diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 9182869..e283165 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -37,15 +37,11 @@ jobs: make build - name: golangci-lint - uses: golangci/golangci-lint-action@v4 + uses: golangci/golangci-lint-action@v6 with: - version: v1.56 + version: v1.61 args: --issues-exit-code=1 --timeout 10m only-new-issues: false - # the cache is already managed above, enabling it here - # gives errors when extracting - skip-pkg-cache: true - skip-build-cache: true - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v3 diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 6a506b6..98d44c9 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -24,7 +24,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v5 with: - go-version: 1.22 + go-version: '1.22' - name: Build run: | @@ -38,22 +38,24 @@ jobs: env: RICHGO_FORCE_COLOR: 1 - - name: Cache virtualenvs - id: cache-pipenv - uses: actions/cache@v4 + - name: "Setup Python" + uses: actions/setup-python@v5 with: - path: ~/.local/share/virtualenvs - key: ${{ runner.os }}-pipenv-${{ hashFiles('**/Pipfile.lock') }} + python-version: "3.x" + cache: 'pipenv' - - name: Install functional test dependencies + - name: "Install python dependencies" run: | - docker network create net-test - python3 -m pip install --upgrade pipenv wheel + python -m pip install --upgrade pipenv wheel pipenv install --deploy # some tests need root, so we have to install pytest twice sudo python3 -m pip install --upgrade pipenv wheel sudo pipenv install --deploy + - name: Install functional test dependencies + run: | + docker network create net-test + - name: Run functional tests env: CROWDSEC_TEST_VERSION: dev diff --git a/.github/workflows/tests_deb.yml b/.github/workflows/tests_deb.yml index 5c55947..ac84873 100644 --- a/.github/workflows/tests_deb.yml +++ b/.github/workflows/tests_deb.yml @@ -24,24 +24,27 @@ jobs: - name: Set up Go uses: actions/setup-go@v5 with: - go-version: 1.22 + go-version: '1.22' - - name: Cache virtualenvs - id: cache-pipenv - uses: actions/cache@v4 + - name: "Setup Python" + uses: actions/setup-python@v5 with: - path: ~/.local/share/virtualenvs - key: ${{ runner.os }}-pipenv-${{ hashFiles('**/Pipfile.lock') }} + python-version: "3.x" + cache: 'pipenv' + + - name: "Install python dependencies" + run: | + python -m pip install --upgrade pipenv wheel + pipenv install --deploy + # some tests need root, so we have to install pytest twice + sudo python3 -m pip install --upgrade pipenv wheel + sudo pipenv install --deploy - name: Install functional test dependencies run: | sudo apt update sudo apt install -y build-essential debhelper devscripts fakeroot lintian docker network create net-test - python3 -m pip install --upgrade pipenv wheel - pipenv install --deploy - sudo python3 -m pip install --upgrade pipenv wheel - sudo pipenv install --deploy - name: Run functional tests env: diff --git a/.golangci.yml b/.golangci.yml index a58310d..1df7f87 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -144,6 +144,7 @@ linters: - gomnd # An analyzer to detect magic numbers. - ireturn # Accept Interfaces, Return Concrete Types + - mnd # An analyzer to detect magic numbers. - unparam # Reports unused function parameters # diff --git a/Makefile b/Makefile index 55730e2..f80fccc 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,3 @@ -BUILD_REQUIRE_GO_MAJOR ?