v2: Project-and-CI-wide linter config (#2812)

* v2: split golangci-lint configuration into its own file to allow code editors to take advantage of it

* v2: simplify code

* v2: set the correct lint output formatting

* v2: invert the logic of linter's configuration of output formatting to allow the editor  convenience over CI-specific customization. Customize the output format in CI by passing the flag.

* v2: remove irrelevant golangci-lint config

5 files changed, 52 insertions, 4 deletions

diff --git a/.golangci.yml b/.golangci.yml
new file mode 100644
index 0000000..5429e1a
--- /dev/null
+++ b/.golangci.yml
@@ -0,0 +1,49 @@
+linters-settings:
+  errcheck:
+    ignore: fmt:.*,io/ioutil:^Read.*,github.com/caddyserver/caddy/v2/caddyconfig:RegisterAdapter,github.com/caddyserver/caddy/v2:RegisterModule
+    ignoretests: true
+  misspell:
+    locale: US
+
+linters:
+  enable:
+    - bodyclose
+    - errcheck
+    - gofmt
+    - goimports
+    - gosec
+    - ineffassign
+    - misspell
+
+run:
+  # default concurrency is a available CPU number.
+  # concurrency: 4 # explicitly omit this value to fully utilize available resources.
+  deadline: 5m
+  issues-exit-code: 1
+  tests: false
+
+# output configuration options
+output:
+  format: 'colored-line-number'
+  print-issued-lines: true
+  print-linter-name: true
+
+issues:
+  exclude-rules:
+    # we aren't calling unknown URL
+    - text: "G107" # G107: Url provided to HTTP request as taint input
+      linters:
+        - gosec
+    # as a web server that's expected to handle any template, this is totally in the hands of the user.
+    - text: "G203" # G203: Use of unescaped data in HTML templates
+      linters:
+        - gosec
+    # we're shelling out to known commands, not relying on user-defined input.
+    - text: "G204" # G204: Audit use of command execution
+      linters:
+        - gosec
+    # the choice of weakrand is deliberate, hence the named import "weakrand"
+    - path: modules/caddyhttp/reverseproxy/selectionpolicies.go
+      text: "G404" # G404: Insecure random number source (rand)
+      linters:
+        - gosec
diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index fbee6fb..8c86cd8 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -89,7 +89,8 @@ steps:
   displayName: Get dependencies
 
 - script: |
-    (golangci-lint run --out-format junit-xml -E gofmt -E goimports -E misspell) > test-results/lint-result.xml
+    # its behavior is governed by .golangci.yml
+    (golangci-lint run --out-format junit-xml) > test-results/lint-result.xml
     exit 0
   workingDirectory: '$(modulePath)'
   continueOnError: true
diff --git a/caddyconfig/caddyfile/lexer.go b/caddyconfig/caddyfile/lexer.go
index c0b6e1d..0ddad0e 100755
--- a/caddyconfig/caddyfile/lexer.go
+++ b/caddyconfig/caddyfile/lexer.go
@@ -107,7 +107,6 @@ func (l *lexer) next() bool {
 				escaped = false
 			} else {
 				if ch == '"' {
-					quoted = false
 					return makeToken()
 				}
 			}
diff --git a/cmd/main.go b/cmd/main.go
index aea020f..6447e73 100644
--- a/cmd/main.go
+++ b/cmd/main.go
@@ -118,7 +118,6 @@ func loadConfig(configFile, adapterName string) ([]byte, error) {
 			if os.IsNotExist(err) {
 				// okay, no default Caddyfile; pretend like this never happened
 				cfgAdapter = nil
-				err = nil
 			} else if err != nil {
 				// default Caddyfile exists, but error reading it
 				return nil, fmt.Errorf("reading default Caddyfile: %v", err)
diff --git a/modules/caddyhttp/server.go b/modules/caddyhttp/server.go
index c4c306e..366a307 100644
--- a/modules/caddyhttp/server.go
+++ b/modules/caddyhttp/server.go
@@ -169,7 +169,7 @@ func (s *Server) enforcementHandler(w http.ResponseWriter, r *http.Request, next
 		if err != nil {
 			hostname = r.Host // OK; probably lacked port
 		}
-		if strings.ToLower(r.TLS.ServerName) != strings.ToLower(hostname) {
+		if !strings.EqualFold(r.TLS.ServerName, hostname) {
 			err := fmt.Errorf("strict host matching: TLS ServerName (%s) and HTTP Host (%s) values differ",
 				r.TLS.ServerName, hostname)
 			r.Close = true