Updated golangci-lint config; xsd.sysvrc init script updates

This commit is contained in:
Russ Magee 2022-09-20 20:57:08 -07:00
parent 9a0dd8270a
commit 5c826f7a5f
4 changed files with 153 additions and 325 deletions

View File

@ -1,327 +1,154 @@
# This file contains all available configuration options
# with their default values.
# options for analysis running
run:
# default concurrency is a available CPU number
concurrency: 4
# timeout for analysis, e.g. 30s, 5m, default is 1m
timeout: 1m
# exit code when at least one issue was found, default is 1
issues-exit-code: 1
# include test files or not, default is true
tests: true
# list of build tags, all linters use it. Default is empty list.
build-tags:
- mytag
# which dirs to skip: issues from them won't be reported;
# can use regexp here: generated.*, regexp is applied on full path;
# default value is empty list, but default dirs are skipped independently
# from this option's value (see skip-dirs-use-default).
skip-dirs:
- src/external_libs
- autogenerated_by_my_lib
# default is true. Enables skipping of directories:
# vendor$, third_party$, testdata$, examples$, Godeps$, builtin$
skip-dirs-use-default: true
# which files to skip: they will be analyzed, but issues from them
# won't be reported. Default value is empty list, but there is
# no need to include all autogenerated files, we confidently recognize
# autogenerated files. If it's not please let us know.
skip-files:
- ".*\\.my\\.go$"
- lib/bad.go
# by default isn't set. If set we pass it to "go list -mod={option}". From "go help modules":
# If invoked with -mod=readonly, the go command is disallowed from the implicit
# automatic updating of go.mod described above. Instead, it fails when any changes
# to go.mod are needed. This setting is most useful to check that go.mod does
# not need updates, such as in a continuous integration and testing system.
# If invoked with -mod=vendor, the go command assumes that the vendor
# directory holds the correct copies of dependencies and ignores
# the dependency descriptions in go.mod.
#! modules-download-mode: readonly|release|vendor
# output configuration options
output:
# colored-line-number|line-number|json|tab|checkstyle|code-climate, default is "colored-line-number"
format: colored-line-number
# print lines of code with issue, default is true
print-issued-lines: true
# print linter name in the end of issue text, default is true
print-linter-name: true
# make issues output unique by line, default is true
uniq-by-line: true
# all available settings of specific linters
linters-settings: linters-settings:
dogsled: depguard:
# checks assignments with too many blank identifiers; default is 2 list-type: blacklist
max-blank-identifiers: 2 packages:
# logging is allowed only by logutils.Log, logrus
# is allowed to use only in logutils package
- github.com/sirupsen/logrus
packages-with-error-message:
- github.com/sirupsen/logrus: "logging is allowed only by logutils.Log"
dupl: dupl:
# tokens count to trigger issue, 150 by default
threshold: 100 threshold: 100
errcheck:
# report about not checking of errors in type assetions: `a := b.(MyStruct)`;
# default is false: such cases aren't reported by default.
check-type-assertions: false
# report about assignment of errors to blank identifier: `num, _ := strconv.Atoi(numStr)`;
# default is false: such cases aren't reported by default.
check-blank: false
# [deprecated] comma-separated list of pairs of the form pkg:regex
# the regex is used to ignore names within pkg. (default "fmt:.*").
# see https://github.com/kisielk/errcheck#the-deprecated-method for details
ignore: fmt:.*,io/ioutil:^Read.*
# path to a file containing a list of functions to exclude from checking
# see https://github.com/kisielk/errcheck#excluding-functions for details
#!exclude: /path/to/file.txt
funlen: funlen:
lines: 60 lines: 125
statements: 40 statements: 50
gocognit: gci:
# minimal code complexity to report, 30 by default (but we recommend 10-20) local-prefixes: github.com/golangci/golangci-lint
min-complexity: 10
goconst: goconst:
# minimal length of string constant, 3 by default min-len: 2
min-len: 3 min-occurrences: 2
# minimal occurrences count to trigger, 3 by default
min-occurrences: 3
gocritic: gocritic:
# Which checks should be enabled; can't be combined with 'disabled-checks';
# See https://go-critic.github.io/overview#checks-overview
# To check which checks are enabled run `GL_DEBUG=gocritic golangci-lint run`
# By default list of stable checks is used.
enabled-checks:
#!- rangeValCopy
# Which checks should be disabled; can't be combined with 'enabled-checks'; default is empty
disabled-checks:
