Update CI configs to v0.7.2

Update lint scripts and CI configs.

.github/workflows/lint.yaml

@@ -47,5 +47,5 @@ jobs:
  - name: golangci-lint
  uses: golangci/golangci-lint-action@v3
  with:
- version: v1.31
+ version: v1.45.2
  args: $GOLANGCI_LINT_EXRA_ARGS

.golangci.yml

@@ -15,14 +15,22 @@ linters-settings:
 linters:
  enable:
  - asciicheck # Simple linter to check that your code does not contain non-ASCII identifiers
+ - bidichk # Checks for dangerous unicode character sequences
  - bodyclose # checks whether HTTP response body is closed successfully
+ - contextcheck # check the function whether use a non-inherited context
  - deadcode # Finds unused code
+ - decorder # check declaration order and count of types, constants, variables and functions
  - depguard # Go linter that checks if package imports are in a list of acceptable packages
  - dogsled # Checks assignments with too many blank identifiers (e.g. x, _, _, _, := f())
  - dupl # Tool for code clone detection
+ - durationcheck # check for two durations multiplied together
  - errcheck # Errcheck is a program for checking for unchecked errors in go programs. These unchecked errors can be critical bugs in some cases
+ - errchkjson # Checks types passed to the json encoding functions. Reports unsupported types and optionally reports occations, where the check for the returned error can be omitted.
+ - errname # Checks that sentinel errors are prefixed with the `Err` and error types are suffixed with the `Error`.
+ - errorlint # errorlint is a linter for that can be used to find code that will cause problems with the error wrapping scheme introduced in Go 1.13.
  - exhaustive # check exhaustiveness of enum switch statements
  - exportloopref # checks for pointers to enclosing loop variables
+ - forcetypeassert # finds forced type assertions
  - gci # Gci control golang package import order and make it always deterministic.
  - gochecknoglobals # Checks that no globals are present in Go code
  - gochecknoinits # Checks that no init functions are present in Go code
@@ -35,40 +43,62 @@ linters:
  - gofumpt # Gofumpt checks whether code was gofumpt-ed.
  - goheader # Checks is file header matches to pattern
  - goimports # Goimports does everything that gofmt does. Additionally it checks unused imports
- - golint # Golint differs from gofmt. Gofmt reformats Go source code, whereas golint prints out style mistakes
+ - gomoddirectives # Manage the use of 'replace', 'retract', and 'excludes' directives in go.mod.
  - gomodguard # Allow and block list linter for direct Go module dependencies. This is different from depguard where there are different block types for example version constraints and module recommendations.
  - goprintffuncname # Checks that printf-like functions are named with `f` at the end
  - gosec # Inspects source code for security problems
  - gosimple # Linter for Go source code that specializes in simplifying a code
  - govet # Vet examines Go source code and reports suspicious constructs, such as Printf calls whose arguments do not align with the format string
+ - grouper # An analyzer to analyze expression groups.
+ - importas # Enforces consistent import aliases
  - ineffassign # Detects when assignments to existing variables are not used
  - misspell # Finds commonly misspelled English words in comments
  - nakedret # Finds naked returns in functions greater than a specified function length
+ - nilerr # Finds the code that returns nil even if it checks that the error is not nil.
+ - nilnil # Checks that there is no simultaneous return of `nil` error and an invalid value.
  - noctx # noctx finds sending http request without context.Context
- - scopelint # Scopelint checks for unpinned variables in go programs
+ - predeclared # find code that shadows one of Go's predeclared identifiers
+ - revive # golint replacement, finds style mistakes
  - staticcheck # Staticcheck is a go vet on steroids, applying a ton of static analysis checks
  - structcheck # Finds unused struct fields
  - stylecheck # Stylecheck is a replacement for golint
+ - tagliatelle # Checks the struct tags.
+ - tenv # tenv is analyzer that detects using os.Setenv instead of t.Setenv since Go1.17
+ - tparallel # tparallel detects inappropriate usage of t.Parallel() method in your Go test codes
  - typecheck # Like the front-end of a Go compiler, parses and type-checks Go code
  - unconvert # Remove unnecessary type conversions
  - unparam # Reports unused function parameters
  - unused # Checks Go code for unused constants, variables, functions and types
  - varcheck # Finds unused global variables and constants
+ - wastedassign # wastedassign finds wasted assignment statements
  - whitespace # Tool for detection of leading and trailing whitespace
  disable:
+ - containedctx # containedctx is a linter that detects struct contained context.Context field
+ - cyclop # checks function and package cyclomatic complexity
+ - exhaustivestruct # Checks if all struct's fields are initialized
+ - forbidigo # Forbids identifiers
  - funlen # Tool for detection of long functions
  - gocyclo # Computes and checks the cyclomatic complexity of functions
  - godot # Check if comments end in a period
  - gomnd # An analyzer to detect magic numbers.
+ - ifshort # Checks that your code uses short syntax for if-statements whenever possible
+ - ireturn # Accept Interfaces, Return Concrete Types
  - lll # Reports long lines
+ - maintidx # maintidx measures the maintainability index of each function.
+ - makezero # Finds slice declarations with non-zero initial length
  - maligned # Tool to detect Go structs that would take less memory if their fields were sorted
  - nestif # Reports deeply nested if statements
  - nlreturn # nlreturn checks for a new line before return and branch statements to increase code clarity
  - nolintlint # Reports ill-formed or insufficient nolint directives
+ - paralleltest # paralleltest detects missing usage of t.Parallel() method in your Go test
  - prealloc # Finds slice declarations that could potentially be preallocated
+ - promlinter # Check Prometheus metrics naming via promlint
  - rowserrcheck # checks whether Err of rows is checked successfully
  - sqlclosecheck # Checks that sql.Rows and sql.Stmt are closed.
  - testpackage # linter that makes you use a separate _test package
+ - thelper # thelper detects golang test helpers without t.Helper() call and checks the consistency of test helpers
+ - varnamelen # checks that the length of a variable's name matches its scope
+ - wrapcheck # Checks that errors returned from external packages are wrapped
  - wsl # Whitespace Linter - Forces you to use empty lines!
 