= 1 -BUILD_REQUIRE_GO_MINOR ?= 20 - GO = go GOBUILD = $(GO) build GOTEST = $(GO) test @@ -23,7 +20,7 @@ LD_OPTS_VARS=\ -X 'github.com/crowdsecurity/go-cs-lib/version.Tag=$(BUILD_TAG)' export CGO_ENABLED=0 -export LD_OPTS=-ldflags "-a -s -w -extldflags '-static' $(LD_OPTS_VARS)" \ +export LD_OPTS=-ldflags "-s -extldflags '-static' $(LD_OPTS_VARS)" \ -trimpath -tags netgo .PHONY: all @@ -59,7 +56,7 @@ clean: clean-release-dir clean-debian clean-rpm # .PHONY: binary -binary: goversion +binary: $(GOBUILD) $(LD_OPTS) -o $(BINARY_NAME) .PHONY: build @@ -74,7 +71,7 @@ lint: golangci-lint run .PHONY: test -test: goversion +test: @$(GOTEST) $(LD_OPTS) ./... .PHONY: func-tests @@ -128,7 +125,5 @@ release: clean tarball # .PHONY: platform-all -platform-all: goversion clean +platform-all: clean python3 .github/release.py run-build $(BINARY_NAME) - -include mk/goversion.mk diff --git a/go.mod b/go.mod index 09eabc1..d7b1ba3 100644 --- a/go.mod +++ b/go.mod @@ -5,24 +5,26 @@ go 1.22 toolchain go1.22.4 require ( - github.com/crowdsecurity/crowdsec v1.6.2 - github.com/crowdsecurity/go-cs-bouncer v0.0.13 - github.com/crowdsecurity/go-cs-lib v0.0.11 + github.com/crowdsecurity/crowdsec v1.6.3 + github.com/crowdsecurity/go-cs-bouncer v0.0.14 + github.com/crowdsecurity/go-cs-lib v0.0.15 github.com/felixge/httpsnoop v1.0.4 github.com/prometheus/client_golang v1.19.1 github.com/sirupsen/logrus v1.9.3 - golang.org/x/exp v0.0.0-20240604190554-fc45aab8b7f8 - golang.org/x/sync v0.7.0 + golang.org/x/exp v0.0.0-20240808152545-0cdaa3abc0fa + golang.org/x/sync v0.8.0 gopkg.in/natefinch/lumberjack.v2 v2.2.1 - gopkg.in/yaml.v2 v2.4.0 + gopkg.in/yaml.v3 v3.0.1 ) require ( - github.com/antonmedv/expr v1.15.5 // indirect github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect github.com/beorn7/perks v1.0.1 // indirect + github.com/blackfireio/osinfo v1.0.5 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/coreos/go-systemd/v22 v22.5.0 // indirect + github.com/davecgh/go-spew v1.1.1 // indirect + github.com/expr-lang/expr v1.16.9 // indirect github.com/fatih/color v1.17.0 // indirect github.com/go-openapi/analysis v0.23.0 // indirect github.com/go-openapi/errors v0.22.0 // indirect @@ -48,9 +50,9 @@ require ( github.com/prometheus/procfs v0.15.1 // indirect go.mongodb.org/mongo-driver v1.15.0 // indirect golang.org/x/net v0.26.0 // indirect - golang.org/x/sys v0.21.0 // indirect + golang.org/x/sys v0.24.0 // indirect golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect google.golang.org/protobuf v1.34.2 // indirect gopkg.in/tomb.v2 v2.0.0-20161208151619-d5d1b5820637 // indirect - gopkg.in/yaml.v3 v3.0.1 // indirect + gopkg.in/yaml.v2 v2.4.0 // indirect ) diff --git a/go.sum b/go.sum index a0092c9..832040c 100644 --- a/go.sum +++ b/go.sum @@ -1,22 +1,24 @@ -github.com/antonmedv/expr v1.15.5 h1:y0Iz3cEwmpRz5/r3w4qQR0MfIqJGdGM1zbhD/v0G5Vg= -github.com/antonmedv/expr v1.15.5/go.mod h1:0E/6TxnOlRNp81GMzX9QfDPAmHo2Phg00y4JUv1ihsE= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= +github.com/blackfireio/osinfo v1.0.5 h1:6hlaWzfcpb87gRmznVf7wSdhysGqLRz9V/xuSdCEXrA= +github.com/blackfireio/osinfo v1.0.5/go.mod h1:Pd987poVNmd5Wsx6PRPw4+w7kLlf9iJxoRKPtPAjOrA= github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs= github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= -github.com/crowdsecurity/crowdsec v1.6.2 h1:bk5rlWM9B9/6MymoGkmWXizGkjIearX9Qo1ZUCk/1Wg= -github.com/crowdsecurity/crowdsec v1.6.2/go.mod h1:YauL/sgtOVHPld0Phq5jFvuhqWhdqvMsRPAYpeBNejg= -github.com/crowdsecurity/go-cs-bouncer v0.0.13 h1:BndYyRr7NtATbrbU9ju43kfIESfkdsq2wmIptxkyzB0= -github.com/crowdsecurity/go-cs-bouncer v0.0.13/go.mod h1:CQrs7Al1ORcdDtY/sMv/ps1LjxFDCiM2Kvlamn3uJx0= -github.com/crowdsecurity/go-cs-lib v0.0.11 h1:ygUOKrkMLaJ2wjC020LgtY6XDkToNFK4NmYlhpkk5ko= -github.com/crowdsecurity/go-cs-lib v0.0.11/go.mod h1:8FMKNGsh3hMZi2SEv6P15PURhEJnZV431XjzzBSuf0k= +github.com/crowdsecurity/crowdsec v1.6.3 h1:L/6iT2/Gfl9bc9DQkHJz2BbpKM3P+yW6ocCKRyF4j1g= +github.com/crowdsecurity/crowdsec v1.6.3/go.mod h1:LrdAX9l4vgaExQbNUVnvZIu/DPwD9pSE9gBj14D4MTo= +github.com/crowdsecurity/go-cs-bouncer v0.0.14 h1:0hxOaa59pMT274qDzJXNxps4QfMnhSNss+oUn36HTpw= +github.com/crowdsecurity/go-cs-bouncer v0.0.14/go.mod h1:4nSF37v7i98idHM6cw1o0V0XgiY25EjTLfFFXvqg6OA= +github.com/crowdsecurity/go-cs-lib v0.0.15 h1:zNWqOPVLHgKUstlr6clom9d66S0eIIW66jQG3Y7FEvo= +github.com/crowdsecurity/go-cs-lib v0.0.15/go.mod h1:ePyQyJBxp1W/1bq4YpVAilnLSz7HkzmtI7TRhX187EU= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/expr-lang/expr v1.16.9 h1:WUAzmR0JNI9JCiF0/ewwHB1gmcGw5wW7nWt8gc6PpCI= +github.com/expr-lang/expr v1.16.9/go.mod h1:8/vRC7+7HBzESEqt5kKpYXxrxkr31SaO8r40VO/1IT4= github.com/fatih/color v1.17.0 h1:GlRw1BRJxkpqUCBKzKOw098ed57fEsKeNjpTe3cSjK4= github.com/fatih/color v1.17.0/go.mod h1:YZ7TlrGPkiz6ku9fK3TLD/pl3CpsiFyu8N92HLgmosI= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= @@ -59,8 +61,6 @@ github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/hashicorp/go-version v1.2.1 h1:zEfKbn2+PDgroKdiOzqiE8rsmLqU2uwi5PB5pBJ3TkI= -github.com/hashicorp/go-version v1.2.1/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= @@ -102,17 +102,17 @@ go.mongodb.org/mongo-driver v1.15.0 h1:rJCKC8eEliewXjZGf0ddURtl7tTVy1TK3bfl0gkUS go.mongodb.org/mongo-driver v1.15.0/go.mod h1:Vzb0Mk/pa7e6cWw85R4F/endUC3u0U9jGcNU603k65c= golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI= golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM= -golang.org/x/exp v0.0.0-20240604190554-fc45aab8b7f8 h1:LoYXNGAShUG3m/ehNk4iFctuhGX/+R1ZpfJ4/ia80JM= -golang.org/x/exp v0.0.0-20240604190554-fc45aab8b7f8/go.mod h1:jj3sYF3dwk5D+ghuXyeI3r5MFf+NT2An6/9dOA95KSI= +golang.org/x/exp v0.0.0-20240808152545-0cdaa3abc0fa h1:ELnwvuAXPNtPk1TJRuGkI9fDTwym6AYBu0qzT8AcHdI= +golang.org/x/exp v0.0.0-20240808152545-0cdaa3abc0fa/go.mod