- regexpMust
# Enable multiple checks by tags, run `GL_DEBUG=gocritic golangci-lint run` to see all tags and checks.
# Empty list by default. See https://github.com/go-critic/go-critic#usage -> section "Tags".
enabled-tags: enabled-tags:
- diagnostic
- experimental
- opinionated
- performance - performance
- style
settings: # settings passed to gocritic disabled-checks:
captLocal: # must be valid enabled check name - commentFormatting
paramsOnly: true - dupImport # https://github.com/go-critic/go-critic/issues/845
rangeValCopy: - ifElseChain
sizeThreshold: 32 - octalLiteral
- whyNoLint
- wrapperFunc
gocyclo: gocyclo:
# minimal code complexity to report, 30 by default (but we recommend 10-20) min-complexity: 15
min-complexity: 10
godox:
# report any comments starting with keywords, this is useful for TODO or FIXME comments that
# might be left in the code accidentally and should be resolved before merging
keywords: # default keywords are TODO, BUG, and FIXME, these can be overwritten by this setting
- NOTE
- OPTIMIZE # marks code that should be optimized before merging
- HACK # marks hack-arounds that should be removed before merging
gofmt:
# simplify code: gofmt with `-s` option, true by default
simplify: true
goimports: goimports:
# put imports beginning with prefix after 3rd-party packages; local-prefixes: github.com/golangci/golangci-lint
# it's a comma-separated list of prefixes #golint:
local-prefixes: github.com/org/project # min-confidence: 0
golint:
# minimal confidence for issues, default is 0.8
min-confidence: 0.8
gomnd: gomnd:
settings: settings:
mnd: mnd:
# the list of enabled checks, see https://github.com/tommy-muehle/go-mnd/#checks for description. # don't include the "operation" and "assign"
checks: argument,case,condition,operation,return,assign checks: argument,case,condition,return
govet: govet:
# report about shadowed variables
check-shadowing: true check-shadowing: true
# settings per analyzer
settings: settings:
printf: # analyzer name, run `go tool vet help` to see all analyzers printf:
funcs: # run `go tool vet help printf` to see available settings for `printf` analyzer funcs:
- (github.com/golangci/golangci-lint/pkg/logutils.Log).Infof - (github.com/golangci/golangci-lint/pkg/logutils.Log).Infof
- (github.com/golangci/golangci-lint/pkg/logutils.Log).Warnf - (github.com/golangci/golangci-lint/pkg/logutils.Log).Warnf
- (github.com/golangci/golangci-lint/pkg/logutils.Log).Errorf - (github.com/golangci/golangci-lint/pkg/logutils.Log).Errorf
- (github.com/golangci/golangci-lint/pkg/logutils.Log).Fatalf - (github.com/golangci/golangci-lint/pkg/logutils.Log).Fatalf
# enable or disable analyzers by name
enable:
- atomicalign
enable-all: false
disable:
- shadow
disable-all: false
depguard:
list-type: blacklist
include-go-root: false
packages:
- github.com/sirupsen/logrus
packages-with-error-message:
# specify an error message to output when a blacklisted package is used
- github.com/sirupsen/logrus: "logging is allowed only by logutils.Log"
lll: lll:
