From e92ff8148c99a02c40f48950b1a1f18803c8972a Mon Sep 17 00:00:00 2001 From: Diana Devasia Date: Mon, 11 Mar 2024 16:54:46 -0400 Subject: [PATCH 1/8] Updated go version to fix 3 CVEs --- .github/workflows/release.yml | 2 +- .github/workflows/test.yml | 4 ++-- dev.yml | 2 +- go.mod | 22 +++++++++++----------- go.sum | 21 +++++++++++++++++++++ 5 files changed, 36 insertions(+), 15 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f58dcc88..c4658efc 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -57,7 +57,7 @@ jobs: name: Set up Go uses: actions/setup-go@v4 with: - go-version: 1.19 + go-version: 1.22 check-latest: true cache: true - diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 6a22d73c..1612c8eb 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -14,7 +14,7 @@ jobs: strategy: fail-fast: true matrix: - go: ["1.20", "1.19"] + go: ["1.22"] name: go ${{ matrix.go }} steps: - name: Checkout @@ -46,7 +46,7 @@ jobs: - name: Setup go uses: actions/setup-go@v4 with: - go-version: 1.19 + go-version: 1.22 check-latest: true cache: true diff --git a/dev.yml b/dev.yml index 829a85e9..0cf28dee 100644 --- a/dev.yml +++ b/dev.yml @@ -13,5 +13,5 @@ up: - shfmt - yamllint - go: - version: 1.19 + version: 1.22.1 modules: true diff --git a/go.mod b/go.mod index 9bd3fe79..d1cf7cd5 100644 --- a/go.mod +++ b/go.mod @@ -1,11 +1,11 @@ module github.com/Shopify/toxiproxy/v2 -go 1.19 +go 1.22.1 require ( - github.com/gorilla/mux v1.8.0 - github.com/prometheus/client_golang v1.17.0 - github.com/rs/zerolog v1.31.0 + github.com/gorilla/mux v1.8.1 + github.com/prometheus/client_golang v1.19.0 + github.com/rs/zerolog v1.32.0 github.com/urfave/cli/v2 v2.25.7 golang.org/x/term v0.13.0 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 @@ -15,16 +15,16 @@ require ( github.com/beorn7/perks v1.0.1 // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect - github.com/golang/protobuf v1.5.3 // indirect + github.com/golang/protobuf v1.5.4 // indirect github.com/mattn/go-colorable v0.1.13 // indirect - github.com/mattn/go-isatty v0.0.19 // indirect + github.com/mattn/go-isatty v0.0.20 // indirect github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect - github.com/prometheus/client_model v0.4.1-0.20230718164431-9a2bf3000d16 // indirect - github.com/prometheus/common v0.44.0 // indirect - github.com/prometheus/procfs v0.11.1 // indirect + github.com/prometheus/client_model v0.6.0 // indirect + github.com/prometheus/common v0.50.0 // indirect + github.com/prometheus/procfs v0.13.0 // indirect github.com/rs/xid v1.5.0 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 // indirect - golang.org/x/sys v0.13.0 // indirect - google.golang.org/protobuf v1.31.0 // indirect + golang.org/x/sys v0.18.0 // indirect + google.golang.org/protobuf v1.33.0 // indirect ) diff --git a/go.sum b/go.sum index 22a8af53..24d67eeb 100644 --- a/go.sum +++ b/go.sum @@ -11,30 +11,47 @@ github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5y github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= +github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= +github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI= github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= +github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY= +github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ= github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA= github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= +github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= +github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo= github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/prometheus/client_golang v1.17.0 h1:rl2sfwZMtSthVU752MqfjQozy7blglC+1SOtjMAMh+Q= github.com/prometheus/client_golang v1.17.0/go.mod h1:VeL+gMmOAxkS2IqfCq0ZmHSL+LjWfWDUmp1mBz9JgUY= +github.com/prometheus/client_golang