CI: update golangci-lint to 1.59; enforce canonical HTTP headers (#3074)

2025-05-10 20:05:55 +02:00 · 2024-06-10 16:13:49 +02:00 · 2024-06-10 16:13:49 +02:00 · 7fd01ae3fc
commit 7fd01ae3fc
parent 819fa0ee22
9 changed files with 21 additions and 25 deletions
--- a/.github/workflows/go-tests-windows.yml
+++ b/.github/workflows/go-tests-windows.yml
@ -57,7 +57,7 @@ jobs:
    - name: golangci-lint
      uses: golangci/golangci-lint-action@v4
      with:
-        version: v1.57
+        version: v1.59
        args: --issues-exit-code=1 --timeout 10m
        only-new-issues: false
        # the cache is already managed above, enabling it here
--- a/.github/workflows/go-tests.yml
+++ b/.github/workflows/go-tests.yml
@ -158,7 +158,7 @@ jobs:
    - name: golangci-lint
      uses: golangci/golangci-lint-action@v4
      with:
-        version: v1.57
+        version: v1.59
        args: --issues-exit-code=1 --timeout 10m
        only-new-issues: false
        # the cache is already managed above, enabling it here
--- a/.golangci.yml
+++ b/.golangci.yml
@ -210,16 +210,7 @@ linters:
    #
    # DEPRECATED by golangi-lint
    #
-    - deadcode
-    - exhaustivestruct
-    - golint
-    - ifshort
-    - interfacer
-    - maligned
-    - nosnakecase
-    - scopelint
-    - structcheck
-    - varcheck
+    - execinquery

    #
    # Redundant
@ -249,7 +240,6 @@ linters:
    # - durationcheck       # check for two durations multiplied together
    # - errcheck            # errcheck is a program for checking for unchecked errors in Go code. These unchecked errors can be critical bugs in some cases
    # - errorlint           # errorlint is a linter for that can be used to find code that will cause problems with the error wrapping scheme introduced in Go 1.13.
-    # - execinquery         # execinquery is a linter about query string checker in Query function which reads your Go src files and warning it finds
    # - exportloopref       # checks for pointers to enclosing loop variables
    # - funlen              # Tool for detection of long functions
    # - ginkgolinter        # enforces standards of using ginkgo and gomega
@ -331,6 +321,7 @@ linters:
    - errname               # Checks that sentinel errors are prefixed with the `Err` and error types are suffixed with the `Error`.
    - gomnd                 # An analyzer to detect magic numbers.
    - ireturn               # Accept Interfaces, Return Concrete Types
+    - mnd                   # An analyzer to detect magic numbers.
    - nilnil                # Checks that there is no simultaneous return of `nil` error and an invalid value.
    - noctx                 # Finds sending http request without context.Context
    - unparam               # Reports unused function parameters
@ -350,7 +341,7 @@ linters:
    - dupl                  # Tool for code clone detection
    - forcetypeassert       # finds forced type assertions
    - godox                 # Tool for detection of FIXME, TODO and other comment keywords
-    - goerr113              # Go linter to check the errors handling expressions
+    - err113                # Go linter to check the errors handling expressions
    - paralleltest          # Detects missing usage of t.Parallel() method in your Go test
    - testpackage           # linter that makes you use a separate _test package

@ -383,7 +374,7 @@ issues:
    - pkg/yamlpatch/merge.go
    - pkg/yamlpatch/merge_test.go

-  exclude-generated-strict: true
+  exclude-generated: strict

  max-issues-per-linter: 0
  max-same-issues: 0
@ -505,3 +496,7 @@ issues:
        - revive
      path: pkg/hubtest/hubtest_item.go
      text: "cyclomatic: .*RunWithLogFile"
+
+    - linters:
+        - canonicalheader
+      path: pkg/apiserver/middlewares/v1/tls_auth.go
--- a/cmd/crowdsec-cli/console.go
+++ b/cmd/crowdsec-cli/console.go
@ -6,6 +6,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"net/http"
 	"net/url"
 	"os"
 	"strconv"
@ -138,7 +139,7 @@ func (cli *cliConsole) enroll(key string, name string, overwrite bool, tags []st
 		return fmt.Errorf("could not enroll instance: %w", err)
 	}