# max line length, lines longer will be reported. Default is 120. line-length: 140
# '\t' is counted as 1 character by default, and can be changed with the tab-width option
line-length: 120
# tab width in spaces. Default to 1.
tab-width: 1
maligned: maligned:
# print struct with more effective memory layout or not, false by default
suggest-new: true suggest-new: true
misspell: misspell:
# Correct spellings using locale preferences for US or UK. locale: en_CA
# Default is to use a neutral variety of English. nolintlint:
# Setting locale to US will correct the British spelling of 'colour' to 'color'. allow-leading-space: true # don't require machine-readable nolint directives (i.e. with no leading space)
locale: US allow-unused: false # report any unused nolint directives
ignore-words: require-explanation: false # don't require an explanation for nolint directives
- someword require-specific: false # don't require nolint directives to be specific about which linter is being skipped
nakedret:
# make an issue if func has more lines of code than this setting and it has naked returns; default is 30
max-func-lines: 30
prealloc:
# XXX: we don't recommend using this linter before doing performance profiling.
# For most programs usage of prealloc will be a premature optimization.
# Report preallocation suggestions only on simple loops that have no returns/breaks/continues/gotos in them.
# True by default.
simple: true
range-loops: true # Report preallocation suggestions on range loops, true by default
for-loops: false # Report preallocation suggestions on for loops, false by default
rowserrcheck:
packages:
- github.com/jmoiron/sqlx
unparam:
# Inspect exported functions, default is false. Set to true if no external program/library imports your code.
# XXX: if you enable this setting, unparam will report a lot of false-positives in text editors:
# if it's called for subdir of a project it can't find external interfaces. All text editor integrations
# with golangci-lint call it on a directory with the changed file.
check-exported: false
unused:
# treat code as a program (not a library) and report unused exported identifiers; default is false.
# XXX: if you enable this setting, unused will report a lot of false-positives in text editors:
# if it's called for subdir of a project it can't find funcs usages. All text editor integrations
# with golangci-lint call it on a directory with the changed file.
check-exported: false
whitespace:
multi-if: false # Enforces newlines (or comments) after every multi-line if statement
multi-func: false # Enforces newlines (or comments) after every multi-line function signature
wsl:
# If true append is only allowed to be cuddled if appending value is
# matching variables, fields or types on line above. Default is true.
strict-append: true
# Allow calls and assignments to be cuddled as long as the lines have any
# matching variables, fields or types. Default is true.
allow-assign-and-call: true
# Allow multiline assignments to be cuddled. Default is true.
allow-multiline-assign: true
# Allow declarations (var) to be cuddled.
allow-cuddle-declarations: false
# Allow trailing comments in ending of blocks
allow-trailing-comment: false
# Force newlines in end of case at this limit (0 = never).
force-case-trailing-whitespace: 0
# The custom section can be used to define linter plugins to be loaded at runtime. See README doc
# for more info.
custom:
# Each custom linter should have a unique name.
#! example:
#! # The path to the plugin *.so. Can be absolute or local. Required for each custom linter
#! path: /path/to/example.so
#! # The description of the linter. Optional, just for documentation purposes.
#! description: This is an example usage of a plugin linter.
#! # Intended to point to the repo location of the linter. Optional, just for documentation purposes.
#! original-url: github.com/golangci/example-linter
linters: linters:
# please, do not use `enable-all`: it's deprecated and will be removed soon.
# inverted configuration with `enable-all` and `disable` is not scalable during updates of golangci-lint
disable-all: true
enable: enable:
- megacheck - bodyclose
#- deadcode
- depguard
- dogsled
- dupl
- errcheck
- exhaustive
- funlen
- gochecknoinits
- goconst
- gocritic
- gocyclo
- gofmt
- goimports
#- golint
- gomnd
- goprintffuncname
- gosec
- gosimple
- govet - govet
disable: - ineffassign
- maligned #- interfacer
- prealloc - lll
disable-all: false - misspell
presets: #- nakedret
- bugs - noctx
- nolintlint
- rowserrcheck
#- scopelint
- staticcheck
#- structcheck
- stylecheck
- typecheck
- unconvert
- unparam
- unused - unused
fast: false #- varcheck
- whitespace
# don't enable:
# - asciicheck
# - gochecknoglobals
# - gocognit
# - godot
# - godox
# - goerr113
# - maligned
# - nestif
# - prealloc
# - testpackage
# - wsl
issues: issues:
