, err) } res, err = client.Client.Do(httpReq) @@ -168,7 +168,7 @@ out: if err == nil { err = fmt.Errorf("%s: %w", logp, errClose) } else { - err = fmt.Errorf("%w: %s", err, errClose) + err = fmt.Errorf(`%w: %w`, err, errClose) } } @@ -228,7 +228,11 @@ func (client *Client) GenerateHTTPRequest( case RequestMethodPatch, RequestMethodPost, RequestMethodPut: + switch rtype { + case RequestTypeNone, RequestTypeXML: + // NOOP. + case RequestTypeQuery: if isParamsURLValues { rpath += `?` + paramsAsURLValues.Encode() diff --git a/lib/http/client_request.go b/lib/http/client_request.go index 42b330de..808f38b3 100644 --- a/lib/http/client_request.go +++ b/lib/http/client_request.go @@ -98,7 +98,11 @@ func (creq *ClientRequest) toHTTPRequest(client *Client) (httpReq *http.Request, case RequestMethodPatch, RequestMethodPost, RequestMethodPut: + switch creq.Type { + case RequestTypeNone, RequestTypeXML: + // NOOP. + case RequestTypeQuery: if isParamsURLValues { path.WriteString("?") diff --git a/lib/http/endpoint.go b/lib/http/endpoint.go index 1d8d4699..c13d7512 100644 --- a/lib/http/endpoint.go +++ b/lib/http/endpoint.go @@ -95,6 +95,9 @@ func (ep *Endpoint) call( req.Body = io.NopCloser(bytes.NewBuffer(epr.RequestBody)) switch ep.RequestType { + case RequestTypeNone, RequestTypeXML: + // NOOP. + case RequestTypeForm, RequestTypeQuery, RequestTypeJSON: e = req.ParseForm() @@ -144,6 +147,8 @@ func (ep *Endpoint) call( return case ResponseTypeBinary: res.Header().Set(HeaderContentType, ContentTypeBinary) + case ResponseTypeHTML: + res.Header().Set(HeaderContentType, ContentTypeHTML) case ResponseTypeJSON: res.Header().Set(HeaderContentType, ContentTypeJSON) case ResponseTypePlain: diff --git a/lib/http/range.go b/lib/http/range.go index 03a7d484..a52a545b 100644 --- a/lib/http/range.go +++ b/lib/http/range.go @@ -66,7 +66,7 @@ func ParseMultipartRange(body io.Reader, boundary string) (r *Range, err error) pos.content, err = io.ReadAll(part) if err != nil && !errors.Is(err, io.EOF) { - return nil, fmt.Errorf(`%s: on ReadAll part: %s`, logp, err) + return nil, fmt.Errorf(`%s: on ReadAll part: %w`, logp, err) } r.positions = append(r.positions, pos) diff --git a/lib/http/requesttype.go b/lib/http/requesttype.go index 88670010..db578e55 100644 --- a/lib/http/requesttype.go +++ b/lib/http/requesttype.go @@ -19,9 +19,11 @@ const ( // String return the string representation of request type as in // "Content-Type" header. -// For RequestTypeNone or RequestTypeQuery it will return an empty string "". +// For RequestTypeNone or RequestTypeQuery it will return an empty string. func (rt RequestType) String() string { switch rt { + case RequestTypeNone, RequestTypeQuery: + return `` case RequestTypeForm: return ContentTypeForm case RequestTypeMultipartForm: @@ -31,5 +33,5 @@ func (rt RequestType) String() string { case RequestTypeXML: return ContentTypeXML } - return "" + return `` } diff --git a/lib/http/responsetype.go b/lib/http/responsetype.go index 034d50af..75fb7146 100644 --- a/lib/http/responsetype.go +++ b/lib/http/responsetype.go @@ -19,9 +19,11 @@ const ( // String return the string representation of ResponseType as in // "Content-Type" header. -// For ResponseTypeNone it will return an empty string "". +// For ResponseTypeNone it will return an empty string. func (restype ResponseType) String() string { switch restype { + case ResponseTypeNone: + return `` case ResponseTypeBinary: return ContentTypeBinary case ResponseTypeHTML: @@ -33,5 +35,5 @@ func (restype ResponseType) String() string { case ResponseTypeXML: return ContentTypeXML } - return "" + return `` } diff --git a/lib/http/server.go b/lib/http/server.go index a1695a36..4bcfd19a 100644 --- a/lib/http/server.go +++ b/lib/http/server.go @@ -120,7 +120,7 @@ func (srv *Server) RegisterEndpoint(ep *Endpoint) (err error) { err = srv.registerPut(ep) case RequestMethodTrace: return errors.New(`http.RegisterEndpoint: can't handle TRACE method