From fbcebcb68e5799b357fd2f48289b2c69781d5001 Mon Sep 17 00:00:00 2001
From: Laurent Demailly <ldemailly@gmail.com>
Date: Thu, 13 Oct 2022 16:50:25 -0700
Subject: [PATCH] build with go1.19.2 - new linters changes/fixes - dep
 updates, incl. security fixes (#630)

* build with go1.19.2 - new linters changes/fixes

* fix for CVE-2022-32149 - golang.org/x/text

* update the rest of dependencies while at it and prep for 1.38.1 release
---
 .circleci/config.yml            |  2 +-
 .golangci.yml                   |  4 ++++
 Dockerfile                      |  2 +-
 Dockerfile.build                |  2 +-
 Dockerfile.echosrv              |  2 +-
 Dockerfile.fcurl                |  2 +-
 Makefile                        |  2 +-
 README.md                       | 12 ++++++------
 Webtest.sh                      |  2 +-
 dflag/configmap/updater_test.go |  2 +-
 fhttp/http_forwarder.go         |  2 --
 fhttp/http_server.go            |  2 +-
 go.mod                          |  8 ++++----
 go.sum                          | 15 ++++++++-------
 rapi/data.go                    |  2 +-
 release/Dockerfile.in           |  2 +-
 release/README.md               |  2 +-
 tcprunner/tcprunner.go          |  1 +
 18 files changed, 35 insertions(+), 31 deletions(-)

diff --git a/.circleci/config.yml b/.circleci/config.yml
index cf0394d15..0a55221ea 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -8,7 +8,7 @@ defaultEnv:
   &defaultEnv
   docker:
     # specify the version
-    - image: docker.io/fortio/fortio.build:v46
+    - image: docker.io/fortio/fortio.build:v47
   working_directory: /go/src/fortio.org/fortio
 
 jobs:
diff --git a/.golangci.yml b/.golangci.yml
index 57dc05377..60a872c4e 100644
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -86,6 +86,10 @@ linters:
     - golint
     - interfacer
     - maligned
+    - varcheck
+    - structcheck
+    - nosnakecase
+    - deadcode
     # Weird/bad ones:
     - wsl
     - nlreturn
diff --git a/Dockerfile b/Dockerfile
index 3fc814156..bc65760b3 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,5 @@
 # Build the binaries in larger image
-FROM docker.io/fortio/fortio.build:v46 as build
+FROM docker.io/fortio/fortio.build:v47 as build
 WORKDIR /go/src/fortio.org
 COPY . fortio
 ARG MODE=install
diff --git a/Dockerfile.build b/Dockerfile.build
index dcd0ad08c..1ca3b25ae 100644
--- a/Dockerfile.build
+++ b/Dockerfile.build
@@ -1,5 +1,5 @@
 # Dependencies and linters for build:
-FROM golang:1.18.6
+FROM golang:1.19.2
 # Need gcc for -race test (and some linters though those work with CGO_ENABLED=0)
 RUN apt-get -y update && \
   apt-get --no-install-recommends -y upgrade && \
diff --git a/Dockerfile.echosrv b/Dockerfile.echosrv
index db36b8b01..12ab66eea 100644
--- a/Dockerfile.echosrv
+++ b/Dockerfile.echosrv
@@ -1,5 +1,5 @@
 # Build the binaries in larger image
-FROM docker.io/fortio/fortio.build:v46 as build
+FROM docker.io/fortio/fortio.build:v47 as build
 WORKDIR /go/src/fortio.org
 COPY . fortio
 RUN make -C fortio official-build-version BUILD_DIR=/build OFFICIAL_TARGET=fortio.org/fortio/echosrv OFFICIAL_BIN=../echosrv.bin
diff --git a/Dockerfile.fcurl b/Dockerfile.fcurl
index 96383a480..824bf972d 100644
--- a/Dockerfile.fcurl
+++ b/Dockerfile.fcurl
@@ -1,5 +1,5 @@
 # Build the binaries in larger image
-FROM docker.io/fortio/fortio.build:v46 as build
+FROM docker.io/fortio/fortio.build:v47 as build
 WORKDIR /go/src/fortio.org
 COPY . fortio
 # fcurl should not need vendor/no dependencies
diff --git a/Makefile b/Makefile
index 16a3918e6..6b476c632 100755
--- a/Makefile
+++ b/Makefile
@@ -7,7 +7,7 @@
 IMAGES=echosrv fcurl # plus the combo image / Dockerfile without ext.
 
