Skip to content

Commit

Permalink
[GPT-96] Update go version & add verification/testing tools (#166)
Browse files Browse the repository at this point in the history
<!--
For Work In Progress Pull Requests, please use the Draft PR feature,
see https://github.blog/2019-02-14-introducing-draft-pull-requests/ for
further details.

     For a timely review/response, please avoid force-pushing additional
     commits if your PR already received reviews or comments.

     Before submitting a Pull Request, please ensure that you have:
- 📖 Read the Contributing guide:
https://github.com/gorilla/.github/blob/main/CONTRIBUTING.md
- 📖 Read the Code of Conduct:
https://github.com/gorilla/.github/blob/main/CODE_OF_CONDUCT.md

     - Provide tests for your changes.
     - Use descriptive commit messages.
	 - Comment your code where appropriate.
	 - Squash your commits
     - Update any related documentation.

     - Add gorilla/pull-request-reviewers as a Reviewer
-->

## What type of PR is this? (check all applicable)

- [ ] Refactor
- [ ] Feature
- [ ] Bug Fix
- [ ] Optimization
- [ ] Documentation Update

## Description

## Related Tickets & Documents

<!--
For pull requests that relate or close an issue, please include them
below. We like to follow [Github's guidance on linking issues to pull
requests](https://docs.github.com/en/issues/tracking-your-work-with-issues/linking-a-pull-request-to-an-issue).

For example having the text: "closes #1234" would connect the current
pull
request to issue 1234.  And when we merge the pull request, Github will
automatically close the issue.
-->

- Related Issue #
- Closes #

## Added/updated tests?

- [ ] Yes
- [ ] No, and this is why: _please replace this line with details on why
tests
      have not been included_
- [ ] I need help with writing tests

## Run verifications and test

- [ ] `make verify` is passing
- [ ] `make test` is passing
  • Loading branch information
apoorvajagtap authored Jul 25, 2023
1 parent 32c27b0 commit 15d47ec
Show file tree
Hide file tree
Showing 24 changed files with 1,037 additions and 142 deletions.
70 changes: 0 additions & 70 deletions .circleci/config.yml

This file was deleted.

20 changes: 20 additions & 0 deletions .editorconfig
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
; https://editorconfig.org/

root = true

[*]
insert_final_newline = true
charset = utf-8
trim_trailing_whitespace = true
indent_style = space
indent_size = 2

[{Makefile,go.mod,go.sum,*.go,.gitmodules}]
indent_style = tab
indent_size = 4

[*.md]
indent_size = 4
trim_trailing_whitespace = false

eclint_indent_style = unset
8 changes: 0 additions & 8 deletions .github/release-drafter.yml

This file was deleted.

12 changes: 0 additions & 12 deletions .github/stale.yml

This file was deleted.

20 changes: 20 additions & 0 deletions .github/workflows/issues.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
# Add issues or pull-requests created to the project.
name: Add issue or pull request to Project

on:
issues:
types:
- opened
pull_request:
types:
- opened

jobs:
add-to-project:
runs-on: ubuntu-latest
steps:
- name: Add issue to project
uses: actions/[email protected]
with:
project-url: https://github.com/orgs/gorilla/projects/4
github-token: ${{ secrets.ADD_TO_PROJECT_TOKEN }}
55 changes: 55 additions & 0 deletions .github/workflows/test.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
name: CI
on:
push:
branches:
- main
pull_request:
branches:
- main

permissions:
contents: read

jobs:
verify-and-test:
strategy:
matrix:
go: ['1.19','1.20']
os: [ubuntu-latest, macos-latest, windows-latest]
fail-fast: true
runs-on: ${{ matrix.os }}
steps:
- name: Checkout Code
uses: actions/checkout@v3

- name: Setup Go ${{ matrix.go }}
uses: actions/setup-go@v4
with:
go-version: ${{ matrix.go }}
cache: false

- name: Run GolangCI-Lint
uses: golangci/golangci-lint-action@v3
with:
version: v1.53
args: --timeout=5m

- name: Run GoSec
if: matrix.os == 'ubuntu-latest'
uses: securego/gosec@master
with:
args: ./...

