From 7fd01ae3fced9b50f31734c1d59a72f0553be05a Mon Sep 17 00:00:00 2001
From: mmetc <92726601+mmetc@users.noreply.github.com>
Date: Mon, 10 Jun 2024 16:13:49 +0200
Subject: [PATCH] CI: update golangci-lint to 1.59; enforce canonical HTTP
 headers (#3074)

---
 .github/workflows/go-tests-windows.yml    |  2 +-
 .github/workflows/go-tests.yml            |  2 +-
 .golangci.yml                             | 21 ++++++++-------------
 cmd/crowdsec-cli/console.go               |  3 ++-
 cmd/notification-sentinel/main.go         |  4 ++--
 pkg/acquisition/modules/loki/loki_test.go |  2 +-
 pkg/cticlient/client.go                   |  2 +-
 pkg/cticlient/client_test.go              |  8 ++++----
 pkg/exprhelpers/crowdsec_cti_test.go      |  2 +-
 9 files changed, 21 insertions(+), 25 deletions(-)

diff --git a/.github/workflows/go-tests-windows.yml b/.github/workflows/go-tests-windows.yml
index e707062b5..daf631244 100644
--- a/.github/workflows/go-tests-windows.yml
+++ b/.github/workflows/go-tests-windows.yml
@@ -57,7 +57,7 @@ jobs:
     - name: golangci-lint
       uses: golangci/golangci-lint-action@v4
       with:
-        version: v1.57
+        version: v1.59
         args: --issues-exit-code=1 --timeout 10m
         only-new-issues: false
         # the cache is already managed above, enabling it here
diff --git a/.github/workflows/go-tests.yml b/.github/workflows/go-tests.yml
index 3496674e7..41e841893 100644
--- a/.github/workflows/go-tests.yml
+++ b/.github/workflows/go-tests.yml
@@ -158,7 +158,7 @@ jobs:
     - name: golangci-lint
       uses: golangci/golangci-lint-action@v4
       with:
-        version: v1.57
+        version: v1.59
         args: --issues-exit-code=1 --timeout 10m
         only-new-issues: false
         # the cache is already managed above, enabling it here
diff --git a/.golangci.yml b/.golangci.yml
index 8feb99211..bcd1d2113 100644
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -210,16 +210,7 @@ linters:
     #
     # DEPRECATED by golangi-lint
     #
-    - deadcode
-    - exhaustivestruct
-    - golint
-    - ifshort
-    - interfacer
-    - maligned
-    - nosnakecase
-    - scopelint
-    - structcheck
-    - varcheck
+    - execinquery
 
     #
     # Redundant
@@ -249,7 +240,6 @@ linters:
     # - durationcheck       # check for two durations multiplied together
     # - errcheck            # errcheck is a program for checking for unchecked errors in Go code. These unchecked errors can be critical bugs in some cases
     # - errorlint           # errorlint is a linter for that can be used to find code that will cause problems with the error wrapping scheme introduced in Go 1.13.
-    # - execinquery         # execinquery is a linter about query string checker in Query function which reads your Go src files and warning it finds
     # - exportloopref       # checks for pointers to enclosing loop variables
     # - funlen              # Tool for detection of long functions
     # - ginkgolinter        # enforces standards of using ginkgo and gomega
@@ -331,6 +321,7 @@ linters:
     - errname               # Checks that sentinel errors are prefixed with the `Err` and error types are suffixed with the `Error`.
     - gomnd                 # An analyzer to detect magic numbers.
     - ireturn               # Accept Interfaces, Return Concrete Types
+    - mnd                   # An analyzer to detect magic numbers.
     - nilnil                # Checks that there is no simultaneous return of `nil` error and an invalid value.
     - noctx                 # Finds sending http request without context.Context
     - unparam               # Reports unused function parameters
@@ -350,7 +341,7 @@ linters:
     - dupl                  # Tool for code clone detection
     - forcetypeassert       # finds forced type assertions
     - godox                 # Tool for detection of FIXME, TODO and other comment keywords
-    - goerr113              # Go linter to check the errors handling expressions
+    - err113                # Go linter to check the errors handling expressions
     - paralleltest          # Detects missing usage of t.Parallel() method in your Go test
     - testpackage           # linter that makes you use a separate _test package
 
@@ -383,7 +374,7 @@ issues:
     - pkg/yamlpatch/merge.go
     - pkg/yamlpatch/merge_test.go
 
-  exclude-generated-strict: true
+  exclude-generated: strict
 
   max-issues-per-linter: 0
   max-same-issues: 0
@@ -505,3 +496,7 @@ issues:
         - revive
       path: pkg/hubtest/hubtest_item.go
       text: "cyclomatic: .*RunWithLogFile"
+
+    - linters:
+        - canonicalheader
+      path: pkg/apiserver/middlewares/v1/tls_auth.go
diff --git a/cmd/crowdsec-cli/console.go b/cmd/crowdsec-cli/console.go
index 972d43122..3c7df395b 100644
--- a/cmd/crowdsec-cli/console.go
+++ b/cmd/crowdsec-cli/console.go
@@ -6,6 +6,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"net/http"
 	"net/url"
 	"os"
 	"strconv"
@@ -138,7 +139,7 @@ func (cli *cliConsole) enroll(key string, name string, overwrite bool, tags []st
 		return fmt.Errorf("could not enroll instance: %w", err)
 	}
 