# List of regexps of issue texts to exclude, empty list by default.
# But independently from this option we use default exclude patterns,
# it can be disabled by `exclude-use-default: false`. To list all
# excluded by default patterns execute `golangci-lint run --help`
exclude:
- abcdef
# Excluding configuration per-path, per-linter, per-text and per-source # Excluding configuration per-path, per-linter, per-text and per-source
exclude-rules: exclude-rules:
# Exclude some linters from running on tests files.
- path: _test\.go - path: _test\.go
linters: linters:
- gocyclo - gomnd
- errcheck
- dupl
- gosec
# Exclude known linters from partially hard-vendored code, # https://github.com/go-critic/go-critic/issues/926
# which is impossible to exclude via "nolint" comments.
- path: internal/hmac/
text: "weak cryptographic primitive"
linters:
- gosec
# Exclude some staticcheck messages
- linters: - linters:
- staticcheck - gocritic
text: "SA9003:" text: "unnecessaryDefer:"
# Exclude lll issues for long lines with go:generate # TODO temporary rule, must be removed
- linters: # seems related to v0.34.1, but I was not able to reproduce locally,
- lll # I was also not able to reproduce in the CI of a fork,
source: "^//go:generate " # only the golangci-lint CI seems to be affected by this invalid analysis.
- path: pkg/golinters/scopelint.go
text: 'directive `//nolint:interfacer` is unused for linter interfacer'
# Independently from option `exclude` we use default exclude patterns, run:
# it can be disabled by this option. To list all skip-dirs:
# excluded by default patterns execute `golangci-lint run --help`. - test/testdata_etc
# Default value for this option is true. - internal/cache
exclude-use-default: false - internal/renameio
- internal/robustio
# Maximum issues count per one linter. Set to 0 to disable. Default is 50. # golangci.com configuration
max-issues-per-linter: 0 # https://github.com/golangci/golangci/wiki/Configuration
service:
# Maximum count of issues with the same text. Set to 0 to disable. Default is 3. golangci-lint-version: 1.23.x # use the fixed version to not introduce new linters unexpectedly
max-same-issues: 0 prepare:
- echo "here I can run custom commands, but no preparation needed for this repo"
# Show only new issues: if there are unstaged changes or untracked files,
# only those changes are analyzed, else only changes in HEAD~ are analyzed.
# It's a super-useful option for integration of golangci-lint into existing
# large codebase. It's not practical to fix all existing issues at the moment
# of integration: much better don't allow issues in new code.
# Default is false.
new: false
# Show only new issues created after git revision `REV`
#!new-from-rev: REV
#new-from-rev: HEAD^
# Show only new issues created in git patch with set file path.
#!new-from-patch: path/to/patch/file

View File

@ -1,3 +1,4 @@
//go:build linux || freebsd
// +build linux freebsd // +build linux freebsd
package main package main
@ -30,7 +31,7 @@ func handleTermResizes(conn *xsnet.Conn) {
log.Println(err) log.Println(err)
} }
termSzPacket := fmt.Sprintf("%d %d", rows, cols) termSzPacket := fmt.Sprintf("%d %d", rows, cols)
conn.WritePacket([]byte(termSzPacket), xsnet.CSOTermSize) // nolint: errcheck,gosec conn.WritePacket([]byte(termSzPacket), xsnet.CSOTermSize)
} }
}() }()
ch <- syscall.SIGWINCH // Initial resize. ch <- syscall.SIGWINCH // Initial resize.