v1.19.0 h1:ygXvpU1AoN1MhdzckN+PyD9QJOSD4x7kmXYlnfbA6JU= +github.com/prometheus/client_golang v1.19.0/go.mod h1:ZRM9uEAypZakd+q/x7+gmsvXdURP+DABIEIjnmDdp+k= github.com/prometheus/client_model v0.4.1-0.20230718164431-9a2bf3000d16 h1:v7DLqVdK4VrYkVD5diGdl4sxJurKJEMnODWRJlxV9oM= github.com/prometheus/client_model v0.4.1-0.20230718164431-9a2bf3000d16/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJEYF2imWWhWtMkYU= +github.com/prometheus/client_model v0.6.0 h1:k1v3CzpSRUTrKMppY35TLwPvxHqBu0bYgxZzqGIgaos= +github.com/prometheus/client_model v0.6.0/go.mod h1:NTQHnmxFpouOD0DpvP4XujX3CdOAGQPoaGhyTchlyt8= github.com/prometheus/common v0.44.0 h1:+5BrQJwiBB9xsMygAB3TNvpQKOwlkc25LbISbrdOOfY= github.com/prometheus/common v0.44.0/go.mod h1:ofAIvZbQ1e/nugmZGz4/qCb9Ap1VoSTIO7x0VV9VvuY= +github.com/prometheus/common v0.50.0 h1:YSZE6aa9+luNa2da6/Tik0q0A5AbR+U003TItK57CPQ= +github.com/prometheus/common v0.50.0/go.mod h1:wHFBCEVWVmHMUpg7pYcOm2QUR/ocQdYSJVQJKnHc3xQ= github.com/prometheus/procfs v0.11.1 h1:xRC8Iq1yyca5ypa9n1EZnWZkt7dwcoRPQwX/5gwaUuI= github.com/prometheus/procfs v0.11.1/go.mod h1:eesXgaPo1q7lBpVMoMy0ZOFTth9hBn4W/y0/p/ScXhY= +github.com/prometheus/procfs v0.13.0 h1:GqzLlQyfsPbaEHaQkO7tbDlriv/4o5Hudv6OXHGKX7o= +github.com/prometheus/procfs v0.13.0/go.mod h1:cd4PFCR54QLnGKPaKGA6l+cfuNXtht43ZKY6tow0Y1g= github.com/rs/xid v1.5.0 h1:mKX4bl4iPYJtEIxp6CYiUuLQ/8DYMoz0PUdtGgMFRVc= github.com/rs/xid v1.5.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg= github.com/rs/zerolog v1.31.0 h1:FcTR3NnLWW+NnTwwhFWiJSZr4ECLpqCm6QsEnyvbV4A= github.com/rs/zerolog v1.31.0/go.mod h1:/7mN4D5sKwJLZQ2b/znpjC3/GQWY/xaDXUM0kKWRHss= +github.com/rs/zerolog v1.32.0 h1:keLypqrlIjaFsbmJOBdB/qvyF8KEtCWHwobLp5l/mQ0= +github.com/rs/zerolog v1.32.0/go.mod h1:/7mN4D5sKwJLZQ2b/znpjC3/GQWY/xaDXUM0kKWRHss= github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/urfave/cli/v2 v2.25.7 h1:VAzn5oq403l5pHjc4OhD54+XGO9cdKVL/7lDjF+iKUs= @@ -47,6 +64,8 @@ golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE= golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= +golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek= golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -54,5 +73,7 @@ google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp0 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8= google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= +google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= From f5b6769d75cafeaedad9e48ea830bda1e75ea4a3 Mon Sep 17 00:00:00 2001 From: Diana Devasia Date: Mon, 11 Mar 2024 17:55:43 -0400 Subject: [PATCH 2/8] Verifying updating the golangci version fixes the issue of not being able to load rules. --- .github/workflows/analysis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/analysis.yml b/.github/workflows/analysis.yml index 513cdb60..5223f282 100644 --- a/.github/workflows/analysis.yml +++ b/.github/workflows/analysis.yml @@ -23,7 +23,7 @@ jobs: - name: golangci-lint uses: golangci/golangci-lint-action@3a919529898de77ec3da873e3063ca4b10e7f5cc with: - version: v1.52.2 + version: v1.56.2 - name: shellcheck uses: azohra/shell-linter@6bbeaa868df09c34ddc008e6030cfe89c03394a1 From 50c291a71990ed0a4c0f86d04f3823a35ede274b Mon Sep 17 00:00:00 2001 From: Diana Devasia Date: Mon, 11 Mar 2024 18:16:24 -0400 Subject: [PATCH 3/8] Disabling depguard as the newer version of depguard included in golangci-lint requires list of acceptable packages. --- .github/workflows/test.yml | 2 +- .golangci.yml | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 1612c8eb..dbcfe210 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -14,7 +14,7 @@ jobs: strategy: fail-fast: true matrix: - go: ["1.22"] + go: ["1.22.1"] name: go ${{ matrix.go }} steps: - name: Checkout diff --git a/.golangci.yml b/.golangci.yml index 22897ef9..fbf43834 