mirror of
https://github.com/juanfont/headscale.git
synced 2024-11-29 18:33:05 +00:00
Add and fix gosec
This commit is contained in:
parent
715542ac1c
commit
c4d4c9c4e4
5 changed files with 10 additions and 9 deletions
|
@ -32,7 +32,6 @@ linters:
|
|||
- wrapcheck
|
||||
- goerr113
|
||||
- forcetypeassert
|
||||
- gosec
|
||||
- forbidigo
|
||||
- dupl
|
||||
- makezero
|
||||
|
|
10
app.go
10
app.go
|
@ -638,10 +638,12 @@ func (h *Headscale) getTLSSettings() (*tls.Config, error) {
|
|||
if !strings.HasPrefix(h.cfg.ServerURL, "https://") {
|
||||
log.Warn().Msg("Listening with TLS but ServerURL does not start with https://")
|
||||
}
|
||||
tlsConfig := &tls.Config{}
|
||||
tlsConfig.ClientAuth = tls.RequireAnyClientCert
|
||||
tlsConfig.NextProtos = []string{"http/1.1"}
|
||||
tlsConfig.Certificates = make([]tls.Certificate, 1)
|
||||
tlsConfig := &tls.Config{
|
||||
ClientAuth: tls.RequireAnyClientCert,
|
||||
NextProtos: []string{"http/1.1"},
|
||||
Certificates: make([]tls.Certificate, 1),
|
||||
MinVersion: tls.VersionTLS12,
|
||||
}
|
||||
tlsConfig.Certificates[0], err = tls.LoadX509KeyPair(h.cfg.TLSCertPath, h.cfg.TLSKeyPath)
|
||||
|
||||
return tlsConfig, err
|
||||
|
|
|
@ -100,7 +100,7 @@ func (*Suite) TestDNSConfigLoading(c *check.C) {
|
|||
func writeConfig(c *check.C, tmpDir string, configYaml []byte) {
|
||||
// Populate a custom config file
|
||||
configFile := filepath.Join(tmpDir, "config.yaml")
|
||||
err := ioutil.WriteFile(configFile, configYaml, 0o644)
|
||||
err := ioutil.WriteFile(configFile, configYaml, 0o600)
|
||||
if err != nil {
|
||||
c.Fatalf("Couldn't write file %s", configFile)
|
||||
}
|
||||
|
|
|
@ -70,7 +70,7 @@ func (h *Headscale) DestroyNamespace(name string) error {
|
|||
return err
|
||||
}
|
||||
for _, key := range keys {
|
||||
err = h.DestroyPreAuthKey(&key)
|
||||
err = h.DestroyPreAuthKey(key)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
|
|
@ -95,8 +95,8 @@ func (h *Headscale) GetPreAuthKey(namespace string, key string) (*PreAuthKey, er
|
|||
|
||||
// DestroyPreAuthKey destroys a preauthkey. Returns error if the PreAuthKey
|
||||
// does not exist.
|
||||
func (h *Headscale) DestroyPreAuthKey(pak *PreAuthKey) error {
|
||||
if result := h.db.Unscoped().Delete(&pak); result.Error != nil {
|
||||
func (h *Headscale) DestroyPreAuthKey(pak PreAuthKey) error {
|
||||
if result := h.db.Unscoped().Delete(pak); result.Error != nil {
|
||||
return result.Error
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue