server, lint: centralize and restrict HTTP cookie construction #119748
Conversation
|
This change is |
|
Please only review last 2 commits. First two getting merged here: #119261 |
dhartunian
force-pushed
the
centralize-cookie-construction
branch
from
ad493f8 to
e07d9d7
Compare
| var Analyzer = &analysis.Analyzer{ | ||
| Name: "norawcookies", | ||
| Doc: `check for correct use of Cookie constructors`, | ||
| Requires: []*analysis.Analyzer{inspect.Analyzer}, | ||
| Run: run, | ||
| } |
There was a problem hiding this comment.
You've already written it so I wouldn't change it. But I do wonder for a linter like this whether we get most of the benefit out of a git-grep based linter like some of the others in pkg/testutils/lint_test.go, which I only mention because I imagine it would be a lot faster.
That said, this lays the groundwork for adding more checks in the future around aspects of cookie creation if we want.
There was a problem hiding this comment.
I'm just learning about the linter infra so I'll give this a quick shot and see if I get anywhere.
There was a problem hiding this comment.
git grep linter is way simpler so I'm keeping it. thanks for the pointer.
dhartunian
force-pushed
the
centralize-cookie-construction
branch
2 times, most recently
from
e0327c9 to
ce788bf
Compare
There was a problem hiding this comment.
Reviewable status:
complete! 1 of 0 LGTMs obtained (waiting on @dhartunian, @stevendanna, and @xinhaoz)
pkg/server/server_controller_http.go line 101 at r5 (raw file):
// Clear session and tenant cookies since it appears they reference invalid state. http.SetCookie(w, authserver.CreateEmptySessionCookieWithImmediateExpiry(!c.disableTLSForHTTP)) http.SetCookie(w, authserver.CreateEmptyTenantCookieWithImmediateExpiry(!c.disableTLSForHTTP))
Nice! This is a big win for readability. Good idea.
Code quote:
authserver.CreateEmptyTenantCookieWithImmediateExpirypkg/server/authserver/cookie.go line 214 at r5 (raw file):
// be optionally marked `Secure` if you're runinning in secure mode by // setting the `forHttpsOnly` argument to true. func CreateTenantCookie(value string, forHTTPSOnly bool) *http.Cookie {
nit: Here and below, would TenantSelect instead of just Tenant be a bit clearer?
Code quote:
CreateTenantCookie
All cookie construction for session and tenant cookies is now moved to
explicit constructors instead of initializing `http.Cookie{}` structs
directly. This reduces the chance of error and explicitly requires
setting the `secure` flag via the constructor.
The constructs were created to exactly mimic all existing cookie
settings. No change in flags should happen as a result of this commit.
A separate commit will introduce a linter to prevent raw cookie
creation.
Epic: None
Release note: None
We previously introduced bugs when creating HTTP cookies in new code that did not have the proper fields set. This linter aims to enforce use of cookies only through pre-generated constructors in `pkg/server/ authserver/cookie.go`. This will reduce the chance of errors in the future and keep things consistent. Epic: None Release note: None
dhartunian
force-pushed
the
centralize-cookie-construction
branch
from
ce788bf to
d63936b
Compare
|
TFTRs bors r+ |
|
Build succeeded: |
server: centralize cookie construction
All cookie construction for session and tenant cookies is now moved to
explicit constructors instead of initializing
http.Cookie{}structsdirectly. This reduces the chance of error and explicitly requires
setting the
secureflag via the constructor.The constructs were created to exactly mimic all existing cookie
settings. No change in flags should happen as a result of this commit.
A separate commit will introduce a linter to prevent raw cookie
creation.
Epic: None
Release note: None
lint: add linter to reject raw http.Cookie structs
We previously introduced bugs when creating HTTP cookies in new code
that did not have the proper fields set. This linter aims to enforce
use of cookies only through pre-generated constructors in
pkg/server/ authserver/cookie.go. This will reduce the chance of errors in thefuture and keep things consistent.
Epic: None
Release note: None