From 5c826f7a5f1791e82f3e98e126bb0a2faa6cd130 Mon Sep 17 00:00:00 2001 From: Russ Magee Date: Tue, 20 Sep 2022 20:57:08 -0700 Subject: [PATCH] Updated golangci-lint config; xsd.sysvrc init script updates --- .golangci.yml | 399 +++++++++++++------------------------------- xs/termsize_unix.go | 3 +- xs/xs.go | 72 ++++---- xsd.sysvrc | 4 + 4 files changed, 153 insertions(+), 325 deletions(-) diff --git a/.golangci.yml b/.golangci.yml index 2ea8fb8..0e32a11 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -1,327 +1,154 @@ -# This file contains all available configuration options -# with their default values. - -# options for analysis running -run: - # default concurrency is a available CPU number - concurrency: 4 - - # timeout for analysis, e.g. 30s, 5m, default is 1m - timeout: 1m - - # exit code when at least one issue was found, default is 1 - issues-exit-code: 1 - - # include test files or not, default is true - tests: true - - # list of build tags, all linters use it. Default is empty list. - build-tags: - - mytag - - # which dirs to skip: issues from them won't be reported; - # can use regexp here: generated.*, regexp is applied on full path; - # default value is empty list, but default dirs are skipped independently - # from this option's value (see skip-dirs-use-default). - skip-dirs: - - src/external_libs - - autogenerated_by_my_lib - - # default is true. Enables skipping of directories: - # vendor$, third_party$, testdata$, examples$, Godeps$, builtin$ - skip-dirs-use-default: true - - # which files to skip: they will be analyzed, but issues from them - # won't be reported. Default value is empty list, but there is - # no need to include all autogenerated files, we confidently recognize - # autogenerated files. If it's not please let us know. - skip-files: - - ".*\\.my\\.go$" - - lib/bad.go - - # by default isn't set. If set we pass it to "go list -mod={option}". From "go help modules": - # If invoked with -mod=readonly, the go command is disallowed from the implicit - # automatic updating of go.mod described above. Instead, it fails when any changes - # to go.mod are needed. This setting is most useful to check that go.mod does - # not need updates, such as in a continuous integration and testing system. - # If invoked with -mod=vendor, the go command assumes that the vendor - # directory holds the correct copies of dependencies and ignores - # the dependency descriptions in go.mod. - #! modules-download-mode: readonly|release|vendor - - -# output configuration options -output: - # colored-line-number|line-number|json|tab|checkstyle|code-climate, default is "colored-line-number" - format: colored-line-number - - # print lines of code with issue, default is true - print-issued-lines: true - - # print linter name in the end of issue text, default is true - print-linter-name: true - - # make issues output unique by line, default is true - uniq-by-line: true - - -# all available settings of specific linters linters-settings: - dogsled: - # checks assignments with too many blank identifiers; default is 2 - max-blank-identifiers: 2 + depguard: + list-type: blacklist + packages: + # logging is allowed only by logutils.Log, logrus + # is allowed to use only in logutils package + - github.com/sirupsen/logrus + packages-with-error-message: + - github.com/sirupsen/logrus: "logging is allowed only by logutils.Log" dupl: - # tokens count to trigger issue, 150 by default threshold: 100 - errcheck: - # report about not checking of errors in type assetions: `a := b.