 issues:

bench_test.go

@@ -40,7 +40,7 @@ func TestSimpleReadWrite(t *testing.T) {
  t.Error(sErr)
  }
  gotHello <- struct{}{}
- if sErr = server.Close(); sErr != nil {
+ if sErr = server.Close(); sErr != nil { //nolint:contextcheck
  t.Error(sErr)
  }
  }()
@@ -96,7 +96,7 @@ func benchmarkConn(b *testing.B, n int64) {
  b.Error(err)
  }
  for {
- if _, cErr = client.Write(hw); cErr != nil {
+ if _, cErr = client.Write(hw); cErr != nil { //nolint:contextcheck
  b.Error(err)
  }
  }

certificate_test.go

@@ -64,8 +64,6 @@ func TestGetCertificate(t *testing.T) {
  test := test
 
  t.Run(test.desc, func(t *testing.T) {
- t.Parallel()
-
  cert, err := cfg.getCertificate(test.serverName)
  if err != nil {
  t.Fatal(err)

cipher_suite.go

@@ -19,27 +19,27 @@ type CipherSuiteID = ciphersuite.ID
 // Supported Cipher Suites
 const (
  // AES-128-CCM
- TLS_ECDHE_ECDSA_WITH_AES_128_CCM CipherSuiteID = ciphersuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM //nolint:golint,stylecheck
- TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 CipherSuiteID = ciphersuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 //nolint:golint,stylecheck
+ TLS_ECDHE_ECDSA_WITH_AES_128_CCM CipherSuiteID = ciphersuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM //nolint:revive,stylecheck
+ TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 CipherSuiteID = ciphersuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 //nolint:revive,stylecheck
 