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -5,7 +5,8 @@ linters: disable-all: true enable: - bodyclose - - depguard + # https://github.com/atc0005/go-ci/issues/1024 + # - depguard - dogsled - exhaustive - funlen From 9de43958feb09bf0f3b2cbc6ba0aba284d8cd11b Mon Sep 17 00:00:00 2001 From: Diana Devasia Date: Mon, 11 Mar 2024 19:24:55 -0400 Subject: [PATCH 4/8] Fixed the random generator lint on test --- toxics/limit_data_test.go | 1 + toxics/toxic_test.go | 1 + 2 files changed, 2 insertions(+) diff --git a/toxics/limit_data_test.go b/toxics/limit_data_test.go index 881d4ca4..4c04420d 100644 --- a/toxics/limit_data_test.go +++ b/toxics/limit_data_test.go @@ -11,6 +11,7 @@ import ( func buffer(size int) []byte { buf := make([]byte, size) + // #nosec G404 -- used only in tests rand.Read(buf) return buf diff --git a/toxics/toxic_test.go b/toxics/toxic_test.go index b8a123a1..d7c9ed7a 100644 --- a/toxics/toxic_test.go +++ b/toxics/toxic_test.go @@ -366,6 +366,7 @@ func TestToxicStub_WriteOutput(t *testing.T) { stub := toxics.NewToxicStub(input, output) buf := make([]byte, 42) + // #nosec G404 -- used only in tests rand.Read(buf) t.Run("when no read in 1 second", func(t *testing.T) { From e20f3da62efa7ca687cbba0378ce066174712e81 Mon Sep 17 00:00:00 2001 From: Diana Devasia Date: Mon, 11 Mar 2024 20:04:34 -0400 Subject: [PATCH 5/8] Adding the comment to ignore like in tests as its started to scan these errors --- toxics/latency.go | 2 +- toxics/slicer.go | 4 ++-- toxics/toxic.go | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/toxics/latency.go b/toxics/latency.go index a56370af..857c292a 100644 --- a/toxics/latency.go +++ b/toxics/latency.go @@ -21,7 +21,7 @@ func (t *LatencyToxic) delay() time.Duration { delay := t.Latency jitter := t.Jitter if jitter > 0 { - //#nosec + // #nosec G404 -- was ignored before too delay += rand.Int63n(jitter*2) - jitter } return time.Duration(delay) * time.Millisecond diff --git a/toxics/slicer.go b/toxics/slicer.go index f35dfd54..1ba2a27d 100644 --- a/toxics/slicer.go +++ b/toxics/slicer.go @@ -38,9 +38,9 @@ func (t *SlicerToxic) chunk(start int, end int) []int { } mid := start + (end-start)/2 - //#nosec + if t.SizeVariation > 0 { - mid += rand.Intn(t.SizeVariation*2) - t.SizeVariation + mid += rand.Intn(t.SizeVariation*2) - t.SizeVariation // #nosec G404 -- was ignored before too } left := t.chunk(start, mid) right := t.chunk(mid, end) diff --git a/toxics/toxic.go b/toxics/toxic.go index 058c60d9..df4d6716 100644 --- a/toxics/toxic.go +++ b/toxics/toxic.go @@ -81,8 +81,8 @@ func NewToxicStub(input <-chan *stream.StreamChunk, output chan<- *stream.Stream func (s *ToxicStub) Run(toxic *ToxicWrapper) { s.running = make(chan struct{}) defer close(s.running) - //#nosec - if rand.Float32() < toxic.Toxicity { + randomToxicity := rand.Float32() // #nosec G404 -- was ignored before too + if randomToxicity < toxic.Toxicity { toxic.Pipe(s) } else { new(NoopToxic).Pipe(s) From b7eaa2cf44f22db6ca38d54a154966af80275be3 Mon Sep 17 00:00:00 2001 From: Diana Devasia Date: Tue, 12 Mar 2024 10:26:31 -0400 Subject: [PATCH 6/8] Removed redundant string to fix yaml linter --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index dbcfe210..1b9d9ade 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -14,7 +14,7 @@ jobs: strategy: fail-fast: true matrix: - go: ["1.22.1"] + go: [1.22.1] name: go ${{ matrix.go }} steps: - name: Checkout From 54f1c837cf8ce9546b2dd531c0d58a8d9866cb96 Mon Sep 17 00:00:00 2001 From: Diana Devasia Date: Tue, 12 Mar 2024 13:29:25 -0400 Subject: [PATCH 7/8] Updating the version of go in golangci.yml, fixing the linters and added unreleased changelog --- .golangci.yml | 2 +- CHANGELOG.md | 2 ++ api_test.go | 6 +++--- cmd/server/server.go | 2 +- test/e2e/benchmark_test.go | 10 +++++----- testhelper/tcp_server.go | 4 ++-- 6 files changed, 14 insertions(+), 12 deletions(-) diff --git a/.golangci.yml b/.golangci.yml index fbf43834..e11a2c82 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -1,6 +1,6 @@ --- run: - go: "1.15" + go: "1.22" linters: disable-all: true enable: diff --git a/CHANGELOG.md b/CHANGELOG.md index 6ddc8612..61a7bf3d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,6 @@ # [Unreleased] +* Updated go version to 1.22.1 to fix 3 CVEs +* Updated the version of golangci to 1.56.2 and disabled depguard rule in golangci # [2.8.0] - 2024-02-27 diff --git a/api_test.go b/api_test.go index 61e99971..c1a91a69 100644 --- a/api_test.go +++ b/api_test.go @@ -3,7 +3,7 @@ package toxiproxy_test import ( "bytes" "flag" - "io/ioutil" + "io" "net/http" "os" "testing" @@ -197,7 +197,7 @@ func TestPopulateDefaultEnabled(t *testing.T) { defer resp.Body.Close() if resp.StatusCode != http.StatusCreated { - message, _ := ioutil.ReadAll(resp.Body) + message, _ := io.ReadAll(resp.Body) t.Fatalf("Failed to populate proxy list: HTTP %s\n%s", resp.Status, string(message)) } @@ -1098,7 +1098,7 @@ func TestVersionEndpointReturnsVersion(t *testing.T) { } defer resp.Body.Close() - body, err := ioutil.ReadAll(resp.Body) + body, err := io.ReadAll(resp.Body) if err != nil { t.Fatal("Unable to read body from response") } diff --git a/cmd/server/server.go b/cmd/server/server.go index d188adb1..2bb66639 100644 --- a/cmd/server/server.go +++ b/cmd/server/server.go @@ -67,7 +67,7 @@ func run() error { return nil } - rand.Seed(cli.seed) + rand.New(rand.NewSource(cli.seed)) // #nosec G404 -- ignoring this rule logger := setupLogger() log.Logger = logger diff --git a/test/e2e/benchmark_test.go b/test/e2e/benchmark_test.go index 10c879ed..7f1fe949 100644 --- a/test/e2e/benchmark_test.go +++ b/test/e2e/benchmark_test.go @@ -1,7 +1,7 @@ package main import ( - "io/ioutil" + "io" "net/http" "testing" ) @@ -38,7 +38,7 @@ func BenchmarkDirect(b *testing.B) { if err != nil { b.Fatal(err) } - _, err = ioutil.ReadAll(resp.Body) + _, err = io.ReadAll(resp.Body) if err != nil { b.Fatal(err) } @@ -55,7 +55,7 @@ func BenchmarkProxy(b *testing.B) { if err != nil { b.Fatal(err) } - _, err = ioutil.ReadAll(resp.Body) + _, err = io.ReadAll(resp.Body) if err != nil { b.Fatal(err) } @@ -72,7 +72,7 @@ func BenchmarkDirectSmall(b *testing.B) { if err != nil { b.Fatal(err) } - _, err = ioutil.ReadAll(resp.Body) + _, err = io.ReadAll(resp.Body) if err != nil { b.Fatal(err) } @@ -89,7 +89,7 @@ func BenchmarkProxySmall(b *testing.B) { if err != nil { b.Fatal(err) } - _, err = ioutil.ReadAll(resp.Body) + _, err = io.ReadAll(resp.Body) if err != nil { b.Fatal(err) } diff --git a/testhelper/tcp_server.go b/testhelper/tcp_server.go index a5a58dd9..0ef7eed7 100644 --- a/testhelper/tcp_server.go +++ b/testhelper/tcp_server.go @@ -1,7 +1,7 @@ package testhelper import ( - "io/ioutil" + "io" "net" "testing" ) @@ -40,7 +40,7 @@ func (server *TCPServer) handle_connection() (err error) { } defer conn.Close() - val, err := ioutil.ReadAll(conn) + val, err := io.ReadAll(conn) if err != nil { return } From 007ad28847d76ede27c29379228f4b607d77cee9 Mon Sep 17 00:00:00 2001 From: Diana Devasia Date: Tue, 12 Mar 2024 14:16:43 -0400 Subject: [PATCH 8/8] Added pr number and author to changelog --- CHANGELOG.md | 243 ++++++++++++++++++++++++++------------------------- 1 file changed, 122 insertions(+), 121 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 61a7bf3d..daba6d6b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,212 +1,213 @@ # [Unreleased] -* Updated go version to 1.22.1 to fix 3 CVEs -* Updated the version of golangci to 1.56.2 and disabled depguard rule in golangci + +- Updated go version to 1.22.1 to fix 3 CVEs (#559, @dianadevasia) +- Updated the version of golangci to 1.56.2 and disabled depguard rule in golangci (#559, @dianadevasia) # [2.8.0] - 2024-02-27 -* toxiproxy-cli - sortedAttributes sort by attribute.key instead attribute.value (#543, @jesseward) +- toxiproxy-cli - sortedAttributes sort by attribute.key instead attribute.value (#543, @jesseward) # [2.7.0] - 2023-10-25 -* Fix invalid JSON in /version endpoint response (#538, @whatyouhide) -* Update minimum supported Go version 1.19. (@abecevello) +- Fix invalid JSON in /version endpoint response (#538, @whatyouhide) +- Update minimum supported Go version 1.19. (@abecevello) # [2.6.0] - 2023-08-22 -* Gracefull shutdown of HTTP server. (#439, @miry) -* Support PATCH HTTP method for Proxy update(`PATCH /proxies/{proxy}`) and +- Gracefull shutdown of HTTP server. (#439, @miry) +- Support PATCH HTTP method for Proxy update(`PATCH /proxies/{proxy}`) and Toxic update(`PATCH /proxies/{proxy}/toxics/{toxic}`) endpoints. Deprecat POST HTTP method for those endpoints. (@miry) -* Client does not parse response body in case of errors for Populate. +- Client does not parse response body in case of errors for Populate. Requires to get current proxies with new command. (#441, @miry) -* Client specifies `User-Agent` HTTP header for all requests as +- Client specifies `User-Agent` HTTP header for all requests as "toxiproxy-cli/ /". Specifies client request content type as `application/json`. (#441, @miry) -* Replace Api.Listen parameters `host` and `port` with single `addr`. (#445, @miry) +- Replace Api.Listen parameters `host` and `port` with single `addr`. (#445, @miry) # [2.5.0] - 2022-09-10 -* Update Release steps. (#369, @neufeldtech) -* Migrate off probot-CLA to new GitHub Action. (#405, @cursedcoder) -* Support go 1.18, 1.19. (#415, @miry) -* `toxiproxy.NewProxy` now accepts `name`, `listen addr` and `upstream addr`. (#418, @miry) -* Replace logrus with zerolog. (#413, @miry) -* Log HTTP requests to API server. (#413, #421, @miry) -* Add TimeoutHandler for the HTTP API server. (#420, @miry) -* Set Write and Read timeouts for HTTP API server connections. (#423, @miry) -* Show unique request id in API HTTP response. (#425, @miry) -* Add method to parse `stream.Direction` from a string. +- Update Release steps. (#369, @neufeldtech) +- Migrate off probot-CLA to new GitHub Action. (#405, @cursedcoder) +- Support go 1.18, 1.19. (#415, @miry) +- `toxiproxy.NewProxy` now accepts `name`, `listen addr` and `upstream addr`. (#418, @miry) +- Replace logrus with zerolog. (#413, @miry) +- Log HTTP requests to API server. (#413, #421, @miry) +- Add TimeoutHandler for the HTTP API server. (#420, @miry) +- Set Write and Read timeouts for HTTP API server connections. (#423, @miry) +- Show unique request id in API HTTP response. (#425, @miry) +- Add method to parse `stream.Direction` from a string. Allow converting `stream.Direction` to string. (#430, @miry) -* Add the possibility to write to Output with a deadline. +- Add the possibility to write to Output with a deadline. On interrupting Bandwidth toxic, use non-blocking writes. (#436, @miry) -* Update minimum supported Go version 1.17. (#438, @miry) +- Update minimum supported Go version 1.17. (#438, @miry) # [2.4.0] - 2022-03-07 -* Verify git tag on release (#347, @miry) -* Fix MacOS 12 tests for go17 with -race flag (#351, @strech) -* Rename `testing/` and `bin/` folders (#354, @strech) -* Added verbose error on proxy upstream dialing (#355, @f-dg) -* Improve server startup message (#358, @areveny) -* Introduce yaml linter. (#362, @miry) -* Handle slicer toxic with zero `SizeVariation` and fix slicing randomization (#359, @areveny) -* Added /metrics endpoint for exposing Prometheus-compatible internal metrics (#366, @neufeldtech) +- Verify git tag on release (#347, @miry) +- Fix MacOS 12 tests for go17 with -race flag (#351, @strech) +- Rename `testing/` and `bin/` folders (#354, @strech) +- Added verbose error on proxy upstream dialing (#355, @f-dg) +- Improve server startup message (#358, @areveny) +- Introduce yaml linter. (#362, @miry) +- Handle slicer toxic with zero `SizeVariation` and fix slicing randomization (#359, @areveny) +- Added /metrics endpoint for exposing Prometheus-compatible internal metrics (#366, @neufeldtech) # [2.3.0] - 2021-12-23 -* Store all the executable `main` packages in `cmd` folder. (#335, @miry) -* Extract common test helpers to own files. (#336, @miry) -* Client: Allow HTTPS endpoints. (#338, @chen-anders) -* client.Populate assign client to proxy. (#291, @hellodudu) -* fix: The release-test task is always success. +- Store all the executable `main` packages in `cmd` folder. (#335, @miry) +- Extract common test helpers to own files. (#336, @miry) +- Client: Allow HTTPS endpoints. (#338, @chen-anders) +- client.Populate assign client to proxy. (#291, @hellodudu) +- fix: The release-test task is always success. add: Allow to run release-test on arm machines. (#340, @miry) -* Upgrade `goreleaser`. Support `armv7` and `armv6` oses. (#339, @mitchellrj) -* Allow to change log level for server. (#346, @miry) +- Upgrade `goreleaser`. Support `armv7` and `armv6` oses. (#339, @mitchellrj) +- Allow to change log level for server. (#346, @miry) # [2.2.0] - 2021-10-17 -* Update linux packages to use `/usr/bin` folder as binary destination and change the executable names to +- Update linux packages to use `/usr/bin` folder as binary destination and change the executable names to exclude ARCH and OS names. New pathes: ``` /usr/bin/toxiproxy-cli /usr/bin/toxiproxy-server ``` (#331, @miry) -* A new toxic to simulate TCP RESET (Connection reset by peer) on the connections by closing +- A new toxic to simulate TCP RESET (Connection reset by peer) on the connections by closing the stub Input immediately or after a timeout. (#247 and #333, @chaosbox) # [2.1.7] - 2021-09-23 -* Set the valid version during the build process. +- Set the valid version during the build process. Verify the correct verion of the built binaries with `make release-dry` (#328, @miry) # [2.1.6] - 2021-09-23 -* Use CHANGELOG.md for release description (#306, @miry) -* Dependency updates in #294 introduced a breaking change in CLI argument parsing. +- Use CHANGELOG.md for release description (#306, @miry) +- Dependency updates in #294 introduced a breaking change in CLI argument parsing. Now [flags must be specified before arguments](https://github.com/urfave/cli/blob/master/docs/migrate-v1-to-v2.md#flags-before-args). Previously, arguments could be specified prior to flags. Update usage help text and documentation. (#308, @miry) -* Run e2e tests to validate the command line and basic features of server, +- Run e2e tests to validate the command line and basic features of server, client and application (#309, @miry) -* Add /v2 suffix to module import path (#311, @dnwe) -* Setup automated checking source code for security vulnerabilities (#312, @miry) -* Setup code linter (#314, @miry) - * Max line length is 100 characters (#316, @miry) - * Linter to check whether HTTP response body is closed successfully (#317, @miry) - * Make sure the function are not big (#318, @miry) - * Extract client flags specs to seprate methods. +- Add /v2 suffix to module import path (#311, @dnwe) +- Setup automated checking source code for security vulnerabilities (#312, @miry) +- Setup code linter (#314, @miry) + - Max line length is 100 characters (#316, @miry) + - Linter to check whether HTTP response body is closed successfully (#317, @miry) + - Make sure the function are not big (#318, @miry) + - Extract client flags specs to seprate methods. Introduce a new way to manage toxics with `ToxicOptions` structure (#321, @miry) - * Split `Proxy.server` to multiple small (#322, @miry) - * Extract initializetion of fake upstream server to test helper (#323, @miry) - * Support a list of well knonwn linters (#326, @miry) -* `--host` flag uses `TOXIPROXY_URL` if it is set (#319, @maaslalani) -* Run benchmarks in CI/CD (#320, @miry) -* Use scratch docker base image instead of alpine (#325, @miry) + - Split `Proxy.server` to multiple small (#322, @miry) + - Extract initializetion of fake upstream server to test helper (#323, @miry) + - Support a list of well knonwn linters (#326, @miry) +- `--host` flag uses `TOXIPROXY_URL` if it is set (#319, @maaslalani) +- Run benchmarks in CI/CD (#320, @miry) +- Use scratch docker base image instead of alpine (#325, @miry) # [2.1.5] - 2021-09-01 -* Move to Go Modules from godeps (#253, @epk) -* Update the example in `client/README.md` (#251, @nothinux) -* Update TOC in `README.md` (4ca1eddddfcd0c50c8f6dfb97089bb68e6310fd9, @dwradcliffe) -* Add an example of `config.json` file to `README.md` (#260, @JesseEstum) -* Add Link to Elixir Client (#287, @Jcambass) -* Add Rust client link (#293, @itarato) -* Renovations: formatting code, update dependicies, make govet/staticcheck pass (#294, @dnwe) -* Remove `openssl` from `dev.yml` to use `dev` tool (#298, @pedro-stanaka) -* Update `go` versions in development (#299, @miry) -* Mention `MacPorts` in `README.md` (#290, @amake) -* Fix some typos in `README.md` and `CHANGELOG.md` (#222, @jwilk) -* Replace TravisCI with Github Actions to run tests (#303, @miry) -* Build and release binaries with `goreleaser`. Support `arm64` and BSD oses. (#301, @miry) -* Automate release with Github actions (#304, @miry) +- Move to Go Modules from godeps (#253, @epk) +- Update the example in `client/README.md` (#251, @nothinux) +- Update TOC in `README.md` (4ca1eddddfcd0c50c8f6dfb97089bb68e6310fd9, @dwradcliffe) +- Add an example of `config.json` file to `README.md` (#260, @JesseEstum) +- Add Link to Elixir Client (#287, @Jcambass) +- Add Rust client link (#293, @itarato) +- Renovations: formatting code, update dependicies, make govet/staticcheck pass (#294, @dnwe) +- Remove `openssl` from `dev.yml` to use `dev` tool (#298, @pedro-stanaka) +- Update `go` versions in development (#299, @miry) +- Mention `MacPorts` in `README.md` (#290, @amake) +- Fix some typos in `README.md` and `CHANGELOG.md` (#222, @jwilk) +- Replace TravisCI with Github Actions to run tests (#303, @miry) +- Build and release binaries with `goreleaser`. Support `arm64` and BSD oses. (#301, @miry) +- Automate release with Github actions (#304, @miry) # [2.1.4] - 2019-01-11 -* Bug fix: Fix OOM in toxic. #232 -* Documentation updates. -* CI and test updates. +- Bug fix: Fix OOM in toxic. #232 +- Documentation updates. +- CI and test updates. # [2.1.3] - 2018-03-05 -* Update `/version` endpoint to also return a charset of utf-8. #204 -* Bug fix: Double http concatenation. #191 -* Update cli examples to be more accurate. #187 +- Update `/version` endpoint to also return a charset of utf-8. #204 +- Bug fix: Double http concatenation. #191 +- Update cli examples to be more accurate. #187 # [2.1.2] - 2017-07-10 -* go 1.8, make Sirupsen lower case, update godeps (issue #179) -* Handle SIGTERM to exit cleanly (issue #180) -* Address security issue by disallowing browsers from accessing API +- go 1.8, make Sirupsen lower case, update godeps (issue #179) +- Handle SIGTERM to exit cleanly (issue #180) +- Address security issue by disallowing browsers from accessing API # [2.1.1] - 2017-05-16 -* Fix timeout toxic causing hang (issue #159) +- Fix timeout toxic causing hang (issue #159) # [2.1.0] - 2016-12-07 -* Add -config server option to populate on startup #154 -* Updated CLI for scriptability #133 -* Add `/populate` endpoint to server #111 -* Change error responses from `title` to `error` -* Allow hostname to be specified in CLI #129 -* Add support for stateful toxics #127 -* Add limit_data toxic +- Add -config server option to populate