lint (#64)

crowdsecurity · Mar 20, 2024 · c764fab · c764fab
1 parent ffb2f47
commit c764fab
Show file tree

Hide file tree

Showing 7 changed files with 156 additions and 22 deletions.
diff --git a/cmd/root.go b/cmd/root.go
@@ -3,6 +3,7 @@ package cmd
 import (
 	"bytes"
 	"context"
+	"errors"
 	"flag"
 	"fmt"
 	"os"
@@ -18,7 +19,6 @@ import (
 
 	"github.com/crowdsecurity/crowdsec/pkg/models"
 	csbouncer "github.com/crowdsecurity/go-cs-bouncer"
-
 	"github.com/crowdsecurity/go-cs-lib/version"
 
 	"github.com/crowdsecurity/cs-aws-waf-bouncer/pkg/cfg"
@@ -30,8 +30,8 @@ var wafInstances = make([]*waf.WAF, 0)
 func resourceCleanup() {
 	for _, w := range wafInstances {
 		w.Logger.Infof("Cleaning up resources")
-		err := w.Cleanup()
-		if err != nil {
+
+		if err := w.Cleanup(); err != nil {
 			log.Errorf("Error cleaning up WAF: %s", err)
 		}
 	}
@@ -45,13 +45,14 @@ func HandleSignals(ctx context.Context) error {
 	case s := <-signalChan:
 		switch s {
 		case syscall.SIGTERM:
-			return fmt.Errorf("received SIGTERM")
+			return errors.New("received SIGTERM")
 		case os.Interrupt: // cross-platform SIGINT
-			return fmt.Errorf("received interrupt")
+			return errors.New("received interrupt")
 		}
 	case <-ctx.Done():
 		return ctx.Err()
 	}
+
 	return nil
 }
 
@@ -70,6 +71,7 @@ func processDecisions(decisions *models.DecisionsStreamResponse, supportedAction
 		if !slices.Contains(supportedActions, decisionType) {
 			decisionType = "fallback"
 		}
+
 		if strings.ToLower(*decision.Scope) == "ip" || strings.ToLower(*decision.Scope) == "range" {
 			if strings.Contains(*decision.Value, ":") {
 				if !strings.Contains(*decision.Value, "/") {
@@ -96,6 +98,7 @@ func processDecisions(decisions *models.DecisionsStreamResponse, supportedAction
 		if !slices.Contains(supportedActions, decisionType) {
 			decisionType = "fallback"
 		}
+
 		if strings.ToLower(*decision.Scope) == "ip" || strings.ToLower(*decision.Scope) == "range" {
 			if strings.Contains(*decision.Value, ":") {
 				if !strings.Contains(*decision.Value, "/") {
@@ -136,6 +139,7 @@ func Execute() error {
 	}
 
 	configBytes := []byte{}
+
 	var err error
 
 	if configPath != nil && *configPath != "" {
@@ -169,12 +173,15 @@ func Execute() error {
 	if *testConfig {
 		for _, wafConfig := range config.WebACLConfig {
 			log.Debugf("Create WAF instance with config: %+v", wafConfig)
+
 			_, err := waf.NewWaf(wafConfig)
 			if err != nil {
 				return fmt.Errorf("configuration error: %w", err)
 			}
 		}
+
 		log.Info("valid config")
+
 		return nil
 	}
 
@@ -198,17 +205,21 @@ func Execute() error {
 
 	for _, wafConfig := range config.WebACLConfig {
 		log.Debugf("Create WAF instance with config: %+v", wafConfig)
+
 		w, err := waf.NewWaf(wafConfig)
 		if err != nil {
 			return fmt.Errorf("could not create waf instance: %w", err)
 		}
+
 		err = w.Init()
 		if err != nil {
 			if os.Getenv("CS_AWS_WAF_BOUNCER_TESTING") == "" {
 				return fmt.Errorf("could not initialize waf instance: %w", err)
 			}
+
 			log.Errorf("could not initialize waf instance: %v+", err)
 		}
+
 		wafInstances = append(wafInstances, w)
 	}
 
