Skip to content

Commit b796bd8

Browse files
committed
Fix linter warnings
1 parent 6c1a1ea commit b796bd8

File tree

3 files changed

+96
-64
lines changed

3 files changed

+96
-64
lines changed

cmd/fence/linux_bootstrap.go

Lines changed: 57 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -76,32 +76,52 @@ func startBridgesAndSetEnv(ctx context.Context, opts bootstrapOptions) []string
7676

7777
if opts.httpSocket != "" {
7878
socketPaths = append(socketPaths, opts.httpSocket)
79+
startErrCh := make(chan error, 1)
7980
go func() {
80-
if err := bridgeTCPToUnix(ctx, 3128, opts.httpSocket); err != nil {
81+
if err := bridgeTCPToUnix(ctx, 3128, opts.httpSocket, startErrCh); err != nil && err != context.Canceled {
8182
fmt.Fprintf(os.Stderr, "[fence:linux-bootstrap] HTTP bridge error: %v\n", err)
8283
}
8384
}()
84-
os.Setenv("HTTP_PROXY", "http://127.0.0.1:3128")
85-
os.Setenv("HTTPS_PROXY", "http://127.0.0.1:3128")
86-
os.Setenv("http_proxy", "http://127.0.0.1:3128")
87-
os.Setenv("https_proxy", "http://127.0.0.1:3128")
85+
if err := <-startErrCh; err != nil {
86+
fatal(ExitWrapperSetupFailed, "failed to start HTTP bridge: %v", err)
87+
}
88+
if err := os.Setenv("HTTP_PROXY", "http://127.0.0.1:3128"); err != nil {
89+
fatal(ExitWrapperSetupFailed, "failed to set HTTP_PROXY: %v", err)
90+
}
91+
if err := os.Setenv("HTTPS_PROXY", "http://127.0.0.1:3128"); err != nil {
92+
fatal(ExitWrapperSetupFailed, "failed to set HTTPS_PROXY: %v", err)
93+
}
94+
if err := os.Setenv("http_proxy", "http://127.0.0.1:3128"); err != nil {
95+
fatal(ExitWrapperSetupFailed, "failed to set http_proxy: %v", err)
96+
}
97+
if err := os.Setenv("https_proxy", "http://127.0.0.1:3128"); err != nil {
98+
fatal(ExitWrapperSetupFailed, "failed to set https_proxy: %v", err)
99+
}
88100
}
89101

90102
if opts.socksSocket != "" {
91103
socketPaths = append(socketPaths, opts.socksSocket)
104+
startErrCh := make(chan error, 1)
92105
go func() {
93-
if err := bridgeTCPToUnix(ctx, 1080, opts.socksSocket); err != nil {
106+
if err := bridgeTCPToUnix(ctx, 1080, opts.socksSocket, startErrCh); err != nil && err != context.Canceled {
94107
fmt.Fprintf(os.Stderr, "[fence:linux-bootstrap] SOCKS bridge error: %v\n", err)
95108
}
96109
}()
97-
os.Setenv("ALL_PROXY", "socks5h://127.0.0.1:1080")
98-
os.Setenv("all_proxy", "socks5h://127.0.0.1:1080")
110+
if err := <-startErrCh; err != nil {
111+
fatal(ExitWrapperSetupFailed, "failed to start SOCKS bridge: %v", err)
112+
}
113+
if err := os.Setenv("ALL_PROXY", "socks5h://127.0.0.1:1080"); err != nil {
114+
fatal(ExitWrapperSetupFailed, "failed to set ALL_PROXY: %v", err)
115+
}
116+
if err := os.Setenv("all_proxy", "socks5h://127.0.0.1:1080"); err != nil {
117+
fatal(ExitWrapperSetupFailed, "failed to set all_proxy: %v", err)
118+
}
99119
}
100120

101121
for _, rb := range opts.reverseBridges {
102122
socketPaths = append(socketPaths, rb.socketPath)
103123
go func(port int, socketPath string) {
104-
if err := bridgeUnixToTCP(ctx, socketPath, port); err != nil {
124+
if err := bridgeUnixToTCP(ctx, socketPath, port); err != nil && err != context.Canceled {
105125
fmt.Fprintf(os.Stderr, "[fence:linux-bootstrap] Reverse bridge error: %v\n", err)
106126
}
107127
}(rb.port, rb.socketPath)
@@ -164,7 +184,7 @@ func execUserCommand(opts bootstrapOptions) {
164184
}
165185

166186
// Create the command
167-
cmd := exec.Command(execPath, opts.command[1:]...)
187+
cmd := exec.Command(execPath, opts.command[1:]...) // #nosec G204 -- execPath is resolved via exec.LookPath
168188
cmd.Stdout = os.Stdout
169189
cmd.Stderr = os.Stderr
170190
cmd.Stdin = os.Stdin
@@ -256,27 +276,36 @@ func loadConfigFromEnv() (*config.Config, error) {
256276
return cfg, nil
257277
}
258278