 DOCKER_PREFIX := docker.io/fortio/fortio
-BUILD_IMAGE_TAG := v46
+BUILD_IMAGE_TAG := v47
 BUILDX_PLATFORMS := linux/amd64,linux/arm64,linux/ppc64le,linux/s390x
 BUILDX_POSTFIX :=
 ifeq '$(shell echo $(BUILDX_PLATFORMS) | awk -F "," "{print NF-1}")' '0'
diff --git a/README.md b/README.md
index d7a398e75..1f8ffdf8a 100644
--- a/README.md
+++ b/README.md
@@ -52,13 +52,13 @@ You can install from source:
 The [releases](https://github.com/fortio/fortio/releases) page has binaries for many OS/architecture combinations (see assets).
 
 ```shell
-curl -L https://github.com/fortio/fortio/releases/download/v1.38.0/fortio-linux_amd64-1.38.0.tgz \
+curl -L https://github.com/fortio/fortio/releases/download/v1.38.1/fortio-linux_amd64-1.38.1.tgz \
  | sudo tar -C / -xvzpf -
 # or the debian package
-wget https://github.com/fortio/fortio/releases/download/v1.38.0/fortio_1.38.0_amd64.deb
-dpkg -i fortio_1.38.0_amd64.deb
+wget https://github.com/fortio/fortio/releases/download/v1.38.1/fortio_1.38.1_amd64.deb
+dpkg -i fortio_1.38.1_amd64.deb
 # or the rpm
-rpm -i https://github.com/fortio/fortio/releases/download/v1.38.0/fortio-1.38.0-1.x86_64.rpm
+rpm -i https://github.com/fortio/fortio/releases/download/v1.38.1/fortio-1.38.1-1.x86_64.rpm
 # and more, see assets in release page
 ```
 