View File

@ -1,5 +1,4 @@
// xs client // xs client
// //
// Copyright (c) 2017-2020 Russell Magee // Copyright (c) 2017-2020 Russell Magee
// Licensed under the terms of the MIT license (see LICENSE.mit in this // Licensed under the terms of the MIT license (see LICENSE.mit in this
@ -18,7 +17,6 @@ import (
"io/ioutil" "io/ioutil"
"log" "log"
"math/rand" "math/rand"
"net"
"os" "os"
"os/exec" "os/exec"
"os/user" "os/user"
@ -32,7 +30,7 @@ import (
"time" "time"
"net/http" "net/http"
_ "net/http/pprof" _ "net/http/pprof" //nolint:gosec
xs "blitter.com/go/xs" xs "blitter.com/go/xs"
"blitter.com/go/xs/logger" "blitter.com/go/xs/logger"
@ -241,7 +239,7 @@ func GetSize() (cols, rows int, err error) {
return return
} }
func buildCmdRemoteToLocal(copyQuiet bool, copyLimitBPS uint, destPath, files string) (captureStderr bool, cmd string, args []string) { func buildCmdRemoteToLocal(copyQuiet bool, copyLimitBPS uint, destPath string) (captureStderr bool, cmd string, args []string) {
// Detect if we have 'pv' // Detect if we have 'pv'
// pipeview http://www.ivarch.com/programs/pv.shtml // pipeview http://www.ivarch.com/programs/pv.shtml
// and use it for nice client progress display. // and use it for nice client progress display.
@ -441,10 +439,9 @@ func doCopyMode(conn *xsnet.Conn, remoteDest bool, files string, copyQuiet bool,
log.Println("remote filepath:", string(rec.Cmd()), "local files:", files) log.Println("remote filepath:", string(rec.Cmd()), "local files:", files)
destPath := files destPath := files
_, cmdName, cmdArgs := buildCmdRemoteToLocal(copyQuiet, copyLimitBPS, destPath, strings.TrimSpace(files)) _, cmdName, cmdArgs := buildCmdRemoteToLocal(copyQuiet, copyLimitBPS, destPath)
var c *exec.Cmd c := exec.Command(cmdName, cmdArgs...) // #nosec
c = exec.Command(cmdName, cmdArgs...) // #nosec
c.Stdin = conn c.Stdin = conn
c.Stdout = os.Stdout c.Stdout = os.Stdout
c.Stderr = os.Stderr c.Stderr = os.Stderr
@ -557,15 +554,15 @@ func doShellMode(isInteractive bool, conn *xsnet.Conn, oldState *xs.State, rec *
} }
func usageShell() { func usageShell() {
fmt.Fprintf(os.Stderr, "Usage of %s:\n", os.Args[0]) // nolint: errcheck fmt.Fprintf(os.Stderr, "Usage of %s:\n", os.Args[0])
fmt.Fprintf(os.Stderr, "%s [opts] [user]@server\n", os.Args[0]) // nolint: errcheck fmt.Fprintf(os.Stderr, "%s [opts] [user]@server\n", os.Args[0])
flag.PrintDefaults() flag.PrintDefaults()
} }
func usageCp() { func usageCp() {
fmt.Fprintf(os.Stderr, "Usage of %s:\n", os.Args[0]) // nolint: errcheck fmt.Fprintf(os.Stderr, "Usage of %s:\n", os.Args[0])
fmt.Fprintf(os.Stderr, "%s [opts] srcFileOrDir [...] [user]@server[:dstpath]\n", os.Args[0]) // nolint: errcheck fmt.Fprintf(os.Stderr, "%s [opts] srcFileOrDir [...] [user]@server[:dstpath]\n", os.Args[0])
fmt.Fprintf(os.Stderr, "%s [opts] [user]@server[:srcFileOrDir] dstPath\n", os.Args[0]) // nolint: errcheck fmt.Fprintf(os.Stderr, "%s [opts] [user]@server[:srcFileOrDir] dstPath\n", os.Args[0])
flag.PrintDefaults() flag.PrintDefaults()
} }
@ -581,18 +578,18 @@ func rejectUserMsg() string {
// //
