lint update+formatting (#407)

Author: mmetc

.golangci.yml

@@ -45,7 +45,6 @@ linters:
       enable-all: true
       disabled-checks:
         - appendCombine
-        - commentFormatting
         - paramTypeCombine
         - sloppyReassign
         - unnamedResult
@@ -78,7 +77,9 @@ linters:
         - name: add-constant
           disabled: true
         - name: cognitive-complexity
-          disabled: true
+          arguments:
+            # lower this after refactoring
+            - 49
         - name: comment-spacings
           disabled: true
         - name: confusing-results
@@ -87,12 +88,13 @@ linters:
           arguments:
             # lower this after refactoring
             - 28
-        - name: empty-lines
-          disabled: true
         - name: flag-parameter
           disabled: true
         - name: function-length
-          disabled: true
+          arguments:
+            # lower this after refactoring
+            - 74
+            - 149
         - name: import-alias-naming
           disabled: true
         - name: import-shadowing

cmd/root.go

@@ -235,6 +235,7 @@ func Execute() error {
 	}
 
 	prometheus.MustRegister(csbouncer.TotalLAPICalls, csbouncer.TotalLAPIError)
+
 	if config.PrometheusConfig.Enabled {
 		go func() {
 			http.Handle("/metrics", mHandler.ComputeMetricsHandler(promhttp.Handler()))

pkg/dryrun/dryrun.go

@@ -9,8 +9,7 @@ import (
 	"github.com/crowdsecurity/cs-firewall-bouncer/pkg/types"
 )
 
-type dryRun struct {
-}
+type dryRun struct{}
 
 func NewDryRun(_ *cfg.BouncerConfig) (types.Backend, error) {
 	return &dryRun{}, nil

pkg/ipsetcmd/ipset.go

@@ -30,6 +30,7 @@ func NewIPSet(setName string) (*IPSet, error) {
 	if err != nil {
 		return nil, errors.New("unable to find ipset")
 	}
+
 	return &IPSet{
 		binaryPath: ipsetBin,
 		setName:    setName,
@@ -72,6 +73,7 @@ func (i *IPSet) Add(entry string) error {
 	cmd := exec.Command(i.binaryPath, "add", i.setName, entry)
 
 	log.Debugf("ipset add command: %v", cmd.String())
+
 	out, err := cmd.CombinedOutput()
 	if err != nil {
 		return fmt.Errorf("error creating ipset: %s", out)
@@ -84,6 +86,7 @@ func (i *IPSet) DeleteEntry(entry string) error {
 	cmd := exec.Command(i.binaryPath, "del", i.setName, entry)
 
 	log.Debugf("ipset delete entry command: %v", cmd.String())
+
 	out, err := cmd.CombinedOutput()
 	if err != nil {
 		return fmt.Errorf("error creating ipset: %s", out)
@@ -96,6 +99,7 @@ func (i *IPSet) List() ([]string, error) {
 	cmd := exec.Command(i.binaryPath, "list", i.setName)
 
 	log.Debugf("ipset list command: %v", cmd.String())
+
 	out, err := cmd.CombinedOutput()
 	if err != nil {
 		return nil, fmt.Errorf("error listing ipset: %s", out)
@@ -108,6 +112,7 @@ func (i *IPSet) Flush() error {
 	cmd := exec.Command(i.binaryPath, "flush", i.setName)
 
 	log.Debugf("ipset flush command: %v", cmd.String())
+
 	out, err := cmd.CombinedOutput()
 	if err != nil {
 		return fmt.Errorf("error flushing ipset: %s", out)
@@ -120,6 +125,7 @@ func (i *IPSet) Destroy() error {
 	cmd := exec.Command(i.binaryPath, "destroy", i.setName)
 
 	log.Debugf("ipset destroy command: %v", cmd.String())
+
 	out, err := cmd.CombinedOutput()
 	if err != nil {
 		return fmt.Errorf("error destroying ipset: %s", out)
@@ -132,6 +138,7 @@ func (i *IPSet) Rename(toSetName string) error {
 	cmd := exec.Command(i.binaryPath, "rename", i.setName, toSetName)
 
 	log.Debugf("ipset rename command: %v", cmd.String())
+
 	out, err := cmd.CombinedOutput()
 	if err != nil {
 		return fmt.Errorf("error renaming ipset: %s", out)
@@ -146,6 +153,7 @@ func (i *IPSet) Test(entry string) error {
 	cmd := exec.Command(i.binaryPath, "test", i.setName, entry)
 
 	log.Debugf("ipset test command: %v", cmd.String())
+
 	out, err := cmd.CombinedOutput()
 	if err != nil {
 		return fmt.Errorf("error testing ipset: %s", out)
@@ -158,17 +166,20 @@ func (i *IPSet) Save() ([]string, error) {
 	cmd := exec.Command(i.binaryPath, "save", i.setName)
 
 	log.Debugf("ipset save command: %v", cmd.String())
+
 	out, err := cmd.CombinedOutput()
 	if err != nil {
 		return nil, fmt.Errorf("error saving ipset: %s", out)
 	}
+
 	return strings.Split(string(out), "\n"), nil
 }
 
 func (i *IPSet) Restore(filename string) error {
 	cmd := exec.Command(i.binaryPath, "restore", "-file", filename)
 