(MyStruct)`; - # default is false: such cases aren't reported by default. - check-type-assertions: false - - # report about assignment of errors to blank identifier: `num, _ := strconv.Atoi(numStr)`; - # default is false: such cases aren't reported by default. - check-blank: false - - # [deprecated] comma-separated list of pairs of the form pkg:regex - # the regex is used to ignore names within pkg. (default "fmt:.*"). - # see https://github.com/kisielk/errcheck#the-deprecated-method for details - ignore: fmt:.*,io/ioutil:^Read.* - - # path to a file containing a list of functions to exclude from checking - # see https://github.com/kisielk/errcheck#excluding-functions for details - #!exclude: /path/to/file.txt funlen: - lines: 60 - statements: 40 - gocognit: - # minimal code complexity to report, 30 by default (but we recommend 10-20) - min-complexity: 10 + lines: 125 + statements: 50 + gci: + local-prefixes: github.com/golangci/golangci-lint goconst: - # minimal length of string constant, 3 by default - min-len: 3 - # minimal occurrences count to trigger, 3 by default - min-occurrences: 3 + min-len: 2 + min-occurrences: 2 gocritic: - # Which checks should be enabled; can't be combined with 'disabled-checks'; - # See https://go-critic.github.io/overview#checks-overview - # To check which checks are enabled run `GL_DEBUG=gocritic golangci-lint run` - # By default list of stable checks is used. - enabled-checks: - #!- rangeValCopy - - # Which checks should be disabled; can't be combined with 'enabled-checks'; default is empty - disabled-checks: - - regexpMust - - # Enable multiple checks by tags, run `GL_DEBUG=gocritic golangci-lint run` to see all tags and checks. - # Empty list by default. See https://github.com/go-critic/go-critic#usage -> section "Tags". enabled-tags: + - diagnostic + - experimental + - opinionated - performance - - settings: # settings passed to gocritic - captLocal: # must be valid enabled check name - paramsOnly: true - rangeValCopy: - sizeThreshold: 32 + - style + disabled-checks: + - commentFormatting + - dupImport # https://github.com/go-critic/go-critic/issues/845 + - ifElseChain + - octalLiteral + - whyNoLint + - wrapperFunc gocyclo: - # minimal code complexity to report, 30 by default (but we recommend 10-20) - min-complexity: 10 - godox: - # report any comments starting with keywords, this is useful for TODO or FIXME comments that - # might be left in the code accidentally and should be resolved before merging - keywords: # default keywords are TODO, BUG, and FIXME, these can be overwritten by this setting - - NOTE - - OPTIMIZE # marks code that should be optimized before merging - - HACK # marks hack-arounds that should be removed before merging - gofmt: - # simplify code: gofmt with `-s` option, true by default - simplify: true + min-complexity: 15 goimports: - # put imports beginning with prefix after 3rd-party packages; - # it's a comma-separated list of prefixes - local-prefixes: github.com/org/project - golint: - # minimal confidence for issues, default is 0.8 - min-confidence: 0.8 + local-prefixes: github.com/golangci/golangci-lint + #golint: + # min-confidence: 0 gomnd: settings: mnd: - # the list of enabled checks, see https://github.com/tommy-muehle/go-mnd/#checks for description. - checks: argument,case,condition,operation,return,assign + # don't include the "operation" and "assign" + checks: argument,case,condition,return govet: - # report about shadowed variables check-shadowing: true - - # settings per analyzer settings: - printf: # analyzer name, run `go tool vet help` to see all analyzers - funcs: # run `go tool vet help printf` to see available settings for `printf` analyzer + printf: + funcs: - (github.com/golangci/golangci-lint/pkg/logutils.Log).Infof - (github.com/golangci/golangci-lint/pkg/logutils.Log).Warnf - (github.com/golangci/golangci-lint/pkg/logutils.Log).Errorf - (github.com/golangci/golangci-lint/pkg/logutils.Log).Fatalf - - # enable or disable analyzers by name - enable: - - atomicalign - enable-all: false - disable: - - shadow - disable-all: false - depguard: - list-type: blacklist - include-go-root: false - packages: - - github.com/sirupsen/logrus - packages-with-error-message: - # specify an error message to output when a blacklisted package is used - - github.com/sirupsen/logrus: "logging is allowed only by logutils.Log" lll: - # max line length, lines longer will be reported. Default is 120. - # '\t' is counted as 1 character by default, and can be changed with the tab-width option - line-length: 120 - # tab width in spaces. Default to 1. - tab-width: 1 + line-length: 140 maligned: - # print struct with more effective memory layout or not, false by default suggest-new: true misspell: - # Correct spellings using locale preferences for US or UK. - # Default is to use a neutral variety of English. - # Setting locale to US will correct the British spelling of 'colour' to 'color'. - locale: US - ignore-words: - - someword - nakedret: - # make an issue if func has more lines of code than this setting and it has naked returns; default is 30 - max-func-lines: 30 - prealloc: - # XXX: we don't recommend using this linter before doing performance profiling. - # For most programs usage of prealloc will be a premature optimization. - - # Report preallocation suggestions only on simple loops that have no returns/breaks/continues/gotos in them. - # True by default. - simple: true - range-loops: true # Report preallocation suggestions on range loops, true by default - for-loops: false # Report preallocation suggestions on for loops, false by default - rowserrcheck: - packages: - - github.com/jmoiron/sqlx - unparam: - # Inspect exported functions, default is false. Set to true if no external program/library imports your code. - # XXX: if you enable this setting, unparam will report a lot of false-positives in text editors: - # if it's called for subdir of a project it can't find external interfaces. All text editor integrations - # with golangci-lint call it on a directory with the changed file. - check-exported: false - unused: - # treat code as a program (not a library) and report unused exported identifiers; default is false. - # XXX: if you enable this setting, unused will report a lot of false-positives in text editors: - # if it's called for subdir of a project it can't find funcs usages. All text editor integrations - # with golangci-lint call it on a directory with the changed file. - check-exported: false - whitespace: - multi-if: false # Enforces newlines (or comments) after every multi-line if statement - multi-func: false # Enforces newlines (or comments) after every multi-line function signature - wsl: - # If true append is only allowed to be cuddled if appending value is - # matching variables, fields or types on line above. Default is true. - strict-append: true - # Allow calls and assignments to be cuddled as long as the lines have any - # matching variables, fields or types. Default is true. - allow-assign-and-call: true - # Allow multiline assignments to be cuddled. Default is true. - allow-multiline-assign: true - # Allow declarations (var) to be cuddled. - allow-cuddle-declarations: false - # Allow trailing comments in ending of blocks - allow-trailing-comment: false - # Force newlines in end of case at this limit (0 = never). - force-case-trailing-whitespace: 0 - - # The custom section can be used to define linter plugins to be loaded at runtime. See README doc - # for more info. - custom: - # Each custom linter should have a unique name. - #! example: - #! # The path to the plugin *.so. Can be absolute or local. Required for each custom linter - #! path: /path/to/example.so - #! # The description of the linter. Optional, just for documentation purposes. - #! description: This is an example usage of a plugin linter. - #! # Intended to point to the repo location of the linter. Optional, just for documentation purposes. - #! original-url: github.com/golangci/example-linter + locale: en_CA + nolintlint: + allow-leading-space: true # don't require machine-readable nolint directives (i.e. with no leading space) + allow-unused: false # report any unused nolint directives + require-explanation: false # don't require an explanation for nolint directives + require-specific: false # don't require nolint directives to be specific about which linter is being skipped linters: + # please, do not use `enable-all`: it's deprecated and will be removed soon. + # inverted configuration with `enable-all` and `disable` is not scalable during updates of golangci-lint + disable-all: true enable: - - megacheck + - bodyclose + #- deadcode + - depguard + - dogsled + - dupl + - errcheck + - exhaustive + - funlen + - gochecknoinits + - goconst + - gocritic + - gocyclo + - gofmt + - goimports + #- golint + - gomnd + - goprintffuncname + - gosec + - gosimple - govet - disable: - - maligned - - prealloc - disable-all: false - presets: - - bugs + - ineffassign + #- interfacer + - lll + - misspell + #- nakedret + - noctx + - nolintlint + - rowserrcheck + #- scopelint + - staticcheck + #- structcheck + - stylecheck + - typecheck + - unconvert + - unparam - unused - fast: false + #- varcheck + - whitespace + # don't enable: + # - asciicheck + # - gochecknoglobals + # - gocognit + # - godot + # - godox + # - goerr113 + # - maligned + # - nestif + # - prealloc + # - testpackage + # - wsl issues: - # List of regexps of issue texts to exclude, empty list by default. - # But independently from this option we use default exclude patterns, - # it can be disabled by `exclude-use-default: false`. To list all - # excluded by default patterns execute `golangci-lint run --help` - exclude: - - abcdef - # Excluding configuration per-path, per-linter, per-text and per-source exclude-rules: - # Exclude some linters from running on tests files. - path: _test\.go linters: - - gocyclo - - errcheck - - dupl - - gosec + - gomnd - # Exclude known linters from partially hard-vendored code, - # which is impossible to exclude via "nolint" comments. - - path: internal/hmac/ - text: "weak cryptographic primitive" - linters: - - gosec - - # Exclude some staticcheck messages + # https://github.com/go-critic/go-critic/issues/926 - linters: - - staticcheck - text: "SA9003:" + - gocritic + text: "unnecessaryDefer:" - # Exclude lll issues for long lines with go:generate - - linters: - - lll - source: "^//go:generate " + # TODO temporary rule, must be removed + # seems related to v0.34.1, but I was not able to reproduce locally, + # I was also not able to reproduce in the CI of a fork, + # only the golangci-lint CI seems to be affected by this invalid analysis. + - path: pkg/golinters/scopelint.go + text: 'directive `//nolint:interfacer` is unused for linter interfacer' - # Independently from option `exclude` we use default exclude patterns, - # it can be disabled by this option. To list all - # excluded by default patterns execute `golangci-lint run --help`. - # Default value for this option is true. - exclude-use-default: false +run: + skip-dirs: + - test/testdata_etc + - internal/cache + - internal/renameio + - internal/robustio - # Maximum issues count per one linter. Set to 0 to disable. Default is 50. - max-issues-per-linter: 0 - - # Maximum