Merge pull request #1052 from oauth2-proxy/update-linter

Update golangci-lint to latest version (v1.36.0)
2021-02-17 20:56:43 +00:00 · 2021-02-17 20:56:43 +00:00 · 322308aab5
parent 76269a13b7 9cea4ea89b
commit 322308aab5
7 changed files with 23 additions and 13 deletions
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@ -14,7 +14,7 @@ jobs:
  build:
    env:
      COVER: true
-    runs-on: ubuntu-18.04
+    runs-on: ubuntu-20.04
    steps:

    - name: Check out code
@ -28,7 +28,7 @@ jobs:

    - name: Get dependencies
      run: |
-        curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.24.0
+        curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.36.0
        go mod download
        curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > ./cc-test-reporter
        chmod +x ./cc-test-reporter
@ -52,7 +52,7 @@ jobs:
        ./.github/workflows/test.sh

  docker:
-    runs-on: ubuntu-18.04
+    runs-on: ubuntu-20.04
    steps:

    - name: Check out code
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -8,6 +8,7 @@

 ## Changes since v7.0.1

+- [#1052](https://github.com/oauth2-proxy/oauth2-proxy/pull/1052) Update golangci-lint to latest version (v1.36.0) (@JoelSpeed)
 - [#1043](https://github.com/oauth2-proxy/oauth2-proxy/pull/1043) Refactor Sign In Page rendering and capture all page rendering code in pagewriter package (@JoelSpeed)
 - [#1029](https://github.com/oauth2-proxy/oauth2-proxy/pull/1029) Refactor error page rendering and allow debug messages on error (@JoelSpeed)
 - [#1028](https://github.com/oauth2-proxy/oauth2-proxy/pull/1028) Refactor templates, update theme and provide styled error pages (@JoelSpeed)
--- a/oauthproxy.go
+++ b/oauthproxy.go
@ -641,7 +641,7 @@ func (p *OAuthProxy) SignIn(rw http.ResponseWriter, req *http.Request) {
 	}
 }

-//UserInfo endpoint outputs session email and preferred username in JSON format
+// UserInfo endpoint outputs session email and preferred username in JSON format
 func (p *OAuthProxy) UserInfo(rw http.ResponseWriter, req *http.Request) {

 	session, err := p.getAuthenticatedSession(rw, req)
@ -805,6 +805,8 @@ func (p *OAuthProxy) redeemCode(req *http.Request) (*sessionsapi.SessionState, e
 func (p *OAuthProxy) enrichSessionState(ctx context.Context, s *sessionsapi.SessionState) error {
 	var err error
 	if s.Email == "" {
+		// TODO(@NickMeves): Remove once all provider are updated to implement EnrichSession
+		// nolint:staticcheck
 		s.Email, err = p.provider.GetEmailAddress(ctx, s)
 		if err != nil && !errors.Is(err, providers.ErrNotImplemented) {
 			return err
@ -1106,7 +1108,7 @@ func (p *OAuthProxy) getAuthenticatedSession(rw http.ResponseWriter, req *http.R
 // TODO (@NickMeves): This method is a placeholder to be extended but currently
 // fails the linter. Remove the nolint when functionality expands.
 //
-//nolint:S1008
+//nolint:gosimple
 func authOnlyAuthorize(req *http.Request, s *sessionsapi.SessionState) bool {
 	// Allow secondary group restrictions based on the `allowed_groups`
 	// querystring parameter
--- a/pkg/validation/options.go
+++ b/pkg/validation/options.go
@ -41,10 +41,10 @@ func Validate(o *options.Options) error {
 	} else if len(o.ProviderCAFiles) > 0 {
 		pool, err := util.GetCertPool(o.ProviderCAFiles)
 		if err == nil {
-			transport := &http.Transport{
-				TLSClientConfig: &tls.Config{
-					RootCAs: pool,
-				},
+			transport := http.DefaultTransport.(*http.Transport).Clone()
+			transport.TLSClientConfig = &tls.Config{
+				RootCAs:    pool,
+				MinVersion: tls.VersionTLS12,
 			}

 			http.DefaultClient = &http.Client{Transport: transport}
--- a/providers/logingov.go
+++ b/providers/logingov.go
@ -3,9 +3,10 @@ package providers
 import (
 	"bytes"
 	"context"
+	"crypto/rand"
 	"crypto/rsa"
 	"fmt"
-	"math/rand"
+	"math/big"
 	"net/url"
 	"time"

@ -34,7 +35,13 @@ var letters = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ")
 func randSeq(n int) string {
 	b := make([]rune, n)
 	for i := range b {
-		b[i] = letters[rand.Intn(len(letters))]
+		max := big.NewInt(int64(len(letters)))
+		bigN, err := rand.Int(rand.Reader, max)
+		if err != nil {
+			// This should never happen
+			panic(err)
+		}
+		b[i] = letters[bigN.Int64()]
 	}
 	return string(b)
 }
--- a/providers/provider_default.go
+++ b/providers/provider_default.go
@ -94,7 +94,7 @@ func (p *ProviderData) GetLoginURL(redirectURI, state string) string {
 }

 // GetEmailAddress returns the Account email address
-// DEPRECATED: Migrate to EnrichSession
+// Deprecated: Migrate to EnrichSession
 func (p *ProviderData) GetEmailAddress(_ context.Context, _ *sessions.SessionState) (string, error) {
 	return "", ErrNotImplemented
 }
--- a/providers/providers.go
+++ b/providers/providers.go
@ -9,7 +9,7 @@ import (
 // Provider represents an upstream identity provider implementation
 type Provider interface {
 	Data() *ProviderData
-	// DEPRECATED: Migrate to EnrichSession
+	// Deprecated: Migrate to EnrichSession
 	GetEmailAddress(ctx context.Context, s *sessions.SessionState) (string, error)
 	Redeem(ctx context.Context, redirectURI, code string) (*sessions.SessionState, error)
 	EnrichSession(ctx context.Context, s *sessions.SessionState) error