chore: update linter (#1524)

.github/workflows/main.yml

@@ -15,7 +15,7 @@ jobs:
     runs-on: ubuntu-latest
     env:
       GO_VERSION: 1.17
-      GOLANGCI_LINT_VERSION: v1.42.0
+      GOLANGCI_LINT_VERSION: v1.43.0
       HUGO_VERSION: 0.54.0
       SEIHON_VERSION: v0.8.3
       CGO_ENABLED: 0

.golangci.toml

@@ -41,6 +41,9 @@
       "octalLiteral",
       "ptrToRefParam",
       "appendAssign",
+      "ruleguard",
+      "httpNoBody",
+      "exposedSyncMutex",
     ]
 
 [linters]
@@ -70,6 +73,11 @@
     "makezero", # not relevant
     "ifshort", # not relevant
     "forbidigo", # not relevant
+    "varnamelen", # not relevant
+    "nilnil", # not relevant
+    "ireturn", # not relevant
+    "contextcheck", # too many false-positive
+    "tenv", # we already have a test "framework" to handle env vars
     "noctx",
     "forcetypeassert",
     "tagliatelle",

acme/api/certificate_test.go

@@ -81,6 +81,7 @@ func TestCertificateService_Get_issuerRelUp(t *testing.T) {
 		_, err := w.Write([]byte(certResponseMock))
 		if err != nil {
 			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
 		}
 	})
 
@@ -89,6 +90,7 @@ func TestCertificateService_Get_issuerRelUp(t *testing.T) {
 		_, err := w.Write(p.Bytes)
 		if err != nil {
 			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
 		}
 	})
 
@@ -111,6 +113,7 @@ func TestCertificateService_Get_embeddedIssuer(t *testing.T) {
 		_, err := w.Write([]byte(certResponseMock))
 		if err != nil {
 			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
 		}
 	})
 

acme/api/order_test.go

@@ -31,6 +31,7 @@ func TestOrderService_New(t *testing.T) {
 		body, err := readSignedBody(r, privateKey)
 		if err != nil {
 			http.Error(w, err.Error(), http.StatusBadRequest)
+			return
 		}
 
 		order := acme.Order{}

certificate/certificates_test.go

@@ -160,6 +160,7 @@ func Test_checkResponse(t *testing.T) {
 		_, err := w.Write([]byte(certResponseMock))
 		if err != nil {
 			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
 		}
 	})
 
@@ -201,6 +202,7 @@ func Test_checkResponse_issuerRelUp(t *testing.T) {
 		_, err := w.Write([]byte(certResponseMock))
 		if err != nil {
 			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
 		}
 	})
 
@@ -209,6 +211,7 @@ func Test_checkResponse_issuerRelUp(t *testing.T) {
 		_, err := w.Write(p.Bytes)
 		if err != nil {
 			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
 		}
 	})
 
@@ -249,6 +252,7 @@ func Test_checkResponse_embeddedIssuer(t *testing.T) {
 		_, err := w.Write([]byte(certResponseMock))
 		if err != nil {
 			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
 		}
 	})
 
@@ -291,13 +295,15 @@ func Test_checkResponse_alternate(t *testing.T) {
 		_, err := w.Write([]byte(certResponseMock))
 		if err != nil {
 			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
 		}
 	})
 
 	mux.HandleFunc("/certificate/1", func(w http.ResponseWriter, _ *http.Request) {
 		_, err := w.Write([]byte(certResponseMock2))
 		if err != nil {
 			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
 		}
 	})
 
@@ -341,6 +347,7 @@ func Test_Get(t *testing.T) {
 		_, err := w.Write([]byte(certResponseMock))
 		if err != nil {
 			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
 		}
 	})
 

challenge/dns01/dns_challenge_manual.go

@@ -8,7 +8,7 @@ import (
 )
 
 const (
-	dnsTemplate = `%s %d IN TXT "%s"`
+	dnsTemplate = `%s %d IN TXT %q`
 )
 
 // DNSProviderManual is an implementation of the ChallengeProvider interface.

challenge/dns01/dns_challenge_manual_test.go

@@ -36,7 +36,7 @@ func TestDNSProviderManual(t *testing.T) {
 			assert.NoError(t, err)
 			defer func() { _ = os.Remove(file.Name()) }()
 
-			_, err = io.WriteString(file, test.input)
+			_, err = file.WriteString(test.input)
 			assert.NoError(t, err)
 
 			_, err = file.Seek(0, io.SeekStart)

internal/dnsdocs/generator.go

@@ -125,7 +125,7 @@ func generateDocumentation(m Model) error {
 }
 
 func generateCLIHelp(models *Providers) error {
-	filename := filepath.Join(cliOutput)
+	filename := filepath.Clean(cliOutput)
 
 	file, err := os.Create(filename)
 	if err != nil {

providers/dns/azure/azure_test.go

@@ -118,6 +118,7 @@ func TestNewDNSProviderConfig(t *testing.T) {
 				_, err := w.Write([]byte("foo"))
 				if err != nil {
 					http.Error(w, err.Error(), http.StatusInternalServerError)
+					return
 				}
 			},
 		},

providers/dns/constellix/constellix.go

@@ -193,7 +193,7 @@ func (d *DNSProvider) createRecord(dom internal.Domain, fqdn, recordName, value
 		Name: recordName,
 		TTL:  d.config.TTL,
 		RoundRobin: []internal.RecordValue{
-			{Value: fmt.Sprintf(`"%s"`, value)},
+			{Value: fmt.Sprintf(`%q`, value)},
 		},
 	}
 
@@ -218,7 +218,7 @@ func (d *DNSProvider) appendRecordValue(dom internal.Domain, recordID int64, val
 	request := internal.RecordRequest{
 		Name:       record.Name,
 		TTL:        record.TTL,
-		RoundRobin: append(record.RoundRobin, internal.RecordValue{Value: fmt.Sprintf(`"%s"`, value)}),
+		RoundRobin: append(record.RoundRobin, internal.RecordValue{Value: fmt.Sprintf(`%q`, value)}),
 	}
 
 	_, err = d.client.TxtRecords.Update(dom.ID, record.ID, request)
@@ -236,7 +236,7 @@ func (d *DNSProvider) removeRecordValue(dom internal.Domain, record *internal.Re
 	}
 
 	for _, val := range record.Value {
-		if val.Value != fmt.Sprintf(`"%s"`, value) {
+		if val.Value != fmt.Sprintf(`%q`, value) {
 			request.RoundRobin = append(request.RoundRobin, val)
 		}
 	}
@@ -255,7 +255,7 @@ func containsValue(record *internal.Record, value string) bool {
 	}
 
 	for _, val := range record.Value {
-		if val.Value == fmt.Sprintf(`"%s"`, value) {
+		if val.Value == fmt.Sprintf(`%q`, value) {
 			return true
 		}
 	}

providers/dns/desec/desec.go

@@ -102,7 +102,7 @@ func (d *DNSProvider) Timeout() (timeout, interval time.Duration) {
 func (d *DNSProvider) Present(domain, token, keyAuth string) error {
 	ctx := context.Background()
 	fqdn, value := dns01.GetRecord(domain, keyAuth)
-	quotedValue := fmt.Sprintf(`"%s"`, value)
+	quotedValue := fmt.Sprintf(`%q`, value)
 
 	authZone, err := dns01.FindZoneByFqdn(fqdn)
 	if err != nil {
@@ -167,7 +167,7 @@ func (d *DNSProvider) CleanUp(domain, token, keyAuth string) error {
 
 	records := make([]string, 0)
 	for _, record := range rrSet.Records {
-		if record != fmt.Sprintf(`"%s"`, value) {
+		if record != fmt.Sprintf(`%q`, value) {
 			records = append(records, record)
 		}
 	}

providers/dns/digitalocean/digitalocean_test.go

@@ -121,6 +121,7 @@ func TestDNSProvider_Present(t *testing.T) {
 		reqBody, err := io.ReadAll(r.Body)
 		if err != nil {
 			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
 		}
 