count of issues with the same text. Set to 0 to disable. Default is 3. - max-same-issues: 0 - - # Show only new issues: if there are unstaged changes or untracked files, - # only those changes are analyzed, else only changes in HEAD~ are analyzed. - # It's a super-useful option for integration of golangci-lint into existing - # large codebase. It's not practical to fix all existing issues at the moment - # of integration: much better don't allow issues in new code. - # Default is false. - new: false - - # Show only new issues created after git revision `REV` - #!new-from-rev: REV - #new-from-rev: HEAD^ - - # Show only new issues created in git patch with set file path. - #!new-from-patch: path/to/patch/file +# golangci.com configuration +# https://github.com/golangci/golangci/wiki/Configuration +service: + golangci-lint-version: 1.23.x # use the fixed version to not introduce new linters unexpectedly + prepare: + - echo "here I can run custom commands, but no preparation needed for this repo" diff --git a/xs/termsize_unix.go b/xs/termsize_unix.go index 410a243..c435d9a 100644 --- a/xs/termsize_unix.go +++ b/xs/termsize_unix.go @@ -1,3 +1,4 @@ +//go:build linux || freebsd // +build linux freebsd package main @@ -30,7 +31,7 @@ func handleTermResizes(conn *xsnet.Conn) { log.Println(err) } termSzPacket := fmt.Sprintf("%d %d", rows, cols) - conn.WritePacket([]byte(termSzPacket), xsnet.CSOTermSize) // nolint: errcheck,gosec + conn.WritePacket([]byte(termSzPacket), xsnet.CSOTermSize) } }() ch <- syscall.SIGWINCH // Initial resize. diff --git a/xs/xs.go b/xs/xs.go index 1c8314d..2e142e1 100755 --- a/xs/xs.go +++ b/xs/xs.go @@ -1,5 +1,4 @@ // xs client - // // Copyright (c) 2017-2020 Russell Magee // Licensed under the terms of the MIT license (see LICENSE.mit in this @@ -18,7 +17,6 @@ import ( "io/ioutil" "log" "math/rand" - "net" "os" "os/exec" "os/user" @@ -32,7 +30,7 @@ import ( "time" "net/http" - _ "net/http/pprof" + _ "net/http/pprof" //nolint:gosec xs "blitter.com/go/xs" "blitter.com/go/xs/logger" @@ -241,7 +239,7 @@ func GetSize() (cols, rows int, err error) { return } -func buildCmdRemoteToLocal(copyQuiet bool, copyLimitBPS uint, destPath, files string) (captureStderr bool, cmd string, args []string) { +func buildCmdRemoteToLocal(copyQuiet bool, copyLimitBPS uint, destPath string) (captureStderr bool, cmd string, args []string) { // Detect if we have 'pv' // pipeview http://www.ivarch.com/programs/pv.shtml // and use it for nice client progress display. @@ -441,10 +439,9 @@ func doCopyMode(conn *xsnet.Conn, remoteDest bool, files string, copyQuiet bool, log.Println("remote filepath:", string(rec.Cmd()), "local files:", files) destPath := files - _, cmdName, cmdArgs := buildCmdRemoteToLocal(copyQuiet, copyLimitBPS, destPath, strings.TrimSpace(files)) + _, cmdName, cmdArgs := buildCmdRemoteToLocal(copyQuiet, copyLimitBPS, destPath) - var c *exec.Cmd - c = exec.Command(cmdName, cmdArgs...) // #nosec + c := exec.Command(cmdName, cmdArgs...) // #nosec c.Stdin = conn c.Stdout = os.Stdout c.Stderr = os.Stderr @@ -557,15 +554,15 @@ func doShellMode(isInteractive bool, conn *xsnet.Conn, oldState *xs.State, rec * } func usageShell() { - fmt.Fprintf(os.Stderr, "Usage of %s:\n", os.Args[0]) // nolint: errcheck - fmt.Fprintf(os.Stderr, "%s [opts] [user]@server\n", os.Args[0]) // nolint: errcheck + fmt.Fprintf(os.Stderr, "Usage of %s:\n", os.Args[0]) + fmt.Fprintf(os.Stderr, "%s [opts] [user]@server\n", os.Args[0]) flag.PrintDefaults() } func usageCp() { - fmt.Fprintf(os.Stderr, "Usage of %s:\n", os.Args[0]) // nolint: errcheck - fmt.Fprintf(os.Stderr, "%s [opts] srcFileOrDir [...] [user]@server[:dstpath]\n", os.Args[0]) // nolint: errcheck - fmt.Fprintf(os.Stderr, "%s [opts] [user]@server[:srcFileOrDir] dstPath\n", os.Args[0]) // nolint: errcheck + fmt.Fprintf(os.Stderr, "Usage of %s:\n", os.Args[0]) + fmt.Fprintf(os.Stderr, "%s [opts] srcFileOrDir [...] [user]@server[:dstpath]\n", os.Args[0]) + fmt.Fprintf(os.Stderr, "%s [opts] [user]@server[:srcFileOrDir] dstPath\n", os.Args[0]) flag.PrintDefaults() } @@ -581,18 +578,18 @@ func rejectUserMsg() string { // // Server responds with [CSOTunAck:rport] or [CSOTunRefused:rport] // (handled in xsnet.Read()) -func reqTunnel(hc *xsnet.Conn, lp uint16, p string /*net.Addr*/, rp uint16) { +func reqTunnel(hc *xsnet.Conn, lp uint16 /*, p string*/ /*net.Addr*/, rp uint16) { // Write request to server so it can attempt to set up its end var bTmp bytes.Buffer if e := binary.Write(&bTmp, binary.BigEndian, lp); e != nil { - fmt.Fprintln(os.Stderr, "reqTunnel:", e) // nolint: errcheck + fmt.Fprintln(os.Stderr, "reqTunnel:", e) } if e := binary.Write(&bTmp, binary.BigEndian, rp); e != nil { - fmt.Fprintln(os.Stderr, "reqTunnel:", e) // nolint: errcheck + fmt.Fprintln(os.Stderr, "reqTunnel:", e) } - _ = logger.LogDebug(fmt.Sprintln("[Client sending CSOTunSetup]")) // nolint: gosec + _ = logger.LogDebug(fmt.Sprintln("[Client sending CSOTunSetup]")) if n, e := hc.WritePacket(bTmp.Bytes(), xsnet.CSOTunSetup); e != nil || n != len(bTmp.Bytes()) { - fmt.Fprintln(os.Stderr, "reqTunnel:", e) // nolint: errcheck + fmt.Fprintln(os.Stderr, "reqTunnel:", e) } } @@ -632,7 +629,7 @@ func parseNonSwitchArgs(a []string) (user, host, path string, isDest bool, other } func launchTuns(conn *xsnet.Conn, remoteHost string, tuns string) { - remAddrs, _ := net.LookupHost(remoteHost) // nolint: gosec + /*remAddrs, _ := net.LookupHost(remoteHost)*/ if tuns == "" { return @@ -641,8 +638,8 @@ func launchTuns(conn *xsnet.Conn, remoteHost string, tuns string) { tunSpecs := strings.Split(tuns, ",") for _, tunItem := range tunSpecs { var lPort, rPort uint16 - _, _ = fmt.Sscanf(tunItem, "%d:%d", &lPort, &rPort) // nolint: gosec - reqTunnel(conn, lPort, remAddrs[0], rPort) + _, _ = fmt.Sscanf(tunItem, "%d:%d", &lPort, &rPort) + reqTunnel(conn, lPort /*remAddrs[0],*/, rPort) } } @@ -677,7 +674,7 @@ func sendSessionParams(conn io.Writer /* *xsnet.Conn*/, rec *xs.Session) (e erro } // TODO: reduce gocyclo -func main() { +func main() { //nolint: funlen, gocyclo var ( isInteractive bool vopt bool @@ -799,7 +796,7 @@ func main() { // Set defaults if user doesn't specify user, path or port var uname string if remoteUser == "" { - u, _ := user.Current() // nolint: gosec + u, _ := user.Current() uname = localUserName(u) } else { uname = remoteUser @@ -861,7 +858,7 @@ func main() { // either the shell session or copy operation. _ = shellMode - Log, _ = logger.New(logger.LOG_USER|logger.LOG_DEBUG|logger.LOG_NOTICE|logger.LOG_ERR, "xs") // nolint: errcheck,gosec + Log, _ = logger.New(logger.LOG_USER|logger.LOG_DEBUG|logger.LOG_NOTICE|logger.LOG_ERR, "xs") xsnet.Init(dbg, "xs", logger.LOG_USER|logger.LOG_DEBUG|logger.LOG_NOTICE|logger.LOG_ERR) if dbg { log.SetOutput(Log) @@ -873,15 +870,15 @@ func main() { if !gopt { // See if we can log in via an auth token - u, _ := user.Current() // nolint: gosec + u, _ := user.Current() ab, aerr := ioutil.ReadFile(fmt.Sprintf("%s/.xs_id", u.HomeDir)) if aerr == nil { for _, line := range strings.Split(string(ab), "\n") { line = line + "\n" - idx := strings.Index(string(line), remoteHost+":"+uname) + idx := strings.Index(line, remoteHost+":"+uname) if idx >= 0 { line = line[idx:] - entries := strings.SplitN(string(line), "\n", -1) + entries := strings.SplitN(line, "\n", -1) authCookie = strings.TrimSpace(entries[0]) // Security scrub line = "" @@ -891,7 +888,6 @@ func main() { if authCookie == "" { _, _ = fmt.Fprintln(os.Stderr, "[no authtoken, use -g to request one from server]") } - } else { log.Printf("[cannot read %s/.xs_id]\n", u.HomeDir) } @@ -915,7 +911,7 @@ func main() { // We must make the decision about interactivity before Dial() // as it affects chaffing behaviour. 