Add and fix gosec
This commit is contained in:
parent
715542ac1c
commit
c4d4c9c4e4
5 changed files with 10 additions and 9 deletions
|
@ -32,7 +32,6 @@ linters:
|
||||||
- wrapcheck
|
- wrapcheck
|
||||||
- goerr113
|
- goerr113
|
||||||
- forcetypeassert
|
- forcetypeassert
|
||||||
- gosec
|
|
||||||
- forbidigo
|
- forbidigo
|
||||||
- dupl
|
- dupl
|
||||||
- makezero
|
- makezero
|
||||||
|
|
10
app.go
10
app.go
|
@ -638,10 +638,12 @@ func (h *Headscale) getTLSSettings() (*tls.Config, error) {
|
||||||
if !strings.HasPrefix(h.cfg.ServerURL, "https://") {
|
if !strings.HasPrefix(h.cfg.ServerURL, "https://") {
|
||||||
log.Warn().Msg("Listening with TLS but ServerURL does not start with https://")
|
log.Warn().Msg("Listening with TLS but ServerURL does not start with https://")
|
||||||
}
|
}
|
||||||
tlsConfig := &tls.Config{}
|
tlsConfig := &tls.Config{
|
||||||
tlsConfig.ClientAuth = tls.RequireAnyClientCert
|
ClientAuth: tls.RequireAnyClientCert,
|
||||||
tlsConfig.NextProtos = []string{"http/1.1"}
|
NextProtos: []string{"http/1.1"},
|
||||||
tlsConfig.Certificates = make([]tls.Certificate, 1)
|
Certificates: make([]tls.Certificate, 1),
|
||||||
|
MinVersion: tls.VersionTLS12,
|
||||||
|
}
|
||||||
tlsConfig.Certificates[0], err = tls.LoadX509KeyPair(h.cfg.TLSCertPath, h.cfg.TLSKeyPath)
|
tlsConfig.Certificates[0], err = tls.LoadX509KeyPair(h.cfg.TLSCertPath, h.cfg.TLSKeyPath)
|
||||||
|
|
||||||
return tlsConfig, err
|
return tlsConfig, err
|
||||||
|
|
|
@ -100,7 +100,7 @@ func (*Suite) TestDNSConfigLoading(c *check.C) {
|
||||||
func writeConfig(c *check.C, tmpDir string, configYaml []byte) {
|
func writeConfig(c *check.C, tmpDir string, configYaml []byte) {
|
||||||
// Populate a custom config file
|
// Populate a custom config file
|
||||||
configFile := filepath.Join(tmpDir, "config.yaml")
|
configFile := filepath.Join(tmpDir, "config.yaml")
|
||||||
err := ioutil.WriteFile(configFile, configYaml, 0o644)
|
err := ioutil.WriteFile(configFile, configYaml, 0o600)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
c.Fatalf("Couldn't write file %s", configFile)
|
c.Fatalf("Couldn't write file %s", configFile)
|
||||||
}
|
}
|
||||||
|
|
|
@ -70,7 +70,7 @@ func (h *Headscale) DestroyNamespace(name string) error {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
for _, key := range keys {
|
for _, key := range keys {
|
||||||
err = h.DestroyPreAuthKey(&key)
|
err = h.DestroyPreAuthKey(key)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
|
@ -95,8 +95,8 @@ func (h *Headscale) GetPreAuthKey(namespace string, key string) (*PreAuthKey, er
|
||||||
|
|
||||||
// DestroyPreAuthKey destroys a preauthkey. Returns error if the PreAuthKey
|
// DestroyPreAuthKey destroys a preauthkey. Returns error if the PreAuthKey
|
||||||
// does not exist.
|
// does not exist.
|
||||||
func (h *Headscale) DestroyPreAuthKey(pak *PreAuthKey) error {
|
func (h *Headscale) DestroyPreAuthKey(pak PreAuthKey) error {
|
||||||
if result := h.db.Unscoped().Delete(&pak); result.Error != nil {
|
if result := h.db.Unscoped().Delete(pak); result.Error != nil {
|
||||||
return result.Error
|
return result.Error
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue