Skip to content

Commit

Permalink
use more golangci-lint linters, and fix new lint warnings (#63)
Browse files Browse the repository at this point in the history
  • Loading branch information
capnspacehook authored Sep 22, 2023
1 parent ffbdfca commit 1db7fe7
Show file tree
Hide file tree
Showing 5 changed files with 57 additions and 10 deletions.
4 changes: 0 additions & 4 deletions .github/workflows/test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -26,10 +26,6 @@ jobs:
- name: Cache Go files
uses: capnspacehook/cache-go@v1

- name: Ensure main package builds
run: |
go build
# the test is compiled and run as root so that egress eddie can
# open nfqueues, which is a privileged operation
- run: |
Expand Down
27 changes: 26 additions & 1 deletion .golangci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,29 +9,54 @@ linters:
- bidichk
- durationcheck
- errcheck
- errchkjson
- errorlint
- execinquery
- forcetypeassert
- gci
- gocheckcompilerdirectives
- goconst
- gocritic
- gofumpt
- gosimple
- govet
- ineffassign
- loggercheck
- misspell
- mirror
- nilerr
- nilnil
- paralleltest
- prealloc
- predeclared
- reassign
- revive
- rowserrcheck
- sqlclosecheck
- tenv
- thelper
- unconvert
- unparam
- unused
- usestdlibvars

linters-settings:
errcheck:
exclude-functions:
- (go.uber.org/zap/zapcore.ObjectEncoder).AddObject
gci:
sections:
- standard
- default
- prefix(github.com/capnspacehook/egress-eddie)
misspell:
locale: US
paralleltest:
ignore-missing: true
revive:
rules:
- name: blank-imports
disabled: true

run:
timeout: 5m
timeout: 10m
4 changes: 1 addition & 3 deletions config.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,9 +7,7 @@ import (
"strconv"
"strings"
"time"

// only needed for go:linkname directive
_ "unsafe"
_ "unsafe" // only needed for go:linkname directive

"github.com/BurntSushi/toml"
"golang.org/x/exp/slices"
Expand Down
18 changes: 16 additions & 2 deletions filter_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -318,6 +318,8 @@ allowedHostnames = [
}

func initFilters(t *testing.T, configStr string, iptablesRules, ip6tablesRules []string) {
t.Helper()

switch {
case *binaryTests:
initBinaryFilters(t, configStr, iptablesRules, ip6tablesRules)
Expand All @@ -329,12 +331,14 @@ func initFilters(t *testing.T, configStr string, iptablesRules, ip6tablesRules [
}

func initBinaryFilters(t *testing.T, configStr string, iptablesRules, ip6tablesRules []string) {
t.Helper()

configPath := filepath.Join(t.TempDir(), "config.toml")
f, err := os.Create(configPath)
if err != nil {
t.Fatalf("error creating config file: %v", err)
}
if _, err = f.Write([]byte(configStr)); err != nil {
if _, err = f.WriteString(configStr); err != nil {
t.Fatalf("error writing config file: %v", err)
}
if err := f.Close(); err != nil {
Expand Down Expand Up @@ -379,12 +383,14 @@ func initBinaryFilters(t *testing.T, configStr string, iptablesRules, ip6tablesR
}

func initContainerFilters(t *testing.T, configStr string, iptablesRules, ip6tablesRules []string) {
t.Helper()

configPath := filepath.Join(t.TempDir(), "config.toml")
f, err := os.Create(configPath)
if err != nil {
t.Fatalf("error creating config file: %v", err)
}
if _, err = f.Write([]byte(configStr)); err != nil {
if _, err = f.WriteString(configStr); err != nil {
t.Fatalf("error writing config file: %v", err)
}
if err := f.Close(); err != nil {
Expand Down Expand Up @@ -439,6 +445,8 @@ func initContainerFilters(t *testing.T, configStr string, iptablesRules, ip6tabl
}

func initStandardFilters(t *testing.T, configStr string, iptablesRules, ip6tablesRules []string) {
t.Helper()

config, err := parseConfigBytes([]byte(configStr))
if err != nil {
t.Fatalf("error parsing config: %v", err)
Expand Down Expand Up @@ -482,6 +490,8 @@ func initStandardFilters(t *testing.T, configStr string, iptablesRules, ip6table
}