 		expectedReqBody := `{"type":"TXT","name":"_acme-challenge.example.com.","data":"w6uP8Tcg6K2QR905Rms8iXTlksL6OD1KOWBxTK7wxPI","ttl":30}`
@@ -140,6 +141,7 @@ func TestDNSProvider_Present(t *testing.T) {
 		}`)
 		if err != nil {
 			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
 		}
 	})
 

providers/dns/dnspod/dnspod.go

@@ -153,7 +153,7 @@ func (d *DNSProvider) getHostedZone(domain string) (string, string, error) {
 		return "", "", fmt.Errorf("zone %s not found in dnspod for domain %s", authZone, domain)
 	}
 
-	return fmt.Sprintf("%v", hostedZone.ID), hostedZone.Name, nil
+	return hostedZone.ID.String(), hostedZone.Name, nil
 }
 
 func (d *DNSProvider) newTxtRecord(zone, fqdn, value string, ttl int) *dnspod.Record {

providers/dns/domeneshop/internal/client_test.go

@@ -36,6 +36,7 @@ func TestClient_CreateTXTRecord(t *testing.T) {
 		auth := req.Header.Get("Authorization")
 		if auth != "Basic dG9rZW46c2VjcmV0" {
 			http.Error(rw, "invalid method: "+req.Method, http.StatusUnauthorized)
+			return
 		}
 
 		_, _ = rw.Write([]byte(`{"id": 1}`))
@@ -57,6 +58,7 @@ func TestClient_DeleteTXTRecord(t *testing.T) {
 		auth := req.Header.Get("Authorization")
 		if auth != "Basic dG9rZW46c2VjcmV0" {
 			http.Error(rw, "invalid method: "+req.Method, http.StatusUnauthorized)
+			return
 		}
 
 		_, _ = rw.Write([]byte(`[
@@ -79,6 +81,7 @@ func TestClient_DeleteTXTRecord(t *testing.T) {
 		auth := req.Header.Get("Authorization")
 		if auth != "Basic dG9rZW46c2VjcmV0" {
 			http.Error(rw, "invalid method: "+req.Method, http.StatusUnauthorized)
+			return
 		}
 	})
 
@@ -98,6 +101,7 @@ func TestClient_getDNSRecordByHostData(t *testing.T) {
 		auth := req.Header.Get("Authorization")
 		if auth != "Basic dG9rZW46c2VjcmV0" {
 			http.Error(rw, "invalid method: "+req.Method, http.StatusUnauthorized)
+			return
 		}
 
 		_, _ = rw.Write([]byte(`[
@@ -137,6 +141,7 @@ func TestClient_GetDomainByName(t *testing.T) {
 		auth := req.Header.Get("Authorization")
 		if auth != "Basic dG9rZW46c2VjcmV0" {
 			http.Error(rw, "invalid method: "+req.Method, http.StatusUnauthorized)
+			return
 		}
 
 		_, _ = rw.Write([]byte(`[

providers/dns/dreamhost/dreamhost_test.go

@@ -131,6 +131,7 @@ func TestDNSProvider_Present(t *testing.T) {
 		_, err := fmt.Fprintf(w, `{"data":"record_added","result":"success"}`)
 		if err != nil {
 			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
 		}
 	})
 
@@ -147,6 +148,7 @@ func TestDNSProvider_PresentFailed(t *testing.T) {
 		_, err := fmt.Fprintf(w, `{"data":"record_already_exists_remove_first","result":"error"}`)
 		if err != nil {
 			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
 		}
 	})
 
@@ -171,6 +173,7 @@ func TestDNSProvider_Cleanup(t *testing.T) {
 		_, err := fmt.Fprintf(w, `{"data":"record_removed","result":"success"}`)
 		if err != nil {
 			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
 		}
 	})
 

providers/dns/easydns/easydns_test.go

@@ -154,6 +154,7 @@ func TestDNSProvider_Present(t *testing.T) {
 		reqBody, err := io.ReadAll(r.Body)
 		if err != nil {
 			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
 		}
 
 		expectedReqBody := `{"domain":"example.com","host":"_acme-challenge","ttl":"120","prio":"0","type":"TXT","rdata":"pW9ZKG0xz_PCriK-nCMOjADy9eJcgGWIzkkj2fN4uZM"}
@@ -178,6 +179,7 @@ func TestDNSProvider_Present(t *testing.T) {
 		}`)
 		if err != nil {
 			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
 		}
 	})
 