- name: Run GoVulnCheck
uses: golang/govulncheck-action@v1
with:
go-version-input: ${{ matrix.go }}
go-package: ./...

- name: Run Tests
run: go test -race -cover -coverprofile=coverage -covermode=atomic -v ./...

- name: Upload coverage to Codecov
uses: codecov/codecov-action@v3
with:
files: ./coverage
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
coverage.coverprofile
21 changes: 0 additions & 21 deletions AUTHORS

This file was deleted.

34 changes: 34 additions & 0 deletions Makefile
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
GO_LINT=$(shell which golangci-lint 2> /dev/null || echo '')
GO_LINT_URI=github.com/golangci/golangci-lint/cmd/golangci-lint@latest

GO_SEC=$(shell which gosec 2> /dev/null || echo '')
GO_SEC_URI=github.com/securego/gosec/v2/cmd/gosec@latest

GO_VULNCHECK=$(shell which govulncheck 2> /dev/null || echo '')
GO_VULNCHECK_URI=golang.org/x/vuln/cmd/govulncheck@latest

.PHONY: golangci-lint
golangci-lint:
$(if $(GO_LINT), ,go install $(GO_LINT_URI))
@echo "##### Running golangci-lint"
golangci-lint run -v

.PHONY: gosec
gosec:
$(if $(GO_SEC), ,go install $(GO_SEC_URI))
@echo "##### Running gosec"
gosec ./...

.PHONY: govulncheck
govulncheck:
$(if $(GO_VULNCHECK), ,go install $(GO_VULNCHECK_URI))
@echo "##### Running govulncheck"
govulncheck ./...

.PHONY: verify
verify: golangci-lint gosec govulncheck

.PHONY: test
test:
@echo "##### Running tests"
go test -race -cover -coverprofile=coverage.coverprofile -covermode=atomic -v ./...
11 changes: 7 additions & 4 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,9 +1,12 @@
# gorilla/csrf

[![GoDoc](https://godoc.org/github.com/gorilla/csrf?status.svg)](https://godoc.org/github.com/gorilla/csrf)
[![Sourcegraph](https://sourcegraph.com/github.com/gorilla/csrf/-/badge.svg)](https://sourcegraph.com/github.com/gorilla/csrf?badge)
[![Reviewed by Hound](https://img.shields.io/badge/Reviewed_by-Hound-8E64B0.svg)](https://houndci.com)
[![CircleCI](https://circleci.com/gh/gorilla/csrf.svg?style=svg)](https://circleci.com/gh/gorilla/csrf)
![testing](https://github.com/gorilla/csrf/actions/workflows/test.yml/badge.svg)
[![codecov](https://codecov.io/github/gorilla/csrf/branch/main/graph/badge.svg)](https://codecov.io/github/gorilla/csrf)
[![godoc](https://godoc.org/github.com/gorilla/csrf?status.svg)](https://godoc.org/github.com/gorilla/csrf)
[![sourcegraph](https://sourcegraph.com/github.com/gorilla/csrf/-/badge.svg)](https://sourcegraph.com/github.com/gorilla/csrf?badge)


![Gorilla Logo](https://github.com/gorilla/.github/assets/53367916/d92caabf-98e0-473e-bfbf-ab554ba435e5)

gorilla/csrf is a HTTP middleware library that provides [cross-site request
forgery](http://blog.codinghorror.com/preventing-csrf-and-xsrf-attacks/) (CSRF)
Expand Down
2 changes: 1 addition & 1 deletion context.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ func contextGet(r *http.Request, key string) (interface{}, error) {

func contextSave(r *http.Request, key string, val interface{}) *http.Request {
ctx := r.Context()
ctx = context.WithValue(ctx, key, val)
ctx = context.WithValue(ctx, key, val) // nolint:staticcheck
return r.WithContext(ctx)
}