func iptablesCmd(t *testing.T, ipv6 bool, args string) {
t.Helper()

splitArgs, err := shlex.Split(args, true)
if err != nil {
t.Fatalf("error spitting command %v: %v", args, err)
Expand Down Expand Up @@ -549,6 +559,8 @@ func makeHTTPReqs(client4, client6 *http.Client, addr string) error {
}

func lookupIPs(t *testing.T, host string) (ips4 []netip.Addr, ips6 []netip.Addr, err error) {
t.Helper()

ips4, err = net.DefaultResolver.LookupNetIP(getTimeout(t), "ip4", host)
if err != nil {
return nil, nil, err
Expand Down Expand Up @@ -579,6 +591,8 @@ func reqFailed(err error) bool {
}

func getTimeout(t *testing.T) context.Context {
t.Helper()

ctx, cancel := context.WithTimeout(context.Background(), 3*time.Second)
t.Cleanup(cancel)

Expand Down
14 changes: 14 additions & 0 deletions fuzz_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -116,6 +116,8 @@ func FuzzFiltering(f *testing.F) {
}

func checkBlockingDNSRequests(t *testing.T, logger *zap.Logger, cb []byte, filter FilterOptions, ipv6 bool, port uint16, allowedName, disallowedName string) {
t.Helper()

reqn := filter.DNSQueue.IPv4
qType := layers.DNSTypeA
answerIP := ipv4Answer
Expand Down Expand Up @@ -252,6 +254,8 @@ func checkBlockingDNSRequests(t *testing.T, logger *zap.Logger, cb []byte, filte
}

func checkBlockingUnknownDNSReplies(t *testing.T, logger *zap.Logger, cb []byte, config *Config, allowedName string) {
t.Helper()

check := func(ipv6 bool, n uint16) {
port := uint16(2001)
qType := layers.DNSTypeA
Expand Down Expand Up @@ -327,6 +331,8 @@ func checkBlockingUnknownDNSReplies(t *testing.T, logger *zap.Logger, cb []byte,
}

func checkAllowingDNS(t *testing.T, logger *zap.Logger, cb []byte, config *Config, filter FilterOptions, ip4Port, ip6Port uint16, allowedName, disallowedName string) {
t.Helper()

// If answers are allowed for too short of a time, we don't
// want to race against the connection getting forgotten.
// The self filter only processes DNS responses so it won't
Expand Down Expand Up @@ -440,6 +446,8 @@ func checkAllowingDNS(t *testing.T, logger *zap.Logger, cb []byte, config *Confi
}

func checkBlockingKnownDNSReplies(t *testing.T, logger *zap.Logger, cb []byte, config *Config, filter FilterOptions, ipv6 bool, port uint16, allowedName, disallowedName string) {
t.Helper()

n := config.InboundDNSQueue.IPv4
rType := layers.DNSTypeA
answerIP := ipv4Answer
Expand Down Expand Up @@ -509,6 +517,8 @@ func checkBlockingKnownDNSReplies(t *testing.T, logger *zap.Logger, cb []byte, c
}

func checkHandlingTraffic(t *testing.T, logger *zap.Logger, cb []byte, filter FilterOptions) {
t.Helper()

// If answers are allowed for too short of a time, we don't
// want to race against the connection getting forgotten.
// TODO: test reverse lookups
Expand Down Expand Up @@ -579,6 +589,8 @@ func checkHandlingTraffic(t *testing.T, logger *zap.Logger, cb []byte, filter Fi
}

func failAndDumpConfig(t *testing.T, cb []byte, format string, a ...any) {
t.Helper()

t.Logf("config:\n---\n%s\n---\n\n", cb)
panic(fmt.Sprintf(format, a...))
}
Expand Down Expand Up @@ -612,6 +624,8 @@ var (
)

func sendPacket(t *testing.T, logger *zap.Logger, cb []byte, e *mockEnforcer, opts sendOpts) {
t.Helper()

var (
ipLayer gopacket.SerializableLayer
ipLayerType = layers.IPProtocolIPv4
Expand Down

0 comments on commit 1db7fe7

Please sign in to comment.