diff --git a/.golangci.yml b/.golangci.yml new file mode 100644 index 00000000..5429e1a3 --- /dev/null +++ b/.golangci.yml @@ -0,0 +1,49 @@ +linters-settings: + errcheck: + ignore: fmt:.*,io/ioutil:^Read.*,github.com/caddyserver/caddy/v2/caddyconfig:RegisterAdapter,github.com/caddyserver/caddy/v2:RegisterModule + ignoretests: true + misspell: + locale: US + +linters: + enable: + - bodyclose + - errcheck + - gofmt + - goimports + - gosec + - ineffassign + - misspell + +run: + # default concurrency is a available CPU number. + # concurrency: 4 # explicitly omit this value to fully utilize available resources. + deadline: 5m + issues-exit-code: 1 + tests: false + +# output configuration options +output: + format: 'colored-line-number' + print-issued-lines: true + print-linter-name: true + +issues: + exclude-rules: + # we aren't calling unknown URL + - text: "G107" # G107: Url provided to HTTP request as taint input + linters: + - gosec + # as a web server that's expected to handle any template, this is totally in the hands of the user. + - text: "G203" # G203: Use of unescaped data in HTML templates + linters: + - gosec + # we're shelling out to known commands, not relying on user-defined input. + - text: "G204" # G204: Audit use of command execution + linters: + - gosec + # the choice of weakrand is deliberate, hence the named import "weakrand" + - path: modules/caddyhttp/reverseproxy/selectionpolicies.go + text: "G404" # G404: Insecure random number source (rand) + linters: + - gosec diff --git a/azure-pipelines.yml b/azure-pipelines.yml index fbee6fb5..8c86cd89 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -89,7 +89,8 @@ steps: displayName: Get dependencies - script: | - (golangci-lint run --out-format junit-xml -E gofmt -E goimports -E misspell) > test-results/lint-result.xml + # its behavior is governed by .golangci.yml + (golangci-lint run --out-format junit-xml) > test-results/lint-result.xml exit 0 workingDirectory: '$(modulePath)' continueOnError: true diff --git a/caddyconfig/caddyfile/lexer.go b/caddyconfig/caddyfile/lexer.go index c0b6e1d7..0ddad0e4 100755 --- a/caddyconfig/caddyfile/lexer.go +++ b/caddyconfig/caddyfile/lexer.go @@ -107,7 +107,6 @@ func (l *lexer) next() bool { escaped = false } else { if ch == '"' { - quoted = false return makeToken() } } diff --git a/cmd/main.go b/cmd/main.go index aea020fc..6447e73b 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -118,7 +118,6 @@ func loadConfig(configFile, adapterName string) ([]byte, error) { if os.IsNotExist(err) { // okay, no default Caddyfile; pretend like this never happened cfgAdapter = nil - err = nil } else if err != nil { // default Caddyfile exists, but error reading it return nil, fmt.Errorf("reading default Caddyfile: %v", err) diff --git a/modules/caddyhttp/server.go b/modules/caddyhttp/server.go index c4c306e4..366a3078 100644 --- a/modules/caddyhttp/server.go +++ b/modules/caddyhttp/server.go @@ -169,7 +169,7 @@ func (s *Server) enforcementHandler(w http.ResponseWriter, r *http.Request, next if err != nil { hostname = r.Host // OK; probably lacked port } - if strings.ToLower(r.TLS.ServerName) != strings.ToLower(hostname) { + if !strings.EqualFold(r.TLS.ServerName, hostname) { err := fmt.Errorf("strict host matching: TLS ServerName (%s) and HTTP Host (%s) values differ", r.TLS.ServerName, hostname) r.Close = true