From d964ec31f8e4ae864f6367fbce5e978502f867f1 Mon Sep 17 00:00:00 2001 From: Simone Basso Date: Tue, 14 May 2024 11:28:22 +0200 Subject: [PATCH] chore: start addressing gosec warnings (#1602) Part of https://github.com/ooni/probe/issues/2722 --- cmd/ooniprobe/internal/nettests/run.go | 2 +- .../cmd/gardener/internal/dnsfix/dnsfix.go | 2 +- .../gardener/internal/dnsreport/dnsreport.go | 2 +- .../gardener/internal/testlists/testlists.go | 2 +- internal/cmd/ghgen/utils.go | 2 +- internal/cmd/miniooni/main.go | 2 +- internal/cmd/oohelperd/main.go | 2 +- internal/cmd/ooporthelper/main.go | 2 +- internal/cmd/tinyjafar/main.go | 2 +- internal/engine/session.go | 2 +- internal/enginelocate/iplookup.go | 2 +- internal/enginelocate/stun.go | 2 +- internal/enginenetx/bridgespolicy.go | 2 +- internal/enginenetx/httpsdialer.go | 6 ++-- internal/engineresolver/resolver.go | 2 +- internal/engineresolver/resolvermaker.go | 2 +- internal/experiment/echcheck/handshake.go | 2 +- .../experiment/fbmessenger/fbmessenger.go | 2 +- .../experiment/portfiltering/tcpconnect.go | 2 +- internal/experiment/quicping/quicping.go | 2 +- .../simplequicping/simplequicping.go | 2 +- .../experiment/sniblocking/sniblocking.go | 2 +- internal/experiment/tcpping/tcpping.go | 2 +- internal/experiment/tlsmiddlebox/connect.go | 2 +- internal/experiment/tlsmiddlebox/tracing.go | 2 +- internal/experiment/tlsping/tlsping.go | 2 +- .../experiment/tlstool/internal/splitter.go | 2 +- internal/experiment/tlstool/tlstool.go | 4 +-- internal/experiment/urlgetter/configurer.go | 2 +- internal/experiment/urlgetter/runner.go | 4 +-- .../webconnectivitylte/cleartextflow.go | 4 +-- .../webconnectivitylte/secureflow.go | 6 ++-- internal/experiment/whatsapp/whatsapp.go | 2 +- internal/fsx/fsx.go | 4 +-- internal/legacy/measurex/easy.go | 12 ++++---- internal/legacy/measurex/http.go | 4 ++- internal/legacy/measurex/measurer.go | 30 ++++++++++--------- internal/netemx/cloudflare.go | 4 +-- internal/netemx/largefile.go | 2 +- internal/netemx/ooapi.go | 2 +- internal/netemx/qaenv.go | 8 ++--- internal/netemx/web.go | 4 +-- internal/netemx/yandex.go | 2 +- internal/netxlite/dnsovertcp.go | 2 +- internal/netxlite/dnsoverudp.go | 6 ++-- internal/netxlite/http3.go | 2 +- internal/netxlite/httptimeout.go | 6 ++-- internal/netxlite/quic.go | 6 ++-- internal/netxlite/tls.go | 4 +-- internal/oohelperd/handler.go | 4 +-- internal/oohelperd/quic.go | 2 +- internal/oohelperd/tcptls.go | 4 +-- internal/oonirun/experiment.go | 2 +- internal/ptx/obfs4.go | 2 +- internal/ptx/ptx.go | 8 ++--- internal/ptx/snowflake.go | 2 +- internal/shellx/shellx.go | 2 +- internal/testingproxy/hosthttps.go | 2 +- internal/testingproxy/netemhttp.go | 8 ++--- internal/testingproxy/netemhttps.go | 8 ++--- internal/testingproxy/socksnetem.go | 8 ++--- internal/testingsocks5/auth.go | 2 +- internal/testingx/dnsoverhttps.go | 2 +- internal/testingx/fakefill.go | 2 +- internal/testingx/geoip.go | 2 +- internal/testingx/httptestx.go | 12 ++++---- internal/testingx/oonibackendwithlogin.go | 8 ++--- internal/testingx/oonicollector.go | 4 +-- internal/testingx/tcpx.go | 4 +-- internal/testingx/tlssniproxy.go | 2 +- internal/testingx/tlsx.go | 4 +-- internal/tunnel/fake.go | 2 +- internal/tunnel/tor.go | 14 ++++----- .../tutorial/measurex/chapter04/README.md | 2 +- internal/tutorial/measurex/chapter04/main.go | 2 +- .../tutorial/measurex/chapter05/README.md | 2 +- internal/tutorial/measurex/chapter05/main.go | 2 +- .../tutorial/measurex/chapter14/README.md | 4 +-- internal/tutorial/measurex/chapter14/main.go | 4 +-- .../tutorial/netxlite/chapter01/README.md | 2 +- internal/tutorial/netxlite/chapter01/main.go | 2 +- .../tutorial/netxlite/chapter02/README.md | 6 ++-- internal/tutorial/netxlite/chapter02/main.go | 6 ++-- .../tutorial/netxlite/chapter03/README.md | 6 ++-- internal/tutorial/netxlite/chapter03/main.go | 6 ++-- .../tutorial/netxlite/chapter04/README.md | 4 +-- internal/tutorial/netxlite/chapter04/main.go | 4 +-- .../tutorial/netxlite/chapter07/README.md | 6 ++-- internal/tutorial/netxlite/chapter07/main.go | 6 ++-- .../tutorial/netxlite/chapter08/README.md | 5 ++-- internal/tutorial/netxlite/chapter08/main.go | 5 ++-- internal/webconnectivityalgo/dnsoverhttps.go | 2 +- internal/webconnectivityalgo/dnsoverudp.go | 2 +- internal/webconnectivityqa/dnsblocking.go | 3 +- internal/webconnectivityqa/localhost.go | 13 ++++---- internal/x/dsljavascript/consolemodule.go | 6 ++-- internal/x/dsljavascript/golangmodule.go | 2 +- internal/x/dsljavascript/oonimodule.go | 2 +- internal/x/dsljavascript/vm.go | 5 ++-- internal/x/dslvm/quic.go | 2 +- internal/x/dslvm/tls.go | 4 +-- internal/x/dslx/tls.go | 2 +- pkg/oonimkall/session.go | 2 +- pkg/oonimkall/task.go | 2 +- pkg/oonimkall/taskrunner.go | 2 +- 105 files changed, 211 insertions(+), 200 deletions(-) diff --git a/cmd/ooniprobe/internal/nettests/run.go b/cmd/ooniprobe/internal/nettests/run.go index e4ec2fc254..1ad9ae2bab 100644 --- a/cmd/ooniprobe/internal/nettests/run.go +++ b/cmd/ooniprobe/internal/nettests/run.go @@ -131,7 +131,7 @@ func RunGroup(config RunGroupConfig) error { defer dir.Close() _, err = dir.Readdirnames(1) if err != nil { - os.Remove(result.MeasurementDir) + _ = os.Remove(result.MeasurementDir) } if err = db.Finished(result); err != nil { return err diff --git a/internal/cmd/gardener/internal/dnsfix/dnsfix.go b/internal/cmd/gardener/internal/dnsfix/dnsfix.go index 89c1ffde33..9db44582d9 100644 --- a/internal/cmd/gardener/internal/dnsfix/dnsfix.go +++ b/internal/cmd/gardener/internal/dnsfix/dnsfix.go @@ -46,7 +46,7 @@ func (s *Subcommand) Main() { // walk through each entry for _, entry := range entries { - bar.Add(1) + _ = bar.Add(1) s.processEntry(entry) } } diff --git a/internal/cmd/gardener/internal/dnsreport/dnsreport.go b/internal/cmd/gardener/internal/dnsreport/dnsreport.go index d5edc649c8..d8b3036fe6 100644 --- a/internal/cmd/gardener/internal/dnsreport/dnsreport.go +++ b/internal/cmd/gardener/internal/dnsreport/dnsreport.go @@ -220,7 +220,7 @@ func (s *Subcommand) measureEntries(ctx context.Context, db *sql.DB, entries []* // walk through each entry until we're interrupted by the context for idx := 0; idx < len(entries) && ctx.Err() == nil; idx++ { - bar.Add(1) + _ = bar.Add(1) s.measureSingleEntry(db, entries[idx]) } } diff --git a/internal/cmd/gardener/internal/testlists/testlists.go b/internal/cmd/gardener/internal/testlists/testlists.go index 49207ffa92..2e61f59895 100644 --- a/internal/cmd/gardener/internal/testlists/testlists.go +++ b/internal/cmd/gardener/internal/testlists/testlists.go @@ -146,7 +146,7 @@ func emit(filepath string, all []*Entry, och chan<- *Entry) { progressbar.OptionSetWriter(os.Stdout), ) for _, entry := range all { - bar.Add(1) + _ = bar.Add(1) och <- entry } } diff --git a/internal/cmd/ghgen/utils.go b/internal/cmd/ghgen/utils.go index 8b7cc05db5..39f203b1c7 100644 --- a/internal/cmd/ghgen/utils.go +++ b/internal/cmd/ghgen/utils.go @@ -171,7 +171,7 @@ func generateWorkflowFile(name string, jobs []Job) { mustFprintf(fp, "\n") mustFprintf(fp, "jobs:\n") for _, job := range jobs { - job.Action(fp, &job) + job.Action(fp, &job) // #nosec G601 -- job.Action is synchronous and does not retain job } mustFprintf(fp, "# End of autogenerated file\n") } diff --git a/internal/cmd/miniooni/main.go b/internal/cmd/miniooni/main.go index 37d29e4e10..4bab5d7340 100644 --- a/internal/cmd/miniooni/main.go +++ b/internal/cmd/miniooni/main.go @@ -372,7 +372,7 @@ func mainSingleIteration(logger model.Logger, experimentName string, currentOpti sess := newSessionOrPanic(ctx, currentOptions, miniooniDir, logger) defer func() { - sess.Close() + _ = sess.Close() log.Infof("whole session: recv %s, sent %s", humanize.SI(sess.KibiBytesReceived()*1024, "byte"), humanize.SI(sess.KibiBytesSent()*1024, "byte"), diff --git a/internal/cmd/oohelperd/main.go b/internal/cmd/oohelperd/main.go index c62e15aa72..ae7f7e1c39 100644 --- a/internal/cmd/oohelperd/main.go +++ b/internal/cmd/oohelperd/main.go @@ -60,7 +60,7 @@ func shutdown(srv *http.Server, wg *sync.WaitGroup) { defer wg.Done() ctx, cancel := context.WithTimeout(context.Background(), 45*time.Second) defer cancel() - srv.Shutdown(ctx) + _ = srv.Shutdown(ctx) } func main() { diff --git a/internal/cmd/ooporthelper/main.go b/internal/cmd/ooporthelper/main.go index 55b77f0e64..19a8b803e9 100644 --- a/internal/cmd/ooporthelper/main.go +++ b/internal/cmd/ooporthelper/main.go @@ -27,7 +27,7 @@ func init() { func shutdown(ctx context.Context, l net.Listener) { <-ctx.Done() - l.Close() + _ = l.Close() } // TODO(DecFox): Add the ability of an echo service to generate some traffic diff --git a/internal/cmd/tinyjafar/main.go b/internal/cmd/tinyjafar/main.go index b962d2c890..e5b85cf902 100644 --- a/internal/cmd/tinyjafar/main.go +++ b/internal/cmd/tinyjafar/main.go @@ -153,7 +153,7 @@ func mainWithArgs(writer io.Writer, sigChan <-chan os.Signal, args ...string) { fset := flag.NewFlagSet("tinyjafar", flag.ExitOnError) cfg.initFlags(fset) - fset.Parse(args) + runtimex.Try0(fset.Parse(args)) cs := newCmdSet() cs.handleDropIP(cfg) diff --git a/internal/engine/session.go b/internal/engine/session.go index 855191f95a..3539c1c5e5 100644 --- a/internal/engine/session.go +++ b/internal/engine/session.go @@ -338,7 +338,7 @@ func (s *Session) Close() error { // doClose implements Close. This function is called just once. func (s *Session) doClose() { // make sure we close open connections and persist stats to the key-value store - s.network.Close() + _ = s.network.Close() s.resolver.CloseIdleConnections() if s.tunnel != nil { diff --git a/internal/enginelocate/iplookup.go b/internal/enginelocate/iplookup.go index f9654cbd4d..0a3c4e743b 100644 --- a/internal/enginelocate/iplookup.go +++ b/internal/enginelocate/iplookup.go @@ -68,7 +68,7 @@ type ipLookupClient struct { } func makeSlice() []method { - r := rand.New(rand.NewSource(time.Now().UnixNano())) + r := rand.New(rand.NewSource(time.Now().UnixNano())) // #nosec G404 -- not really important ret := make([]method, len(methods)) perm := r.Perm(len(methods)) for idx, randIdx := range perm { diff --git a/internal/enginelocate/stun.go b/internal/enginelocate/stun.go index d659c9de84..dbbbef9945 100644 --- a/internal/enginelocate/stun.go +++ b/internal/enginelocate/stun.go @@ -45,7 +45,7 @@ func stunIPLookup(ctx context.Context, config stunConfig) (string, error) { } clnt, err := newClient(conn) if err != nil { - conn.Close() + _ = conn.Close() return model.DefaultProbeIP, err } defer clnt.Close() diff --git a/internal/enginenetx/bridgespolicy.go