20180805 if gopt { - fmt.Fprintln(os.Stderr, "[requesting authtoken from server]") // nolint: errcheck + fmt.Fprintln(os.Stderr, "[requesting authtoken from server]") op = []byte{'A'} chaffFreqMin = 2 chaffFreqMax = 10 @@ -969,7 +965,7 @@ func main() { // TODO: send flag to server side indicating this // affects shell command used var oldState *xs.State - defer conn.Close() // nolint: errcheck + defer conn.Close() //=== From this point on, conn is a secure encrypted channel @@ -1023,13 +1019,13 @@ func main() { if sendErr != nil { restoreTermState(oldState) rec.SetStatus(254) - fmt.Fprintln(os.Stderr, "Error: server rejected secure proposal params or login timed out") // nolint: errcheck + fmt.Fprintln(os.Stderr, "Error: server rejected secure proposal params or login timed out") exitWithStatus(int(rec.Status())) //log.Fatal(sendErr) } //Security scrub - authCookie = "" // nolint: ineffassign + authCookie = "" //nolint: ineffassign runtime.GC() //=== Login Auth @@ -1039,11 +1035,11 @@ func main() { _, err = conn.Read(authReply) if err != nil { //=== Exit if auth reply not received - fmt.Fprintln(os.Stderr, "Error reading auth reply") // nolint: errcheck + fmt.Fprintln(os.Stderr, "Error reading auth reply") rec.SetStatus(255) } else if authReply[0] == 0 { //=== .. or if auth failed - fmt.Fprintln(os.Stderr, rejectUserMsg()) // nolint: errcheck + fmt.Fprintln(os.Stderr, rejectUserMsg()) rec.SetStatus(255) } else { //=== Set up chaffing to server @@ -1065,11 +1061,11 @@ func main() { keepAliveWorker := func() { for { // Add a bit of jitter to keepAlive so it doesn't stand out quite as much - time.Sleep(time.Duration(2000-rand.Intn(200)) * time.Millisecond) + time.Sleep(time.Duration(2000-rand.Intn(200)) * time.Millisecond) //nolint:gosec // FIXME: keepAlives should probably have small random packet len/data as well // to further obscure them vs. interactive or tunnel data // keepAlives must be >=2 bytes, due to processing elsewhere - conn.WritePacket([]byte{0, 0}, xsnet.CSOTunKeepAlive) // nolint: errcheck,gosec + conn.WritePacket([]byte{0, 0}, xsnet.CSOTunKeepAlive) //nolint: errcheck } } go keepAliveWorker() @@ -1082,13 +1078,13 @@ func main() { doShellMode(isInteractive, &conn, oldState, rec) } else { //=== (.. or file copy) - s, _ := doCopyMode(&conn, pathIsDest, fileArgs, copyQuiet, copyLimitBPS, rec) // nolint: errcheck,gosec + s, _ := doCopyMode(&conn, pathIsDest, fileArgs, copyQuiet, copyLimitBPS, rec) rec.SetStatus(s) } if rec.Status() != 0 { restoreTermState(oldState) - fmt.Fprintln(os.Stderr, "Session exited with status:", rec.Status()) // nolint: errcheck + fmt.Fprintln(os.Stderr, "Session exited with status:", rec.Status()) } } @@ -1115,7 +1111,7 @@ func localUserName(u *user.User) string { } func restoreTermState(oldState *xs.State) { - _ = xs.Restore(os.Stdin.Fd(), oldState) // nolint: errcheck,gosec + _ = xs.Restore(os.Stdin.Fd(), oldState) } // exitWithStatus wraps os.Exit() plus does any required pprof housekeeping diff --git a/xsd.sysvrc b/xsd.sysvrc index 8e617c5..415c591 100755 --- a/xsd.sysvrc +++ b/xsd.sysvrc @@ -11,6 +11,10 @@ set -e +echo "SET XSD_OPTS in this script to define allow KEX, cipher and hmac algs" +#XSD_OPTS="-L -aK KEX_all -aC C_all -aH H_all" +exit 1 + # /etc/init.d/xsd: start and stop the eXperimental "secure" Shell Daemon test -x /usr/local/sbin/xsd || exit 0