// Server responds with [CSOTunAck:rport] or [CSOTunRefused:rport] // Server responds with [CSOTunAck:rport] or [CSOTunRefused:rport]
// (handled in xsnet.Read()) // (handled in xsnet.Read())
func reqTunnel(hc *xsnet.Conn, lp uint16, p string /*net.Addr*/, rp uint16) { func reqTunnel(hc *xsnet.Conn, lp uint16 /*, p string*/ /*net.Addr*/, rp uint16) {
// Write request to server so it can attempt to set up its end // Write request to server so it can attempt to set up its end
var bTmp bytes.Buffer var bTmp bytes.Buffer
if e := binary.Write(&bTmp, binary.BigEndian, lp); e != nil { if e := binary.Write(&bTmp, binary.BigEndian, lp); e != nil {
fmt.Fprintln(os.Stderr, "reqTunnel:", e) // nolint: errcheck fmt.Fprintln(os.Stderr, "reqTunnel:", e)
} }
if e := binary.Write(&bTmp, binary.BigEndian, rp); e != nil { if e := binary.Write(&bTmp, binary.BigEndian, rp); e != nil {
fmt.Fprintln(os.Stderr, "reqTunnel:", e) // nolint: errcheck fmt.Fprintln(os.Stderr, "reqTunnel:", e)
} }
_ = logger.LogDebug(fmt.Sprintln("[Client sending CSOTunSetup]")) // nolint: gosec _ = logger.LogDebug(fmt.Sprintln("[Client sending CSOTunSetup]"))
if n, e := hc.WritePacket(bTmp.Bytes(), xsnet.CSOTunSetup); e != nil || n != len(bTmp.Bytes()) { if n, e := hc.WritePacket(bTmp.Bytes(), xsnet.CSOTunSetup); e != nil || n != len(bTmp.Bytes()) {
fmt.Fprintln(os.Stderr, "reqTunnel:", e) // nolint: errcheck fmt.Fprintln(os.Stderr, "reqTunnel:", e)
} }
} }
@ -632,7 +629,7 @@ func parseNonSwitchArgs(a []string) (user, host, path string, isDest bool, other
} }
func launchTuns(conn *xsnet.Conn, remoteHost string, tuns string) { func launchTuns(conn *xsnet.Conn, remoteHost string, tuns string) {
remAddrs, _ := net.LookupHost(remoteHost) // nolint: gosec /*remAddrs, _ := net.LookupHost(remoteHost)*/
if tuns == "" { if tuns == "" {
return return
@ -641,8 +638,8 @@ func launchTuns(conn *xsnet.Conn, remoteHost string, tuns string) {
tunSpecs := strings.Split(tuns, ",") tunSpecs := strings.Split(tuns, ",")
for _, tunItem := range tunSpecs { for _, tunItem := range tunSpecs {
var lPort, rPort uint16 var lPort, rPort uint16
_, _ = fmt.Sscanf(tunItem, "%d:%d", &lPort, &rPort) // nolint: gosec _, _ = fmt.Sscanf(tunItem, "%d:%d", &lPort, &rPort)
reqTunnel(conn, lPort, remAddrs[0], rPort) reqTunnel(conn, lPort /*remAddrs[0],*/, rPort)
} }
} }
@ -677,7 +674,7 @@ func sendSessionParams(conn io.Writer /* *xsnet.Conn*/, rec *xs.Session) (e erro
} }
// TODO: reduce gocyclo // TODO: reduce gocyclo
func main() { func main() { //nolint: funlen, gocyclo
var ( var (
isInteractive bool isInteractive bool
vopt bool vopt bool
@ -799,7 +796,7 @@ func main() {
// Set defaults if user doesn't specify user, path or port // Set defaults if user doesn't specify user, path or port
var uname string var uname string
if remoteUser == "" { if remoteUser == "" {
u, _ := user.Current() // nolint: gosec u, _ := user.Current()
uname = localUserName(u) uname = localUserName(u)
} else { } else {
uname = remoteUser uname = remoteUser
@ -861,7 +858,7 @@ func main() {
// either the shell session or copy operation. // either the shell session or copy operation.