@@ -220,7 +231,7 @@ func Execute() error {
 
 	g.Go(func() error {
 		bouncer.Run(ctx)
-		return fmt.Errorf("bouncer stream halted")
+		return errors.New("bouncer stream halted")
 	})
 
 	if config.Daemon {
@@ -232,13 +243,16 @@ func Execute() error {
 
 	g.Go(func() error {
 		log.Info("Starting processing decisions")
+
 		for {
 			select {
 			case <-ctx.Done():
 				log.Info("terminating bouncer process")
+
 				for _, w := range wafInstances {
 					w.T.Kill(nil)
 				}
+
 				return nil
 			case decisions := <-bouncer.Stream:
 				log.Info("Polling decisions")

diff --git a/pkg/cfg/config.go b/pkg/cfg/config.go
@@ -51,10 +51,13 @@ var validScopes = []string{"REGIONAL", "CLOUDFRONT"}
 var validIpHeaderPosition = []string{"FIRST", "LAST", "ANY"}
 
 func getConfigFromEnv(config *bouncerConfig) {
-	var key string
-	var value string
-	var acl *AclConfig
-	var err error
+	var (
+		key   string
+		value string
+		acl   *AclConfig
+		err   error
+	)
+
 	acls := make(map[byte]*AclConfig, 0)
 
 	for _, env := range os.Environ() {
@@ -73,12 +76,14 @@ func getConfigFromEnv(config *bouncerConfig) {
 				if k2[0] < '0' || k2[0] > '9' || len(k2) < 3 {
 					log.Warnf("Invalid name for %s: BOUNCER_WAF_CONFIG_* must be in the form BOUNCER_WAF_CONFIG_0_XXX, BOUNCER_WAF_CONFIG_1_XXX", key)
 				}
+
 				if _, ok := acls[k2[0]]; !ok {
 					acl = &AclConfig{}
 					acls[k2[0]] = acl
 				} else {
 					acl = acls[k2[0]]
 				}
+
 				k2 = k2[2:]
 				switch k2 {
 				case "WEB_ACL_NAME":
@@ -177,6 +182,7 @@ func getConfigFromEnv(config *bouncerConfig) {
 			}
 		}
 	}
+
 	for _, v := range acls {
 		config.WebACLConfig = append(config.WebACLConfig, *v)
 	}
@@ -216,16 +222,20 @@ func (c *bouncerConfig) ValidateAndSetDefaults() error {
 	if len(c.WebACLConfig) == 0 {
 		return fmt.Errorf("waf_config is required")
 	}
+
 	for _, c := range c.WebACLConfig {
 		if c.FallbackAction == "" {
 			return fmt.Errorf("fallback_action is required")
 		}
+
 		if !slices.Contains(ValidActions, c.FallbackAction) {
 			return fmt.Errorf("fallback_action must be one of %v", ValidActions)
 		}
+
 		if c.RuleGroupName == "" {
 			return fmt.Errorf("rule_group_name is required")
 		}
+
 		if c.Scope == "" {
 			return fmt.Errorf("scope is required")
 		}
@@ -241,9 +251,11 @@ func (c *bouncerConfig) ValidateAndSetDefaults() error {
 		if !slices.Contains(validScopes, c.Scope) {
 			return fmt.Errorf("scope must be one of %v", validScopes)
 		}
+
 		if c.IpsetPrefix == "" {
 			return fmt.Errorf("ipset_prefix is required")
 		}
+
 		if c.Region == "" && strings.ToUpper(c.Scope) == "REGIONAL" {
 			return fmt.Errorf("region is required when scope is REGIONAL")
 		}
@@ -274,9 +286,11 @@ func (c *bouncerConfig) ValidateAndSetDefaults() error {
 func MergedConfig(configPath string) ([]byte, error) {
 	patcher := yamlpatch.NewPatcher(configPath, ".local")
 	data, err := patcher.MergedPatchContent()
+
 	if err != nil {
 		return nil, err
 	}
+
 	return data, nil
 }
 

diff --git a/pkg/cfg/logging.go b/pkg/cfg/logging.go
@@ -77,14 +77,17 @@ func (c *LoggingConfig) validate() error {
 	if c.LogMedia != "stdout" && c.LogMedia != "file" {
 		return fmt.Errorf("log_media should be either 'stdout' or 'file'")
 	}
+
 	return nil
 }
 
