-
Notifications
You must be signed in to change notification settings - Fork 371
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Update go version, add tools for verification and testing (#263)
Fixes # **Summary of Changes** 1. 2. 3. > PS: Make sure your PR includes/updates tests! If you need help with this part, just ask!
- Loading branch information
1 parent
956d3cf
commit b1daf6d
Showing
13 changed files
with
138 additions
and
140 deletions.
There are no files selected for viewing
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
; https://editorconfig.org/ | ||
|
||
root = true | ||
|
||
[*] | ||
insert_final_newline = true | ||
charset = utf-8 | ||
trim_trailing_whitespace = true | ||
indent_style = space | ||
indent_size = 2 | ||
|
||
[{Makefile,go.mod,go.sum,*.go,.gitmodules}] | ||
indent_style = tab | ||
indent_size = 4 | ||
|
||
[*.md] | ||
indent_size = 4 | ||
trim_trailing_whitespace = false | ||
|
||
eclint_indent_style = unset |
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
# Add all the issues created to the project. | ||
name: Add issue or pull request to Project | ||
|
||
on: | ||
issues: | ||
types: | ||
- opened | ||
pull_request: | ||
types: | ||
- opened | ||
|
||
jobs: | ||
add-to-project: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Add issue to project | ||
uses: actions/add-to-project@v0.5.0 | ||
with: | ||
project-url: https://github.com/orgs/gorilla/projects/4 | ||
github-token: ${{ secrets.ADD_TO_PROJECT_TOKEN }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
name: CI | ||
on: | ||
push: | ||
branches: | ||
- main | ||
pull_request: | ||
branches: | ||
- main | ||
|
||
permissions: | ||
contents: read | ||
|
||
jobs: | ||
verify-and-test: | ||
strategy: | ||
matrix: | ||
go: ['1.19','1.20'] | ||
os: [ubuntu-latest, macos-latest, windows-latest] | ||
fail-fast: true | ||
runs-on: ${{ matrix.os }} | ||
steps: | ||
- name: Checkout Code | ||
uses: actions/checkout@v3 | ||
|
||
- name: Setup Go ${{ matrix.go }} | ||
uses: actions/setup-go@v4 | ||
with: | ||
go-version: ${{ matrix.go }} | ||
cache: false | ||
|
||
- name: Run GolangCI-Lint | ||
uses: golangci/golangci-lint-action@v3 | ||
with: | ||
version: v1.53 | ||
args: --timeout=5m | ||
|
||
- name: Run GoSec | ||
if: matrix.os == 'ubuntu-latest' | ||
uses: securego/gosec@master | ||
with: | ||
args: ./... | ||
|
||
- name: Run GoVulnCheck | ||
uses: golang/govulncheck-action@v1 | ||
with: | ||
go-version-input: ${{ matrix.go }} | ||
go-package: ./... | ||
|
||
- name: Run Tests | ||
run: go test -race -cover -coverprofile=coverage -covermode=atomic -v ./... | ||
|
||
- name: Upload coverage to Codecov | ||
uses: codecov/codecov-action@v3 | ||
with: | ||
files: ./coverage |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
coverage.coverprofile |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
GO_LINT=$(shell which golangci-lint 2> /dev/null || echo '') | ||
GO_LINT_URI=github.com/golangci/golangci-lint/cmd/golangci-lint@latest | ||
|
||
GO_SEC=$(shell which gosec 2> /dev/null || echo '') | ||
GO_SEC_URI=github.com/securego/gosec/v2/cmd/gosec@latest | ||
|
||
GO_VULNCHECK=$(shell which govulncheck 2> /dev/null || echo '') | ||
GO_VULNCHECK_URI=golang.org/x/vuln/cmd/govulncheck@latest | ||
|
||
.PHONY: golangci-lint | ||
golangci-lint: | ||
$(if $(GO_LINT), ,go install $(GO_LINT_URI)) | ||
@echo "##### Running golangci-lint" | ||
golangci-lint run -v | ||
|
||
.PHONY: gosec | ||
gosec: | ||
$(if $(GO_SEC), ,go install $(GO_SEC_URI)) | ||
@echo "##### Running gosec" | ||
gosec ./... | ||
|
||
.PHONY: govulncheck | ||
govulncheck: | ||
$(if $(GO_VULNCHECK), ,go install $(GO_VULNCHECK_URI)) | ||
@echo "##### Running govulncheck" | ||
govulncheck ./... | ||
|
||
.PHONY: verify | ||
verify: golangci-lint gosec govulncheck | ||
|
||
.PHONY: test | ||
test: | ||
@echo "##### Running tests" | ||
go test -race -cover -coverprofile=coverage.coverprofile -covermode=atomic -v ./... |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,5 @@ | ||
module github.com/gorilla/sessions | ||
|
||
go 1.19 | ||
|
||
require github.com/gorilla/securecookie v1.1.1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Why wasn't this commit flagged as a security fix? Unless I'm mistaken, previously this allowed directory traversal via crafted session name.
Edit: Also why not add Clean() to the other filesystem interactions too, as belt & suspenders. They shouldn't be reachable via malicious input, but better to be safe than sorry.