_ = shellMode _ = shellMode
Log, _ = logger.New(logger.LOG_USER|logger.LOG_DEBUG|logger.LOG_NOTICE|logger.LOG_ERR, "xs") // nolint: errcheck,gosec Log, _ = logger.New(logger.LOG_USER|logger.LOG_DEBUG|logger.LOG_NOTICE|logger.LOG_ERR, "xs")
xsnet.Init(dbg, "xs", logger.LOG_USER|logger.LOG_DEBUG|logger.LOG_NOTICE|logger.LOG_ERR) xsnet.Init(dbg, "xs", logger.LOG_USER|logger.LOG_DEBUG|logger.LOG_NOTICE|logger.LOG_ERR)
if dbg { if dbg {
log.SetOutput(Log) log.SetOutput(Log)
@ -873,15 +870,15 @@ func main() {
if !gopt { if !gopt {
// See if we can log in via an auth token // See if we can log in via an auth token
u, _ := user.Current() // nolint: gosec u, _ := user.Current()
ab, aerr := ioutil.ReadFile(fmt.Sprintf("%s/.xs_id", u.HomeDir)) ab, aerr := ioutil.ReadFile(fmt.Sprintf("%s/.xs_id", u.HomeDir))
if aerr == nil { if aerr == nil {
for _, line := range strings.Split(string(ab), "\n") { for _, line := range strings.Split(string(ab), "\n") {
line = line + "\n" line = line + "\n"
idx := strings.Index(string(line), remoteHost+":"+uname) idx := strings.Index(line, remoteHost+":"+uname)
if idx >= 0 { if idx >= 0 {
line = line[idx:] line = line[idx:]
entries := strings.SplitN(string(line), "\n", -1) entries := strings.SplitN(line, "\n", -1)
authCookie = strings.TrimSpace(entries[0]) authCookie = strings.TrimSpace(entries[0])
// Security scrub // Security scrub
line = "" line = ""
@ -891,7 +888,6 @@ func main() {
if authCookie == "" { if authCookie == "" {
_, _ = fmt.Fprintln(os.Stderr, "[no authtoken, use -g to request one from server]") _, _ = fmt.Fprintln(os.Stderr, "[no authtoken, use -g to request one from server]")
} }
} else { } else {
log.Printf("[cannot read %s/.xs_id]\n", u.HomeDir) log.Printf("[cannot read %s/.xs_id]\n", u.HomeDir)
} }
@ -915,7 +911,7 @@ func main() {
// We must make the decision about interactivity before Dial() // We must make the decision about interactivity before Dial()
// as it affects chaffing behaviour. 20180805 // as it affects chaffing behaviour. 20180805
if gopt { if gopt {
fmt.Fprintln(os.Stderr, "[requesting authtoken from server]") // nolint: errcheck fmt.Fprintln(os.Stderr, "[requesting authtoken from server]")
op = []byte{'A'} op = []byte{'A'}
chaffFreqMin = 2 chaffFreqMin = 2
chaffFreqMax = 10 chaffFreqMax = 10
@ -969,7 +965,7 @@ func main() {
// TODO: send flag to server side indicating this // TODO: send flag to server side indicating this
// affects shell command used // affects shell command used
var oldState *xs.State var oldState *xs.State
defer conn.Close() // nolint: errcheck defer conn.Close()
//=== From this point on, conn is a secure encrypted channel //=== From this point on, conn is a secure encrypted channel
@ -1023,13 +1019,13 @@ func main() {
if sendErr != nil { if sendErr != nil {
restoreTermState(oldState) restoreTermState(oldState)
rec.SetStatus(254) rec.SetStatus(254)
fmt.Fprintln(os.Stderr, "Error: server rejected secure proposal params or login timed out") // nolint: errcheck fmt.Fprintln(os.Stderr, "Error: server rejected secure proposal params or login timed out")
exitWithStatus(int(rec.Status())) exitWithStatus(int(rec.Status()))
//log.Fatal(sendErr) //log.Fatal(sendErr)
} }
//Security scrub //Security scrub
authCookie = "" // nolint: ineffassign authCookie = "" //nolint: ineffassign