  // AES-128-GCM-SHA256
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 CipherSuiteID = ciphersuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 //nolint:golint,stylecheck
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 CipherSuiteID = ciphersuite.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 //nolint:golint,stylecheck
+ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 CipherSuiteID = ciphersuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 //nolint:revive,stylecheck
+ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 CipherSuiteID = ciphersuite.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 //nolint:revive,stylecheck
 
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 CipherSuiteID = ciphersuite.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 //nolint:golint,stylecheck
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 CipherSuiteID = ciphersuite.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 //nolint:golint,stylecheck
+ TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 CipherSuiteID = ciphersuite.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 //nolint:revive,stylecheck
+ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 CipherSuiteID = ciphersuite.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 //nolint:revive,stylecheck
 
  // AES-256-CBC-SHA
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA CipherSuiteID = ciphersuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA //nolint:golint,stylecheck
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA CipherSuiteID = ciphersuite.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA //nolint:golint,stylecheck
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA CipherSuiteID = ciphersuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA //nolint:revive,stylecheck
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA CipherSuiteID = ciphersuite.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA //nolint:revive,stylecheck
 
- TLS_PSK_WITH_AES_128_CCM CipherSuiteID = ciphersuite.TLS_PSK_WITH_AES_128_CCM //nolint:golint,stylecheck
- TLS_PSK_WITH_AES_128_CCM_8 CipherSuiteID = ciphersuite.TLS_PSK_WITH_AES_128_CCM_8 //nolint:golint,stylecheck
- TLS_PSK_WITH_AES_256_CCM_8 CipherSuiteID = ciphersuite.TLS_PSK_WITH_AES_256_CCM_8 //nolint:golint,stylecheck
- TLS_PSK_WITH_AES_128_GCM_SHA256 CipherSuiteID = ciphersuite.TLS_PSK_WITH_AES_128_GCM_SHA256 //nolint:golint,stylecheck
- TLS_PSK_WITH_AES_128_CBC_SHA256 CipherSuiteID = ciphersuite.TLS_PSK_WITH_AES_128_CBC_SHA256 //nolint:golint,stylecheck
+ TLS_PSK_WITH_AES_128_CCM CipherSuiteID = ciphersuite.TLS_PSK_WITH_AES_128_CCM //nolint:revive,stylecheck
+ TLS_PSK_WITH_AES_128_CCM_8 CipherSuiteID = ciphersuite.TLS_PSK_WITH_AES_128_CCM_8 //nolint:revive,stylecheck
+ TLS_PSK_WITH_AES_256_CCM_8 CipherSuiteID = ciphersuite.TLS_PSK_WITH_AES_256_CCM_8 //nolint:revive,stylecheck
+ TLS_PSK_WITH_AES_128_GCM_SHA256 CipherSuiteID = ciphersuite.TLS_PSK_WITH_AES_128_GCM_SHA256 //nolint:revive,stylecheck
+ TLS_PSK_WITH_AES_128_CBC_SHA256 CipherSuiteID = ciphersuite.TLS_PSK_WITH_AES_128_CBC_SHA256 //nolint:revive,stylecheck
 
- TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 CipherSuiteID = ciphersuite.TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 //nolint:golint,stylecheck
+ TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 CipherSuiteID = ciphersuite.TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 //nolint:revive,stylecheck
 )
 
 // CipherSuiteAuthenticationType controls what authentication method is using during the handshake for a CipherSuite
@@ -197,7 +197,7 @@ func parseCipherSuites(userSelectedSuites []CipherSuiteID, customCipherSuites fu
  for _, id := range ids {
  c := cipherSuiteForID(id, nil)
  if c == nil {
- return nil, &invalidCipherSuite{id}
+ return nil, &invalidCipherSuiteError{id}
  }
  cipherSuites = append(cipherSuites, c)
  }

config_test.go

@@ -1,7 +1,7 @@
 package dtls
 
 import (
- "crypto/dsa" //nolint
+ "crypto/dsa" //nolint:staticcheck
  "crypto/rand"
  "crypto/rsa"
  "crypto/tls"

conn.go

@@ -332,7 +332,7 @@ func (c *Conn) Write(p []byte) (int, error) {
  {
  record: &recordlayer.RecordLayer{
  Header: recordlayer.Header{
- Epoch: c.getLocalEpoch(),
+ Epoch: c.state.getLocalEpoch(),
  Version: protocol.Version1_2,
  },
  Content: &protocol.ApplicationData{
@@ -346,7 +346,7 @@ func (c *Conn) Write(p []byte) (int, error) {
 
