Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[GPT-96] Update go version & add verification/testing tools #166

Merged
merged 2 commits into from
Jul 25, 2023
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
70 changes: 0 additions & 70 deletions .circleci/config.yml

This file was deleted.

20 changes: 20 additions & 0 deletions .editorconfig
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
; https://editorconfig.org/

root = true

[*]
insert_final_newline = true
charset = utf-8
trim_trailing_whitespace = true
indent_style = space
indent_size = 2

[{Makefile,go.mod,go.sum,*.go,.gitmodules}]
indent_style = tab
indent_size = 4

[*.md]
indent_size = 4
trim_trailing_whitespace = false

eclint_indent_style = unset
8 changes: 0 additions & 8 deletions .github/release-drafter.yml

This file was deleted.

12 changes: 0 additions & 12 deletions .github/stale.yml

This file was deleted.

20 changes: 20 additions & 0 deletions .github/workflows/issues.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
# Add issues or pull-requests created to the project.
name: Add issue or pull request to Project

on:
issues:
types:
- opened
pull_request:
types:
- opened

jobs:
add-to-project:
runs-on: ubuntu-latest
steps:
- name: Add issue to project
uses: actions/[email protected]
with:
project-url: https://github.com/orgs/gorilla/projects/4
github-token: ${{ secrets.ADD_TO_PROJECT_TOKEN }}
55 changes: 55 additions & 0 deletions .github/workflows/test.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
name: CI
on:
push:
branches:
- main
pull_request:
branches:
- main

permissions:
contents: read

jobs:
verify-and-test:
strategy:
matrix:
go: ['1.19','1.20']
os: [ubuntu-latest, macos-latest, windows-latest]
fail-fast: true
runs-on: ${{ matrix.os }}
steps:
- name: Checkout Code
uses: actions/checkout@v3

- name: Setup Go ${{ matrix.go }}
uses: actions/setup-go@v4
with:
go-version: ${{ matrix.go }}
cache: false

- name: Run GolangCI-Lint
uses: golangci/golangci-lint-action@v3
with:
version: v1.53
args: --timeout=5m

- name: Run GoSec
if: matrix.os == 'ubuntu-latest'
uses: securego/gosec@master
with:
args: ./...

- name: Run GoVulnCheck
uses: golang/govulncheck-action@v1
with:
go-version-input: ${{ matrix.go }}
go-package: ./...

- name: Run Tests
run: go test -race -cover -coverprofile=coverage -covermode=atomic -v ./...

- name: Upload coverage to Codecov
uses: codecov/codecov-action@v3
with:
files: ./coverage
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
coverage.coverprofile
21 changes: 0 additions & 21 deletions AUTHORS

This file was deleted.

34 changes: 34 additions & 0 deletions Makefile
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
GO_LINT=$(shell which golangci-lint 2> /dev/null || echo '')
GO_LINT_URI=github.com/golangci/golangci-lint/cmd/golangci-lint@latest

GO_SEC=$(shell which gosec 2> /dev/null || echo '')
GO_SEC_URI=github.com/securego/gosec/v2/cmd/gosec@latest

GO_VULNCHECK=$(shell which govulncheck 2> /dev/null || echo '')
GO_VULNCHECK_URI=golang.org/x/vuln/cmd/govulncheck@latest

.PHONY: golangci-lint
golangci-lint:
$(if $(GO_LINT), ,go install $(GO_LINT_URI))
@echo "##### Running golangci-lint"
golangci-lint run -v

.PHONY: gosec
gosec:
$(if $(GO_SEC), ,go install $(GO_SEC_URI))
@echo "##### Running gosec"
gosec ./...

.PHONY: govulncheck
govulncheck:
$(if $(GO_VULNCHECK), ,go install $(GO_VULNCHECK_URI))
@echo "##### Running govulncheck"
govulncheck ./...

.PHONY: verify
verify: golangci-lint gosec govulncheck

.PHONY: test
test:
@echo "##### Running tests"
go test -race -cover -coverprofile=coverage.coverprofile -covermode=atomic -v ./...
11 changes: 7 additions & 4 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,9 +1,12 @@
# gorilla/csrf

[![GoDoc](https://godoc.org/github.com/gorilla/csrf?status.svg)](https://godoc.org/github.com/gorilla/csrf)
[![Sourcegraph](https://sourcegraph.com/github.com/gorilla/csrf/-/badge.svg)](https://sourcegraph.com/github.com/gorilla/csrf?badge)
[![Reviewed by Hound](https://img.shields.io/badge/Reviewed_by-Hound-8E64B0.svg)](https://houndci.com)
[![CircleCI](https://circleci.com/gh/gorilla/csrf.svg?style=svg)](https://circleci.com/gh/gorilla/csrf)
![testing](https://github.com/gorilla/csrf/actions/workflows/test.yml/badge.svg)
[![codecov](https://codecov.io/github/gorilla/csrf/branch/main/graph/badge.svg)](https://codecov.io/github/gorilla/csrf)
[![godoc](https://godoc.org/github.com/gorilla/csrf?status.svg)](https://godoc.org/github.com/gorilla/csrf)
[![sourcegraph](https://sourcegraph.com/github.com/gorilla/csrf/-/badge.svg)](https://sourcegraph.com/github.com/gorilla/csrf?badge)