runtime.GC() runtime.GC()
//=== Login Auth //=== Login Auth
@ -1039,11 +1035,11 @@ func main() {
_, err = conn.Read(authReply) _, err = conn.Read(authReply)
if err != nil { if err != nil {
//=== Exit if auth reply not received //=== Exit if auth reply not received
fmt.Fprintln(os.Stderr, "Error reading auth reply") // nolint: errcheck fmt.Fprintln(os.Stderr, "Error reading auth reply")
rec.SetStatus(255) rec.SetStatus(255)
} else if authReply[0] == 0 { } else if authReply[0] == 0 {
//=== .. or if auth failed //=== .. or if auth failed
fmt.Fprintln(os.Stderr, rejectUserMsg()) // nolint: errcheck fmt.Fprintln(os.Stderr, rejectUserMsg())
rec.SetStatus(255) rec.SetStatus(255)
} else { } else {
//=== Set up chaffing to server //=== Set up chaffing to server
@ -1065,11 +1061,11 @@ func main() {
keepAliveWorker := func() { keepAliveWorker := func() {
for { for {
// Add a bit of jitter to keepAlive so it doesn't stand out quite as much // Add a bit of jitter to keepAlive so it doesn't stand out quite as much
time.Sleep(time.Duration(2000-rand.Intn(200)) * time.Millisecond) time.Sleep(time.Duration(2000-rand.Intn(200)) * time.Millisecond) //nolint:gosec
// FIXME: keepAlives should probably have small random packet len/data as well // FIXME: keepAlives should probably have small random packet len/data as well
// to further obscure them vs. interactive or tunnel data // to further obscure them vs. interactive or tunnel data
// keepAlives must be >=2 bytes, due to processing elsewhere // keepAlives must be >=2 bytes, due to processing elsewhere
conn.WritePacket([]byte{0, 0}, xsnet.CSOTunKeepAlive) // nolint: errcheck,gosec conn.WritePacket([]byte{0, 0}, xsnet.CSOTunKeepAlive) //nolint: errcheck
} }
} }
go keepAliveWorker() go keepAliveWorker()
@ -1082,13 +1078,13 @@ func main() {
doShellMode(isInteractive, &conn, oldState, rec) doShellMode(isInteractive, &conn, oldState, rec)
} else { } else {
//=== (.. or file copy) //=== (.. or file copy)
s, _ := doCopyMode(&conn, pathIsDest, fileArgs, copyQuiet, copyLimitBPS, rec) // nolint: errcheck,gosec s, _ := doCopyMode(&conn, pathIsDest, fileArgs, copyQuiet, copyLimitBPS, rec)
rec.SetStatus(s) rec.SetStatus(s)
} }
if rec.Status() != 0 { if rec.Status() != 0 {
restoreTermState(oldState) restoreTermState(oldState)
fmt.Fprintln(os.Stderr, "Session exited with status:", rec.Status()) // nolint: errcheck fmt.Fprintln(os.Stderr, "Session exited with status:", rec.Status())
} }
} }
@ -1115,7 +1111,7 @@ func localUserName(u *user.User) string {
} }
func restoreTermState(oldState *xs.State) { func restoreTermState(oldState *xs.State) {
_ = xs.Restore(os.Stdin.Fd(), oldState) // nolint: errcheck,gosec _ = xs.Restore(os.Stdin.Fd(), oldState)
} }
// exitWithStatus wraps os.Exit() plus does any required pprof housekeeping // exitWithStatus wraps os.Exit() plus does any required pprof housekeeping

View File

@ -11,6 +11,10 @@
set -e set -e
echo "SET XSD_OPTS in this script to define allow KEX, cipher and hmac algs"
#XSD_OPTS="-L -aK KEX_all -aC C_all -aH H_all"
exit 1
# /etc/init.d/xsd: start and stop the eXperimental "secure" Shell Daemon # /etc/init.d/xsd: start and stop the eXperimental "secure" Shell Daemon
test -x /usr/local/sbin/xsd || exit 0 test -x /usr/local/sbin/xsd || exit 0