mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2026-06-22 10:02:15 +00:00
7b5d623737
This PR adds a new linter to the codebase and addresses all the problems that it identified (including a small number of false positives). The lint-single-response Go analyzer attempts to prevent a common problem in Forgejo where it is possible for a web handler to provide a response to a request, and then continue code execution unintentionally. For example:
```go
err := json.Unmarshal(data, &claims)
if err != nil {
ctx.Error(http.StatusInternalServerError, "Error in unmarshal", err)
// Oops, I forgot to `return` here...
}
// ... more work occurs ...
ctx.JSON(http.StatusOK, resp)
```
In order to detect these cases, lint-single-response contains a list of functions that deliver a web response. When any of those functions are used within a function, the control flow must not perform any work after the function is invoked -- it can only return and exit the function.
### Tests for Go changes
- I added test coverage for Go changes...
- [x] in their respective `*_test.go` for unit tests.
- [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
- [x] `make pr-go` before pushing
### Documentation
- [x] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- Documentation on the new linter is included inline, in `build/lint-single-response/README.md`.
- [ ] I did not document these changes and I do not expect someone else to do it.
### Release notes
- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/13087
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
|
||
|---|---|---|
| .. | ||
| actions | ||
| agit | ||
| asymkey | ||
| attachment | ||
| auth | ||
| authz | ||
| automerge | ||
| context | ||
| contexttest | ||
| convert | ||
| cron | ||
| doctor | ||
| externalaccount | ||
| f3 | ||
| federation | ||
| feed | ||
| forgejo | ||
| forms | ||
| gitdiff | ||
| indexer | ||
| issue | ||
| lfs | ||
| mailer | ||
| markup | ||
| migrations | ||
| mirror | ||
| moderation | ||
| notify | ||
| org | ||
| packages | ||
| pull | ||
| redirect | ||
| release | ||
| remote | ||
| repository | ||
| secrets | ||
| shared/automerge | ||
| stats | ||
| task | ||
| uinotification | ||
| user | ||
| webhook | ||
| wiki | ||