![Gorilla Logo](https://cloud-cdn.questionable.services/gorilla-icon-64.png)
apoorvajagtap marked this conversation as resolved.
Show resolved Hide resolved

gorilla/csrf is a HTTP middleware library that provides [cross-site request
forgery](http://blog.codinghorror.com/preventing-csrf-and-xsrf-attacks/) (CSRF)
Expand Down
2 changes: 1 addition & 1 deletion context.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ func contextGet(r *http.Request, key string) (interface{}, error) {

func contextSave(r *http.Request, key string, val interface{}) *http.Request {
ctx := r.Context()
ctx = context.WithValue(ctx, key, val)
ctx = context.WithValue(ctx, key, val) // nolint:staticcheck
return r.WithContext(ctx)
}

Expand Down
9 changes: 4 additions & 5 deletions csrf.go
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,8 @@ const tokenLength = 32

// Context/session keys & prefixes
const (
tokenKey string = "gorilla.csrf.Token"
formKey string = "gorilla.csrf.Form"
tokenKey string = "gorilla.csrf.Token" // #nosec G101
formKey string = "gorilla.csrf.Form" // #nosec G101
errorKey string = "gorilla.csrf.Error"
skipCheckKey string = "gorilla.csrf.Skip"
cookieName string = "_gorilla_csrf"
Expand Down Expand Up @@ -107,6 +107,7 @@ type options struct {
// 'Forbidden' error response.
//
// Example:
//
// package main
//
// import (
Expand Down Expand Up @@ -143,7 +144,6 @@ type options struct {
// // This is useful if you're sending JSON to clients or a front-end JavaScript
// // framework.
// }
//
func Protect(authKey []byte, opts ...Option) func(http.Handler) http.Handler {
return func(h http.Handler) http.Handler {
cs := parseOptions(h, opts...)
Expand Down Expand Up @@ -266,7 +266,7 @@ func (cs *csrf) ServeHTTP(w http.ResponseWriter, r *http.Request) {
}
}

if valid == false {
if !valid {
r = envError(r, ErrBadReferer)
cs.opts.ErrorHandler.ServeHTTP(w, r)
return
Expand Down Expand Up @@ -314,5 +314,4 @@ func unauthorizedHandler(w http.ResponseWriter, r *http.Request) {
http.Error(w, fmt.Sprintf("%s - %s",
http.StatusText(http.StatusForbidden), FailureReason(r)),
http.StatusForbidden)
return
}
12 changes: 6 additions & 6 deletions csrf_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -153,7 +153,7 @@ func TestBadCookie(t *testing.T) {
p := Protect(testKey)(s)

var token string
s.Handle("/", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
s.Handle("/", http.HandlerFunc(func(_ http.ResponseWriter, r *http.Request) {
token = Token(r)
}))

Expand Down Expand Up @@ -238,7 +238,7 @@ func TestBadReferer(t *testing.T) {
p := Protect(testKey)(s)

var token string
s.Handle("/", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
s.Handle("/", http.HandlerFunc(func(_ http.ResponseWriter, r *http.Request) {
token = Token(r)
}))

Expand Down Expand Up @@ -294,7 +294,7 @@ func TestTrustedReferer(t *testing.T) {
p := Protect(testKey, TrustedOrigins(item.trustedOrigin))(s)

var token string
s.Handle("/", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
s.Handle("/", http.HandlerFunc(func(_ http.ResponseWriter, r *http.Request) {
token = Token(r)
}))

Expand Down Expand Up @@ -342,7 +342,7 @@ func TestWithReferer(t *testing.T) {
p := Protect(testKey)(s)

var token string
s.Handle("/", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
s.Handle("/", http.HandlerFunc(func(_ http.ResponseWriter, r *http.Request) {
token = Token(r)
}))

Expand Down Expand Up @@ -379,12 +379,12 @@ func TestNoTokenProvided(t *testing.T) {
var finalErr error

s := http.NewServeMux()
p := Protect(testKey, ErrorHandler(http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
p := Protect(testKey, ErrorHandler(http.HandlerFunc(func(_ http.ResponseWriter, r *http.Request) {
finalErr = FailureReason(r)
})))(s)

var token string
s.Handle("/", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
s.Handle("/", http.HandlerFunc(func(_ http.ResponseWriter, r *http.Request) {
token = Token(r)
}))

Expand Down
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,4 @@ module github.com/gorilla/csrf

require github.com/gorilla/securecookie v1.1.1

go 1.13
go 1.19
Loading
Loading