Expand Down
9 changes: 4 additions & 5 deletions csrf.go
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,8 @@ const tokenLength = 32

// Context/session keys & prefixes
const (
tokenKey string = "gorilla.csrf.Token"
formKey string = "gorilla.csrf.Form"
tokenKey string = "gorilla.csrf.Token" // #nosec G101
formKey string = "gorilla.csrf.Form" // #nosec G101
errorKey string = "gorilla.csrf.Error"
skipCheckKey string = "gorilla.csrf.Skip"
cookieName string = "_gorilla_csrf"
Expand Down Expand Up @@ -107,6 +107,7 @@ type options struct {
// 'Forbidden' error response.
//
// Example:
//
// package main
//
// import (
Expand Down Expand Up @@ -143,7 +144,6 @@ type options struct {
// // This is useful if you're sending JSON to clients or a front-end JavaScript
// // framework.
// }
//
func Protect(authKey []byte, opts ...Option) func(http.Handler) http.Handler {
return func(h http.Handler) http.Handler {
cs := parseOptions(h, opts...)
Expand Down Expand Up @@ -266,7 +266,7 @@ func (cs *csrf) ServeHTTP(w http.ResponseWriter, r *http.Request) {
}
}

if valid == false {
if !valid {
r = envError(r, ErrBadReferer)
cs.opts.ErrorHandler.ServeHTTP(w, r)
return
Expand Down Expand Up @@ -314,5 +314,4 @@ func unauthorizedHandler(w http.ResponseWriter, r *http.Request) {
http.Error(w, fmt.Sprintf("%s - %s",
http.StatusText(http.StatusForbidden), FailureReason(r)),
http.StatusForbidden)
return
}
12 changes: 6 additions & 6 deletions csrf_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -153,7 +153,7 @@ func TestBadCookie(t *testing.T) {
p := Protect(testKey)(s)

var token string
s.Handle("/", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
s.Handle("/", http.HandlerFunc(func(_ http.ResponseWriter, r *http.Request) {
token = Token(r)
}))

Expand Down Expand Up @@ -238,7 +238,7 @@ func TestBadReferer(t *testing.T) {
p := Protect(testKey)(s)

var token string
s.Handle("/", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
s.Handle("/", http.HandlerFunc(func(_ http.ResponseWriter, r *http.Request) {
token = Token(r)
}))

Expand Down Expand Up @@ -294,7 +294,7 @@ func TestTrustedReferer(t *testing.T) {
p := Protect(testKey, TrustedOrigins(item.trustedOrigin))(s)

var token string
s.Handle("/", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
s.Handle("/", http.HandlerFunc(func(_ http.ResponseWriter, r *http.Request) {
token = Token(r)
}))

Expand Down Expand Up @@ -342,7 +342,7 @@ func TestWithReferer(t *testing.T) {
p := Protect(testKey)(s)

var token string
s.Handle("/", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
s.Handle("/", http.HandlerFunc(func(_ http.ResponseWriter, r *http.Request) {
token = Token(r)
}))

Expand Down Expand Up @@ -379,12 +379,12 @@ func TestNoTokenProvided(t *testing.T) {
var finalErr error

s := http.NewServeMux()
p := Protect(testKey, ErrorHandler(http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
p := Protect(testKey, ErrorHandler(http.HandlerFunc(func(_ http.ResponseWriter, r *http.Request) {
finalErr = FailureReason(r)
})))(s)

var token string
s.Handle("/", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
s.Handle("/", http.HandlerFunc(func(_ http.ResponseWriter, r *http.Request) {
token = Token(r)
}))

Expand Down
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,4 @@ module github.com/gorilla/csrf

require github.com/gorilla/securecookie v1.1.1

go 1.13
go 1.19
Loading

0 comments on commit 15d47ec

Please sign in to comment.