yet`) - default: + case RequestMethodGet: ep.Method = RequestMethodGet err = srv.registerGet(ep) } @@ -661,6 +661,8 @@ func (srv *Server) handleHead(res http.ResponseWriter, req *http.Request) { res.Header().Set(HeaderContentType, ContentTypeBinary) case ResponseTypeJSON: res.Header().Set(HeaderContentType, ContentTypeJSON) + case ResponseTypeHTML: + res.Header().Set(HeaderContentType, ContentTypeHTML) case ResponseTypePlain: res.Header().Set(HeaderContentType, ContentTypePlain) case ResponseTypeXML: diff --git a/lib/http/sseclient/sseclient.go b/lib/http/sseclient/sseclient.go index a9004005..1f09a381 100644 --- a/lib/http/sseclient/sseclient.go +++ b/lib/http/sseclient/sseclient.go @@ -197,7 +197,7 @@ func (cl *Client) init(header http.Header) (err error) { func (cl *Client) dial() (err error) { if cl.serverURL.Scheme == `https` { var tlsConfig = &tls.Config{ - InsecureSkipVerify: cl.Insecure, + InsecureSkipVerify: cl.Insecure, //nolint:gosec } cl.conn, err = tls.Dial(`tcp`, cl.serverURL.Host, tlsConfig) } else { @@ -227,7 +227,7 @@ func (cl *Client) handshake() (packet []byte, err error) { var httpRes *http.Response - httpRes, packet, err = libhttp.ParseResponseHeader(packet) //nolint: bodyclose + httpRes, packet, err = libhttp.ParseResponseHeader(packet) //nolint:bodyclose if err != nil { return nil, err } diff --git a/lib/http/sseclient/sseclient_test.go b/lib/http/sseclient/sseclient_test.go index 0986efbf..84277311 100644 --- a/lib/http/sseclient/sseclient_test.go +++ b/lib/http/sseclient/sseclient_test.go @@ -5,9 +5,10 @@ package sseclient import ( + "crypto/rand" "fmt" "log" - "math/rand" + "math/big" "sync/atomic" "testing" "time" @@ -398,7 +399,20 @@ func TestClientRetry(t *testing.T) { // testGenerateAddress generate random port for server address. func testGenerateAddress() (addr string) { - var port = rand.Int() % 60000 + var ( + logp = `testGenerateAddress` + max = big.NewInt(60000) + + randInt *big.Int + err error + ) + + randInt, err = rand.Int(rand.Reader, max) + if err != nil { + log.Fatalf(`%s: %s`, logp, err) + } + + var port = randInt.Int64() if port < 1024 { port += 1024 } diff --git a/lib/hunspell/options.go b/lib/hunspell/options.go index 9712a678..9386c574 100644 --- a/lib/hunspell/options.go +++ b/lib/hunspell/options.go @@ -205,7 +205,7 @@ func (opts *affixOptions) load(content string) (err error) { } err = opts.parseAF(tokens[1]) if err != nil { - return fmt.Errorf("line %d: %s", x, err.Error()) + return fmt.Errorf(`line %d: %w`, x, err) } case optAM: @@ -214,7 +214,7 @@ func (opts *affixOptions) load(content string) (err error) { } err = opts.parseAM(tokens[1:]) if err != nil { - return fmt.Errorf("line %d: %s", x, err.Error()) + return fmt.Errorf(`line %d: %w`, x, err) } case optKey: @@ -259,7 +259,7 @@ func (opts *affixOptions) load(content string) (err error) { } opts.maxDiff, err = strconv.Atoi(tokens[1]) if err != nil { - return fmt.Errorf("line %d: %s", x, err.Error()) + return fmt.Errorf(`line %d: %w`, x, err) } if opts.maxDiff < 1 || opts.maxDiff > 10 { opts.maxDiff = 5 @@ -276,7 +276,7 @@ func (opts *affixOptions) load(content string) (err error) { case optRep: err = opts.parseRep(tokens[1:]) if err != nil { - return fmt.Errorf("line %d: %s", x, err.Error()) + return fmt.Errorf(`line %d: %w`, x, err) } case optMap: @@ -285,7 +285,7 @@ func (opts *affixOptions) load(content string) (err error) { } err = opts.parseMap(tokens[1]) if err != nil { - return fmt.Errorf("line %d: %s", x, err.Error()) + return fmt.Errorf(`line %d: %w`, x, err) } case optPhone: @@ -306,7 +306,7 @@ func (opts *affixOptions) load(content string) (err error) { } err = opts.parseBreak(tokens[1]) if err != nil { - return fmt.Errorf("line %d: %s", x, err.Error()) + return fmt.Errorf(`line %d: %w`, x, err) } case optCompoundRule: @@ -315,7 +315,7 @@ func (opts *affixOptions) load(content string) (err error) { } err = opts.parseCompoundRule(tokens[1]) if err != nil { - return