From 227e1c537dbd32be08a41f0e0072202efd5fdf0a Mon Sep 17 00:00:00 2001 From: Steven Masley Date: Tue, 28 Jun 2022 08:57:22 -0500 Subject: [PATCH 1/3] chore: Add linter rule to catch missing return after http writes --- coderd/users.go | 1 + scripts/rules.go | 22 ++++++++++++++++++++++ 2 files changed, 23 insertions(+) diff --git a/coderd/users.go b/coderd/users.go index 282f653ef311a..b52e85ad36ccd 100644 --- a/coderd/users.go +++ b/coderd/users.go @@ -663,6 +663,7 @@ func (api *API) postLogin(rw http.ResponseWriter, r *http.Request) { httpapi.Write(rw, http.StatusInternalServerError, httpapi.Response{ Message: "Internal error.", }) + return } if !equal { // This message is the same as above to remove ease in detecting whether diff --git a/scripts/rules.go b/scripts/rules.go index 7bf64eb6b4b82..5915f4383876c 100644 --- a/scripts/rules.go +++ b/scripts/rules.go @@ -151,6 +151,28 @@ func HttpAPIErrorMessage(m dsl.Matcher) { Report("Field \"Message\" should be a proper sentence with a capitalized first letter and ending in punctuation. $m") } +// HttpAPIReturn will report a linter violation if the http function is not +// returned after writing a response to the client. +func HttpAPIReturn(m dsl.Matcher) { + m.Import("github.com/coder/coder/coderd/httpapi") + + // Manually enumerate the httpapi function rather then a 'Where' condition + // as this is a bit more efficient. + m.Match(` + if err != nil { + httpapi.Write($*_) + } + `, ` + if err != nil { + httpapi.Forbidden($*_) + } + `, ` + if err != nil { + httpapi.ResourceNotFound($*_) + } + `).Report("Forgot to return early after the httpapi.Write call") +} + // ProperRBACReturn ensures we always write to the response writer after a // call to Authorize. If we just do a return, the client will get a status code // 200, which is incorrect. From aec49c5957e9f2045e7386851dd0b0ba8e0d8546 Mon Sep 17 00:00:00 2001 From: Steven Masley Date: Tue, 28 Jun 2022 09:32:25 -0500 Subject: [PATCH 2/3] Catch broader set of conditions in the if statement --- coderd/workspaceapps.go | 1 + scripts/rules.go | 15 ++++++++------- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/coderd/workspaceapps.go b/coderd/workspaceapps.go index ed14f16a97d83..fcdd7ceb5f523 100644 --- a/coderd/workspaceapps.go +++ b/coderd/workspaceapps.go @@ -80,6 +80,7 @@ func (api *API) workspaceAppsProxyPath(rw http.ResponseWriter, r *http.Request) httpapi.Write(rw, http.StatusBadRequest, httpapi.Response{ Message: "No agents exist.", }) + return } agent := agents[0] diff --git a/scripts/rules.go b/scripts/rules.go index 5915f4383876c..af89b11f4cee0 100644 --- a/scripts/rules.go +++ b/scripts/rules.go @@ -159,18 +159,19 @@ func HttpAPIReturn(m dsl.Matcher) { // Manually enumerate the httpapi function rather then a 'Where' condition // as this is a bit more efficient. m.Match(` - if err != nil { - httpapi.Write($*_) + if $*_ { + httpapi.Write($*a) } `, ` - if err != nil { - httpapi.Forbidden($*_) + if $*_ { + httpapi.Forbidden($*a) } `, ` - if err != nil { - httpapi.ResourceNotFound($*_) + if $*_ { + httpapi.ResourceNotFound($*a) } - `).Report("Forgot to return early after the httpapi.Write call") + `).At(m["a"]). + Report("Forgot to return early after the httpapi.Write call") } // ProperRBACReturn ensures we always write to the response writer after a From 56885dd5409480bbe2e17a776342cd21b263e750 Mon Sep 17 00:00:00 2001 From: Steven Masley Date: Tue, 28 Jun 2022 09:57:15 -0500 Subject: [PATCH 3/3] Update linter message --- scripts/rules.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/rules.go b/scripts/rules.go index af89b11f4cee0..67aae45ddd086 100644 --- a/scripts/rules.go +++ b/scripts/rules.go @@ -171,7 +171,7 @@ func HttpAPIReturn(m dsl.Matcher) { httpapi.ResourceNotFound($*a) } `).At(m["a"]). - Report("Forgot to return early after the httpapi.Write call") + Report("Forgot to return early after writing to the http response writer.") } // ProperRBACReturn ensures we always write to the response writer after a