chore: Add linter rule to catch missing return after http writes (#2702)

Emyrk · web-flow · commit 576aef40f235 · 2022-06-28T14:13:37.000-05:00
diff --git a/coderd/users.go b/coderd/users.go
@@ -663,6 +663,7 @@ func (api *API) postLogin(rw http.ResponseWriter, r *http.Request) {
 		httpapi.Write(rw, http.StatusInternalServerError, httpapi.Response{
 			Message: "Internal error.",
 		})
+		return
 	}
 	if !equal {
 		// This message is the same as above to remove ease in detecting whether
diff --git a/coderd/workspaceapps.go b/coderd/workspaceapps.go
@@ -80,6 +80,7 @@ func (api *API) workspaceAppsProxyPath(rw http.ResponseWriter, r *http.Request)
 		httpapi.Write(rw, http.StatusBadRequest, httpapi.Response{
 			Message: "No agents exist.",
 		})
+		return
 	}
 
 	agent := agents[0]
diff --git a/scripts/rules.go b/scripts/rules.go
@@ -151,6 +151,29 @@ func HttpAPIErrorMessage(m dsl.Matcher) {
 		Report("Field \"Message\" should be a proper sentence with a capitalized first letter and ending in punctuation. $m")
 }
 
+// HttpAPIReturn will report a linter violation if the http function is not
+// returned after writing a response to the client.
+func HttpAPIReturn(m dsl.Matcher) {
+	m.Import("github.com/coder/coder/coderd/httpapi")
+
+	// Manually enumerate the httpapi function rather then a 'Where' condition
+	// as this is a bit more efficient.
+	m.Match(`
+	if $*_ {
+		httpapi.Write($*a)
+	}
+	`, `
+	if $*_ {
+		httpapi.Forbidden($*a)
+	}
+	`, `
+	if $*_ {
+		httpapi.ResourceNotFound($*a)
+	}
+	`).At(m["a"]).
+		Report("Forgot to return early after writing to the http response writer.")
+}
+
 // ProperRBACReturn ensures we always write to the response writer after a
 // call to Authorize. If we just do a return, the client will get a status code
 // 200, which is incorrect.

Original file line number	Diff line number	Diff line change
`@@ -663,6 +663,7 @@ func (api API) postLogin(rw http.ResponseWriter, r http.Request) {`
`663`	`663`	`httpapi.Write(rw, http.StatusInternalServerError, httpapi.Response{`
`664`	`664`	`Message: "Internal error.",`
`665`	`665`	`})`
	`666`	`+ return`
`666`	`667`	`}`
`667`	`668`	`if !equal {`
`668`	`669`	`// This message is the same as above to remove ease in detecting whether`
Original file line number	Diff line number	Diff line change
`@@ -80,6 +80,7 @@ func (api API) workspaceAppsProxyPath(rw http.ResponseWriter, r http.Request)`
`80`	`80`	`httpapi.Write(rw, http.StatusBadRequest, httpapi.Response{`
`81`	`81`	`Message: "No agents exist.",`
`82`	`82`	`})`
	`83`	`+ return`
`83`	`84`	`}`
`84`	`85`
`85`	`86`	`agent := agents[0]`