@@ -212,6 +214,7 @@ func TestDNSProvider_Cleanup_WhenRecordIdSet_DeletesTxtRecord(t *testing.T) {
 		}`)
 		if err != nil {
 			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
 		}
 	})
 
@@ -238,6 +241,7 @@ func TestDNSProvider_Cleanup_WhenHttpError_ReturnsError(t *testing.T) {
 		_, err := fmt.Fprint(w, errorMessage)
 		if err != nil {
 			http.Error(w, err.Error(), http.StatusInternalServerError)
+			return
 		}
 	})
 

providers/dns/gcore/internal/client_test.go

@@ -251,6 +251,7 @@ func handleAddRRSet(expected []Records) http.HandlerFunc {
 
 		if !reflect.DeepEqual(body.Records, expected) {
 			http.Error(rw, "wrong resource records", http.StatusInternalServerError)
+			return
 		}
 	}
 }

providers/dns/hostingde/hostingde.go

@@ -134,7 +134,7 @@ func (d *DNSProvider) Present(domain, token, keyAuth string) error {
 	}
 
 	for _, record := range resp.Response.Records {
-		if record.Name == dns01.UnFqdn(fqdn) && record.Content == fmt.Sprintf(`"%s"`, value) {
+		if record.Name == dns01.UnFqdn(fqdn) && record.Content == fmt.Sprintf(`%q`, value) {
 			d.recordIDsMu.Lock()
 			d.recordIDs[fqdn] = record.ID
 			d.recordIDsMu.Unlock()

providers/dns/httpreq/httpreq_test.go

@@ -141,7 +141,7 @@ func TestNewDNSProvider_Present(t *testing.T) {
 			handler: func(rw http.ResponseWriter, req *http.Request) {
 				username, password, ok := req.BasicAuth()
 				if username != "bar" || password != "foo" || !ok {
-					rw.Header().Set("WWW-Authenticate", fmt.Sprintf(`Basic realm="%s"`, "Please enter your username and password."))
+					rw.Header().Set("WWW-Authenticate", fmt.Sprintf(`Basic realm=%q`, "Please enter your username and password."))
 					http.Error(rw, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
 					return
 				}
@@ -219,7 +219,7 @@ func TestNewDNSProvider_Cleanup(t *testing.T) {
 			handler: func(rw http.ResponseWriter, req *http.Request) {
 				username, password, ok := req.BasicAuth()
 				if username != "bar" || password != "foo" || !ok {
-					rw.Header().Set("WWW-Authenticate", fmt.Sprintf(`Basic realm="%s"`, "Please enter your username and password."))
+					rw.Header().Set("WWW-Authenticate", fmt.Sprintf(`Basic realm=%q`, "Please enter your username and password."))
 					http.Error(rw, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
 					return
 				}

providers/dns/infomaniak/internal/client_test.go

@@ -52,6 +52,7 @@ func TestClient_CreateDNSRecord(t *testing.T) {
 		_, err = rw.Write([]byte(response))
 		if err != nil {
 			http.Error(rw, err.Error(), http.StatusInternalServerError)
+			return
 		}
 	})
 
@@ -119,6 +120,7 @@ func TestClient_GetDomainByName(t *testing.T) {
 		_, err := rw.Write([]byte(response))
 		if err != nil {
 			http.Error(rw, err.Error(), http.StatusInternalServerError)
+			return
 		}
 	})
 
@@ -146,6 +148,7 @@ func TestClient_DeleteDNSRecord(t *testing.T) {
 		_, err := rw.Write([]byte((`{"result":"success"}`)))
 		if err != nil {
 			http.Error(rw, err.Error(), http.StatusInternalServerError)
+			return
 		}
 	})