fmt.Errorf("line %d: %s", x, err.Error()) + return fmt.Errorf(`line %d: %w`, x, err) } case optCompoundMin: @@ -404,7 +404,7 @@ func (opts *affixOptions) load(content string) (err error) { } err = opts.parseCheckCompoundPattern(tokens) if err != nil { - return fmt.Errorf("line %d: %s", x, err.Error()) + return fmt.Errorf(`line %d: %w`, x, err) } case optForceUcase: @@ -421,7 +421,7 @@ func (opts *affixOptions) load(content string) (err error) { cs.max, err = strconv.Atoi(tokens[1]) if err != nil { - return fmt.Errorf("line %d: COMPOUNDSYLLABLE: invalid argument %q: %s", x, tokens[1], err.Error()) + return fmt.Errorf(`line %d: COMPOUNDSYLLABLE: invalid argument %q: %w`, x, tokens[1], err) } cs.vowels = tokens[2] opts.compoundSyllable = cs @@ -438,7 +438,7 @@ func (opts *affixOptions) load(content string) (err error) { } err = opts.parsePfx(tokens[1:]) if err != nil { - return fmt.Errorf("line %d: %s", x, err.Error()) + return fmt.Errorf(`line %d: %w`, x, err) } case optSFX: @@ -447,7 +447,7 @@ func (opts *affixOptions) load(content string) (err error) { } err = opts.parseSfx(tokens[1:]) if err != nil { - return fmt.Errorf("line %d: %s", x, err.Error()) + return fmt.Errorf(`line %d: %w`, x, err) } case optCircumfix: @@ -477,7 +477,7 @@ func (opts *affixOptions) load(content string) (err error) { } err = opts.parseIconv(tokens[1:]) if err != nil { - return fmt.Errorf("line %d: %s", x, err.Error()) + return fmt.Errorf(`line %d: %w`, x, err) } case optOconv: @@ -486,7 +486,7 @@ func (opts *affixOptions) load(content string) (err error) { } err = opts.parseOconv(tokens[1:]) if err != nil { - return fmt.Errorf("line %d: %s", x, err.Error()) + return fmt.Errorf(`line %d: %w`, x, err) } case optLemmaPresent: @@ -626,7 +626,7 @@ func (opts *affixOptions) parseMap(arg string) (err error) { if cap(opts.charsMaps) == 0 { n, err := strconv.Atoi(arg) if err != nil { - return fmt.Errorf("MAP: invalid argument %q: %s", arg, err.Error()) + return fmt.Errorf(`MAP: invalid argument %q: %w`, arg, err) } opts.charsMaps = make([]charsmap, 0, n) return nil @@ -665,7 +665,7 @@ func (opts *affixOptions) parseBreak(arg string) (err error) { if cap(opts.breakOpts) == 0 { n, err := strconv.Atoi(arg) if err != nil { - return fmt.Errorf("BREAK: invalid argument %q: %s", arg, err.Error()) + return fmt.Errorf(`BREAK: invalid argument %q: %w`, arg, err) } opts.breakOpts = make([]breakopt, 0, n) @@ -699,7 +699,7 @@ func (opts *affixOptions) parseCompoundRule(arg string) (err error) { var n int n, err = strconv.Atoi(arg) if err != nil { - return fmt.Errorf("COMPOUNDRULE: invalid argument %q: %s", arg, err.Error()) + return fmt.Errorf(`COMPOUNDRULE: invalid argument %q: %w`, arg, err) } opts.compoundRules = make([]compoundRule, 0, n) @@ -724,7 +724,7 @@ func (opts *affixOptions) parseCheckCompoundPattern(args []string) (err error) { var n int n, err = strconv.Atoi(args[0]) if err != nil { - return fmt.Errorf("CHECKCOMPOUNDPATTERN: invalid argument %q: %s", args[0], err.Error()) + return fmt.Errorf(`CHECKCOMPOUNDPATTERN: invalid argument %q: %w`, args[0], err) } opts.compoundPatterns = make([]compoundPattern, 0, n) @@ -874,7 +874,7 @@ func (opts *affixOptions) parseSfx(args []string) (err error) { err = sfx.addRule(opts, stripping, suffix, condition, morphemes) if err != nil { - return fmt.Errorf("SFX: %s", err.Error()) + return fmt.Errorf(`SFX: %w`, err) } } @@ -885,8 +885,7 @@ func (opts *affixOptions) parseIconv(args []string) (err error) { if cap(opts.iconv) == 0 { n, err := strconv.Atoi(args[0]) if err != nil { - return fmt.Errorf("ICONV: invalid argument %q: %s", - args[0], err) + return fmt.Errorf(`ICONV: invalid argument %q: %w`, args[0], err) } opts.iconv = make([]conversion, 0, n) @@ -910,8 +909,7 @@ func (opts *affixOptions) parseOconv(args []string) (err error) { if cap(opts.oconv) == 0 { n, err := strconv.Atoi(args[0]) if err != nil { - return fmt.Errorf("ICONV: invalid argument %q: %s", - args[0], err) + return