h1:akd2r19cwCdwSwWeIdzYQGa/EZZyqcOdwWiwj5L5eKQ= golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ= golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= -golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= -golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= +golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= -golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg= +golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/mk/goversion.mk b/mk/goversion.mk deleted file mode 100644 index c2635f3..0000000 --- a/mk/goversion.mk +++ /dev/null @@ -1,31 +0,0 @@ - -BUILD_GOVERSION = $(subst go,,$(shell $(GO) env GOVERSION)) - -go_major_minor = $(subst ., ,$(BUILD_GOVERSION)) -GO_MAJOR_VERSION = $(word 1, $(go_major_minor)) -GO_MINOR_VERSION = $(word 2, $(go_major_minor)) - -GO_VERSION_VALIDATION_ERR_MSG = Golang version ($(BUILD_GOVERSION)) is not supported, please use at least $(BUILD_REQUIRE_GO_MAJOR).$(BUILD_REQUIRE_GO_MINOR) - - -.PHONY: goversion -goversion: $(if $(findstring devel,$(shell $(GO) env GOVERSION)),goversion_devel,goversion_check) - - -.PHONY: goversion_devel -goversion_devel: - $(warning WARNING: You are using a development version of Golang ($(BUILD_GOVERSION)) which is not supported. For production environments, use a stable version (at least $(BUILD_REQUIRE_GO_MAJOR).$(BUILD_REQUIRE_GO_MINOR))) - $(info ) - - -.PHONY: goversion_check -goversion_check: - @if [ $(GO_MAJOR_VERSION) -gt $(BUILD_REQUIRE_GO_MAJOR) ]; then \ - exit 0; \ - elif [ $(GO_MAJOR_VERSION) -lt $(BUILD_REQUIRE_GO_MAJOR) ]; then \ - echo '$(GO_VERSION_VALIDATION_ERR_MSG)';\ - exit 1; \ - elif [ $(GO_MINOR_VERSION) -lt $(BUILD_REQUIRE_GO_MINOR) ] ; then \ - echo '$(GO_VERSION_VALIDATION_ERR_MSG)';\ - exit 1; \ - fi diff --git a/pkg/cfg/config.go b/pkg/cfg/config.go index 6a20585..c7d955a 100644 --- a/pkg/cfg/config.go +++ b/pkg/cfg/config.go @@ -9,7 +9,7 @@ import ( "github.com/sirupsen/logrus" "golang.org/x/exp/slices" - "gopkg.in/yaml.v2" + "gopkg.in/yaml.v3" "github.com/crowdsecurity/go-cs-lib/csstring" "github.com/crowdsecurity/go-cs-lib/yamlpatch" diff --git a/pkg/server/logging.go b/pkg/server/logging.go index ab76b21..71a9d84 100644 --- a/pkg/server/logging.go +++ b/pkg/server/logging.go @@ -212,7 +212,7 @@ func buildCommonLogLine(req *http.Request, url url.URL, ts time.Time, status int // Requests using the CONNECT method over HTTP/2.0 must use // the authority field (aka r.Host) to identify the target. // Refer: https://httpwg.github.io/specs/rfc7540.html#CONNECT - if req.ProtoMajor == 2 && req.Method == "CONNECT" { + if req.ProtoMajor == 2 && req.Method == http.MethodConnect { uri = req.Host } diff --git a/test/bouncer/test_tls.py b/test/bouncer/test_tls.py index 9fac020..1493dd4 100644 --- a/test/bouncer/test_tls.py +++ b/test/bouncer/test_tls.py @@ -84,7 +84,7 @@ def test_tls_mutual(crowdsec, certs_dir, bouncer, bm_cfg_factory, bouncer_under_ "*API error: access forbidden*", ]) - cs.wait_for_log("*client certificate OU (?agent-ou?) doesn't match expected OU (?bouncer-ou?)*") + cs.wait_for_log("*client certificate OU ?agent-ou? doesn't match expected OU ?bouncer-ou?*") cfg['crowdsec_config']['cert_path'] = (certs / 'bouncer.crt').as_posix() cfg['crowdsec_config']['key_path'] = (certs / 'bouncer.key').as_posix()