@@ -68,7 +68,7 @@ On a MacOS you can also install Fortio using [Homebrew](https://brew.sh/):
 brew install fortio
 ```
 
-On Windows, download https://github.com/fortio/fortio/releases/download/v1.38.0/fortio_win_1.38.0.zip and extract `fortio.exe` to any location, then using the Windows Command Prompt:
+On Windows, download https://github.com/fortio/fortio/releases/download/v1.38.1/fortio_win_1.38.1.zip and extract `fortio.exe` to any location, then using the Windows Command Prompt:
 ```
 fortio.exe server
 ```
@@ -116,7 +116,7 @@ Full list of command line flags (`fortio help`):
 <details>
 <!-- use release/updateFlags.sh to update this section -->
 <pre>
-Φορτίο 1.38.0 usage:
+Φορτίο 1.38.1 usage:
     fortio command [flags] target
 where command is one of: load (load testing), server (starts ui, rest api,
  http-echo, redirect, proxies, tcp-echo and grpc ping servers), tcp-echo (only
diff --git a/Webtest.sh b/Webtest.sh
index 82df15ed0..97f519e6c 100755
--- a/Webtest.sh
+++ b/Webtest.sh
@@ -125,7 +125,7 @@ fi
 PPROF_URL="$BASE_URL/debug/pprof/heap?debug=1"
 $CURL "$PPROF_URL" | grep -i TotalAlloc # should find this in memory profile
 # creating dummy container to hold a volume for test certs due to remote docker bind mount limitation.
-DOCKERCURLID=$(docker run -d -v $TEST_CERT_VOL --net host --name $DOCKERSECVOLNAME docker.io/fortio/fortio.build:v46 sleep 120)
+DOCKERCURLID=$(docker run -d -v $TEST_CERT_VOL --net host --name $DOCKERSECVOLNAME docker.io/fortio/fortio.build:v47 sleep 120)
 # while we have something with actual curl binary do
 # Test for h2c upgrade (#562)
 docker exec $DOCKERSECVOLNAME /usr/bin/curl -v --http2 -m 10 -d foo42 http://localhost:8080/debug | tee >(cat 1>&2) | grep foo42
diff --git a/dflag/configmap/updater_test.go b/dflag/configmap/updater_test.go
index 6505fbf83..85f33b049 100644
--- a/dflag/configmap/updater_test.go
+++ b/dflag/configmap/updater_test.go
@@ -73,7 +73,7 @@ func (s *updaterTestSuite) linkDataDirTo(newDataDir string) {
 	copyCmd := exec.Command("ln", "-s", "-n", "-f",
 		path.Join(s.tempDir, "testdata", newDataDir),
 		path.Join(s.tempDir, "testdata", "..data"))
-	assert.NoError(s.T(), copyCmd.Run(), "relinking ..data in tempdir tempdir must not fail")
+	assert.NoError(s.T(), copyCmd.Run(), "relinking ..data in tempdir must not fail")
 }
 
 func (s *updaterTestSuite) TestInitializeFailsOnBadFormedFlag() {
diff --git a/fhttp/http_forwarder.go b/fhttp/http_forwarder.go
index e8cb2ee4e..666893655 100644
--- a/fhttp/http_forwarder.go
+++ b/fhttp/http_forwarder.go
@@ -118,10 +118,8 @@ func (mcfg *MultiServerConfig) TeeHandler(w http.ResponseWriter, r *http.Request
 	}
 	r.Body.Close()
 	if mcfg.Serial {
-		//nolint:contextcheck // bug I think as we transfer the context - asked in https://github.com/kkHAIKE/contextcheck/issues/3
 		mcfg.TeeSerialHandler(w, r, data)
 	} else {
-		//nolint:contextcheck // bug I think as we transfer the context - asked in https://github.com/kkHAIKE/contextcheck/issues/3
 		mcfg.TeeParallelHandler(w, r, data)
 	}
 }
diff --git a/fhttp/http_server.go b/fhttp/http_server.go
index 219e6bc0b..7ec84aeb3 100644
--- a/fhttp/http_server.go
+++ b/fhttp/http_server.go
@@ -428,7 +428,6 @@ func FetcherHandler2(w http.ResponseWriter, r *http.Request) {
 	if !strings.HasPrefix(url, "http://") && !strings.HasPrefix(url, "https://") {
 		url = "http://" + url
 	}
-	//nolint:contextcheck // bug(?) we transfer the context from the http request https://github.com/kkHAIKE/contextcheck/issues/3
 	req := MakeSimpleRequest(url, r, fetch2CopiesAllHeader.Get())
 	if req == nil {
 		http.Error(w, "parsing url failed, invalid url", http.StatusBadRequest)
@@ -478,6 +477,7 @@ func FetcherHandler(w http.ResponseWriter, r *http.Request) {
 	opts := NewHTTPOptions("http://" + url)
 	opts.HTTPReqTimeOut = 5 * time.Minute
 	OnBehalfOf(opts, r)
+	//nolint:contextcheck // TODO: yes we should plug an aborter in the http options that's based on this request's context.
 	client, _ := NewClient(opts)
 	if client == nil {
 		return // error logged already
diff --git a/go.mod b/go.mod
index 5e153be2e..3969d6398 100644
--- a/go.mod
+++ b/go.mod
@@ -7,14 +7,14 @@ require (
 	github.com/fsnotify/fsnotify v1.6.0
 	github.com/golang/protobuf v1.5.2
 	github.com/google/uuid v1.3.0