fmt.Errorf(`ICONV: invalid argument %q: %w`, args[0], err) } opts.oconv = make([]conversion, 0, n) @@ -953,7 +951,7 @@ func (opts *affixOptions) isValidFlag(flag string) error { case FlagNum: _, err := strconv.Atoi(flag) if err != nil { - return fmt.Errorf("invalud num flag: %q: %s", flag, err.Error()) + return fmt.Errorf(`invalid num flag: %q: %w`, flag, err) } } return nil diff --git a/lib/ini/reader.go b/lib/ini/reader.go index 129d701b..35d31bef 100644 --- a/lib/ini/reader.go +++ b/lib/ini/reader.go @@ -91,7 +91,7 @@ func (reader *reader) Parse(src []byte) (in *Ini, err error) { err = reader.parse() if err != nil { - if err != io.EOF { + if !errors.Is(err, io.EOF) { err = fmt.Errorf(err.Error(), reader.lineNum, reader.filename) return nil, err @@ -349,6 +349,9 @@ func (reader *reader) parseVariable() (err error) { for !isNewline { reader.r, _, err = reader.br.ReadRune() if err != nil { + // The only possible error here is [io.EOF], so we + // end it. + err = nil break } switch { @@ -402,6 +405,9 @@ func (reader *reader) parsePossibleValue() (err error) { for !isNewline { reader.b, err = reader.br.ReadByte() if err != nil { + // The only possible error here is [io.EOF], so we + // end it. + err = nil break } switch reader.b { diff --git a/lib/ini/reader_test.go b/lib/ini/reader_test.go index 8a897658..18ef96b9 100644 --- a/lib/ini/reader_test.go +++ b/lib/ini/reader_test.go @@ -5,6 +5,7 @@ package ini import ( + "errors" "io" "testing" @@ -99,7 +100,7 @@ func TestParseSectionHeader(t *testing.T) { err := reader.parseSectionHeader() if err != nil { test.Assert(t, "error", c.expErr, err) - if err != io.EOF { + if !errors.Is(err, io.EOF) { continue } } @@ -154,7 +155,7 @@ func TestParseSubsection(t *testing.T) { err := reader.parseSubsection() if err != nil { test.Assert(t, "error", c.expErr, err) - if err != io.EOF { + if !errors.Is(err, io.EOF) { continue } } @@ -313,7 +314,7 @@ func TestParseVariable(t *testing.T) { err := reader.parseVariable() if err != nil { test.Assert(t, "error", c.expErr, err) - if err != io.EOF { + if !errors.Is(err, io.EOF) { continue } } @@ -484,7 +485,7 @@ func TestParseVarValue(t *testing.T) { err = reader.parseVarValue() if err != nil { test.Assert(t, "error", c.expErr, err) - if err != io.EOF { + if !errors.Is(err, io.EOF) { continue } } diff --git a/lib/math/big/rat.go b/lib/math/big/rat.go index 8315c80a..4491f67d 100644 --- a/lib/math/big/rat.go +++ b/lib/math/big/rat.go @@ -304,7 +304,13 @@ func (r *Rat) Mul(g interface{}) *Rat { return nil } r.Rat.Mul(&r.Rat, &y.Rat) + // This security issue has been fixed since Go 1.17.7, + // - https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ + // - https://github.com/golang/go/issues/50699 + // + //nolint:gosec r.Rat.SetString(r.String()) + return r } @@ -319,7 +325,7 @@ func (r *Rat) Quo(g interface{}) *Rat { return nil } r.Rat.Quo(&r.Rat, &y.Rat) - r.Rat.SetString(r.String()) + r.Rat.SetString(r.String()) //nolint:gosec return r } @@ -354,7 +360,7 @@ func (r *Rat) RoundToNearestAway(prec int) *Rat { if r == nil { return nil } - r.Rat.SetString(r.FloatString(prec)) + r.Rat.SetString(r.FloatString(prec)) //nolint:gosec return r } @@ -372,7 +378,7 @@ func (r *Rat) RoundToZero(prec int) *Rat { b = append(b, '.') b = append(b, nums[1][:prec]...) } - r.Rat.SetString(string(b)) + r.Rat.SetString(string(b)) //nolint:gosec return r } @@ -437,7 +443,7 @@ func (r *Rat) Sub(g interface{}) *Rat { func (r *Rat) UnmarshalJSON(in []byte) (err error) { in = bytes.Trim(in, `"`) r.SetInt64(0) - _, ok := r.Rat.SetString(string(in)) + _, ok := r.Rat.SetString(string(in)) //nolint:gosec if !ok { return fmt.Errorf("Rat.UnmarshalJSON: cannot convert %T(%v) to Rat", in, in) } @@ -467,7 +473,7 @@ func toRat(g interface{}) (out *Rat) { out.SetInt64(0) } else { v = bytes.ReplaceAll(v, []byte{'_'}, nil) - _, ok := out.Rat.SetString(string(v)) + _, ok := out.Rat.SetString(string(v)) //nolint:gosec if !ok { return nil } @@ -479,7 +485,7 @@ func toRat(g interface{}) (out *Rat) { // Replace the underscore character, so we can write the // number as "0.000_000_1". v = strings.ReplaceAll(v, "_", "") - _, ok := out.Rat.SetString(v) + _, ok := out.Rat.SetString(v) //nolint:gosec if !ok { return nil } diff --git a/lib/math/big/rat_example_test.go b/lib/math/big/rat_example_test.go index fb6a8208..c78f132b 100644 --- a/lib/math/big/rat_example_test.go +++ b/lib/math/big/rat_example_test.go @@ -7,6 +7,7 @@ package big import ( "encoding/json" "fmt" + "log" "math" "math/big" ) @@ -422,15 +423,26 @@ func ExampleRat_MarshalJSON_withStruct() { {V: NewRat("0.1234567890")}, } + var ( + in T + err error + out []byte + ) MarshalJSONAsString = true - for _, in := range inputs { - out, _ := json.Marshal(in) + for _, in = range inputs { + out, err = json.Marshal(in) + if err != nil { + log.Fatal(err) + } fmt.Printf("%s\n", out) } MarshalJSONAsString = false - for _, in := range inputs { - out, _ := json.Marshal(&in) + for _, in = range inputs { + out, err = json.Marshal(&in) + if err != nil { + log.Fatal(err) + } fmt.Printf("%s\n", out) } diff --git a/lib/memfs/dirwatcher.go b/lib/memfs/dirwatcher.go index 045adc73..5bd90331 100644 --- a/lib/memfs/dirwatcher.go +++ b/lib/memfs/dirwatcher.go @@ -496,6 +496,8 @@ func (dw *DirWatcher) start() { } else { ns.Node = *node switch ns.State { + case FileStateCreated: + // NOOP. case FileStateDeleted: dw.onFileDeleted(node) case FileStateUpdateMode: @@ -522,7 +524,7 @@ func (dw *DirWatcher) startWatchingFile(parent, child *Node) (err error) { watcher, err = newWatcher(parent, child, dw.Delay, dw.qFileChanges) if err != nil { - return fmt.Errorf(`%s %q: %s`, logp, child.SysPath, err) + return fmt.Errorf(`%s %q: %w`, logp, child.SysPath, err) } dw.mtxFileWatcher.Lock() diff --git a/lib/memfs/embed.go b/lib/memfs/embed.go index fba506a9..0938c951 100644 --- a/lib/memfs/embed.go +++ b/lib/memfs/embed.go @@ -107,7 +107,7 @@ fail: errClose := f.Close() if errClose != nil { if err != nil { - return fmt.Errorf("%s: %s: %w", logp, errClose, err) + return fmt.Errorf(`%s: %w: %w`, logp, errClose, err) } return fmt.Errorf("%s: %w", logp, errClose) } diff --git a/lib/memfs/memfs_example_test.go b/lib/memfs/memfs_example_test.go index a24ea8ca..72a32ea4 100644 --- a/lib/memfs/memfs_example_test.go +++ b/lib/memfs/memfs_example_test.go @@ -137,7 +137,7 @@ func ExampleMemFS_Watch() { time.Sleep(200 * time.Millisecond) testFile := filepath.Join(opts.Root, `file`) - err = os.WriteFile(testFile, []byte(`dummy content`), 0700) + err = os.WriteFile(testFile, []byte(`dummy content`), 0600) if err != nil { log.Println(err) return diff --git a/lib/memfs/memfs_test.go b/lib/memfs/memfs_test.go index abd5847d..efed74a9 100644 --- a/lib/memfs/memfs_test.go +++ b/lib/memfs/memfs_test.go @@ -38,7 +38,7 @@ func TestMain(m *testing.M) { if !errors.As(err, &perr) { log.Fatal("!ok:", err) } - if perr.Err != os.ErrExist { + if !errors.Is(perr.Err, os.ErrExist) { log.Fatalf("perr: %+v %+v\n", perr.Err, os.ErrExist) } } @@ -49,7 +49,7 @@ func TestMain(m *testing.M) { if !errors.As(err, &perr) { log.Fatal(err) } - if perr.Err != os.ErrExist { + if !errors.Is(perr.Err, os.ErrExist) { log.Fatal(err) } } @@ -151,10 +151,14 @@ func TestNew(t *testing.T) { }, }} + var ( + mfs *MemFS + err error + ) for _, c := range cases { t.Log(c.desc) - mfs, err := New(&c.opts) + mfs, err = New(&c.opts) if err != nil { test.Assert(t, "error", c.expErr, err.Error()) continue diff --git a/lib/os/os.go b/lib/os/os.go index 57612be2..0a3a0eab 100644 --- a/lib/os/os.go +++ b/lib/os/os.go @@ -84,12 +84,12 @@ func ConfirmYesNo(in io.Reader, msg string, defIsYes bool) bool { func Copy(out, in string) (err error) { fin, err := os.Open(in) if err != nil { - return fmt.Errorf(`Copy: failed to open input file: %s`, err) + return fmt.Errorf(`Copy: failed to open input file: %w`, err) } fout, err := os.OpenFile(out, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600) if err != nil { - return fmt.Errorf(`Copy: failed to open output file: %s`, err) + return fmt.Errorf(`Copy: failed to open output file: %w`, err) } defer func() { @@ -109,7 +109,7 @@ func Copy(out, in string) (err error) { for { n, err := fin.Read(buf) if err != nil { - if err == io.EOF { + if errors.Is(err, io.EOF) { break } return err @@ -208,7 +208,7 @@ func IsDirEmpty(dir string) (ok bool) { _, err = d.Readdirnames(1) if err != nil { - if err == io.EOF { + if errors.Is(err, io.EOF) { ok = true } } diff --git a/lib/smtp/client.go b/lib/smtp/client.go index d2310818..65f1bd76 100644 --- a/lib/smtp/client.go +++ b/lib/smtp/client.go @@ -151,7 +151,7 @@ func (cl *Client) connect(localName string) (res *Response, err error) { if cl.isTLS { tlsConfig := &tls.Config{ ServerName: cl.serverName, - InsecureSkipVerify: cl.opts.Insecure, + InsecureSkipVerify: cl.opts.Insecure, //nolint:gosec } cl.conn = tls.Client(cl.conn, tlsConfig) @@ -501,7 +501,7 @@ func (cl *Client) StartTLS() (res *Response, err error) { tlsConfig := &tls.Config{ ServerName: cl.serverName, - InsecureSkipVerify: cl.opts.Insecure, + InsecureSkipVerify: cl.opts.Insecure, //nolint:gosec } cl.conn = tls.Client(cl.conn, tlsConfig) diff --git a/lib/smtp/extension_dsn.go b/lib/smtp/extension_dsn.go index e0b7f7ef..092f44ef 100644 --- a/lib/smtp/extension_dsn.go +++ b/lib/smtp/extension_dsn.go @@ -20,15 +20,15 @@ func (dsn *extDSN) Params() string { // ValidateCommand validate command parameter for MAIL and RCPT. func (dsn *extDSN) ValidateCommand(cmd *Command) (err error) { if cmd == nil { - return + return nil } switch cmd.Kind { case CommandMAIL: case CommandRCPT: - default: - return + case CommandZERO: + return nil } - return + return nil } diff --git a/lib/smtp/receiver.go b/lib/smtp/receiver.go index 905f2bbc..43d83735 100644 --- a/lib/smtp/receiver.go +++ b/lib/smtp/receiver.go @@ -88,7 +88,7 @@ func (recv *receiver) readAuthData(cmd *Command) (err error) { _, _ = recv.buff.Write(recv.data[:n]) } if err != nil { - if err == io.EOF { + if errors.Is(err, io.EOF) { break } return err @@ -124,7 +124,7 @@ func (recv *receiver) readCommand() (cmd *Command, err error) { _, _ = recv.buff.Write(recv.data[:n]) } if err != nil { - if err == io.EOF { + if errors.Is(err, io.EOF) { break } return nil, fmt.Errorf(`smtp: recv: readCommand: %w`, err) diff --git a/lib/smtp/server.go b/lib/smtp/server.go index 5459f6f0..78e657c0 100644 --- a/lib/smtp/server.go +++ b/lib/smtp/server.go @@ -205,6 +205,9 @@ func (srv *Server) handle(recv *receiver) { } switch recv.state { + case CommandZERO: + // NOOP. + case CommandDATA: srv.processMailTx(recv.mail) // TODO: add return error and check it. @@ -235,6 +238,9 @@ out: // handleCommand from client. func (srv *Server) handleCommand(recv *receiver, cmd *Command) (err error) { switch cmd.Kind { + case CommandZERO: + // NOOP. + case CommandAUTH: err = srv.handleAUTH(recv, cmd) diff --git a/lib/spf/macro.go b/lib/spf/macro.go index 8a6e32d8..4572f57e 100644 --- a/lib/spf/macro.go +++ b/lib/spf/macro.go @@ -161,7 +161,7 @@ func (m *macro) parse(data []byte) (err error) { m.nright, err = strconv.Atoi(string(digits)) if err != nil { - return fmt.Errorf("failed to convert digits %q: %s", digits, err) + return fmt.Errorf(`failed to convert digits %q: %w`, digits, err) } if x == len(data) { diff --git a/lib/spf/result.go b/lib/spf/result.go index 30c54ce7..5903a14a 100644 --- a/lib/spf/result.go +++ b/lib/spf/result.go @@ -81,11 +81,12 @@ func (result *Result) lookup() { switch dnsMsg.Header.RCode { case dns.RCodeOK: + // NOOP. case dns.RCodeErrName: result.Code = ResultCodeNone result.Err = "domain name does not exist" return - default: + case dns.RCodeErrFormat, dns.RCodeErrServer, dns.RCodeNotImplemented, dns.RCodeRefused: result.Code = ResultCodeTempError result.Err = "server failure" return diff --git a/lib/ssh/client.go b/lib/ssh/client.go index ff4f9a6e..7cec19e4 