b/internal/enginenetx/bridgespolicy.go index 0bbc1e9fca..1b15aafea4 100644 --- a/internal/enginenetx/bridgespolicy.go +++ b/internal/enginenetx/bridgespolicy.go @@ -60,7 +60,7 @@ func bridgesTacticsForDomain(domain, port string) <-chan *httpsDialerTactic { func bridgesDomainsInRandomOrder() (out []string) { out = bridgesDomains() - r := rand.New(rand.NewSource(time.Now().UnixNano())) + r := rand.New(rand.NewSource(time.Now().UnixNano())) // #nosec G404 -- not really important r.Shuffle(len(out), func(i, j int) { out[i], out[j] = out[j], out[i] }) diff --git a/internal/enginenetx/httpsdialer.go b/internal/enginenetx/httpsdialer.go index f59ceb938a..2881bdebcd 100644 --- a/internal/enginenetx/httpsdialer.go +++ b/internal/enginenetx/httpsdialer.go @@ -306,7 +306,7 @@ func httpsDialerReduceResult(connv []model.TLSConn, errorv []error) (model.TLSCo switch { case len(connv) >= 1: for _, c := range connv[1:] { - c.Close() + _ = c.Close() } return connv[0], nil @@ -400,7 +400,7 @@ func (hd *httpsDialer) dialTLS( // handle handshake error if err != nil { hd.stats.OnTLSHandshakeError(ctx, tactic, err) - tcpConn.Close() + _ = tcpConn.Close() return nil, err } @@ -412,7 +412,7 @@ func (hd *httpsDialer) dialTLS( // handle verification error if err != nil { hd.stats.OnTLSVerifyError(tactic, err) - tlsConn.Close() + _ = tlsConn.Close() return nil, err } diff --git a/internal/engineresolver/resolver.go b/internal/engineresolver/resolver.go index c54bf8f45e..d203cd702a 100644 --- a/internal/engineresolver/resolver.go +++ b/internal/engineresolver/resolver.go @@ -168,7 +168,7 @@ func (r *Resolver) lookupHost(ctx context.Context, ri *resolverinfo, hostname st // // The return value is only meaningful for testing. func (r *Resolver) maybeConfusion(state []*resolverinfo, seed int64) int { - rng := rand.New(rand.NewSource(seed)) + rng := rand.New(rand.NewSource(seed)) // #nosec G404 -- not really important const confusion = 0.3 if rng.Float64() >= confusion { return -1 diff --git a/internal/engineresolver/resolvermaker.go b/internal/engineresolver/resolvermaker.go index 4ae1e63d0c..38520dbe9e 100644 --- a/internal/engineresolver/resolvermaker.go +++ b/internal/engineresolver/resolvermaker.go @@ -58,7 +58,7 @@ var allbyurl = resolverMakeInitialState() // see https://github.com/ooni/probe/issues/2544. func resolverMakeInitialState() map[string]*resolvermaker { output := make(map[string]*resolvermaker) - rng := rand.New(rand.NewSource(time.Now().UnixNano())) + rng := rand.New(rand.NewSource(time.Now().UnixNano())) // #nosec G404 -- not really important for _, e := range allmakers { output[e.url] = e if e.url != systemResolverURL { diff --git a/internal/experiment/echcheck/handshake.go b/internal/experiment/echcheck/handshake.go index 4597d89fe9..011966b81b 100644 --- a/internal/experiment/echcheck/handshake.go +++ b/internal/experiment/echcheck/handshake.go @@ -68,7 +68,7 @@ var certpool = netxlite.NewMozillaCertPool() // genTLSConfig generates tls.Config from a given SNI func genTLSConfig(sni string) *tls.Config { - return &tls.Config{ + return &tls.Config{ // #nosec G402 - we need to use a large TLS versions range for measuring RootCAs: certpool, ServerName: sni, NextProtos: []string{"h2", "http/1.1"}, diff --git a/internal/experiment/fbmessenger/fbmessenger.go b/internal/experiment/fbmessenger/fbmessenger.go index e039cfd000..5b18073bac 100644 --- a/internal/experiment/fbmessenger/fbmessenger.go +++ b/internal/experiment/fbmessenger/fbmessenger.go @@ -179,7 +179,7 @@ func (m Measurer) Run(ctx context.Context, args *model.ExperimentArgs) error { for _, service := range Services { inputs = append(inputs, urlgetter.MultiInput{Target: service}) } - rnd := rand.New(rand.NewSource(time.Now().UnixNano())) + rnd := rand.New(rand.NewSource(time.Now().UnixNano())) // #nosec G404 -- not really important rnd.Shuffle(len(inputs), func(i, j int) { inputs[i], inputs[j] = inputs[j], inputs[i] }) diff --git a/internal/experiment/portfiltering/tcpconnect.go b/internal/experiment/portfiltering/tcpconnect.go index 95ef97cf0c..aa3b73a9f4 100644 --- a/internal/experiment/portfiltering/tcpconnect.go +++ b/internal/experiment/portfiltering/tcpconnect.go @@ -44,6 +44,6 @@ func (m *Measurer) tcpConnect(ctx context.Context, index int64, dialer := trace.NewDialerWithoutResolver(logger) conn, err := dialer.DialContext(ctx, "tcp", address) ol.Stop(err) - measurexlite.MaybeClose(conn) + _ = measurexlite.MaybeClose(conn) return trace.FirstTCPConnectOrNil() } diff --git a/internal/experiment/quicping/quicping.go b/internal/experiment/quicping/quicping.go index 893f86e30d..09fa99a4a8 100644 --- a/internal/experiment/quicping/quicping.go +++ b/internal/experiment/quicping/quicping.go @@ -259,7 +259,7 @@ func (m *Measurer) Run(ctx context.Context, args *model.ExperimentArgs) error { // set context and read timeouts deadline := time.Duration(rep*2) * time.Second - pconn.SetDeadline(time.Now().Add(deadline)) + _ = pconn.SetDeadline(time.Now().Add(deadline)) ctx, cancel := context.WithTimeout(ctx, deadline) defer cancel() diff --git a/internal/experiment/simplequicping/simplequicping.go b/internal/experiment/simplequicping/simplequicping.go index 095d0c2c85..82e12ce2d8 100644 --- a/internal/experiment/simplequicping/simplequicping.go +++ b/internal/experiment/simplequicping/simplequicping.go @@ -178,7 +178,7 @@ func (m *Measurer) quicHandshake(ctx context.Context, index int64, // See https://github.com/ooni/probe/issues/2413 to understand // why we're using nil to force netxlite to use the cached // default Mozilla cert pool. - tlsConfig := &tls.Config{ + tlsConfig := &tls.Config{ // #nosec G402 - we need to use a large TLS versions range for measuring NextProtos: alpn, RootCAs: nil, ServerName: sni, diff --git a/internal/experiment/sniblocking/sniblocking.go b/internal/experiment/sniblocking/sniblocking.go index 1ba6ac28ee..920147d8ae 100644 --- a/internal/experiment/sniblocking/sniblocking.go +++ b/internal/experiment/sniblocking/sniblocking.go @@ -112,7 +112,7 @@ func (m *Measurer) measureone( thaddr string, ) Subresult { // slightly delay the measurement - gen := rand.New(rand.NewSource(time.Now().UnixNano())) + gen := rand.New(rand.NewSource(time.Now().UnixNano())) // #nosec G404 -- not really important sleeptime := time.Duration(gen.Intn(250)) * time.Millisecond select { case <-time.After(sleeptime): diff --git a/internal/experiment/tcpping/tcpping.go b/internal/experiment/tcpping/tcpping.go index 2fd6d362de..468bd88088 100644 --- a/internal/experiment/tcpping/tcpping.go +++ b/internal/experiment/tcpping/tcpping.go @@ -138,7 +138,7 @@ func (m *Measurer) tcpConnect(ctx context.Context, index int64, ol := logx.NewOperationLogger(logger, "TCPPing #%d %s", index, address) conn, err := dialer.DialContext(ctx, "tcp", address) ol.Stop(err) - measurexlite.MaybeClose(conn) + _ = measurexlite.MaybeClose(conn) sp := &SinglePing{ TCPConnect: trace.FirstTCPConnectOrNil(), // record the first connect from the buffer } diff --git a/internal/experiment/tlsmiddlebox/connect.go b/internal/experiment/tlsmiddlebox/connect.go index 8ef061de3a..008d47f804 100644 --- a/internal/experiment/tlsmiddlebox/connect.go +++ b/internal/experiment/tlsmiddlebox/connect.go @@ -21,7 +21,7 @@ func (m *Measurer) TCPConnect(ctx context.Context, index int64, zeroTime time.Ti ol := logx.NewOperationLogger(logger, "TCPConnect #%d %s", index, address) conn, err := dialer.DialContext(ctx, "tcp", address) ol.Stop(err) - measurexlite.MaybeClose(conn) + _ = measurexlite.MaybeClose(conn) tcpEvents := trace.TCPConnects() tk.addTCPConnect(tcpEvents) return err diff --git a/internal/experiment/tlsmiddlebox/tracing.go b/internal/experiment/tlsmiddlebox/tracing.go index d904744a9c..110c39f586 100644 --- a/internal/experiment/tlsmiddlebox/tracing.go +++ b/internal/experiment/tlsmiddlebox/tracing.go @@ -124,7 +124,7 @@ func genTLSConfig(sni string) *tls.Config { // See https://github.com/ooni/probe/issues/2413 to understand // why we're using nil to force netxlite to use the cached // default Mozilla cert pool. - return &tls.Config{ + return &tls.Config{ // #nosec G402 - we need to use a large TLS versions range for measuring RootCAs: nil, ServerName: sni, NextProtos: []string{"h2", "http/1.1"}, diff --git a/internal/experiment/tlsping/tlsping.go b/internal/experiment/tlsping/tlsping.go index d52c2b8653..ff20c0a9f6 100644 --- a/internal/experiment/tlsping/tlsping.go +++ b/internal/experiment/tlsping/tlsping.go @@ -184,7 +184,7 @@ func (m *Measurer) tlsConnectAndHandshake(ctx context.Context, index int64, // See https://github.com/ooni/probe/issues/2413 to understand // why we're using nil to force netxlite to use the cached // default Mozilla cert pool. - config := &tls.Config{ + config := &tls.Config{ // #nosec G402 - we need to use a large TLS versions range for measuring NextProtos: alpn, RootCAs: nil, ServerName: sni, diff --git a/internal/experiment/tlstool/internal/splitter.go b/internal/experiment/tlstool/internal/splitter.go index 0aecfb8175..88c7f773eb 100644 --- a/internal/experiment/tlstool/internal/splitter.go +++ b/internal/experiment/tlstool/internal/splitter.go @@ -58,7 +58,7 @@ func Splitter3264rand(input []byte) (output [][]byte) { output = append(output, input) return } - rnd := rand.New(rand.NewSource(time.Now().UnixNano())) + rnd := rand.New(rand.NewSource(time.Now().UnixNano())) // #nosec G404 -- not really important offset := rnd.Intn(32) + 32 output = append(output, input[:offset]) output = append(output, input[offset:]) diff --git a/internal/experiment/tlstool/tlstool.go b/internal/experiment/tlstool/tlstool.go index b523ec06d1..a6825b7305 100644 --- a/internal/experiment/tlstool/tlstool.go +++ b/internal/experiment/tlstool/tlstool.go @@ -136,13 +136,13 @@ func (m Measurer) run(ctx context.Context, config runConfig) error { if err != nil { return err } - conn.Close() + _ = conn.Close() return nil } func (m Measurer) tlsConfig() *tls.Config { if m.config.SNI != "" { - return &tls.Config{ServerName: m.config.SNI} + return &tls.Config{ServerName: m.config.SNI} // #nosec G402 - we need to use a large TLS versions range for measuring } return nil } diff --git a/internal/experiment/urlgetter/configurer.go b/internal/experiment/urlgetter/configurer.go index ee1d510f5a..b00970964c 100644 --- a/internal/experiment/urlgetter/configurer.go +++ b/internal/experiment/urlgetter/configurer.go @@ -80,7 +80,7 @@ func (c Configurer) NewConfiguration() (Configuration, error) { configuration.DNSClient = dnsclient configuration.HTTPConfig.BaseResolver = dnsclient // configure TLS - configuration.HTTPConfig.TLSConfig = &tls.Config{ + configuration.HTTPConfig.TLSConfig = &tls.Config{ // #nosec G402 - we need to use a large TLS versions range for measuring NextProtos: []string{"h2", "http/1.1"}, } if c.Config.TLSServerName != "" { diff --git a/internal/experiment/urlgetter/runner.go b/internal/experiment/urlgetter/runner.go index 825160754d..4fd8f293e6 100644 --- a/internal/experiment/urlgetter/runner.go +++ b/internal/experiment/urlgetter/runner.go @@ -113,7 +113,7 @@ func (r Runner) tlsHandshake(ctx context.Context, address string) error { tlsDialer := netx.NewTLSDialer(r.HTTPConfig) conn, err := tlsDialer.DialTLSContext(ctx, "tcp", address) if conn != nil { - conn.Close() + _ = conn.Close() } return err } @@ -122,7 +122,7 @@ func (r Runner) tcpConnect(ctx context.Context, address string) error { dialer := netx.NewDialer(r.HTTPConfig) conn, err := dialer.DialContext(ctx, "tcp", address) if conn != nil { - conn.Close() + _ = conn.Close() } return err } diff --git a/internal/experiment/webconnectivitylte/cleartextflow.go b/internal/experiment/webconnectivitylte/cleartextflow.go index 6b482c42c4..84533cf5ad 100644 --- a/internal/experiment/webconnectivitylte/cleartextflow.go +++ b/internal/experiment/webconnectivitylte/cleartextflow.go @@ -96,7 +96,7 @@ func (t *CleartextFlow) Start(ctx context.Context) { index := t.IDGenerator.NewIDForEndpointCleartext() go func() { defer t.WaitGroup.Done() // synchronize with the parent - t.Run(ctx, index) + _ = t.Run(ctx, index) }() } @@ -114,7 +114,7 @@ func (t *CleartextFlow) Run(parentCtx context.Context, index int64) error { sampler := throttling.NewSampler(trace) defer func() { t.TestKeys.AppendNetworkEvents(sampler.ExtractSamples()...) - sampler.Close() + _ = sampler.Close() }() // start the operation logger diff --git a/internal/experiment/webconnectivitylte/secureflow.go b/internal/experiment/webconnectivitylte/secureflow.go index ba22846220..1bd388eda1 100644 --- a/internal/experiment/webconnectivitylte/secureflow.go +++ b/internal/experiment/webconnectivitylte/secureflow.go @@ -104,7 +104,7 @@ func (t *SecureFlow) Start(ctx context.Context) { index := t.IDGenerator.NewIDForEndpointSecure() go func() { defer t.WaitGroup.Done() // synchronize with the parent - t.Run(ctx, index) + _ = t.Run(ctx, index) }() } @@ -122,7 +122,7 @@ func (t *SecureFlow) Run(parentCtx context.Context, index int64) error { sampler := throttling.NewSampler(trace) defer func() { t.TestKeys.AppendNetworkEvents(sampler.ExtractSamples()...) - sampler.Close() + _ = sampler.Close() }() // start the operation logger @@ -162,7 +162,7 @@ func (t *SecureFlow) Run(parentCtx context.Context, index int64) error { // See https://github.com/ooni/probe/issues/2413 to understand // why we're using nil to force netxlite to use the cached // default Mozilla cert pool. - tlsConfig := &tls.Config{ + tlsConfig := &tls.Config{ // #nosec G402 - we need to use a large TLS versions range for measuring NextProtos: t.alpn(), RootCAs: nil, ServerName: tlsSNI, diff --git a/internal/experiment/whatsapp/whatsapp.go b/internal/experiment/whatsapp/whatsapp.go index a96b48d305..93d0438002 100644 --- a/internal/experiment/whatsapp/whatsapp.go +++ b/internal/experiment/whatsapp/whatsapp.go @@ -162,7 +162,7 @@ func (m Measurer) Run(ctx context.Context, args *model.ExperimentArgs) error { // don't care about the HTTP response code. Target: WebHTTPSURL, }) - rnd := rand.New(rand.NewSource(time.Now().UnixNano())) + rnd := rand.New(rand.NewSource(time.Now().UnixNano())) // #nosec G404 -- not really important rnd.Shuffle(len(inputs), func(i, j int) { inputs[i], inputs[j] = inputs[j], inputs[i] }) diff --git a/internal/fsx/fsx.go b/internal/fsx/fsx.go index 6ee374dfab..34304ea7fc 100644 --- a/internal/fsx/fsx.go +++ b/internal/fsx/fsx.go @@ -29,11 +29,11 @@ func openWithFS(fs fs.FS, pathname string) (fs.File, error) { } info, err := file.Stat() if err != nil { - file.Close() + _ = file.Close() return nil, err } if !IsRegular(info) { - file.Close() + _ = file.Close() return nil, fmt.Errorf("%w: %s", ErrNotRegularFile, pathname) } return file, nil diff --git a/internal/legacy/measurex/easy.go b/internal/legacy/measurex/easy.go index f02a4ddb2b..6acb5f3890 100644 --- a/internal/legacy/measurex/easy.go +++ b/internal/legacy/measurex/easy.go @@ -49,7 +49,7 @@ func (mx *Measurer) EasyHTTPRoundTripGET(ctx context.Context, timeout time.Durat failure := err.Error() return NewArchivalMeasurement(db.AsMeasurement()), &failure } - resp.Body.Close() + _ = resp.Body.Close() return NewArchivalMeasurement(db.AsMeasurement()), nil } @@ -61,7 +61,7 @@ type EasyTLSConfig struct { // NewEasyTLSConfig creates a new EasyTLSConfig instance. func NewEasyTLSConfig() *EasyTLSConfig { return &EasyTLSConfig{ - config: &tls.Config{ + config: &tls.Config{ // #nosec G402 - we need to use a large TLS versions range for measuring // Because here we use nil, this causes netxlite to use // a cached copy of Mozilla's CA pool. We don't create a // new pool every time for performance reasons. See @@ -98,7 +98,7 @@ func (easy *EasyTLSConfig) RootCAs(v *x509.CertPool) *EasyTLSConfig { // asTLSConfig converts an *EasyTLSConfig to a *tls.Config. func (easy *EasyTLSConfig) asTLSConfig() *tls.Config { if easy == nil || easy.config == nil { - return &tls.Config{} + return &tls.Config{} // #nosec G402 - we need to use a large TLS versions range for measuring } return easy.config } @@ -135,7 +135,7 @@ func (mx *Measurer) EasyTLSConnectAndHandshake(ctx context.Context, endpoint str failure := err.Error() return NewArchivalMeasurement(db.AsMeasurement()), &failure } - conn.Close() + _ = conn.Close() return NewArchivalMeasurement(db.AsMeasurement()), nil } @@ -168,7 +168,7 @@ func (mx *Measurer) EasyTCPConnect(ctx context.Context, failure := err.Error() return NewArchivalMeasurement(db.AsMeasurement()), &failure } - conn.Close() + _ = conn.Close() return NewArchivalMeasurement(db.AsMeasurement()), nil } @@ -272,6 +272,6 @@ func (mx *Measurer) EasyOBFS4ConnectAndHandshake(ctx context.Context, failure := err.Error() return NewArchivalMeasurement(db.AsMeasurement()), &failure } - o4conn.Close() + _ = o4conn.Close() return NewArchivalMeasurement(db.AsMeasurement()), nil } diff --git a/internal/legacy/measurex/http.go b/internal/legacy/measurex/http.go index a2853129af..53c9949665 100644 --- a/internal/legacy/measurex/http.go +++ b/internal/legacy/measurex/http.go @@ -97,7 +97,9 @@ func (mx *Measurer) NewHTTPTransportWithTLSConn( func (mx *Measurer) NewHTTPTransportWithQUICConn( logger model.Logger, db WritableDB, qconn quic.EarlyConnection) *HTTPTransportDB { return mx.WrapHTTPTransport(db, netxlite.NewHTTP3Transport( - logger, netxlite.NewSingleUseQUICDialer(qconn), &tls.Config{})) + logger, netxlite.NewSingleUseQUICDialer(qconn), + &tls.Config{}, // #nosec G402 - we need to use a large TLS versions range for measuring + )) } // HTTPTransportDB is an implementation of HTTPTransport that diff --git a/internal/legacy/measurex/measurer.go b/internal/legacy/measurex/measurer.go index 8f371c5afb..8820f35fb4 100644 --- a/internal/legacy/measurex/measurer.go +++ b/internal/legacy/measurex/measurer.go @@ -251,7 +251,7 @@ func (mx *Measurer) TCPConnect(ctx context.Context, address string) *EndpointMea conn, _ := mx.TCPConnectWithDB(ctx, db, address) measurement := db.AsMeasurement() if conn != nil { - conn.Close() + _ = conn.Close() } return &EndpointMeasurement{ Network: NetworkTCP, @@ -322,7 +322,7 @@ func (mx *Measurer) TLSConnectAndHandshake(ctx context.Context, conn, _ := mx.TLSConnectAndHandshakeWithDB(ctx, db, address, config) measurement := db.AsMeasurement() if conn != nil { - conn.Close() + _ = conn.Close() } return &EndpointMeasurement{ Network: NetworkTCP, @@ -393,7 +393,7 @@ func (mx *Measurer) QUICHandshake(ctx context.Context, address string, measurement := db.AsMeasurement() if qconn != nil { // TODO(bassosimone): close connection with correct message - qconn.CloseWithError(0, "") + _ = qconn.CloseWithError(0, "") } return &EndpointMeasurement{ Network: NetworkUDP, @@ -449,7 +449,7 @@ func (mx *Measurer) HTTPEndpointGet( ctx context.Context, epnt *HTTPEndpoint, jar http.CookieJar) *HTTPEndpointMeasurement { resp, m, _ := mx.httpEndpointGet(ctx, epnt, jar) if resp != nil { - resp.Body.Close() + _ = resp.Body.Close() } return m } @@ -561,11 +561,12 @@ func (mx *Measurer) httpEndpointGetHTTPS(ctx context.Context, db WritableDB, epnt *HTTPEndpoint, jar http.CookieJar) (*http.Response, error) { // Using a nil cert pool here forces netxlite to use a cached copy of Mozilla's // CA bundle. See https://github.com/ooni/probe/issues/2413 for context. - conn, err := mx.TLSConnectAndHandshakeWithDB(ctx, db, epnt.Address, &tls.Config{ - ServerName: epnt.SNI, - NextProtos: epnt.ALPN, - RootCAs: nil, - }) + conn, err := mx.TLSConnectAndHandshakeWithDB(ctx, db, epnt.Address, + &tls.Config{ // #nosec G402 - we need to use a large TLS versions range for measuring + ServerName: epnt.SNI, + NextProtos: epnt.ALPN, + RootCAs: nil, + }) if err != nil { return nil, err } @@ -581,11 +582,12 @@ func (mx *Measurer) httpEndpointGetQUIC(ctx context.Context, db WritableDB, epnt *HTTPEndpoint, jar http.CookieJar) (*http.Response, error) { // Using a nil cert pool here forces netxlite to use a cached copy of Mozilla's // CA bundle. See https://github.com/ooni/probe/issues/2413 for context. - qconn, err := mx.QUICHandshakeWithDB(ctx, db, epnt.Address, &tls.Config{ - ServerName: epnt.SNI, - NextProtos: epnt.ALPN, - RootCAs: nil, - }) + qconn, err := mx.QUICHandshakeWithDB(ctx, db, epnt.Address, + &tls.Config{ // // #nosec G402 - we need to use a large TLS versions range for measuring + ServerName: epnt.SNI, + NextProtos: epnt.ALPN, + RootCAs: nil, + }) if err != nil { return nil, err } diff --git a/internal/netemx/cloudflare.go b/internal/netemx/cloudflare.go index f8a6c516bd..45c4a318aa 100644 --- a/internal/netemx/cloudflare.go +++ b/internal/netemx/cloudflare.go @@ -192,7 +192,7 @@ func CloudflareCAPTCHAHandler() http.Handler { if address == DefaultClientAddress { log.Printf("CLOUDFLARE_CACHE: request from %s => 503", address) w.WriteHeader(http.StatusServiceUnavailable) - w.Write(cloudflareCAPTCHAWebPage) + _, _ = w.Write(cloudflareCAPTCHAWebPage) return } @@ -200,6 +200,6 @@ func CloudflareCAPTCHAHandler() http.Handler { // otherwise => 200 log.Printf("CLOUDFLARE_CACHE: request from %s => 200", address) w.WriteHeader(http.StatusOK) - w.Write([]byte(ExampleWebPage)) + _, _ = w.Write([]byte(ExampleWebPage)) }) } diff --git a/internal/netemx/largefile.go b/internal/netemx/largefile.go index