diff --git a/.github/workflows/cmake.yml b/.github/workflows/cmake.yml index d87dd52..b62051e 100644 --- a/.github/workflows/cmake.yml +++ b/.github/workflows/cmake.yml @@ -8,12 +8,12 @@ jobs: # well on Windows or Mac. You can convert this to a matrix build if you need # cross-platform coverage. # See: https://docs.github.com/en/free-pro-team@latest/actions/learn-github-actions/managing-complex-workflows#using-a-build-matrix - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 strategy: fail-fast: false matrix: - compiler: [gcc-12, clang-15] + compiler: [gcc-13, clang-18] steps: - uses: actions/checkout@main @@ -22,18 +22,18 @@ jobs: run: sudo apt-get update - name: Setup Dependencies - run: sudo apt-get install cmake libc-ares-dev libcurl4-openssl-dev libev-dev build-essential clang-tidy-15 ${{ matrix.compiler }} dnsutils python3-pip valgrind + run: sudo apt-get install cmake libc-ares-dev libcurl4-openssl-dev libev-dev build-essential clang-tidy dnsutils python3-pip python3-venv valgrind ${{ matrix.compiler }} - - name: Setup Robot Framework - run: sudo pip3 install robotframework + - name: Setup Python Virtual Environment + run: python3 -m venv ${{github.workspace}}/venv - - name: Set clang-tidy - run: sudo update-alternatives --install /usr/bin/clang-tidy clang-tidy /usr/bin/clang-tidy-15 100 + - name: Setup Robot Framework + run: ${{github.workspace}}/venv/bin/pip3 install robotframework - name: Configure CMake env: CC: ${{ matrix.compiler }} - run: cmake -D CMAKE_BUILD_TYPE=Debug -B ${{github.workspace}}/ + run: cmake -D CMAKE_BUILD_TYPE=Debug -D PYTHON3_EXE=${{github.workspace}}/venv/bin/python3 -B ${{github.workspace}}/ - name: Build env: @@ -44,7 +44,7 @@ jobs: - name: Test run: make -C ${{github.workspace}}/ test ARGS="--verbose" - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@v4 if: ${{ success() || failure() }} with: name: robot-logs-${{ matrix.compiler }} diff --git a/CMakeLists.txt b/CMakeLists.txt index bc4b2eb..08613f6 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -95,7 +95,7 @@ if(USE_CLANG_TIDY) message(STATUS "clang-tidy not found.") else() message(STATUS "clang-tidy found: ${CLANG_TIDY_EXE}") - set(DO_CLANG_TIDY "${CLANG_TIDY_EXE}" "-fix" "-checks=*,-cert-err34-c,-readability-identifier-length,-altera-unroll-loops,-bugprone-easily-swappable-parameters,-concurrency-mt-unsafe,-*magic-numbers,-hicpp-signed-bitwise,-readability-function-cognitive-complexity,-altera-id-dependent-backward-branch,-google-readability-todo") + set(DO_CLANG_TIDY "${CLANG_TIDY_EXE}" "-fix" "-fix-errors" "-checks=*,-cert-err34-c,-readability-identifier-length,-altera-unroll-loops,-bugprone-easily-swappable-parameters,-concurrency-mt-unsafe,-*magic-numbers,-hicpp-signed-bitwise,-readability-function-cognitive-complexity,-altera-id-dependent-backward-branch,-google-readability-todo,-misc-include-cleaner") endif() else() message(STATUS "Not using clang-tidy.") diff --git a/https_dns_proxy.service.in b/https_dns_proxy.service.in index ff7d402..cab76b6 100644 --- a/https_dns_proxy.service.in +++ b/https_dns_proxy.service.in @@ -7,9 +7,10 @@ After=network.target [Service] Type=simple +DynamicUser=yes Restart=on-failure ExecStart=${CMAKE_INSTALL_PREFIX}/${CMAKE_INSTALL_BINDIR}/https_dns_proxy \ - -u nobody -g nogroup -v -v ${SERVICE_EXTRA_OPTIONS} + -v -v ${SERVICE_EXTRA_OPTIONS} TimeoutStopSec=10 [Install] diff --git a/src/dns_server.c b/src/dns_server.c index 4357112..9f150e8 100644 --- a/src/dns_server.c +++ b/src/dns_server.c @@ -1,8 +1,8 @@ #include // NOLINT(llvmlibc-restrict-system-libc-headers) -#include // NOLINT(llvmlibc-restrict-system-libc-headers) #include // NOLINT(llvmlibc-restrict-system-libc-headers) #include // NOLINT(llvmlibc-restrict-system-libc-headers) #include // NOLINT(llvmlibc-restrict-system-libc-headers) +#include #include // NOLINT(llvmlibc-restrict-system-libc-headers) #include // NOLINT(llvmlibc-restrict-system-libc-headers) #include // NOLINT(llvmlibc-restrict-system-libc-headers) diff --git a/src/https_client.c b/src/https_client.c index 0f7a37b..8b274e8 100644 --- a/src/https_client.c +++ b/src/https_client.c @@ -3,6 +3,7 @@ #include // NOLINT(llvmlibc-restrict-system-libc-headers) #include // NOLINT(llvmlibc-restrict-system-libc-headers) #include // NOLINT(llvmlibc-restrict-system-libc-headers) +#include #include // NOLINT(llvmlibc-restrict-system-libc-headers) #include // NOLINT(llvmlibc-restrict-system-libc-headers) #include // NOLINT(llvmlibc-restrict-system-libc-headers) @@ -11,6 +12,7 @@ #include "https_client.h" #include "logging.h" #include "options.h" +#include "stat.h" #define DOH_CONTENT_TYPE "application/dns-message" enum { @@ -162,7 +164,7 @@ int https_curl_debug(CURL __attribute__((unused)) * handle, curl_infotype type, char *data, size_t size, void *userp) { GET_PTR(struct https_fetch_ctx, ctx, userp); - const char *prefix = ""; + const char *prefix = NULL; switch (type) { case CURLINFO_TEXT: @@ -458,11 +460,11 @@ static int https_fetch_ctx_process_response(https_client_t *client, DLOG_REQ("CURLINFO_HTTP_VERSION: %s", http_version_str(long_resp)); } - res = curl_easy_getinfo(ctx->curl, CURLINFO_PROTOCOL, &long_resp); + res = curl_easy_getinfo(ctx->curl, CURLINFO_SCHEME, &str_resp); if (res != CURLE_OK) { - ELOG_REQ("CURLINFO_PROTOCOL: %s", curl_easy_strerror(res)); - } else if (long_resp != CURLPROTO_HTTPS) { - DLOG_REQ("CURLINFO_PROTOCOL: %d", long_resp); + ELOG_REQ("CURLINFO_SCHEME: %s", curl_easy_strerror(res)); + } else if (strcasecmp(str_resp, "https") != 0) { + DLOG_REQ("CURLINFO_SCHEME: %s", str_resp); } double namelookup_time = NAN; diff --git a/src/logging.c b/src/logging.c index fe4f023..bfee931 100644 --- a/src/logging.c +++ b/src/logging.c @@ -10,7 +10,7 @@ /* logs of this severity or higher are flushed immediately after write */ #define LOG_FLUSH_LEVEL LOG_WARNING -static FILE *logf = NULL; // NOLINT(cppcoreguidelines-avoid-non-const-global-variables) +static FILE *logfile = NULL; // NOLINT(cppcoreguidelines-avoid-non-const-global-variables) static int loglevel = LOG_ERROR; // NOLINT(cppcoreguidelines-avoid-non-const-global-variables) static ev_timer logging_timer; // NOLINT(cppcoreguidelines-avoid-non-const-global-variables) @@ -23,11 +23,11 @@ static const char * const SeverityStr[] = { "[F]" }; -static void logging_timer_cb(struct ev_loop __attribute__((unused)) *loop, +void logging_timer_cb(struct ev_loop __attribute__((unused)) *loop, ev_timer __attribute__((unused)) *w, int __attribute__((unused)) revents) { - if (logf) { - (void)fflush(logf); + if (logfile) { + (void)fflush(logfile); } } @@ -47,18 +47,18 @@ void logging_flush_cleanup(struct ev_loop *loop) { } void logging_init(int fd, int level) { - if (logf) { - (void)fclose(logf); + if (logfile) { + (void)fclose(logfile); } - logf = fdopen(fd, "a"); + logfile = fdopen(fd, "a"); loglevel = level; } void logging_cleanup(void) { - if (logf) { - (void)fclose(logf); + if (logfile) { + (void)fclose(logfile); } - logf = NULL; + logfile = NULL; } int logging_debug_enabled(void) { @@ -73,24 +73,28 @@ void _log(const char *file, int line, int severity, const char *fmt, ...) { if (severity < 0 || severity >= LOG_MAX) { FLOG("Unknown log severity: %d\n", severity); } - if (!logf) { - logf = fdopen(STDOUT_FILENO, "w"); + if (!logfile) { + logfile = fdopen(STDOUT_FILENO, "w"); } struct timeval tv; gettimeofday(&tv, NULL); - (void)fprintf(logf, "%s %8"PRIu64".%06"PRIu64" %s:%d ", SeverityStr[severity], + + // NOLINTNEXTLINE(clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling) + (void)fprintf(logfile, "%s %8"PRIu64".%06"PRIu64" %s:%d ", SeverityStr[severity], (uint64_t)tv.tv_sec, (uint64_t)tv.tv_usec, file, line); va_list args; va_start(args, fmt); - (void)vfprintf(logf, fmt, args); + (void)vfprintf(logfile, fmt, args); va_end(args); - (void)fprintf(logf, "\n"); + + // NOLINTNEXTLINE(clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling) + (void)fprintf(logfile, "\n"); if (severity >= LOG_FLUSH_LEVEL) { - (void)fflush(logf); + (void)fflush(logfile); } if (severity == LOG_FATAL) { #ifdef DEBUG diff --git a/src/logging.h b/src/logging.h index 2131311..32c6744 100644 --- a/src/logging.h +++ b/src/logging.h @@ -1,12 +1,14 @@ #ifndef _LOGGING_H_ #define _LOGGING_H_ +#include // NOLINT(llvmlibc-restrict-system-libc-headers) #include // NOLINT(llvmlibc-restrict-system-libc-headers) -#include +#include // NOLINT(llvmlibc-restrict-system-libc-headers) #ifdef __cplusplus extern "C" { #endif + // Initializes logging. // Writes logs to descriptor 'fd' for log levels above or equal to 'level'. void logging_init(int fd, int level); @@ -23,6 +25,7 @@ int logging_debug_enabled(void); // Internal. Don't use. void _log(const char *file, int line, int severity, const char *fmt, ...); + #ifdef __cplusplus } #endif diff --git a/tests/robot/functional_tests.robot b/tests/robot/functional_tests.robot index 611cd88..f4279af 100644 --- a/tests/robot/functional_tests.robot +++ b/tests/robot/functional_tests.robot @@ -64,7 +64,7 @@ Start Dig [Arguments] ${domain}=google.com ${handle} = Start Process dig +timeout\=${dig_timeout} +retry\=${dig_retry} @127.0.0.1 -p ${PORT} ${domain} ... stderr=STDOUT alias=dig - [Return] ${handle} + RETURN ${handle} Stop Dig [Arguments] ${handle}