-	if resp.Response.StatusCode == 200 && !overwrite {
+	if resp.Response.StatusCode == http.StatusOK && !overwrite {
 		log.Warning("Instance already enrolled. You can use '--overwrite' to force enroll")
 		return nil
 	}
--- a/cmd/notification-sentinel/main.go
+++ b/cmd/notification-sentinel/main.go
@ -37,7 +37,7 @@ var logger hclog.Logger = hclog.New(&hclog.LoggerOptions{
 })

 func (s *SentinelPlugin) getAuthorizationHeader(now string, length int, pluginName string) (string, error) {
-	xHeaders := "x-ms-date:" + now
+	xHeaders := "X-Ms-Date:" + now

 	stringToHash := fmt.Sprintf("POST\n%d\napplication/json\n%s\n/api/logs", length, xHeaders)
 	decodedKey, _ := base64.StdEncoding.DecodeString(s.PluginConfigByName[pluginName].SharedKey)
@ -87,7 +87,7 @@ func (s *SentinelPlugin) Notify(ctx context.Context, notification *protobufs.Not
 	req.Header.Set("Content-Type", "application/json")
 	req.Header.Set("Log-Type", s.PluginConfigByName[notification.Name].LogType)
 	req.Header.Set("Authorization", authorization)
-	req.Header.Set("x-ms-date", now)
+	req.Header.Set("X-Ms-Date", now)

 	client := &http.Client{}
 	resp, err := client.Do(req.WithContext(ctx))
--- a/pkg/acquisition/modules/loki/loki_test.go
+++ b/pkg/acquisition/modules/loki/loki_test.go
@ -294,7 +294,7 @@ func feedLoki(logger *log.Entry, n int, title string) error {
 	}

 	req.Header.Set("Content-Type", "application/json")
-	req.Header.Set("X-Scope-OrgID", "1234")
+	req.Header.Set("X-Scope-Orgid", "1234")

 	resp, err := http.DefaultClient.Do(req)
 	if err != nil {
--- a/pkg/cticlient/client.go
+++ b/pkg/cticlient/client.go
@ -43,7 +43,7 @@ func (c *CrowdsecCTIClient) doRequest(method string, endpoint string, params map
 	if err != nil {
 		return nil, err
 	}
-	req.Header.Set("x-api-key", c.apiKey)
+	req.Header.Set("X-Api-Key", c.apiKey)
 	resp, err := c.httpClient.Do(req)
 	if err != nil {
 		return nil, err
--- a/pkg/cticlient/client_test.go
+++ b/pkg/cticlient/client_test.go
@ -38,7 +38,7 @@ func (f RoundTripFunc) RoundTrip(req *http.Request) (*http.Response, error) {
 func fireHandler(req *http.Request) *http.Response {
 	var err error

-	apiKey := req.Header.Get("x-api-key")
+	apiKey := req.Header.Get("X-Api-Key")
 	if apiKey != validApiKey {
 		log.Warningf("invalid api key: %s", apiKey)

@ -105,7 +105,7 @@ func fireHandler(req *http.Request) *http.Response {
 }

 func smokeHandler(req *http.Request) *http.Response {
-	apiKey := req.Header.Get("x-api-key")
+	apiKey := req.Header.Get("X-Api-Key")
 	if apiKey != validApiKey {
 		return &http.Response{
 			StatusCode: http.StatusForbidden,
@ -137,7 +137,7 @@ func smokeHandler(req *http.Request) *http.Response {
 }

 func rateLimitedHandler(req *http.Request) *http.Response {
-	apiKey := req.Header.Get("x-api-key")
+	apiKey := req.Header.Get("X-Api-Key")
 	if apiKey != validApiKey {
 		return &http.Response{
 			StatusCode: http.StatusForbidden,
@ -154,7 +154,7 @@ func rateLimitedHandler(req *http.Request) *http.Response {
 }

 func searchHandler(req *http.Request) *http.Response {
-	apiKey := req.Header.Get("x-api-key")
+	apiKey := req.Header.Get("X-Api-Key")
 	if apiKey != validApiKey {
 		return &http.Response{
 			StatusCode: http.StatusForbidden,
--- a/pkg/exprhelpers/crowdsec_cti_test.go
+++ b/pkg/exprhelpers/crowdsec_cti_test.go
@ -69,7 +69,7 @@ func (f RoundTripFunc) RoundTrip(req *http.Request) (*http.Response, error) {
 }

 func smokeHandler(req *http.Request) *http.Response {
-	apiKey := req.Header.Get("x-api-key")
+	apiKey := req.Header.Get("X-Api-Key")
 	if apiKey != validApiKey {
 		return &http.Response{
 			StatusCode: http.StatusForbidden,