b899622ef2..4a069bf5dc 100644 --- a/internal/netemx/largefile.go +++ b/internal/netemx/largefile.go @@ -24,6 +24,6 @@ func LargeFileHandler(reader func(b []byte) (n int, err error)) http.Handler { w.WriteHeader(http.StatusInternalServerError) return } - w.Write(data) + _, _ = w.Write(data) }) } diff --git a/internal/netemx/ooapi.go b/internal/netemx/ooapi.go index c5653a25ed..c6a15044c7 100644 --- a/internal/netemx/ooapi.go +++ b/internal/netemx/ooapi.go @@ -57,5 +57,5 @@ func (p *OOAPIHandler) getApiV1TestHelpers(w http.ResponseWriter, _ *http.Reques }, } w.Header().Add("Content-Type", "application/json") - w.Write(runtimex.Try1(json.Marshal(resp))) + _, _ = w.Write(runtimex.Try1(json.Marshal(resp))) } diff --git a/internal/netemx/qaenv.go b/internal/netemx/qaenv.go index 958889e61b..c0b0eaeb77 100644 --- a/internal/netemx/qaenv.go +++ b/internal/netemx/qaenv.go @@ -238,8 +238,8 @@ func (env *QAEnv) mustNewNetStacks(config *qaEnvConfig) (closables []io.Closer) // AddRecordToAllResolvers adds the given DNS record to all DNS resolvers. You can safely // add new DNS records from concurrent goroutines at any time. func (env *QAEnv) AddRecordToAllResolvers(domain string, cname string, addrs ...string) { - env.ISPResolverConfig().AddRecord(domain, cname, addrs...) - env.OtherResolversConfig().AddRecord(domain, cname, addrs...) + runtimex.Try0(env.ISPResolverConfig().AddRecord(domain, cname, addrs...)) + runtimex.Try0(env.OtherResolversConfig().AddRecord(domain, cname, addrs...)) } // ISPResolverConfig returns the [*netem.DNSConfig] of the ISP resolver. Note that can safely @@ -288,11 +288,11 @@ func (env *QAEnv) Close() error { env.once.Do(func() { // first close all the possible closables we track for _, c := range env.closables { - c.Close() + _ = c.Close() } // finally close the whole network topology - env.topology.Close() + _ = env.topology.Close() }) return nil } diff --git a/internal/netemx/web.go b/internal/netemx/web.go index 14f826c8b7..69258e19d3 100644 --- a/internal/netemx/web.go +++ b/internal/netemx/web.go @@ -74,7 +74,7 @@ func ExampleWebPageHandler() http.Handler { switch host { case "www.example.com", "www.example.org": - w.Write([]byte(ExampleWebPage)) + _, _ = w.Write([]byte(ExampleWebPage)) case "example.com": w.Header().Add("Location", "https://www.example.com/") @@ -118,7 +118,7 @@ func BlockpageHandlerFactory() HTTPHandlerFactory { return HTTPHandlerFactoryFunc(func(env NetStackServerFactoryEnv, stack *netem.UNetStack) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { w.Header().Add("Date", "Thu, 24 Aug 2023 14:35:29 GMT") - w.Write([]byte(Blockpage)) + _, _ = w.Write([]byte(Blockpage)) }) }) } diff --git a/internal/netemx/yandex.go b/internal/netemx/yandex.go index 72e74fa81a..e3bdac8f63 100644 --- a/internal/netemx/yandex.go +++ b/internal/netemx/yandex.go @@ -32,7 +32,7 @@ func YandexHandler() http.Handler { switch host { case "ya.ru": - w.Write([]byte(ExampleWebPage)) + _, _ = w.Write([]byte(ExampleWebPage)) case "yandex.com": w.Header().Add("Location", "https://ya.ru/") diff --git a/internal/netxlite/dnsovertcp.go b/internal/netxlite/dnsovertcp.go index b3cde88b27..aa6b946a2c 100644 --- a/internal/netxlite/dnsovertcp.go +++ b/internal/netxlite/dnsovertcp.go @@ -88,7 +88,7 @@ func (t *DNSOverTCPTransport) RoundTrip( } defer conn.Close() const iotimeout = 10 * time.Second - conn.SetDeadline(time.Now().Add(iotimeout)) + _ = conn.SetDeadline(time.Now().Add(iotimeout)) // Write request buf := []byte{byte(len(rawQuery) >> 8)} buf = append(buf, byte(len(rawQuery))) diff --git a/internal/netxlite/dnsoverudp.go b/internal/netxlite/dnsoverudp.go index 0440e826d5..d3b93aad89 100644 --- a/internal/netxlite/dnsoverudp.go +++ b/internal/netxlite/dnsoverudp.go @@ -95,16 +95,16 @@ func (t *DNSOverUDPTransport) RoundTrip( if err != nil { return nil, err } - conn.SetDeadline(deadline) // time to dial (usually ~zero) already factored in + _ = conn.SetDeadline(deadline) // time to dial (usually ~zero) already factored in joinedch := make(chan bool) myaddr := conn.LocalAddr().String() if _, err := conn.Write(rawQuery); err != nil { - conn.Close() // we still own the conn + _ = conn.Close() // we still own the conn return nil, err } resp, err := t.recv(query, conn) if err != nil { - conn.Close() // we still own the conn + _ = conn.Close() // we still own the conn return nil, err } // start a goroutine to listen for any delayed DNS response and diff --git a/internal/netxlite/http3.go b/internal/netxlite/http3.go index 8603d3b9aa..6ca80772b2 100644 --- a/internal/netxlite/http3.go +++ b/internal/netxlite/http3.go @@ -39,7 +39,7 @@ func (txp *http3Transport) RoundTrip(req *http.Request) (*http.Response, error) // CloseIdleConnections implements HTTPTransport.CloseIdleConnections. func (txp *http3Transport) CloseIdleConnections() { - txp.child.Close() + _ = txp.child.Close() txp.dialer.CloseIdleConnections() } diff --git a/internal/netxlite/httptimeout.go b/internal/netxlite/httptimeout.go index 9ae9f01dfb..7cedf82f2e 100644 --- a/internal/netxlite/httptimeout.go +++ b/internal/netxlite/httptimeout.go @@ -62,7 +62,7 @@ func (d *httpTLSDialerWithReadTimeout) DialTLSContext( } tconn, okay := conn.(TLSConn) // part of the contract but let's be graceful if !okay { - conn.Close() // we own the conn here + _ = conn.Close() // we own the conn here return nil, ErrNotTLSConn } return &httpTLSConnWithReadTimeout{tconn}, nil @@ -95,7 +95,7 @@ const httpConnReadTimeout = 300 * time.Second // Read implements Conn.Read. func (c *httpConnWithReadTimeout) Read(b []byte) (int, error) { - c.Conn.SetReadDeadline(time.Now().Add(httpConnReadTimeout)) + _ = c.Conn.SetReadDeadline(time.Now().Add(httpConnReadTimeout)) defer c.Conn.SetReadDeadline(time.Time{}) return c.Conn.Read(b) } @@ -108,7 +108,7 @@ type httpTLSConnWithReadTimeout struct { // Read implements Conn.Read. func (c *httpTLSConnWithReadTimeout) Read(b []byte) (int, error) { - c.TLSConn.SetReadDeadline(time.Now().Add(httpConnReadTimeout)) + _ = c.TLSConn.SetReadDeadline(time.Now().Add(httpConnReadTimeout)) defer c.TLSConn.SetReadDeadline(time.Time{}) return c.TLSConn.Read(b) } diff --git a/internal/netxlite/quic.go b/internal/netxlite/quic.go index 8f2334b64b..d970cffdbc 100644 --- a/internal/netxlite/quic.go +++ b/internal/netxlite/quic.go @@ -139,7 +139,7 @@ func (d *quicDialerQUICGo) DialContext(ctx context.Context, err = MaybeNewErrWrapper(ClassifyQUICHandshakeError, QUICHandshakeOperation, err) trace.OnQUICHandshakeDone(started, address, qconn, tlsConfig, err, finished) if err != nil { - pconn.Close() // we own it on failure + _ = pconn.Close() // we own it on failure return nil, err } return newQUICConnectionOwnsConn(qconn, pconn), nil @@ -200,7 +200,7 @@ func (d *quicDialerHandshakeCompleter) DialContext( case <-conn.HandshakeComplete(): return conn, nil case <-ctx.Done(): - conn.CloseWithError(0, "") // we own the conn + _ = conn.CloseWithError(0, "") // we own the conn return nil, ctx.Err() } } @@ -227,7 +227,7 @@ func newQUICConnectionOwnsConn(qconn quic.EarlyConnection, pconn model.UDPLikeCo func (qconn *quicConnectionOwnsConn) CloseWithError( code quic.ApplicationErrorCode, reason string) error { err := qconn.EarlyConnection.CloseWithError(code, reason) - qconn.conn.Close() + _ = qconn.conn.Close() return err } diff --git a/internal/netxlite/tls.go b/internal/netxlite/tls.go index bd573fd143..3ad5308a27 100644 --- a/internal/netxlite/tls.go +++ b/internal/netxlite/tls.go @@ -211,7 +211,7 @@ func (h *tlsHandshakerConfigurable) Handshake( timeout = 10 * time.Second } defer conn.SetDeadline(time.Time{}) - conn.SetDeadline(time.Now().Add(timeout)) + _ = conn.SetDeadline(time.Now().Add(timeout)) if config.RootCAs == nil { config = config.Clone() // See https://github.com/ooni/probe/issues/2413 for context @@ -318,7 +318,7 @@ func (d *tlsDialer) DialTLSContext(ctx context.Context, network, address string) config := d.config(host, port) tlsconn, err := d.TLSHandshaker.Handshake(ctx, conn, config) if err != nil { - conn.Close() + _ = conn.Close() return nil, err } return tlsconn, nil diff --git a/internal/oohelperd/handler.go b/internal/oohelperd/handler.go index 94dd6038e7..aba5948d43 100644 --- a/internal/oohelperd/handler.go +++ b/internal/oohelperd/handler.go @@ -165,7 +165,7 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, req *http.Request) { data, err := json.Marshal(resp) runtimex.PanicOnError(err, "json.Marshal failed") w.Header().Add("Content-Type", "application/json") - w.Write(data) + _, _ = w.Write(data) return } @@ -223,7 +223,7 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, req *http.Request) { data, err = json.Marshal(cresp) runtimex.PanicOnError(err, "json.Marshal failed") w.Header().Add("Content-Type", "application/json") - w.Write(data) + _, _ = w.Write(data) } // newResolver creates a new [model.Resolver] suitable for serving diff --git a/internal/oohelperd/quic.go b/internal/oohelperd/quic.go index 88939baccf..cab6a276bc 100644 --- a/internal/oohelperd/quic.go +++ b/internal/oohelperd/quic.go @@ -81,7 +81,7 @@ func quicDo(ctx context.Context, config *quicConfig) { // See https://github.com/ooni/probe/issues/2413 to understand // why we're using nil to force netxlite to use the cached // default Mozilla cert pool. - tlsConfig := &tls.Config{ + tlsConfig := &tls.Config{ // #nosec G402 - we need to use a large TLS versions range for measuring NextProtos: []string{"h3"}, RootCAs: nil, ServerName: config.URLHostname, diff --git a/internal/oohelperd/tcptls.go b/internal/oohelperd/tcptls.go index d39dc73be3..d3eca7ee42 100644 --- a/internal/oohelperd/tcptls.go +++ b/internal/oohelperd/tcptls.go @@ -127,7 +127,7 @@ func tcpTLSDo(ctx context.Context, config *tcpTLSConfig) { // See https://github.com/ooni/probe/issues/2413 to understand // why we're using nil to force netxlite to use the cached // default Mozilla cert pool. - tlsConfig := &tls.Config{ + tlsConfig := &tls.Config{ // #nosec G402 - we need to use a large TLS versions range for measuring NextProtos: []string{"h2", "http/1.1"}, RootCAs: nil, ServerName: config.URLHostname, @@ -140,7 +140,7 @@ func tcpTLSDo(ctx context.Context, config *tcpTLSConfig) { // perform the handshake tlsConn, err := thx.Handshake(ctx, conn, tlsConfig) - measurexlite.MaybeClose(tlsConn) + _ = measurexlite.MaybeClose(tlsConn) // publish time required to handshake tlsElapsed := time.Since(tlsT0) diff --git a/internal/oonirun/experiment.go b/internal/oonirun/experiment.go index f597cbb53e..3b4fd9afc5 100644 --- a/internal/oonirun/experiment.go +++ b/internal/oonirun/experiment.go @@ -92,7 +92,7 @@ func (ed *Experiment) Run(ctx context.Context) error { // 3. randomize input, if needed if ed.Random { - rnd := rand.New(rand.NewSource(time.Now().UnixNano())) + rnd := rand.New(rand.NewSource(time.Now().UnixNano())) // #nosec G404 -- not really important rnd.Shuffle(len(inputList), func(i, j int) { inputList[i], inputList[j] = inputList[j], inputList[i] }) diff --git a/internal/ptx/obfs4.go b/internal/ptx/obfs4.go index 4e192c21ea..de0ffb7a65 100644 --- a/internal/ptx/obfs4.go +++ b/internal/ptx/obfs4.go @@ -138,7 +138,7 @@ func (d *obfs4CancellableDialer) dial( select { case connch <- conn: default: - conn.Close() // context won the race + _ = conn.Close() // context won the race } }() select { diff --git a/internal/ptx/ptx.go b/internal/ptx/ptx.go index 87dc9e38d8..c5bb2f38f4 100644 --- a/internal/ptx/ptx.go +++ b/internal/ptx/ptx.go @@ -122,11 +122,11 @@ func (lst *Listener) forward(ctx context.Context, left, right net.Conn, done cha wg.Add(2) go func() { defer wg.Done() - netxlite.CopyContext(ctx, left, right) + _, _ = netxlite.CopyContext(ctx, left, right) }() go func() { defer wg.Done() - netxlite.CopyContext(ctx, right, left) + _, _ = netxlite.CopyContext(ctx, right, left) }() wg.Wait() } @@ -157,7 +157,7 @@ func (lst *Listener) handleSocksConn(ctx context.Context, socksConn SocksConn) e } ptConn, err := lst.PTDialer.DialContext(ctx) if err != nil { - socksConn.Close() // we own it + _ = socksConn.Close() // we own it lst.logger().Warnf("ptx: ContextDialer.DialContext error: %s", err) return err // used for testing } @@ -296,7 +296,7 @@ func (lst *Listener) Stop() { lst.cancel() // cancel is idempotent } if lst.listener != nil { - lst.listener.Close() // should be idempotent + _ = lst.listener.Close() // should be idempotent } } diff --git a/internal/ptx/snowflake.go b/internal/ptx/snowflake.go index a48883f583..00beb642e2 100644 --- a/internal/ptx/snowflake.go +++ b/internal/ptx/snowflake.go @@ -163,7 +163,7 @@ func (d *SnowflakeDialer) dialContext( select { case connch <- conn: default: - conn.Close() // context won the race + _ = conn.Close() // context won the race } }() select { diff --git a/internal/shellx/shellx.go b/internal/shellx/shellx.go index d9a26cd4fb..08ad3a24eb 100644 --- a/internal/shellx/shellx.go +++ b/internal/shellx/shellx.go @@ -314,7 +314,7 @@ func CopyFile(source, dest string, perms fs.FileMode) error { return err } if _, err := ioCopy(destfp, sourcefp); err != nil { - destfp.Close() + _ = destfp.Close() return err } return destfp.Close() diff --git a/internal/testingproxy/hosthttps.go b/internal/testingproxy/hosthttps.go index 7066b2dc50..e1cab76453 100644 --- a/internal/testingproxy/hosthttps.go +++ b/internal/testingproxy/hosthttps.go @@ -60,7 +60,7 @@ func (tc *hostNetworkTestCaseWithHTTPWithTLS) Run(t *testing.T) { // extend the default cert pool with the proxy's own CA pool := netxlite.NewMozillaCertPool() pool.AddCert(proxyServer.CACert) - tlsConfig := &tls.Config{RootCAs: pool} + tlsConfig := &tls.Config{RootCAs: pool} // #nosec G402 - code used for testing // create an HTTP client configured to use the given proxy // diff --git a/internal/testingproxy/netemhttp.go b/internal/testingproxy/netemhttp.go index d868c21289..f80356aff7 100644 --- a/internal/testingproxy/netemhttp.go +++ b/internal/testingproxy/netemhttp.go @@ -67,7 +67,7 @@ func (tc *netemTestCaseWithHTTP) Run(t *testing.T) { // configure the wwwStack as the DNS resolver with proper configuration dnsConfig := netem.NewDNSConfig() - dnsConfig.AddRecord("www.example.com.", "", wwwIPAddr) + runtimex.Try0(dnsConfig.AddRecord("www.example.com.", "", wwwIPAddr)) dnsServer := runtimex.Try1(netem.NewDNSServer(log.Log, wwwStack, wwwIPAddr, dnsConfig)) defer dnsServer.Close() @@ -76,7 +76,7 @@ func (tc *netemTestCaseWithHTTP) Run(t *testing.T) { &net.TCPAddr{IP: net.ParseIP(wwwIPAddr), Port: 80}, wwwStack, http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - w.Write([]byte("Bonsoir, Elliot!\r\n")) + _, _ = w.Write([]byte("Bonsoir, Elliot!\r\n")) }), ) defer wwwServer80.Close() @@ -86,7 +86,7 @@ func (tc *netemTestCaseWithHTTP) Run(t *testing.T) { &net.TCPAddr{IP: net.ParseIP(wwwIPAddr), Port: 443}, wwwStack, http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - w.Write([]byte("Bonsoir, Elliot!\r\n")) + _, _ = w.Write([]byte("Bonsoir, Elliot!\r\n")) }), wwwStack, "www.example.com", @@ -118,7 +118,7 @@ func (tc *netemTestCaseWithHTTP) Run(t *testing.T) { netxlite.HTTPTransportOptionProxyURL(runtimex.Try1(url.Parse(proxyServer.URL))), // TODO(https://github.com/ooni/probe/issues/2536) - netxlite.HTTPTransportOptionTLSClientConfig(&tls.Config{ + netxlite.HTTPTransportOptionTLSClientConfig(&tls.Config{ // #nosec G402 - code used for testing RootCAs: clientStack.DefaultCertPool(), }), ) diff --git a/internal/testingproxy/netemhttps.go b/internal/testingproxy/netemhttps.go index 4635442294..0e0cf17bb5 100644 --- a/internal/testingproxy/netemhttps.go +++ b/internal/testingproxy/netemhttps.go @@ -67,7 +67,7 @@ func (tc *netemTestCaseWithHTTPWithTLS) Run(t *testing.T) { // configure the wwwStack as the DNS resolver with proper configuration dnsConfig := netem.NewDNSConfig() - dnsConfig.AddRecord("www.example.com.", "", wwwIPAddr) + runtimex.Try0(dnsConfig.AddRecord("www.example.com.", "", wwwIPAddr)) dnsServer := runtimex.Try1(netem.NewDNSServer(log.Log, wwwStack, wwwIPAddr, dnsConfig)) defer dnsServer.Close() @@ -76,7 +76,7 @@ func (tc *netemTestCaseWithHTTPWithTLS) Run(t *testing.T) { &net.TCPAddr{IP: net.ParseIP(wwwIPAddr), Port: 80}, wwwStack, http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - w.Write([]byte("Bonsoir, Elliot!\r\n")) + _, _ = w.Write([]byte("Bonsoir, Elliot!\r\n")) }), ) defer wwwServer80.Close() @@ -86,7 +86,7 @@ func (tc *netemTestCaseWithHTTPWithTLS) Run(t *testing.T) { &net.TCPAddr{IP: net.ParseIP(wwwIPAddr), Port: 443}, wwwStack, http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - w.Write([]byte("Bonsoir, Elliot!\r\n")) + _, _ = w.Write([]byte("Bonsoir, Elliot!\r\n")) }), wwwStack, "www.example.com", @@ -120,7 +120,7 @@ func (tc *netemTestCaseWithHTTPWithTLS) Run(t *testing.T) { netxlite.HTTPTransportOptionProxyURL(runtimex.Try1(url.Parse(proxyServer.URL))), // TODO(https://github.com/ooni/probe/issues/2536) - netxlite.HTTPTransportOptionTLSClientConfig(&tls.Config{ + netxlite.HTTPTransportOptionTLSClientConfig(&tls.Config{ // #nosec G402 - code used for testing RootCAs: clientStack.DefaultCertPool(), }), ) diff --git a/internal/testingproxy/socksnetem.go b/internal/testingproxy/socksnetem.go index 296a7682ba..4726c17e88 100644 --- a/internal/testingproxy/socksnetem.go +++ b/internal/testingproxy/socksnetem.go @@ -67,7 +67,7 @@ func (tc *netemTestCaseWithSOCKS) Run(t *testing.T) { // configure the wwwStack as the DNS resolver with proper configuration dnsConfig := netem.NewDNSConfig() - dnsConfig.AddRecord("www.example.com.", "", wwwIPAddr) + runtimex.Try0(dnsConfig.AddRecord("www.example.com.", "", wwwIPAddr)) dnsServer := runtimex.Try1(netem.NewDNSServer(log.Log, wwwStack, wwwIPAddr, dnsConfig)) defer dnsServer.Close() @@ -76,7 +76,7 @@ func (tc *netemTestCaseWithSOCKS) Run(t *testing.T) { &net.TCPAddr{IP: net.ParseIP(wwwIPAddr), Port: 80}, wwwStack, http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - w.Write([]byte("Bonsoir, Elliot!\r\n")) + _, _ = w.Write([]byte("Bonsoir, Elliot!\r\n")) }), ) defer wwwServer80.Close() @@ -86,7 +86,7 @@ func (tc *netemTestCaseWithSOCKS) Run(t *testing.T) { &net.TCPAddr{IP: net.ParseIP(wwwIPAddr), Port: 443}, wwwStack, http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - w.Write([]byte("Bonsoir, Elliot!\r\n")) + _, _ = w.Write([]byte("Bonsoir, Elliot!\r\n")) }), wwwStack, "www.example.com", @@ -118,7 +118,7 @@ func (tc *netemTestCaseWithSOCKS) Run(t *testing.T) { netxlite.HTTPTransportOptionProxyURL(proxyServer.URL()), // TODO(https://github.com/ooni/probe/issues/2536) - netxlite.HTTPTransportOptionTLSClientConfig(&tls.Config{ + netxlite.HTTPTransportOptionTLSClientConfig(&tls.Config{ // #nosec G402 - code used for testing RootCAs: clientStack.DefaultCertPool(), }), ) diff --git a/internal/testingsocks5/auth.go b/internal/testingsocks5/auth.go index 63f8200bbf..cf0eaf9f64 100644 --- a/internal/testingsocks5/auth.go +++ b/internal/testingsocks5/auth.go @@ -65,7 +65,7 @@ func (s *Server) authenticate(cconn net.Conn) (*authContext, error) { // noAcceptableAuth is used to handle when we have no eligible authentication mechanism func noAcceptableAuth(conn net.Conn) error { - conn.Write([]byte{socks5Version, noAcceptable}) + _, _ = conn.Write([]byte{socks5Version, noAcceptable}) return errNoSupportedAuth } diff --git a/internal/testingx/dnsoverhttps.go b/internal/testingx/dnsoverhttps.go index 7f334343d2..9e14cf8ecf 100644 --- a/internal/testingx/dnsoverhttps.go +++ b/internal/testingx/dnsoverhttps.go @@ -21,7 +21,7 @@ func (p *DNSOverHTTPSHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) rawQuery := runtimex.Try1(io.ReadAll(r.Body)) rawResponse := runtimex.Try1(p.RoundTripper.RoundTrip(r.Context(), rawQuery)) w.Header().Add("content-type", "application/dns-message") - w.Write(rawResponse) + _, _ = w.Write(rawResponse) } func (p *DNSOverHTTPSHandler) handlePanic(w http.ResponseWriter) { diff --git a/internal/testingx/fakefill.go b/internal/testingx/fakefill.go index 1adea3e98d..fdd7261d01 100644 --- a/internal/testingx/fakefill.go +++ b/internal/testingx/fakefill.go @@ -42,7 +42,7 @@ func (ff *FakeFiller) getRandLocked() *rand.Rand { if ff.Now != nil { now = ff.Now } - ff.rnd = rand.New(rand.NewSource(now().UnixNano())) + ff.rnd = rand.New(rand.NewSource(now().UnixNano())) // #nosec G404 -- used for testing } return ff.rnd } diff --git a/internal/testingx/geoip.go b/internal/testingx/geoip.go index 0a084dff5e..d1bcdeee64 100644 --- a/internal/testingx/geoip.go +++ b/internal/testingx/geoip.go @@ -20,5 +20,5 @@ func (p *GeoIPHandlerUbuntu) ServeHTTP(w http.ResponseWriter, r *http.Request) { p.ProbeIP, ) w.Header().Add("Content-Type", "text/xml") - w.Write([]byte(resp)) + _, _ = w.Write([]byte(resp)) } diff --git a/internal/testingx/httptestx.go b/internal/testingx/httptestx.go index 5a8ce91290..cd19dc56c6 100644 --- a/internal/testingx/httptestx.go +++ b/internal/testingx/httptestx.go @@ -145,7 +145,7 @@ var HTTPBlockpage451 = []byte(` func HTTPHandlerBlockpage451() http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { w.WriteHeader(http.StatusUnavailableForLegalReasons) - w.Write(HTTPBlockpage451) + _, _ = w.Write(HTTPBlockpage451) }) } @@ -198,14 +198,14 @@ func HTTPHandlerResetWhileReadingBody() http.Handler { defer conn.Close() // write the HTTP response headers - conn.Write([]byte("HTTP/1.1 200 Ok\r\n")) - conn.Write([]byte("Content-Type: text/html\r\n")) - conn.Write([]byte("Content-Length: 65535\r\n")) - conn.Write([]byte("\r\n")) + _, _ = conn.Write([]byte("HTTP/1.1 200 Ok\r\n")) + _, _ = conn.Write([]byte("Content-Type: text/html\r\n")) + _, _ = conn.Write([]byte("Content-Length: 65535\r\n")) + _, _ = conn.Write([]byte("\r\n")) // start writing the response content := randx.Letters(32768) - conn.Write([]byte(content)) + _, _ = conn.Write([]byte(content)) // sleep for half a second simulating something wrong time.Sleep(500 * time.Millisecond) diff --git a/internal/testingx/oonibackendwithlogin.go b/internal/testingx/oonibackendwithlogin.go index 5c8779c9ac..9bcf3e0690 100644 --- a/internal/testingx/oonibackendwithlogin.go +++ b/internal/testingx/oonibackendwithlogin.go @@ -131,7 +131,7 @@ func (h *OONIBackendWithLoginFlow) handleRegister() http.Handler { } // send response - w.Write(must.MarshalJSON(response)) + _, _ = w.Write(must.MarshalJSON(response)) }) } @@ -207,7 +207,7 @@ func (h *OONIBackendWithLoginFlow) handleLogin() http.Handler { } // send response - w.Write(must.MarshalJSON(response)) + _, _ = w.Write(must.MarshalJSON(response)) }) } @@ -221,7 +221,7 @@ func (h *OONIBackendWithLoginFlow) handlePsiphonConfig() http.Handler { // we must lock because of SetPsiphonConfig h.mu.Lock() - w.Write(h.psiphonConfig) + _, _ = w.Write(h.psiphonConfig) h.mu.Unlock() }) } @@ -243,7 +243,7 @@ func (h *OONIBackendWithLoginFlow) handleTorTargets() http.Handler { // we must lock because of SetTorTargets h.mu.Lock() - w.Write(h.torTargets) + _, _ = w.Write(h.torTargets) h.mu.Unlock() }) diff --git a/internal/testingx/oonicollector.go b/internal/testingx/oonicollector.go index 62c6b2cc31..fc5bc7cd55 100644 --- a/internal/testingx/oonicollector.go +++ b/internal/testingx/oonicollector.go @@ -154,7 +154,7 @@ func (oc *OONICollector) openReport(w http.ResponseWriter, body []byte) { w.Header().Set("Content-Type", "application/json") // serialize and send - w.Write(must.MarshalJSON(response)) + _, _ = w.Write(must.MarshalJSON(response)) } // updateReport handles updating an existing OONI report. @@ -241,5 +241,5 @@ func (oc *OONICollector) updateReport(w http.ResponseWriter, urlpath string, bod w.Header().Set("Content-Type", "application/json") // serialize and send - w.Write(must.MarshalJSON(response)) + _, _ = w.Write(must.MarshalJSON(response)) } diff --git a/internal/testingx/tcpx.go b/internal/testingx/tcpx.go index ad22d0a393..0e0fcb2919 100644 --- a/internal/testingx/tcpx.go +++ b/internal/testingx/tcpx.go @@ -36,11 +36,11 @@ func tcpMaybeResetNetConn(conn net.Conn) { SetLinger(sec int) error } if setter, good := conn.(connLingerSetter); good { - setter.SetLinger(0) + _ = setter.SetLinger(0) } // close the conn to trigger the reset (we MUST call Close here where // we're using the underlying conn and it doesn't suffice to call it // inside the http.Handler, where wrapping would not cause a RST) - conn.Close() + _ = conn.Close() } diff --git a/internal/testingx/tlssniproxy.go b/internal/testingx/tlssniproxy.go index 42572854af..d89f4ff969 100644 --- a/internal/testingx/tlssniproxy.go +++ b/internal/testingx/tlssniproxy.go @@ -126,5 +126,5 @@ func (tp *TLSSNIProxy) handle(clientConn net.Conn) { func (tp *TLSSNIProxy) forward(wg *sync.WaitGroup, left, right net.Conn) { defer wg.Done() - io.Copy(right, left) + _, _ = io.Copy(right, left) } diff --git a/internal/testingx/tlsx.go b/internal/testingx/tlsx.go index bb2d6b9d39..f381c78098 100644 --- a/internal/testingx/tlsx.go +++ b/internal/testingx/tlsx.go @@ -124,7 +124,7 @@ func (p *TLSServer) handle(ctx context.Context, tcpConn net.Conn) { defer tcpConn.Close() // create TLS configuration where the handler is responsible for continuing the handshake - tlsConfig := &tls.Config{ + tlsConfig := &tls.Config{ // #nosec G402 - code used for testing GetCertificate: func(chi *tls.ClientHelloInfo) (*tls.Certificate, error) { return p.handler.GetCertificate(ctx, tcpConn, chi) }, @@ -214,7 +214,7 @@ type tlsHandlerEOF struct{} // GetCertificate implements TLSHandler. func (*tlsHandlerEOF) GetCertificate(ctx context.Context, tcpConn net.Conn, chi *tls.ClientHelloInfo) (*tls.Certificate, error) { - tcpConn.Close() // close the TCP connection to force EOF during the handshake + _ = tcpConn.Close() // close the TCP connection to force EOF during the handshake return nil, errors.New("internal error") } diff --git a/internal/tunnel/fake.go b/internal/tunnel/fake.go index 327a13230a..6afa49cd8c 100644 --- a/internal/tunnel/fake.go +++ b/internal/tunnel/fake.go @@ -27,7 +27,7 @@ func (t *fakeTunnel) BootstrapTime() time.Duration { func (t *fakeTunnel) Stop() { // Implementation note: closing the listener causes // the socks5 server.Serve to return an error - t.once.Do(func() { t.listener.Close() }) + t.once.Do(func() { _ = t.listener.Close() }) } // SOCKS5ProxyURL returns the SOCKS5 proxy URL. diff --git a/internal/tunnel/tor.go b/internal/tunnel/tor.go index 390eedbeeb..8f88cdd4f5 100644 --- a/internal/tunnel/tor.go +++ b/internal/tunnel/tor.go @@ -46,7 +46,7 @@ func (tt *torTunnel) SOCKS5ProxyURL() *url.URL { // Stop stops the Tor tunnel func (tt *torTunnel) Stop() { - tt.instance.Close() + _ = tt.instance.Close() } // ErrTorUnableToGetSOCKSProxyAddress indicates that we could not @@ -99,23 +99,23 @@ func torStart(ctx context.Context, config *Config) (Tunnel, DebugInfo, error) { instance.StopProcessOnClose = true start := time.Now() if err := config.torEnableNetwork(ctx, instance, true); err != nil { - instance.Close() + _ = instance.Close() return nil, debugInfo, err } stop := time.Now() // Adapted from info, err := config.torGetInfo(instance.Control, "net/listeners/socks") if err != nil { - instance.Close() + _ = instance.Close() return nil, debugInfo, err } if len(info) != 1 || info[0].Key != "net/listeners/socks" { - instance.Close() + _ = instance.Close() return nil, debugInfo, ErrTorUnableToGetSOCKSProxyAddress } proxyAddress := info[0].Val if strings.HasPrefix(proxyAddress, "unix:") { - instance.Close() + _ = instance.Close() return nil, debugInfo, ErrTorReturnedUnsupportedProxy } return &torTunnel{ @@ -128,7 +128,7 @@ func torStart(ctx context.Context, config *Config) (Tunnel, DebugInfo, error) { // maybeCleanupTunnelDir removes stale files inside // of the tunnel directory. func maybeCleanupTunnelDir(dir, logfile string) { - os.Remove(logfile) + _ = os.Remove(logfile) removeWithGlob(filepath.Join(dir, "torrc-*")) removeWithGlob(filepath.Join(dir, "control-port-*")) } @@ -137,6 +137,6 @@ func maybeCleanupTunnelDir(dir, logfile string) { func removeWithGlob(pattern string) { files, _ := filepath.Glob(pattern) for _, file := range files { - os.Remove(file) + _ = os.Remove(file) } } diff --git a/internal/tutorial/measurex/chapter04/README.md b/internal/tutorial/measurex/chapter04/README.md index c308a126a7..8bac14cc1b 100644 --- a/internal/tutorial/measurex/chapter04/README.md +++ b/internal/tutorial/measurex/chapter04/README.md @@ -49,7 +49,7 @@ we have seen in chapter02, using the address argument. Then, if successful, it will TLS handshake using the given TLS config. ```Go - m := mx.TLSConnectAndHandshake(ctx, *address, &tls.Config{ + m := mx.TLSConnectAndHandshake(ctx, *address, &tls.Config{ // #nosec G402 - we need to use a large TLS versions range for measuring ServerName: *sni, NextProtos: []string{"h2", "http/1.1"}, RootCAs: nil, // use netxlite's default diff --git a/internal/tutorial/measurex/chapter04/main.go b/internal/tutorial/measurex/chapter04/main.go index 93d1e9b4b2..b6ed15aa7f 100644 --- a/internal/tutorial/measurex/chapter04/main.go +++ b/internal/tutorial/measurex/chapter04/main.go @@ -50,7 +50,7 @@ func main() { // successful, it will TLS handshake using the given TLS config. // // ```Go - m := mx.TLSConnectAndHandshake(ctx, *address, &tls.Config{ + m := mx.TLSConnectAndHandshake(ctx, *address, &tls.Config{ // #nosec G402 - we need to use a large TLS versions range for measuring ServerName: *sni, NextProtos: []string{"h2", "http/1.1"}, RootCAs: nil, // use netxlite's default diff --git a/internal/tutorial/measurex/chapter05/README.md b/internal/tutorial/measurex/chapter05/README.md index 7c5cb44684..8aabfce2fa 100644 --- a/internal/tutorial/measurex/chapter05/README.md +++ b/internal/tutorial/measurex/chapter05/README.md @@ -51,7 +51,7 @@ The API signature is indeed the same as the previous chapter, except that here we call the `QUICHandshake` function. ```Go - m := mx.QUICHandshake(ctx, *address, &tls.Config{ + m := mx.QUICHandshake(ctx, *address, &tls.Config{ // #nosec G402 - we need to use a large TLS versions range for measuring ServerName: *sni, NextProtos: []string{"h3"}, RootCAs: nil, // use netxlite's default diff --git a/internal/tutorial/measurex/chapter05/main.go b/internal/tutorial/measurex/chapter05/main.go index 5d0219eee1..ab90a82c16 100644 --- a/internal/tutorial/measurex/chapter05/main.go +++ b/internal/tutorial/measurex/chapter05/main.go @@ -52,7 +52,7 @@ func main() { // except that here we call the `QUICHandshake` function. // // ```Go - m := mx.QUICHandshake(ctx, *address, &tls.Config{ + m := mx.QUICHandshake(ctx, *address, &tls.Config{ // #nosec G402 - we need to use a large TLS versions range for measuring ServerName: *sni, NextProtos: []string{"h3"}, RootCAs: nil, // use netxlite's default diff --git a/internal/tutorial/measurex/chapter14/README.md b/internal/tutorial/measurex/chapter14/README.md index 9c38fbff05..9300d0df62 100644 --- a/internal/tutorial/measurex/chapter14/README.md +++ b/internal/tutorial/measurex/chapter14/README.md @@ -131,7 +131,7 @@ whether the input URL is HTTP or HTTPS. m.TCPConnect = append( m.TCPConnect, measurex.NewArchivalTCPConnectList(tcp.Connect)...) case "https": - config := &tls.Config{ + config := &tls.Config{ // #nosec G402 - we need to use a large TLS versions range for measuring ServerName: parsedURL.Hostname(), NextProtos: []string{"h2", "http/1.1"}, RootCAs: nil, // use netxlite's default @@ -210,7 +210,7 @@ using an HTTP transport reading a body snapshot. ```Go if resp != nil { - resp.Body.Close() // tidy + _ = resp.Body.Close() // tidy } ``` diff --git a/internal/tutorial/measurex/chapter14/main.go b/internal/tutorial/measurex/chapter14/main.go index fa1dfe958c..684fd493fa 100644 --- a/internal/tutorial/measurex/chapter14/main.go +++ b/internal/tutorial/measurex/chapter14/main.go @@ -132,7 +132,7 @@ func webConnectivity(ctx context.Context, URL