100644 --- a/lib/ssh/client.go +++ b/lib/ssh/client.go @@ -150,6 +150,8 @@ func (cl *Client) setConfigHostKeyCallback() (err error) { if knownHosts == config.ValueNone { // If one of the UserKnownHosts set to "none" always // accept the remote hosts. + // + //nolint:gosec cl.config.HostKeyCallback = ssh.InsecureIgnoreHostKey() return nil } diff --git a/lib/strings/to.go b/lib/strings/to.go index a00f8df1..cc8649ef 100644 --- a/lib/strings/to.go +++ b/lib/strings/to.go @@ -50,7 +50,7 @@ func ToInt64(ss []string) (sv []int64) { // Handle error, try to convert to float64 first. var ev *strconv.NumError - if errors.As(e, &ev) && ev.Err == strconv.ErrSyntax { + if errors.As(e, &ev) && errors.Is(ev.Err, strconv.ErrSyntax) { f, e := strconv.ParseFloat(s, 64) if e == nil { v = int64(f) diff --git a/lib/telemetry/agent.go b/lib/telemetry/agent.go index 67c26d3a..3eafe3a0 100644 --- a/lib/telemetry/agent.go +++ b/lib/telemetry/agent.go @@ -165,9 +165,9 @@ func (agent *Agent) forwardBulk(ctx context.Context, list []Metric) (err error) _, errfwd = fwd.Write(wire) if errfwd != nil { if err == nil { - err = fmt.Errorf(`forwardBulk: %s`, errfwd) + err = fmt.Errorf(`forwardBulk: %w`, errfwd) } else { - err = fmt.Errorf(`%s: %s`, err, errfwd) + err = fmt.Errorf(`%w: %w`, err, errfwd) } } } @@ -220,9 +220,9 @@ func (agent *Agent) forwardSingle(ctx context.Context, m *Metric) (err error) { _, errfwd = fwd.Write(wire) if errfwd != nil { if err == nil { - err = fmt.Errorf(`forwardSingle: %s`, errfwd) + err = fmt.Errorf(`forwardSingle: %w`, errfwd) } else { - err = fmt.Errorf(`%s: %s`, err, errfwd) + err = fmt.Errorf(`%w: %w`, err, errfwd) } } } diff --git a/lib/telemetry/questdb_forwarder.go b/lib/telemetry/questdb_forwarder.go index ee080713..455d051b 100644 --- a/lib/telemetry/questdb_forwarder.go +++ b/lib/telemetry/questdb_forwarder.go @@ -68,12 +68,12 @@ func (fwd *QuestdbForwarder) Write(b []byte) (n int, err error) { err = fwd.conn.SetWriteDeadline(now.Add(5 * time.Second)) if err != nil { - return 0, fmt.Errorf(`%s: SetWriteDeadline: %s`, logp, err) + return 0, fmt.Errorf(`%s: SetWriteDeadline: %w`, logp, err) } _, err = fwd.conn.Write(b) if err != nil { - return 0, fmt.Errorf(`%s: %s`, logp, err) + return 0, fmt.Errorf(`%s: %w`, logp, err) } return n, nil diff --git a/lib/totp/totp.go b/lib/totp/totp.go index 8a472b4a..c1d14832 100644 --- a/lib/totp/totp.go +++ b/lib/totp/totp.go @@ -7,7 +7,7 @@ package totp import ( "crypto" "crypto/hmac" - "crypto/sha1" + "crypto/sha1" //nolint:gosec "crypto/sha256" "crypto/sha512" "encoding/hex" diff --git a/lib/totp/totp_test.go b/lib/totp/totp_test.go index b729939f..34c1218f 100644 --- a/lib/totp/totp_test.go +++ b/lib/totp/totp_test.go @@ -6,7 +6,7 @@ package totp import ( "crypto/hmac" - "crypto/sha1" + "crypto/sha1" //nolint:gosec "crypto/sha256" "crypto/sha512" "encoding/hex" diff --git a/lib/websocket/client.go b/lib/websocket/client.go index 7a8d07b7..017d386d 100644 --- a/lib/websocket/client.go +++ b/lib/websocket/client.go @@ -337,7 +337,9 @@ func (cl *Client) parseURI() (err error) { serverPort = defTLSPort } if cl.TLSConfig == nil { - cl.TLSConfig = &tls.Config{} + cl.TLSConfig = &tls.Config{ + MinVersion: tls.VersionTLS12, + } } default: if len(serverPort) == 0 { @@ -830,10 +832,8 @@ func (cl *Client) recv() (packet []byte, err error) { } var ( - buf = make([]byte, 512) - neterr net.Error - n int - ok bool + buf = make([]byte, 512) + n int ) for { @@ -844,8 +844,8 @@ func (cl *Client) recv() (packet []byte, err error) { n, err = cl.conn.Read(buf) if err != nil { - neterr, ok = err.