-	if resp.Response.StatusCode == 200 && !overwrite {
+	if resp.Response.StatusCode == http.StatusOK && !overwrite {
 		log.Warning("Instance already enrolled. You can use '--overwrite' to force enroll")
 		return nil
 	}
diff --git a/cmd/notification-sentinel/main.go b/cmd/notification-sentinel/main.go
index c627f9271..9c34e63a2 100644
--- a/cmd/notification-sentinel/main.go
+++ b/cmd/notification-sentinel/main.go
@@ -37,7 +37,7 @@ var logger hclog.Logger = hclog.New(&hclog.LoggerOptions{
 })
 
 func (s *SentinelPlugin) getAuthorizationHeader(now string, length int, pluginName string) (string, error) {
-	xHeaders := "x-ms-date:" + now
+	xHeaders := "X-Ms-Date:" + now
 
 	stringToHash := fmt.Sprintf("POST\n%d\napplication/json\n%s\n/api/logs", length, xHeaders)
 	decodedKey, _ := base64.StdEncoding.DecodeString(s.PluginConfigByName[pluginName].SharedKey)
@@ -87,7 +87,7 @@ func (s *SentinelPlugin) Notify(ctx context.Context, notification *protobufs.Not
 	req.Header.Set("Content-Type", "application/json")
 	req.Header.Set("Log-Type", s.PluginConfigByName[notification.Name].LogType)
 	req.Header.Set("Authorization", authorization)
-	req.Header.Set("x-ms-date", now)
+	req.Header.Set("X-Ms-Date", now)
 
 	client := &http.Client{}
 	resp, err := client.Do(req.WithContext(ctx))
diff --git a/pkg/acquisition/modules/loki/loki_test.go b/pkg/acquisition/modules/loki/loki_test.go
index 9ac3ccbd3..837425469 100644
--- a/pkg/acquisition/modules/loki/loki_test.go
+++ b/pkg/acquisition/modules/loki/loki_test.go
@@ -294,7 +294,7 @@ func feedLoki(logger *log.Entry, n int, title string) error {
 	}
 
 	req.Header.Set("Content-Type", "application/json")
-	req.Header.Set("X-Scope-OrgID", "1234")
+	req.Header.Set("X-Scope-Orgid", "1234")
 
 	resp, err := http.DefaultClient.Do(req)
 	if err != nil {
diff --git a/pkg/cticlient/client.go b/pkg/cticlient/client.go
index 4df4d65a6..b95d12376 100644
--- a/pkg/cticlient/client.go
+++ b/pkg/cticlient/client.go
@@ -43,7 +43,7 @@ func (c *CrowdsecCTIClient) doRequest(method string, endpoint string, params map
 	if err != nil {
 		return nil, err
 	}
-	req.Header.Set("x-api-key", c.apiKey)
+	req.Header.Set("X-Api-Key", c.apiKey)
 	resp, err := c.httpClient.Do(req)
 	if err != nil {
 		return nil, err
diff --git a/pkg/cticlient/client_test.go b/pkg/cticlient/client_test.go
index 79406a6c2..cdbbd0c97 100644
--- a/pkg/cticlient/client_test.go
+++ b/pkg/cticlient/client_test.go
@@ -38,7 +38,7 @@ func (f RoundTripFunc) RoundTrip(req *http.Request) (*http.Response, error) {
 func fireHandler(req *http.Request) *http.Response {
 	var err error
 
-	apiKey := req.Header.Get("x-api-key")
+	apiKey := req.Header.Get("X-Api-Key")
 	if apiKey != validApiKey {
 		log.Warningf("invalid api key: %s", apiKey)
 
@@ -105,7 +105,7 @@ func fireHandler(req *http.Request) *http.Response {
 }
 
 func smokeHandler(req *http.Request) *http.Response {
-	apiKey := req.Header.Get("x-api-key")
+	apiKey := req.Header.Get("X-Api-Key")
 	if apiKey != validApiKey {
 		return &http.Response{
 			StatusCode: http.StatusForbidden,
@@ -137,7 +137,7 @@ func smokeHandler(req *http.Request) *http.Response {
 }
 
 func rateLimitedHandler(req *http.Request) *http.Response {
-	apiKey := req.Header.Get("x-api-key")
+	apiKey := req.Header.Get("X-Api-Key")
 	if apiKey != validApiKey {
 		return &http.Response{
 			StatusCode: http.StatusForbidden,
@@ -154,7 +154,7 @@ func rateLimitedHandler(req *http.Request) *http.Response {
 }
 
 func searchHandler(req *http.Request) *http.Response {
-	apiKey := req.Header.Get("x-api-key")
+	apiKey := req.Header.Get("X-Api-Key")
 	if apiKey != validApiKey {
 		return &http.Response{
 			StatusCode: http.StatusForbidden,
diff --git a/pkg/exprhelpers/crowdsec_cti_test.go b/pkg/exprhelpers/crowdsec_cti_test.go
index 84a4b2457..4c0346e44 100644
--- a/pkg/exprhelpers/crowdsec_cti_test.go
+++ b/pkg/exprhelpers/crowdsec_cti_test.go
@@ -69,7 +69,7 @@ func (f RoundTripFunc) RoundTrip(req *http.Request) (*http.Response, error) {
 }
 
 func smokeHandler(req *http.Request) *http.Response {
-	apiKey := req.Header.Get("x-api-key")
+	apiKey := req.Header.Get("X-Api-Key")
 	if apiKey != validApiKey {
 		return &http.Response{
 			StatusCode: http.StatusForbidden,