string) (*measurement, error) { m.TCPConnect = append( m.TCPConnect, measurex.NewArchivalTCPConnectList(tcp.Connect)...) case "https": - config := &tls.Config{ + config := &tls.Config{ // #nosec G402 - we need to use a large TLS versions range for measuring ServerName: parsedURL.Hostname(), NextProtos: []string{"h2", "http/1.1"}, RootCAs: nil, // use netxlite's default @@ -211,7 +211,7 @@ func webConnectivity(ctx context.Context, URL string) (*measurement, error) { // ```Go if resp != nil { - resp.Body.Close() // tidy + _ = resp.Body.Close() // tidy } // ``` diff --git a/internal/tutorial/netxlite/chapter01/README.md b/internal/tutorial/netxlite/chapter01/README.md index 2b796ff2a7..1b83565b6e 100644 --- a/internal/tutorial/netxlite/chapter01/README.md +++ b/internal/tutorial/netxlite/chapter01/README.md @@ -75,7 +75,7 @@ error that occurred and then calls `os.Exit(1)` Otherwise, we're tidy and close the opened connection. ```Go - conn.Close() + _ = conn.Close() } ``` diff --git a/internal/tutorial/netxlite/chapter01/main.go b/internal/tutorial/netxlite/chapter01/main.go index c667c296f2..016c2de432 100644 --- a/internal/tutorial/netxlite/chapter01/main.go +++ b/internal/tutorial/netxlite/chapter01/main.go @@ -76,7 +76,7 @@ func main() { // Otherwise, we're tidy and close the opened connection. // // ```Go - conn.Close() + _ = conn.Close() } // ``` diff --git a/internal/tutorial/netxlite/chapter02/README.md b/internal/tutorial/netxlite/chapter02/README.md index a0df9b71c5..96984c59e7 100644 --- a/internal/tutorial/netxlite/chapter02/README.md +++ b/internal/tutorial/netxlite/chapter02/README.md @@ -62,7 +62,7 @@ CA pool bundled with OONI by passing nil (so we don't have to trust the system-wide certificate store) ```Go - tlsConfig := &tls.Config{ + tlsConfig := &tls.Config{ // #nosec G402 - we need to use a large TLS versions range for measuring ServerName: *sni, NextProtos: []string{"h2", "http/1.1"}, RootCAs: nil, @@ -90,7 +90,7 @@ like in the previous chapter, we close the connection. log.Infof("Cipher suite : %s", netxlite.TLSCipherSuiteString(state.CipherSuite)) log.Infof("Negotiated protocol: %s", state.NegotiatedProtocol) log.Infof("TLS version : %s", netxlite.TLSVersionString(state.Version)) - conn.Close() + _ = conn.Close() } ``` @@ -149,7 +149,7 @@ func dialTLS(ctx context.Context, address string, config *tls.Config) (model.TLS } tlsConn, err := handshakeTLS(ctx, tcpConn, config) if err != nil { - tcpConn.Close() + _ = tcpConn.Close() return nil, err } return tlsConn, nil diff --git a/internal/tutorial/netxlite/chapter02/main.go b/internal/tutorial/netxlite/chapter02/main.go index e2edd59f36..affa9cfbde 100644 --- a/internal/tutorial/netxlite/chapter02/main.go +++ b/internal/tutorial/netxlite/chapter02/main.go @@ -63,7 +63,7 @@ func main() { // have to trust the system-wide certificate store) // // ```Go - tlsConfig := &tls.Config{ + tlsConfig := &tls.Config{ // #nosec G402 - we need to use a large TLS versions range for measuring ServerName: *sni, NextProtos: []string{"h2", "http/1.1"}, RootCAs: nil, @@ -91,7 +91,7 @@ func main() { log.Infof("Cipher suite : %s", netxlite.TLSCipherSuiteString(state.CipherSuite)) log.Infof("Negotiated protocol: %s", state.NegotiatedProtocol) log.Infof("TLS version : %s", netxlite.TLSVersionString(state.Version)) - conn.Close() + _ = conn.Close() } // ``` @@ -150,7 +150,7 @@ func dialTLS(ctx context.Context, address string, config *tls.Config) (model.TLS } tlsConn, err := handshakeTLS(ctx, tcpConn, config) if err != nil { - tcpConn.Close() + _ = tcpConn.Close() return nil, err } return tlsConn, nil diff --git a/internal/tutorial/netxlite/chapter03/README.md b/internal/tutorial/netxlite/chapter03/README.md index 5899eb1c16..2d6f7d702b 100644 --- a/internal/tutorial/netxlite/chapter03/README.md +++ b/internal/tutorial/netxlite/chapter03/README.md @@ -45,7 +45,7 @@ func main() { flag.Parse() ctx, cancel := context.WithTimeout(context.Background(), *timeout) defer cancel() - tlsConfig := &tls.Config{ + tlsConfig := &tls.Config{ // #nosec G402 - we need to use a large TLS versions range for measuring ServerName: *sni, NextProtos: []string{"h2", "http/1.1"}, RootCAs: nil, @@ -59,7 +59,7 @@ func main() { log.Infof("Cipher suite : %s", netxlite.TLSCipherSuiteString(state.CipherSuite)) log.Infof("Negotiated protocol: %s", state.NegotiatedProtocol) log.Infof("TLS version : %s", netxlite.TLSVersionString(state.Version)) - conn.Close() + _ = conn.Close() } func dialTCP(ctx context.Context, address string) (net.Conn, error) { @@ -101,7 +101,7 @@ func dialTLS(ctx context.Context, address string, config *tls.Config) (model.TLS } tlsConn, err := handshakeTLS(ctx, tcpConn, config) if err != nil { - tcpConn.Close() + _ = tcpConn.Close() return nil, err } return tlsConn, nil diff --git a/internal/tutorial/netxlite/chapter03/main.go b/internal/tutorial/netxlite/chapter03/main.go index 6220dd8c1a..6b233ccb10 100644 --- a/internal/tutorial/netxlite/chapter03/main.go +++ b/internal/tutorial/netxlite/chapter03/main.go @@ -46,7 +46,7 @@ func main() { flag.Parse() ctx, cancel := context.WithTimeout(context.Background(), *timeout) defer cancel() - tlsConfig := &tls.Config{ + tlsConfig := &tls.Config{ // #nosec G402 - we need to use a large TLS versions range for measuring ServerName: *sni, NextProtos: []string{"h2", "http/1.1"}, RootCAs: nil, @@ -60,7 +60,7 @@ func main() { log.Infof("Cipher suite : %s", netxlite.TLSCipherSuiteString(state.CipherSuite)) log.Infof("Negotiated protocol: %s", state.NegotiatedProtocol) log.Infof("TLS version : %s", netxlite.TLSVersionString(state.Version)) - conn.Close() + _ = conn.Close() } func dialTCP(ctx context.Context, address string) (net.Conn, error) { @@ -102,7 +102,7 @@ func dialTLS(ctx context.Context, address string, config *tls.Config) (model.TLS } tlsConn, err := handshakeTLS(ctx, tcpConn, config) if err != nil { - tcpConn.Close() + _ = tcpConn.Close() return nil, err } return tlsConn, nil diff --git a/internal/tutorial/netxlite/chapter04/README.md b/internal/tutorial/netxlite/chapter04/README.md index b7fb032165..db5634c6f0 100644 --- a/internal/tutorial/netxlite/chapter04/README.md +++ b/internal/tutorial/netxlite/chapter04/README.md @@ -47,7 +47,7 @@ The main difference is that we set the ALPN correctly for QUIC/HTTP3 by using `"h3"` here. ```Go - config := &tls.Config{ + config := &tls.Config{ // #nosec G402 - we need to use a large TLS versions range for measuring ServerName: *sni, NextProtos: []string{"h3"}, RootCAs: nil, @@ -71,7 +71,7 @@ The rest of the main function is pretty much the same. log.Infof("Cipher suite : %s", netxlite.TLSCipherSuiteString(state.CipherSuite)) log.Infof("Negotiated protocol: %s", state.NegotiatedProtocol) log.Infof("TLS version : %s", netxlite.TLSVersionString(state.Version)) - qconn.CloseWithError(0, "") + _ = qconn.CloseWithError(0, "") } ``` diff --git a/internal/tutorial/netxlite/chapter04/main.go b/internal/tutorial/netxlite/chapter04/main.go index d8ba02829e..79fa7fa7ea 100644 --- a/internal/tutorial/netxlite/chapter04/main.go +++ b/internal/tutorial/netxlite/chapter04/main.go @@ -48,7 +48,7 @@ func main() { // QUIC/HTTP3 by using `"h3"` here. // // ```Go - config := &tls.Config{ + config := &tls.Config{ // #nosec G402 - we need to use a large TLS versions range for measuring ServerName: *sni, NextProtos: []string{"h3"}, RootCAs: nil, @@ -72,7 +72,7 @@ func main() { log.Infof("Cipher suite : %s", netxlite.TLSCipherSuiteString(state.CipherSuite)) log.Infof("Negotiated protocol: %s", state.NegotiatedProtocol) log.Infof("TLS version : %s", netxlite.TLSVersionString(state.Version)) - qconn.CloseWithError(0, "") + _ = qconn.CloseWithError(0, "") } // ``` diff --git a/internal/tutorial/netxlite/chapter07/README.md b/internal/tutorial/netxlite/chapter07/README.md index f9aa91755e..6555142bac 100644 --- a/internal/tutorial/netxlite/chapter07/README.md +++ b/internal/tutorial/netxlite/chapter07/README.md @@ -46,7 +46,7 @@ func main() { flag.Parse() ctx, cancel := context.WithTimeout(context.Background(), *timeout) defer cancel() - config := &tls.Config{ + config := &tls.Config{ // #nosec G402 - we need to use a large TLS versions range for measuring ServerName: *sni, NextProtos: []string{"h2", "http/1.1"}, RootCAs: nil, @@ -105,7 +105,7 @@ using the GET method. fatal(err) } log.Infof("Status code: %d", resp.StatusCode) - resp.Body.Close() + _ = resp.Body.Close() } ``` @@ -134,7 +134,7 @@ func dialTLS(ctx context.Context, address string, config *tls.Config) (model.TLS } tlsConn, err := handshakeTLS(ctx, tcpConn, config) if err != nil { - tcpConn.Close() + _ = tcpConn.Close() return nil, err } return tlsConn, nil diff --git a/internal/tutorial/netxlite/chapter07/main.go b/internal/tutorial/netxlite/chapter07/main.go index 22db8e5120..672b637c29 100644 --- a/internal/tutorial/netxlite/chapter07/main.go +++ b/internal/tutorial/netxlite/chapter07/main.go @@ -47,7 +47,7 @@ func main() { flag.Parse() ctx, cancel := context.WithTimeout(context.Background(), *timeout) defer cancel() - config := &tls.Config{ + config := &tls.Config{ // #nosec G402 - we need to use a large TLS versions range for measuring ServerName: *sni, NextProtos: []string{"h2", "http/1.1"}, RootCAs: nil, @@ -106,7 +106,7 @@ func main() { fatal(err) } log.Infof("Status code: %d", resp.StatusCode) - resp.Body.Close() + _ = resp.Body.Close() } // ``` @@ -135,7 +135,7 @@ func dialTLS(ctx context.Context, address string, config *tls.Config) (model.TLS } tlsConn, err := handshakeTLS(ctx, tcpConn, config) if err != nil { - tcpConn.Close() + _ = tcpConn.Close() return nil, err } return tlsConn, nil diff --git a/internal/tutorial/netxlite/chapter08/README.md b/internal/tutorial/netxlite/chapter08/README.md index 6eee204ab4..03fc1954b2 100644 --- a/internal/tutorial/netxlite/chapter08/README.md +++ b/internal/tutorial/netxlite/chapter08/README.md @@ -75,7 +75,8 @@ seen how to do the same using TLS conns.) ```Go clnt := &http.Client{Transport: netxlite.NewHTTP3Transport( - log.Log, netxlite.NewSingleUseQUICDialer(qconn), &tls.Config{}, + log.Log, netxlite.NewSingleUseQUICDialer(qconn), + &tls.Config{}, // #nosec G402 - we need to use a large TLS versions range for measuring )} ``` @@ -92,7 +93,7 @@ using the GET method. fatal(err) } log.Infof("Status code: %d", resp.StatusCode) - resp.Body.Close() + _ = resp.Body.Close() } ``` diff --git a/internal/tutorial/netxlite/chapter08/main.go b/internal/tutorial/netxlite/chapter08/main.go index fab1e930f5..96e3205fb3 100644 --- a/internal/tutorial/netxlite/chapter08/main.go +++ b/internal/tutorial/netxlite/chapter08/main.go @@ -76,7 +76,8 @@ func main() { // // ```Go clnt := &http.Client{Transport: netxlite.NewHTTP3Transport( - log.Log, netxlite.NewSingleUseQUICDialer(qconn), &tls.Config{}, + log.Log, netxlite.NewSingleUseQUICDialer(qconn), + &tls.Config{}, // #nosec G402 - we need to use a large TLS versions range for measuring )} // ``` // @@ -93,7 +94,7 @@ func main() { fatal(err) } log.Infof("Status code: %d", resp.StatusCode) - resp.Body.Close() + _ = resp.Body.Close() } // ``` diff --git a/internal/webconnectivityalgo/dnsoverhttps.go b/internal/webconnectivityalgo/dnsoverhttps.go index 6fa392e881..a38b2810d3 100644 --- a/internal/webconnectivityalgo/dnsoverhttps.go +++ b/internal/webconnectivityalgo/dnsoverhttps.go @@ -58,7 +58,7 @@ func NewOpportunisticDNSOverHTTPSURLProvider(urls ...string) *OpportunisticDNSOv } func (o *OpportunisticDNSOverHTTPSURLProvider) seed(t time.Time) { - o.rnd = rand.New(rand.NewSource(t.UnixNano())) + o.rnd = rand.New(rand.NewSource(t.UnixNano())) // #nosec G404 -- not really important } // MaybeNextURL returns the next URL to measure, if any. Our aim is to perform diff --git a/internal/webconnectivityalgo/dnsoverudp.go b/internal/webconnectivityalgo/dnsoverudp.go index 06bde13d25..55a683ab2a 100644 --- a/internal/webconnectivityalgo/dnsoverudp.go +++ b/internal/webconnectivityalgo/dnsoverudp.go @@ -26,6 +26,6 @@ var dnsOverUDPResolverAddressIPv4 = []string{ // RandomDNSOverUDPResolverEndpointIPv4 returns a random DNS-over-UDP resolver endpoint using IPv4. func RandomDNSOverUDPResolverEndpointIPv4() string { - idx := rand.Intn(len(dnsOverUDPResolverAddressIPv4)) + idx := rand.Intn(len(dnsOverUDPResolverAddressIPv4)) // #nosec G404 -- not really important return net.JoinHostPort(dnsOverUDPResolverAddressIPv4[idx], "53") } diff --git a/internal/webconnectivityqa/dnsblocking.go b/internal/webconnectivityqa/dnsblocking.go index ac396ef191..ef91de11e7 100644 --- a/internal/webconnectivityqa/dnsblocking.go +++ b/internal/webconnectivityqa/dnsblocking.go @@ -2,6 +2,7 @@ package webconnectivityqa import ( "github.com/ooni/probe-cli/v3/internal/netemx" + "github.com/ooni/probe-cli/v3/internal/runtimex" ) // dnsBlockingAndroidDNSCacheNoData is the case where we're on Android and the getaddrinfo @@ -73,7 +74,7 @@ func dnsBlockingBOGON() *TestCase { Input: "https://www.example.com/", Configure: func(env *netemx.QAEnv) { env.ISPResolverConfig().RemoveRecord("www.example.com") - env.ISPResolverConfig().AddRecord("www.example.com", "", "10.10.34.35") + runtimex.Try0(env.ISPResolverConfig().AddRecord("www.example.com", "", "10.10.34.35")) }, ExpectErr: false, ExpectTestKeys: &TestKeys{ diff --git a/internal/webconnectivityqa/localhost.go b/internal/webconnectivityqa/localhost.go index adc0873372..1441d431a2 100644 --- a/internal/webconnectivityqa/localhost.go +++ b/internal/webconnectivityqa/localhost.go @@ -1,6 +1,9 @@ package webconnectivityqa -import "github.com/ooni/probe-cli/v3/internal/netemx" +import ( + "github.com/ooni/probe-cli/v3/internal/netemx" + "github.com/ooni/probe-cli/v3/internal/runtimex" +) // localhostWithHTTP is the case where the website DNS is misconfigured and returns a loopback address. func localhostWithHTTP() *TestCase { @@ -11,8 +14,8 @@ func localhostWithHTTP() *TestCase { Configure: func(env *netemx.QAEnv) { // make sure all resolvers think the correct answer is localhost - env.ISPResolverConfig().AddRecord("www.example.com", "", "127.0.0.1") - env.OtherResolversConfig().AddRecord("www.example.com", "", "127.0.0.1") + runtimex.Try0(env.ISPResolverConfig().AddRecord("www.example.com", "", "127.0.0.1")) + runtimex.Try0(env.OtherResolversConfig().AddRecord("www.example.com", "", "127.0.0.1")) }, ExpectErr: false, @@ -34,8 +37,8 @@ func localhostWithHTTPS() *TestCase { Configure: func(env *netemx.QAEnv) { // make sure all resolvers think the correct answer is localhost - env.ISPResolverConfig().AddRecord("www.example.com", "", "127.0.0.1") - env.OtherResolversConfig().AddRecord("www.example.com", "", "127.0.0.1") + runtimex.Try0(env.ISPResolverConfig().AddRecord("www.example.com", "", "127.0.0.1")) + runtimex.Try0(env.OtherResolversConfig().AddRecord("www.example.com", "", "127.0.0.1")) }, ExpectErr: false, diff --git a/internal/x/dsljavascript/consolemodule.go b/internal/x/dsljavascript/consolemodule.go index 4f5794f698..0e1f7660bd 100644 --- a/internal/x/dsljavascript/consolemodule.go +++ b/internal/x/dsljavascript/consolemodule.go @@ -15,9 +15,9 @@ import ( func (vm *VM) newModuleConsole(gojaVM *goja.Runtime, mod *goja.Object) { runtimex.Assert(vm.vm == gojaVM, "dsljavascript: unexpected gojaVM pointer value") exports := mod.Get("exports").(*goja.Object) - exports.Set("log", vm.consoleLog) - exports.Set("error", vm.consoleError) - exports.Set("warn", vm.consoleWarn) + runtimex.Try0(exports.Set("log", vm.consoleLog)) + runtimex.Try0(exports.Set("error", vm.consoleError)) + runtimex.Try0(exports.Set("warn", vm.consoleWarn)) } // consoleLog implements console.log diff --git a/internal/x/dsljavascript/golangmodule.go b/internal/x/dsljavascript/golangmodule.go index 219a9e2d3f..37f66be25c 100644 --- a/internal/x/dsljavascript/golangmodule.go +++ b/internal/x/dsljavascript/golangmodule.go @@ -11,7 +11,7 @@ import ( func (vm *VM) newModuleGolang(gojaVM *goja.Runtime, mod *goja.Object) { runtimex.Assert(vm.vm == gojaVM, "dsljavascript: unexpected gojaVM pointer value") exports := mod.Get("exports").(*goja.Object) - exports.Set("timeNow", vm.golangTimeNow) + runtimex.Try0(exports.Set("timeNow", vm.golangTimeNow)) } // golangTimeNow returns the current time using golang [time.Now] diff --git a/internal/x/dsljavascript/oonimodule.go b/internal/x/dsljavascript/oonimodule.go index d6640ea4f2..cf4c67ddc4 100644 --- a/internal/x/dsljavascript/oonimodule.go +++ b/internal/x/dsljavascript/oonimodule.go @@ -15,7 +15,7 @@ import ( func (vm *VM) newModuleOONI(gojaVM *goja.Runtime, mod *goja.Object) { runtimex.Assert(vm.vm == gojaVM, "dsljavascript: unexpected gojaVM pointer value") exports := mod.Get("exports").(*goja.Object) - exports.Set("runDSL", vm.ooniRunDSL) + runtimex.Try0(exports.Set("runDSL", vm.ooniRunDSL)) } func (vm *VM) ooniRunDSL(jsAST *goja.Object, zeroTime time.Time) (string, error) { diff --git a/internal/x/dsljavascript/vm.go b/internal/x/dsljavascript/vm.go index 193f4eb9f7..ba63462caa 100644 --- a/internal/x/dsljavascript/vm.go +++ b/internal/x/dsljavascript/vm.go @@ -10,6 +10,7 @@ import ( "github.com/dop251/goja_nodejs/require" "github.com/dop251/goja_nodejs/util" "github.com/ooni/probe-cli/v3/internal/model" + "github.com/ooni/probe-cli/v3/internal/runtimex" ) // VMConfig contains configuration for creating a VM. @@ -103,7 +104,7 @@ func NewVM(config *VMConfig, scriptPath string) (*VM, error) { registry.RegisterNativeModule("console", vm.newModuleConsole) // make sure the 'console' object exists in the VM before running scripts - gojaVM.Set("console", require.Require(gojaVM, "console")) + runtimex.Try0(gojaVM.Set("console", require.Require(gojaVM, "console"))) // register the _golang module in JavaScript registry.RegisterNativeModule("_golang", vm.newModuleGolang) @@ -124,7 +125,7 @@ func LoadExperiment(config *VMConfig, exPath string) (*VM, error) { } // make sure there's an empty dictionary containing exports - vm.vm.Set("exports", vm.vm.NewObject()) + runtimex.Try0(vm.vm.Set("exports", vm.vm.NewObject())) // run the script if err := vm.RunScript(exPath); err != nil { diff --git a/internal/x/dslvm/quic.go b/internal/x/dslvm/quic.go index 14041bb877..ca4af5421a 100644 --- a/internal/x/dslvm/quic.go +++ b/internal/x/dslvm/quic.go @@ -167,7 +167,7 @@ func (sx *QUICHandshakeStage) handshake(ctx context.Context, rtx Runtime, endpoi } func (sx *QUICHandshakeStage) newTLSConfig() *tls.Config { - return &tls.Config{ + return &tls.Config{ // #nosec G402 - we need to use a large TLS versions range for measuring NextProtos: sx.NextProtos, InsecureSkipVerify: sx.InsecureSkipVerify, RootCAs: sx.RootCAs, diff --git a/internal/x/dslvm/tls.go b/internal/x/dslvm/tls.go index 631aebaea9..99f4deb4f5 100644 --- a/internal/x/dslvm/tls.go +++ b/internal/x/dslvm/tls.go @@ -150,7 +150,7 @@ func (sx *TLSHandshakeStage) handshake(ctx context.Context, rtx Runtime, tcpConn // handle error case if err != nil { rtx.ActiveConnections().Signal() // make sure we release the semaphore - tcpConn.Conn.Close() // make sure we close the conn + _ = tcpConn.Conn.Close() // make sure we close the conn return } @@ -162,7 +162,7 @@ func (sx *TLSHandshakeStage) handshake(ctx context.Context, rtx Runtime, tcpConn } func (sx *TLSHandshakeStage) newTLSConfig() *tls.Config { - return &tls.Config{ + return &tls.Config{ // #nosec G402 - we need to use a large TLS versions range for measuring NextProtos: sx.NextProtos, InsecureSkipVerify: sx.InsecureSkipVerify, RootCAs: sx.RootCAs, diff --git a/internal/x/dslx/tls.go b/internal/x/dslx/tls.go index ac4675630d..fbaf4d722b 100644 --- a/internal/x/dslx/tls.go +++ b/internal/x/dslx/tls.go @@ -121,7 +121,7 @@ func tlsNewConfig(address string, defaultALPN []string, domain string, logger mo // See https://github.com/ooni/probe/issues/2413 to understand // why we're using nil to force netxlite to use the cached // default Mozilla cert pool. - config := &tls.Config{ + config := &tls.Config{ // #nosec G402 - we need to use a large TLS versions range for measuring NextProtos: append([]string{}, defaultALPN...), InsecureSkipVerify: false, RootCAs: nil, diff --git a/pkg/oonimkall/session.go b/pkg/oonimkall/session.go index f1b9d69a3f..9933208348 100644 --- a/pkg/oonimkall/session.go +++ b/pkg/oonimkall/session.go @@ -208,7 +208,7 @@ func sessionFinalizer(sess *Session) { for _, fn := range sess.cl { fn() } - sess.sessp.Close() // ignore return value + _ = sess.sessp.Close() ActiveSessions.Add(-1) } diff --git a/pkg/oonimkall/task.go b/pkg/oonimkall/task.go index 541b6dda96..02769c9a60 100644 --- a/pkg/oonimkall/task.go +++ b/pkg/oonimkall/task.go @@ -49,7 +49,7 @@ func StartTask(input string) (*Task, error) { r := newRunner(&settings, emitter) r.Run(ctx) task.out <- nil // signal that we're done w/o closing the channel - emitter.Close() + _ = emitter.Close() close(task.isstopped) }() return task, nil diff --git a/pkg/oonimkall/taskrunner.go b/pkg/oonimkall/taskrunner.go index 7ec5eb12d9..161d23ad87 100644 --- a/pkg/oonimkall/taskrunner.go +++ b/pkg/oonimkall/taskrunner.go @@ -127,7 +127,7 @@ func (r *runnerForTask) Run(rootCtx context.Context) { } endEvent := new(eventStatusEnd) defer func() { - sess.Close() + _ = sess.Close() r.emitter.Emit(eventTypeStatusEnd, endEvent) }()