 	log.Debugf("ipset restore command: %v", cmd.String())
+
 	out, err := cmd.CombinedOutput()
 	if err != nil {
 		return fmt.Errorf("error restoring ipset: %s", out)
@@ -181,6 +192,7 @@ func (i *IPSet) Swap(toSetName string) error {
 	cmd := exec.Command(i.binaryPath, "swap", i.setName, toSetName)
 
 	log.Debugf("ipset swap command: %v", cmd.String())
+
 	out, err := cmd.CombinedOutput()
 	if err != nil {
 		return fmt.Errorf("error swapping ipset: %s", out)
@@ -207,6 +219,7 @@ func (i *IPSet) Len() int {
 	cmd := exec.Command(i.binaryPath, "list", i.setName)
 
 	log.Debugf("ipset list command: %v", cmd.String())
+
 	out, err := cmd.CombinedOutput()
 	if err != nil {
 		return 0
@@ -238,6 +251,7 @@ func GetSetsStartingWith(name string) (map[string]*IPSet, error) {
 	cmd := exec.Command(ipsetBinary, "list", "-name")
 
 	log.Debugf("ipset list command: %v", cmd.String())
+
 	out, err := cmd.CombinedOutput()
 	if err != nil {
 		return nil, fmt.Errorf("error listing ipset: %s", out)

pkg/iptables/iptables.go

@@ -30,6 +30,7 @@ type iptables struct {
 
 func NewIPTables(config *cfg.BouncerConfig) (types.Backend, error) {
 	var err error
+
 	ret := &iptables{}
 
 	defaultSet, err := ipsetcmd.NewIPSet("")
@@ -87,10 +88,12 @@ func NewIPTables(config *cfg.BouncerConfig) (types.Backend, error) {
 
 	if config.Mode == cfg.IpsetMode {
 		ipv4Ctx.ipsetContentOnly = true
+
 		set, err := ipsetcmd.NewIPSet(config.BlacklistsIpv4)
 		if err != nil {
 			return nil, err
 		}
+
 		v4Sets["ipset"] = set
 	} else {
 		ipv4Ctx.iptablesBin, err = exec.LookPath("iptables")
@@ -108,6 +111,7 @@ func NewIPTables(config *cfg.BouncerConfig) (types.Backend, error) {
 
 	ipv4Ctx.ipsets = v4Sets
 	ret.v4 = ipv4Ctx
+
 	if config.DisableIPV6 {
 		return ret, nil
 	}
@@ -119,10 +123,12 @@ func NewIPTables(config *cfg.BouncerConfig) (types.Backend, error) {
 
 	if config.Mode == cfg.IpsetMode {
 		ipv6Ctx.ipsetContentOnly = true
+
 		set, err := ipsetcmd.NewIPSet(config.BlacklistsIpv6)
 		if err != nil {
 			return nil, err
 		}
+
 		v6Sets["ipset"] = set
 	} else {
 		ipv6Ctx.iptablesBin, err = exec.LookPath("ip6tables")
@@ -198,10 +204,12 @@ func (ipt *iptables) Add(decision *models.Decision) error {
 			log.Debugf("not adding '%s' because ipv6 is disabled", *decision.Value)
 			return nil
 		}
+
 		ipt.v6.add(decision)
 	} else {
 		ipt.v4.add(decision)
 	}
+
 	return nil
 }
 

pkg/iptables/iptables_context.go

@@ -14,6 +14,7 @@ import (
 	log "github.com/sirupsen/logrus"
 
 	"github.com/crowdsecurity/crowdsec/pkg/models"
+
 	"github.com/crowdsecurity/cs-firewall-bouncer/pkg/ipsetcmd"
 )
 
@@ -67,7 +68,6 @@ func (ctx *ipTablesContext) setupChain() {
 	}
 
 	for _, chain := range ctx.Chains {
-
 		cmd = []string{"-I", chain, "-j", chainName}
 
 		c = exec.Command(ctx.iptablesBin, cmd...)
@@ -120,7 +120,6 @@ func (ctx *ipTablesContext) setupChain() {
 
 func (ctx *ipTablesContext) deleteChain() {
 	for _, chain := range ctx.Chains {
-
 		cmd := []string{"-D", chain, "-j", chainName}
 
 		c := exec.Command(ctx.iptablesBin, cmd...)
@@ -212,9 +211,10 @@ func (ctx *ipTablesContext) commit() error {
 	}()
 
 	for _, decision := range ctx.toDel {
-
-		var set *ipsetcmd.IPSet
-		var ok bool
+		var (
+			set *ipsetcmd.IPSet
+			ok  bool
+		)
 
 		// Decisions coming from lists will have "lists" as origin, and the scenario will be the list name
 		// We use those to build a custom origin because we want to track metrics per list
@@ -252,8 +252,10 @@ func (ctx *ipTablesContext) commit() error {
 			continue
 		}
 
-		var set *ipsetcmd.IPSet
-		var ok bool
+		var (
+			set *ipsetcmd.IPSet
+			ok  bool
+		)
 
 		if banDuration.Seconds() > maxBanSeconds {
 			log.Warnf("Ban duration too long (%d seconds), maximum for ipset is %d, setting duration to %d", int(banDuration.Seconds()), maxBanSeconds, maxBanSeconds-1)
@@ -272,7 +274,6 @@ func (ctx *ipTablesContext) commit() error {
 			set, ok = ctx.ipsets[origin]
 
 			if !ok {
-
 				idx := slices.Index(ctx.originSetMapping, origin)
 
 				if idx == -1 {