 // Close closes the connection.
 func (c *Conn) Close() error {
- err := c.close(true)
+ err := c.close(true) //nolint:contextcheck
  c.handshakeLoopsFinished.Wait()
  return err
 }
@@ -489,14 +489,14 @@ func (c *Conn) processHandshakePacket(p *packet, h *handshake.Handshake) ([][]by
  SequenceNumber: seq,
  }
 
- recordlayerHeaderBytes, err := recordlayerHeader.Marshal()
+ rawPacket, err := recordlayerHeader.Marshal()
  if err != nil {
  return nil, err
  }
 
  p.record.Header = *recordlayerHeader
 
- rawPacket := append(recordlayerHeaderBytes, handshakeFragment...)
+ rawPacket = append(rawPacket, handshakeFragment...)
  if p.shouldEncrypt {
  var err error
  rawPacket, err = c.state.cipherSuite.Encrypt(p.record, rawPacket)
@@ -540,12 +540,12 @@ func (c *Conn) fragmentHandshake(h *handshake.Handshake) ([][]byte, error) {
 
  offset += contentFragmentLen
 
- headerFragmentRaw, err := headerFragment.Marshal()
+ fragmentedHandshake, err := headerFragment.Marshal()
  if err != nil {
  return nil, err
  }
 
- fragmentedHandshake := append(headerFragmentRaw, contentFragment...)
+ fragmentedHandshake = append(fragmentedHandshake, contentFragment...)
  fragmentedHandshakes = append(fragmentedHandshakes, fragmentedHandshake)
  }
 
@@ -560,7 +560,10 @@ var poolReadBuffer = sync.Pool{ //nolint:gochecknoglobals
 }
 
 func (c *Conn) readAndBuffer(ctx context.Context) error {
- bufptr := poolReadBuffer.Get().(*[]byte)
+ bufptr, ok := poolReadBuffer.Get().(*[]byte)
+ if !ok {
+ return errFailedToAccessPoolReadBuffer
+ }
  defer poolReadBuffer.Put(bufptr)
 
  b := *bufptr
@@ -587,13 +590,13 @@ func (c *Conn) readAndBuffer(ctx context.Context) error {
  if hs {
  hasHandshake = true
  }
- switch e := err.(type) {
- case nil:
- case *errAlert:
+
+ var e *alertError
+ if errors.As(err, &e) {
  if e.IsFatalOrCloseNotify() {
  return e
  }
- default:
+ } else if err != nil {
  return e
  }
  }
@@ -623,13 +626,12 @@ func (c *Conn) handleQueuedPackets(ctx context.Context) error {
  }
  }
  }
- switch e := err.(type) {
- case nil:
- case *errAlert:
+ var e *alertError
+ if errors.As(err, &e) {
  if e.IsFatalOrCloseNotify() {
  return e
  }
- default:
+ } else if err != nil {
  return e
  }
  }
@@ -646,7 +648,7 @@ func (c *Conn) handleIncomingPacket(ctx context.Context, buf []byte, enqueue boo
  }
 
  // Validate epoch
- remoteEpoch := c.getRemoteEpoch()
+ remoteEpoch := c.state.getRemoteEpoch()
  if h.Epoch > remoteEpoch {
  if h.Epoch > remoteEpoch+1 {
  c.log.Debugf("discarded future packet (epoch: %d, seq: %d)",
@@ -707,7 +709,7 @@ func (c *Conn) handleIncomingPacket(ctx context.Context, buf []byte, enqueue boo
  c.log.Debugf("%s: handshake parse failed: %s", srvCliStr(c.state.isClient), err)
  continue
  }
- _ = c.handshakeCache.push(out, epoch, header.MessageSequence, header.Type, !c.state.isClient)
+ c.handshakeCache.push(out, epoch, header.MessageSequence, header.Type, !c.state.isClient)
  }
 