 func (c *LoggingConfig) setup(fileName string) error {
 	c.setDefaults()
+
 	if err := c.validate(); err != nil {
 		return err
 	}
+
 	log.SetLevel(*c.LogLevel)
 
 	if c.LogMedia == "stdout" {

diff --git a/pkg/waf/ipset.go b/pkg/waf/ipset.go
@@ -27,9 +27,11 @@ func (w *WAFIpSet) Add(ip string) {
 	if w.Size() >= 10000 {
 		return
 	}
+
 	if w.Contains(ip) {
 		return
 	}
+
 	w.ips = append(w.ips, ip)
 	w.stale = true
 }
@@ -53,6 +55,7 @@ func (w *WAFIpSet) ContainsAll(ips []string) bool {
 			return false
 		}
 	}
+
 	return true
 }
 
@@ -86,6 +89,7 @@ func (w *WAFIpSet) ToStatement(ipHeader string, ipHeaderPosition string) *wafv2.
 			ARN: aws.String(w.arn),
 		}
 	}
+
 	return &wafv2.IPSetReferenceStatement{
 		ARN: aws.String(w.arn),
 		IPSetForwardedIPConfig: &wafv2.IPSetForwardedIPConfig{
@@ -98,9 +102,11 @@ func (w *WAFIpSet) ToStatement(ipHeader string, ipHeaderPosition string) *wafv2.
 
 func (w *WAFIpSet) getIPSet() (*wafv2.IPSet, *string, error) {
 	w.logger.Debugf("Getting IPSet %s", w.name)
+
 	if w.id == "" {
 		return nil, nil, &wafv2.WAFNonexistentItemException{}
 	}
+
 	r, err := w.client.GetIPSet(&wafv2.GetIPSetInput{
 		Name:  aws.String(w.name),
 		Scope: aws.String(w.scope),
@@ -109,12 +115,14 @@ func (w *WAFIpSet) getIPSet() (*wafv2.IPSet, *string, error) {
 	if err != nil {
 		return nil, nil, err
 	}
+
 	return r.IPSet, r.LockToken, nil
 }
 
 func (w *WAFIpSet) createIpSet() (*wafv2.IPSetSummary, error) {
 	w.logger.Infof("Creating IPSet %s", w.name)
 	w.logger.Tracef("Set name: %s | Type: %s | Decision: %s | Scope: %s | %d IPS", w.name, w.ipType, w.decisionType, w.scope, w.Size())
+
 	r, err := w.client.CreateIPSet(&wafv2.CreateIPSetInput{
 		Name:             aws.String(w.name),
 		Addresses:        aws.StringSlice(w.ips),
@@ -124,6 +132,7 @@ func (w *WAFIpSet) createIpSet() (*wafv2.IPSetSummary, error) {
 	if err != nil {
 		return nil, err
 	}
+
 	return r.Summary, nil
 }
 
@@ -144,11 +153,13 @@ func (w *WAFIpSet) DeleteIpSet() error {
 	if err != nil {
 		return err
 	}
+
 	return nil
 }
 
 func (w *WAFIpSet) Commit() error {
 	w.logger.Infof("Updating IPSet %s", w.name)
+
 	currSet, token, err := w.getIPSet()
 	if err != nil {
 		switch err.(type) {
@@ -157,11 +168,13 @@ func (w *WAFIpSet) Commit() error {
 			return err
 		}
 	}
+
 	if currSet == nil {
 		summary, err := w.createIpSet()
 		if err != nil {
 			return fmt.Errorf("failed to create IPSet %s: %w", w.name, err)
 		}
+
 		w.arn = *summary.ARN
 		w.id = *summary.Id
 	} else {
@@ -176,13 +189,16 @@ func (w *WAFIpSet) Commit() error {
 			return err
 		}
 	}
+
 	w.stale = false
+
 	return nil
 }
 
 func NewIpSet(setPrefix string, ipType string, decisionType string, scope string, client *wafv2.WAFV2) *WAFIpSet {
 	u := uuid.New()
 	setName := setPrefix + "-" + ipType + "-" + decisionType + "-" + u.String()
+
 	return &WAFIpSet{
 		name:         setName,
 		ipType:       ipType,