on startup #154 +- Updated CLI for scriptability #133 +- Add `/populate` endpoint to server #111 +- Change error responses from `title` to `error` +- Allow hostname to be specified in CLI #129 +- Add support for stateful toxics #127 +- Add limit_data toxic # [2.0.0] - 2016-04-25 -* Add CLI (`toxiproxy-cli`) and rename server binary to `toxiproxy-server` #93 -* Fix removing a timeout toxic causing API to hang #89 -* API and client return toxics as array rather than a map of name to toxic #92 -* Fix multiple latency toxics not accumulating #94 -* Change default toxic name to `_` #96 -* Nest toxic attributes rather than having a flat structure #98 -* 2.0 RFC: #54 and PR #62 - * Change toxic API endpoints to an Add/Update/Remove structure - * Remove `enabled` field, and add `name` and `type` fields to toxics - * Add global toxic fields to a wrapper struct - * Chain toxics together dynamically instead of in a fixed length chain - * Register toxics in `init()` functions instead of a hard-coded list - * Clean up API error codes to make them more consistent - * Move toxics to their own package to allow 3rd party toxics -* Remove stream direction from API urls #73 -* Add `toxicity` field for toxics #75 -* Refactor Go client to make usage easier with 2.0 #76 -* Make `ChanReader` in the `stream` package interruptible #77 -* Define proxy buffer sizes per-toxic (Fixes #72) -* Fix slicer toxic testing race condition #71 +- Add CLI (`toxiproxy-cli`) and rename server binary to `toxiproxy-server` #93 +- Fix removing a timeout toxic causing API to hang #89 +- API and client return toxics as array rather than a map of name to toxic #92 +- Fix multiple latency toxics not accumulating #94 +- Change default toxic name to `_` #96 +- Nest toxic attributes rather than having a flat structure #98 +- 2.0 RFC: #54 and PR #62 + - Change toxic API endpoints to an Add/Update/Remove structure + - Remove `enabled` field, and add `name` and `type` fields to toxics + - Add global toxic fields to a wrapper struct + - Chain toxics together dynamically instead of in a fixed length chain + - Register toxics in `init()` functions instead of a hard-coded list + - Clean up API error codes to make them more consistent + - Move toxics to their own package to allow 3rd party toxics +- Remove stream direction from API urls #73 +- Add `toxicity` field for toxics #75 +- Refactor Go client to make usage easier with 2.0 #76 +- Make `ChanReader` in the `stream` package interruptible #77 +- Define proxy buffer sizes per-toxic (Fixes #72) +- Fix slicer toxic testing race condition #71 # [1.2.1] - 2015-07-24 -* Fix proxy name conflicts leaking an open port #69 +- Fix proxy name conflicts leaking an open port #69 # [1.2.0] - 2015-07-23 -* Add a Toxic and Toxics type for the Go client -* Add `Dockerfile` -* Fix latency toxic limiting bandwidth #67 -* Add Slicer toxic +- Add a Toxic and Toxics type for the Go client +- Add `Dockerfile` +- Fix latency toxic limiting bandwidth #67 +- Add Slicer toxic # [1.1.0] - 2015-05-05 -* Remove /toxics endpoint in favour of /proxies -* Add bandwidth toxic +- Remove /toxics endpoint in favour of /proxies +- Add bandwidth toxic # [1.0.3] - 2015-04-29 -* Rename Go library package to Toxiproxy from Client -* Fix latency toxic send to closed channel panic #46 -* Fix latency toxic accumulating delay #47 +- Rename Go library package to Toxiproxy from Client +- Fix latency toxic send to closed channel panic #46 +- Fix latency toxic accumulating delay #47 # [1.0.2] - 2015-04-12 -* Added Toxic support to Go client +- Added Toxic support to Go client # [1.0.1] - 2015-03-31 -* Various improvements to the documentation -* Initial version of Go client -* Fix toxic disabling bug #42 +- Various improvements to the documentation +- Initial version of Go client +- Fix toxic disabling bug #42 # [1.0.0] - 2015-01-07