Fix linter configuration & issues (#735)

* Fix linter configuration

* Fix linter issues

* Fix additional linter issues

Author: ErikPelli

.golangci.yml

@@ -1,18 +1,10 @@
+version: "2"
 run:
-  timeout: 5m
   modules-download-mode: readonly
 
 # List from https://golangci-lint.run/usage/linters/
 linters:
   enable:
-    # Default linters
-    - errcheck
-    - gosimple
-    - govet
-    - ineffassign
-    - staticcheck
-    - unused
-    # Other linters
     - asasalint
     - asciicheck
     - bidichk
@@ -27,13 +19,10 @@ linters:
     - fatcontext
     - forbidigo
     - forcetypeassert
-    - gci
     - gocheckcompilerdirectives
     - gochecksumtype
     - gocritic
     - godot
-    - gofmt
-    - gofumpt
     - goheader
     - gomodguard
     - goprintffuncname
@@ -57,9 +46,8 @@ linters:
     - predeclared
     - reassign
     - revive
-    - stylecheck
+    - staticcheck
     - tagalign
-    - tenv
     - testableexamples
     - testifylint
     - testpackage
@@ -69,7 +57,6 @@ linters:
     - usestdlibvars
     - wastedassign
     - whitespace
-
   disable:
     - bodyclose
     - canonicalheader
@@ -89,7 +76,6 @@ linters:
     - goconst
     - gocyclo
     - godox
-    - goimports
     - gomoddirectives
     - inamedparam
     - intrange
@@ -115,46 +101,65 @@ linters:
     - wrapcheck
     - wsl
     - zerologlint
-
-linters-settings:
-  gci:
-    sections:
-      - standard
-      - default
-    skip-generated: false
-    custom-order: true
-  gosec:
-    excludes:
-      - G402 # InsecureSkipVerify
-      - G102 # Binds to all network interfaces
-      - G403 # RSA keys should be at least 2048 bits
-      - G115 # Integer overflow conversion (uint64 -> int64)
-      - G404 # Use of weak random number generator (math/rand)
-      - G204 # Subprocess launched with a potential tainted input or cmd arguments
-
-issues:
-  exclude-rules:
-    - linters:
-        - gocritic
-      text: "ifElseChain"
-    - linters:
-        - lll
-      source: "^// "
-    - linters:
-        - revive
-      text: "add-constant: "
-    - linters:
-        - revive
-      text: "unused-parameter: "
-    - linters:
-        - revive
-      text: "empty-block: "
-    - linters:
-        - revive
-      text: "var-naming: " # TODO: Re-enable in V2
-    - linters:
-        - stylecheck
-      text: " should be " # TODO: Re-enable in V2
-    - linters:
-        - stylecheck
-      text: "ST1003: should not use ALL_CAPS in Go names; use CamelCase instead" # TODO: Re-enable in V2
+  settings:
+    gosec:
+      excludes:
+        - G402 # InsecureSkipVerify
+        - G102 # Binds to all network interfaces
+        - G403 # RSA keys should be at least 2048 bits
+        - G115 # Integer overflow conversion (uint64 -> int64)
+        - G404 # Use of weak random number generator (math/rand)
+        - G204 # Subprocess launched with a potential tainted input or cmd arguments
+        - G602 # Slice index out of range
+  exclusions:
+    generated: lax
+    presets:
+      - comments
+      - common-false-positives
+      - legacy
+      - std-error-handling
+    rules:
+      - linters:
+          - gocritic
+        text: ifElseChain
+      - linters:
+          - lll
+        source: '^// '
+      - linters:
+          - revive
+        text: 'add-constant: '
+      - linters:
+          - revive
+        text: 'unused-parameter: '
+      - linters:
+          - revive
+        text: 'empty-block: '
+      - linters:
+          - revive
+        text: 'var-naming: ' # TODO: Re-enable in V2
+      - linters:
+          - staticcheck
+        text: ' should be ' # TODO: Re-enable in V2
+      - linters:
+          - staticcheck
+        text: 'ST1003: should not use ALL_CAPS in Go names; use CamelCase instead'
+    paths:
+      - examples$
+      - transport
+formatters:
+  enable:
+    - gci
+    - gofmt
+    - gofumpt
+  settings:
+    gci:
+      sections:
+        - standard
+        - default
+      custom-order: true
+  exclusions:
+    generated: lax
+    paths:
+      - third_party$
+      - builtin$
+      - examples$

h2.go

@@ -2,6 +2,7 @@ package goproxy
 
 import (
 	"bufio"
+	"context"
 	"crypto/tls"
 	"errors"
 	"io"
@@ -45,7 +46,7 @@ func (r *H2Transport) RoundTrip(_ *http.Request) (*http.Response, error) {
 	if !ok {
 		return nil, errors.New("invalid TLS connection")
 	}
-	if err = rawTLSConn.Handshake(); err != nil {
+	if err = rawTLSConn.HandshakeContext(context.Background()); err != nil {
 		return nil, err
 	}
 	if r.TLSConfig == nil || !r.TLSConfig.InsecureSkipVerify {

https.go

@@ -82,7 +82,8 @@ func (proxy *ProxyHttpServer) dial(ctx *ProxyCtx, network, addr string) (c net.C
 
 	// if the user didn't specify any dialer, we just use the default one,
 	// provided by net package
-	return net.Dial(network, addr)
+	var d net.Dialer
+	return d.DialContext(ctx.Req.Context(), network, addr)
 }
 
 func (proxy *ProxyHttpServer) connectDial(ctx *ProxyCtx, network, addr string) (c net.Conn, err error) {
@@ -282,7 +283,7 @@ func (proxy *ProxyHttpServer) handleHttps(w http.ResponseWriter, r *http.Request
 		go func() {
 			rawClientTls := tls.Server(proxyClient, tlsConfig)
 			defer rawClientTls.Close()
-			if err := rawClientTls.Handshake(); err != nil {
+			if err := rawClientTls.HandshakeContext(context.Background()); err != nil {
 				ctx.Warnf("Cannot handshake client %v %v", r.Host, err)
 				return
 			}

internal/signer/signer.go

@@ -108,8 +108,12 @@ func SignHost(ca tls.Certificate, hosts []string) (cert *tls.Certificate, err er
 		return nil, err
 	}
 
-	certBytes := [][]byte{derBytes}
-	certBytes = append(certBytes, ca.Certificate...)
+	certBytes := make([][]byte, 1+len(ca.Certificate))
+	certBytes[0] = derBytes
+	for i, singleCertBytes := range ca.Certificate {
+		certBytes[i+1] = singleCertBytes
+	}
+
 	return &tls.Certificate{
 		Certificate: certBytes,
 		PrivateKey:  certpriv,

internal/signer/signer_test.go

@@ -90,7 +90,8 @@ func testSignerTLS(t *testing.T, ca tls.Certificate) {
 	}
 	browser := getBrowser(os.Args)
 	if browser != "" {
-		_ = exec.Command(browser, asLocalhost).Run()
+		ctx := context.Background()
+		_ = exec.CommandContext(ctx, browser, asLocalhost).Run()
 		time.Sleep(10 * time.Second)
 	}
 }

proxy_test.go

@@ -99,7 +99,7 @@ func getOrFail(t *testing.T, url string, client *http.Client) []byte {
 
 func getCert(t *testing.T, c *tls.Conn) []byte {
 	t.Helper()
-	if err := c.Handshake(); err != nil {
+	if err := c.HandshakeContext(context.Background()); err != nil {
 		t.Fatal("cannot handshake", err)
 	}
 	return c.ConnectionState().PeerCertificates[0].Raw
@@ -318,14 +318,19 @@ func TestSimpleMitm(t *testing.T) {
 	client, l := oneShotProxy(proxy)
 	defer l.Close()
 
-	c, err := tls.Dial("tcp", https.Listener.Addr().String(), &tls.Config{InsecureSkipVerify: true})
+	ctx := context.Background()
+	c, err := (&tls.Dialer{
+		Config: &tls.Config{InsecureSkipVerify: true},
+	}).DialContext(ctx, "tcp", https.Listener.Addr().String())
 	if err != nil {
 		t.Fatal("cannot dial to tcp server", err)
 	}
-	origCert := getCert(t, c)
+	tlsConn, ok := c.(*tls.Conn)
+	assert.True(t, ok)
+	origCert := getCert(t, tlsConn)
 	_ = c.Close()
 
-	c2, err := net.Dial("tcp", l.Listener.Addr().String())
+	c2, err := (&net.Dialer{}).DialContext(ctx, "tcp", l.Listener.Addr().String())
 	if err != nil {
 		t.Fatal("dialing to proxy", err)
 	}
@@ -555,7 +560,9 @@ func TestHeadReqHasContentLength(t *testing.T) {
 }
 
 func TestChunkedResponse(t *testing.T) {
-	l, err := net.Listen("tcp", ":10234")
+	ctx := context.Background()
+
+	l, err := (&net.ListenConfig{}).Listen(ctx, "tcp", ":10234")
 	panicOnErr(err, "listen")
 	defer l.Close()
 	go func() {
@@ -579,10 +586,10 @@ func TestChunkedResponse(t *testing.T) {
 		}
 	}()
 
-	c, err := net.Dial("tcp", "localhost:10234")
+	c, err := (&net.Dialer{}).DialContext(ctx, "tcp", "localhost:10234")
 	panicOnErr(err, "dial")
 	defer c.Close()
-	req, _ := http.NewRequestWithContext(context.Background(), http.MethodGet, "/", nil)
+	req, _ := http.NewRequestWithContext(ctx, http.MethodGet, "/", nil)
 	_ = req.Write(c)
 	resp, err := http.ReadResponse(bufio.NewReader(c), req)
 	panicOnErr(err, "readresp")
@@ -609,7 +616,7 @@ func TestChunkedResponse(t *testing.T) {
 	client, s := oneShotProxy(proxy)
 	defer s.Close()
 
-	req, err = http.NewRequestWithContext(context.Background(), http.MethodGet, "http://localhost:10234/", nil)
+	req, err = http.NewRequestWithContext(ctx, http.MethodGet, "http://localhost:10234/", nil)
 	if err != nil {
 		t.Fatal("Cannot create request", err)
 	}
@@ -694,7 +701,7 @@ func TestGoproxyHijackConnect(t *testing.T) {
 	client, l := oneShotProxy(proxy)
 	defer l.Close()
 	proxyAddr := l.Listener.Addr().String()
-	conn, err := net.Dial("tcp", proxyAddr)
+	conn, err := (&net.Dialer{}).DialContext(context.Background(), "tcp", proxyAddr)
 	panicOnErr(err, "conn "+proxyAddr)
 	buf := bufio.NewReader(conn)
 	writeConnect(conn)