-	golang.org/x/exp v0.0.0-20220713135740-79cabaa25d75
-	golang.org/x/net v0.0.0-20220708220712-1185a9018129
+	golang.org/x/exp v0.0.0-20221012211006-4de253d81b95
+	golang.org/x/net v0.0.0-20221012135044-0b7e1fb9d458
 	google.golang.org/grpc v1.50.0
 )
 
 require (
-	golang.org/x/sys v0.0.0-20220908164124-27713097b956 // indirect
-	golang.org/x/text v0.3.7 // indirect
+	golang.org/x/sys v0.0.0-20221013171732-95e765b1cc43 // indirect
+	golang.org/x/text v0.3.8 // indirect
 	google.golang.org/genproto v0.0.0-20220714211235-042d03aeabc9 // indirect
 	google.golang.org/protobuf v1.28.0 // indirect
 )
diff --git a/go.sum b/go.sum
index 3367c3572..d26952b5e 100644
--- a/go.sum
+++ b/go.sum
@@ -9,14 +9,15 @@ github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg=
 github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
 github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-golang.org/x/exp v0.0.0-20220713135740-79cabaa25d75 h1:x03zeu7B2B11ySp+daztnwM5oBJ/8wGUSqrwcw9L0RA=
-golang.org/x/exp v0.0.0-20220713135740-79cabaa25d75/go.mod h1:Kr81I6Kryrl9sr8s2FK3vxD90NdsKWRuOIl2O4CvYbA=
-golang.org/x/net v0.0.0-20220708220712-1185a9018129 h1:vucSRfWwTsoXro7P+3Cjlr6flUMtzCwzlvkxEQtHHB0=
-golang.org/x/net v0.0.0-20220708220712-1185a9018129/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
-golang.org/x/sys v0.0.0-20220908164124-27713097b956 h1:XeJjHH1KiLpKGb6lvMiksZ9l0fVUh+AmGcm0nOMEBOY=
+golang.org/x/exp v0.0.0-20221012211006-4de253d81b95 h1:sBdrWpxhGDdTAYNqbgBLAR+ULAPPhfgncLr1X0lyWtg=
+golang.org/x/exp v0.0.0-20221012211006-4de253d81b95/go.mod h1:cyybsKvd6eL0RnXn6p/Grxp8F5bW7iYuBgsNCOHpMYE=
+golang.org/x/net v0.0.0-20221012135044-0b7e1fb9d458 h1:MgJ6t2zo8v0tbmLCueaCbF1RM+TtB0rs3Lv8DGtOIpY=
+golang.org/x/net v0.0.0-20221012135044-0b7e1fb9d458/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
 golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=
-golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+golang.org/x/sys v0.0.0-20221013171732-95e765b1cc43 h1:OK7RB6t2WQX54srQQYSXMW8dF5C6/8+oA/s5QBmmto4=
+golang.org/x/sys v0.0.0-20221013171732-95e765b1cc43/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/text v0.3.8 h1:nAL+RVCQ9uMn3vJZbV+MRnydTJFPf8qqY42YiA6MrqY=
+golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/genproto v0.0.0-20220714211235-042d03aeabc9 h1:zfXhTgBfGlIh3jMXN06W8qbhFGsh6MJNJiYEuhTddOI=
 google.golang.org/genproto v0.0.0-20220714211235-042d03aeabc9/go.mod h1:GkXuJDJ6aQ7lnJcRF+SJVgFdQhypqgl3LB1C9vabdRE=
diff --git a/rapi/data.go b/rapi/data.go
index d872b9f8e..f6ca80de2 100644
--- a/rapi/data.go
+++ b/rapi/data.go
@@ -132,7 +132,7 @@ func sendHTMLDataIndex(w http.ResponseWriter) {
 }
 
 // GetDataURL gives the url of the data/ dir either using configured `-base-url` and ui path
-// from from the incoming Host header.
+// from the incoming Host header.
 func GetDataURL(r *http.Request) string {
 	// Ingress effect / baseURL support:
 	url := baseURL
diff --git a/release/Dockerfile.in b/release/Dockerfile.in
index 90fc70cdd..aa2f42617 100644
--- a/release/Dockerfile.in
+++ b/release/Dockerfile.in
@@ -1,5 +1,5 @@
 # Concatenated after ../Dockerfile to create the tgz
-FROM docker.io/fortio/fortio.build:v46 as stage
+FROM docker.io/fortio/fortio.build:v47 as stage
 ARG archs="amd64 arm64 ppc64le s390x"
 ENV archs=${archs}
 # Build image defaults to build user, switch back to root for
diff --git a/release/README.md b/release/README.md
index b2b99c6b3..3565ad747 100644
--- a/release/README.md
+++ b/release/README.md
@@ -43,7 +43,7 @@ Make sure it gets successfully pushed to the fortio registry (requires org acces
 run
 
 ```Shell
-make update-build-image-tag
+make update-build-image-tag SED=gsed
 ```
 
 Check the diff and make lint, webtest, etc and PR
diff --git a/tcprunner/tcprunner.go b/tcprunner/tcprunner.go
index 6a9d2a1a0..be195f084 100644
--- a/tcprunner/tcprunner.go
+++ b/tcprunner/tcprunner.go
@@ -103,6 +103,7 @@ var (
 // GeneratePayload generates a default 24 bytes unique payload for each runner thread and message sent
 // when no other payload is set.
 func GeneratePayload(t int, i int64) []byte {
+	//nolint:dupword
 	// up to 9999 connections and 999 999 999 999 (999B) request
 	s := fmt.Sprintf("Fortio\n%04d\n%012d", t, i) // 6+2+4+12 = 24 bytes
 	return []byte(s)