  return true, nil, nil
@@ -727,7 +729,7 @@ func (c *Conn) handleIncomingPacket(ctx context.Context, buf []byte, enqueue boo
  a = &alert.Alert{Level: alert.Warning, Description: alert.CloseNotify}
  }
  markPacketAsValid()
- return false, a, &errAlert{content}
+ return false, a, &alertError{content}
  case *protocol.ChangeCipherSpec:
  if c.state.cipherSuite == nil || !c.state.cipherSuite.IsInitialized() {
  if enqueue {
@@ -740,7 +742,7 @@ func (c *Conn) handleIncomingPacket(ctx context.Context, buf []byte, enqueue boo
  newRemoteEpoch := h.Epoch + 1
  c.log.Tracef("%s: <- ChangeCipherSpec (epoch: %d)", srvCliStr(c.state.isClient), newRemoteEpoch)
 
- if c.getRemoteEpoch()+1 == newRemoteEpoch {
+ if c.state.getRemoteEpoch()+1 == newRemoteEpoch {
  c.setRemoteEpoch(newRemoteEpoch)
  markPacketAsValid()
  }
@@ -782,7 +784,7 @@ func (c *Conn) notify(ctx context.Context, level alert.Level, desc alert.Descrip
  {
  record: &recordlayer.RecordLayer{
  Header: recordlayer.Header{
- Epoch: c.getLocalEpoch(),
+ Epoch: c.state.getLocalEpoch(),
  Version: protocol.Version1_2,
  },
  Content: &alert.Alert{
@@ -848,8 +850,8 @@ func (c *Conn) handshake(ctx context.Context, cfg *handshakeConfig, initialFligh
  defer c.handshakeLoopsFinished.Done()
  for {
  if err := c.readAndBuffer(ctxRead); err != nil {
- switch e := err.(type) {
- case *errAlert:
+ var e *alertError
+ if errors.As(err, &e) {
  if !e.IsFatalOrCloseNotify() {
  if c.isHandshakeCompletedSuccessfully() {
  // Pass the error to Read()
@@ -861,9 +863,9 @@ func (c *Conn) handshake(ctx context.Context, cfg *handshakeConfig, initialFligh
  }
  continue // non-fatal alert must not stop read loop
  }
- case error:
- switch err {
- case context.DeadlineExceeded, context.Canceled, io.EOF:
+ } else {
+ switch {
+ case errors.Is(err, context.DeadlineExceeded), errors.Is(err, context.Canceled), errors.Is(err, io.EOF):
  default:
  if c.isHandshakeCompletedSuccessfully() {
  // Keep read loop and pass the read error to Read()
@@ -876,14 +878,15 @@ func (c *Conn) handshake(ctx context.Context, cfg *handshakeConfig, initialFligh
  }
  }
  }
+
  select {
  case firstErr <- err:
  default:
  }
 
- if e, ok := err.(*errAlert); ok {
+ if e != nil {
  if e.IsFatalOrCloseNotify() {
- _ = c.close(false)
+ _ = c.close(false) //nolint:contextcheck
  }
  }
  return
@@ -954,18 +957,10 @@ func (c *Conn) setLocalEpoch(epoch uint16) {
  c.state.localEpoch.Store(epoch)
 }
 
-func (c *Conn) getLocalEpoch() uint16 {
- return c.state.localEpoch.Load().(uint16)
-}
-
 func (c *Conn) setRemoteEpoch(epoch uint16) {
  c.state.remoteEpoch.Store(epoch)
 }
 
-func (c *Conn) getRemoteEpoch() uint16 {
- return c.state.remoteEpoch.Load().(uint16)
-}
-
 // LocalAddr implements net.Conn.LocalAddr
 func (c *Conn) LocalAddr() net.Addr {
  return c.nextConn.LocalAddr()