(net.Error) - if ok && neterr.Timeout() { + var neterr net.Error + if errors.As(err, &neterr) && neterr.Timeout() { continue } return nil, fmt.Errorf(`%s: %w`, logp, err) diff --git a/lib/websocket/client_test.go b/lib/websocket/client_test.go index 0114386a..091b1aa5 100644 --- a/lib/websocket/client_test.go +++ b/lib/websocket/client_test.go @@ -81,22 +81,30 @@ func TestClient_parseURI(t *testing.T) { }, { endpoint: "wss://127.0.0.1", expRemoteAddress: "127.0.0.1:443", - expTLSConfig: new(tls.Config), + expTLSConfig: &tls.Config{ + MinVersion: tls.VersionTLS12, + }, }, { endpoint: "wss://127.0.0.1:8000", expRemoteAddress: "127.0.0.1:8000", - expTLSConfig: new(tls.Config), + expTLSConfig: &tls.Config{ + MinVersion: tls.VersionTLS12, + }, }, { endpoint: "http://127.0.0.1", expRemoteAddress: "127.0.0.1:80", }, { endpoint: "https://127.0.0.1", expRemoteAddress: "127.0.0.1:443", - expTLSConfig: new(tls.Config), + expTLSConfig: &tls.Config{ + MinVersion: tls.VersionTLS12, + }, }, { endpoint: "https://127.0.0.1:8443", expRemoteAddress: "127.0.0.1:8443", - expTLSConfig: new(tls.Config), + expTLSConfig: &tls.Config{ + MinVersion: tls.VersionTLS12, + }, }} var ( diff --git a/lib/websocket/funcs.go b/lib/websocket/funcs.go index 065cbe73..9a9ec142 100644 --- a/lib/websocket/funcs.go +++ b/lib/websocket/funcs.go @@ -6,12 +6,12 @@ package websocket import ( "crypto/rand" - "crypto/sha1" + "crypto/sha1" //nolint:gosec "encoding/base64" + "errors" "fmt" "log" "os" - "syscall" "time" "golang.org/x/sys/unix" @@ -33,10 +33,6 @@ func Recv(fd int, timeout time.Duration) (packet []byte, err error) { logp = `Recv` buf = make([]byte, maxBuffer) timeval = unix.Timeval{} - - errno syscall.Errno - n int - ok bool ) err = unix.SetNonblock(fd, false) @@ -52,17 +48,15 @@ func Recv(fd int, timeout time.Duration) (packet []byte, err error) { } } + var n int for { n, err = unix.Read(fd, buf) if err != nil { - errno, ok = err.(unix.Errno) - if ok { - if errno == unix.EINTR { - continue - } - if errno == unix.EAGAIN || errno == unix.EWOULDBLOCK { - return nil, fmt.Errorf(`%s: %w`, logp, os.ErrDeadlineExceeded) - } + if errors.Is(err, unix.EINTR) { + continue + } + if errors.Is(err, unix.EAGAIN) || errors.Is(err, unix.EWOULDBLOCK) { + return nil, fmt.Errorf(`%s: %w`, logp, os.ErrDeadlineExceeded) } return nil, fmt.Errorf(`%s: Read: %w`, logp, err) } @@ -88,10 +82,8 @@ func Send(fd int, packet []byte, timeout time.Duration) (err error) { logp = `Send` timeval = unix.Timeval{} - errno syscall.Errno - max int - n int - ok bool + max int + n int ) err = unix.SetNonblock(fd, false) @@ -116,14 +108,11 @@ func Send(fd int, packet []byte, timeout time.Duration) (err error) { n, err = unix.Write(fd, packet[:max]) if err != nil { - errno, ok = err.(unix.Errno) - if ok { - if errno == unix.EINTR { - continue - } - if errno == unix.EAGAIN || errno == unix.EWOULDBLOCK { - return fmt.Errorf(`%s: %w`, logp, os.ErrDeadlineExceeded) - } + if errors.Is(err, unix.EINTR) { + continue + } + if errors.Is(err, unix.EAGAIN) || errors.Is(err, unix.EWOULDBLOCK) { + return fmt.Errorf(`%s: %w`, logp, os.ErrDeadlineExceeded) } return fmt.Errorf(`%s: Write: %w`, logp, err) } @@ -143,7 +132,7 @@ func Send(fd int, packet []byte, timeout time.Duration) (err error) { // Section 4 of [RFC4648]) this 20-byte hash. func generateHandshakeAccept(key []byte) string { key = append(key, "258EAFA5-E914-47DA-95CA-C5AB0DC85B11"...) - var sum = sha1.Sum(key) + var sum = sha1.Sum(key) //nolint:gosec return base64.StdEncoding.EncodeToString(sum[:]) } diff --git a/lib/xmlrpc/value.go b/lib/xmlrpc/value.go index 9144c22c..c25ecd8d 100644 --- a/lib/xmlrpc/value.go +++ b/lib/xmlrpc/value.go @@ -108,7 +108,9 @@ func NewValue(in interface{}) (out *Value) { case reflect.Interface, reflect.Ptr: return NewValue(refv.Elem()) - default: + case reflect.Invalid, reflect.Complex64, reflect.Complex128, + reflect.Chan, reflect.Func, reflect.Map, + reflect.UnsafePointer: return nil } diff --git a/lib/xmlrpc/xml.go b/lib/xmlrpc/xml.go index 3bc247b6..ca77abe7 100644 --- a/lib/xmlrpc/xml.go +++ b/lib/xmlrpc/xml.go @@ -313,6 +313,8 @@ func xmlParseValue(dec *xml.Decoder, closeTag string) (param *Value, err error) } switch param.Kind { + case Array, Struct: + // NOOP. case Unset, String, Base64: param.Kind = String param.In = cdata |