259-
// bridgeTCPToUnix bridges TCP connections on a port to a Unix socket
260-
// This is used for proxy support (HTTP/SOCKS proxies)
261-
func bridgeTCPToUnix(ctx context.Context, listenPort int, unixSocketPath string) error {
279+
// bridgeTCPToUnix bridges TCP connections on a port to a Unix socket.
280+
// This is used for proxy support (HTTP/SOCKS proxies).
281+
// startErrCh receives nil once the listener is ready, or an error if setup
282+
// fails; it is always sent to exactly once before the function returns.
283+
func bridgeTCPToUnix(ctx context.Context, listenPort int, unixSocketPath string, startErrCh chan<- error) error {
262284
lc := net.ListenConfig{
263285
Control: func(network, address string, c syscall.RawConn) error {
264-
return c.Control(func(fd uintptr) {
286+
var setsockoptErr error
287+
err := c.Control(func(fd uintptr) {
265288
// Allow reuse of address to avoid "address already in use" errors
266-
syscall.SetsockoptInt(int(fd), syscall.SOL_SOCKET, syscall.SO_REUSEADDR, 1)
289+
setsockoptErr = syscall.SetsockoptInt(int(fd), syscall.SOL_SOCKET, syscall.SO_REUSEADDR, 1)
267290
})
291+
if err != nil {
292+
return err
293+
}
294+
return setsockoptErr
268295
},
269296
}
270297

271298
ln, err := lc.Listen(ctx, "tcp", fmt.Sprintf("127.0.0.1:%d", listenPort))
272299
if err != nil {
300+
startErrCh <- fmt.Errorf("failed to listen on port %d: %w", listenPort, err)
273301
return fmt.Errorf("failed to listen on port %d: %w", listenPort, err)
274302
}
303+
startErrCh <- nil
275304

276305
// Close listener when context is cancelled
277306
go func() {
278307
<-ctx.Done()
279-
ln.Close()
308+
_ = ln.Close()
280309
}()
281310

282311
for {
@@ -303,22 +332,22 @@ func bridgeTCPToUnix(ctx context.Context, listenPort int, unixSocketPath string)
303332

304333
// handleTCPToUnixConnection handles a single TCP to Unix socket connection
305334
func handleTCPToUnixConnection(tcpConn net.Conn, unixPath string) {
306-
defer tcpConn.Close()
335+
defer func() { _ = tcpConn.Close() }()
307336

308337
unixConn, err := net.Dial("unix", unixPath)
309338
if err != nil {
310339
return
311340
}
312-
defer unixConn.Close()
341+
defer func() { _ = unixConn.Close() }()
313342

314343
// Bidirectional copy
315344
done := make(chan struct{}, 2)
316345
go func() {
317-
io.Copy(tcpConn, unixConn)
346+
_, _ = io.Copy(tcpConn, unixConn)
318347
done <- struct{}{}
319348
}()
320349
go func() {
321-
io.Copy(unixConn, tcpConn)
350+
_, _ = io.Copy(unixConn, tcpConn)
322351
done <- struct{}{}
323352
}()
324353

@@ -330,7 +359,7 @@ func handleTCPToUnixConnection(tcpConn net.Conn, unixPath string) {
330359
// This is used for exposing ports from inside the sandbox
331360
func bridgeUnixToTCP(ctx context.Context, unixSocketPath string, targetPort int) error {
332361
// Remove socket if it already exists
333-
os.Remove(unixSocketPath)
362+
_ = os.Remove(unixSocketPath)
334363

335364
// Create Unix socket listener
336365
lc := net.ListenConfig{}
@@ -342,8 +371,8 @@ func bridgeUnixToTCP(ctx context.Context, unixSocketPath string, targetPort int)
342371
// Close listener when context is cancelled
343372
go func() {
344373
<-ctx.Done()
345-
ln.Close()
346-
os.Remove(unixSocketPath)
374+
_ = ln.Close()
375+
_ = os.Remove(unixSocketPath)
347376
}()
348377

349378
for {
@@ -370,22 +399,22 @@ func bridgeUnixToTCP(ctx context.Context, unixSocketPath string, targetPort int)
370399

371400
// handleUnixToTCPConnection handles a single Unix to TCP socket connection
372401
func handleUnixToTCPConnection(unixConn net.Conn, targetPort int) {
373-
defer unixConn.Close()
402+
defer func() { _ = unixConn.Close() }()
374403

375404
tcpConn, err := net.Dial("tcp", fmt.Sprintf("127.0.0.1:%d", targetPort))
376405
if err != nil {
377406
return
378407
}
379-
defer tcpConn.Close()
408+
defer func() { _ = tcpConn.Close() }()
380409

381410
// Bidirectional copy
382411
done := make(chan struct{}, 2)
383412
go func() {
384-
io.Copy(unixConn, tcpConn)
413+
_, _ = io.Copy(unixConn, tcpConn)
385414
done <- struct{}{}
386415
}()
387416
go func() {
388-
io.Copy(tcpConn, unixConn)
417+
_, _ = io.Copy(tcpConn, unixConn)
389418
done <- struct{}{}
390419
}()
391420

@@ -420,7 +449,7 @@ func waitForUnixSocket(ctx context.Context, socketPath string) error {
420449
// Try to connect to the socket
421450
conn, err := net.Dial("unix", socketPath)
422451
if err == nil {
423-
conn.Close()
452+
_ = conn.Close()
424453
return nil
425454
}
426455
}

0 commit comments

Comments
 (0)