From a50ca5f2e53d33247f60655e1ed76803fc61d26d Mon Sep 17 00:00:00 2001 From: Dee Kitchen Date: Thu, 12 Oct 2023 08:55:46 +0100 Subject: [PATCH] Update deps and resolve staticcheck messages This is a general update of the dependencies and also updates go to 1.21 As part of this the Makefile is updated to remove the long deprecated lint command and instead use staticcheck. Additionally staticcheck has been run and all messages resolved. This update does not change any behaviour in bluemonday, all tests remain the same and continue to pass, and there is no security issue resolved by this update, it's purely a maintenance update. --- Makefile | 8 +++--- cmd/sanitise_html_email/main.go | 4 +-- cmd/sanitise_ugc/main.go | 4 +-- css/handlers.go | 5 ++-- go.mod | 10 ++++--- go.sum | 48 +++++++++++++++++++++++++++++++-- sanitize.go | 2 +- 7 files changed, 65 insertions(+), 16 deletions(-) diff --git a/Makefile b/Makefile index dcd042a..97e9541 100644 --- a/Makefile +++ b/Makefile @@ -6,7 +6,7 @@ # fmt-check: Check if the source files are formated # build: Builds the code locally # vet: Vets the code -# lint: Runs lint over the code (you do not need to fix everything) +# staticcheck: Runs staticcheck over the code # test: Runs the tests # cover: Gives you the URL to a nice test coverage report # @@ -33,8 +33,8 @@ build: vet: @go vet -lint: - @golint *.go +staticcheck: + @staticcheck ./... test: @go test -v ./... @@ -42,7 +42,7 @@ test: cover: COVERAGE_FILE := coverage.out cover: @go test -coverprofile=$(COVERAGE_FILE) && \ - cover -html=$(COVERAGE_FILE) && rm $(COVERAGE_FILE) + go tool cover -html=$(COVERAGE_FILE) && rm $(COVERAGE_FILE) install: @go install ./... diff --git a/cmd/sanitise_html_email/main.go b/cmd/sanitise_html_email/main.go index 9f1f91f..86c2810 100644 --- a/cmd/sanitise_html_email/main.go +++ b/cmd/sanitise_html_email/main.go @@ -2,7 +2,7 @@ package main import ( "fmt" - "io/ioutil" + "io" "log" "os" "regexp" @@ -61,7 +61,7 @@ func main() { // Read input from stdin so that this is a nice unix utility and can receive // piped input - dirty, err := ioutil.ReadAll(os.Stdin) + dirty, err := io.ReadAll(os.Stdin) if err != nil { log.Fatal(err) } diff --git a/cmd/sanitise_ugc/main.go b/cmd/sanitise_ugc/main.go index 5fb8483..13515cf 100644 --- a/cmd/sanitise_ugc/main.go +++ b/cmd/sanitise_ugc/main.go @@ -2,7 +2,7 @@ package main import ( "fmt" - "io/ioutil" + "io" "log" "os" @@ -22,7 +22,7 @@ func main() { // Read input from stdin so that this is a nice unix utility and can receive // piped input - dirty, err := ioutil.ReadAll(os.Stdin) + dirty, err := io.ReadAll(os.Stdin) if err != nil { log.Fatal(err) } diff --git a/css/handlers.go b/css/handlers.go index e0429cf..f8b8b61 100644 --- a/css/handlers.go +++ b/css/handlers.go @@ -366,10 +366,11 @@ func in(value []string, arr []string) bool { func splitValues(value string) []string { values := strings.Split(value, ",") + newValues := []string{} for _, strippedValue := range values { - strippedValue = strings.ToLower(strings.TrimSpace(strippedValue)) + newValues = append(newValues, strings.ToLower(strings.TrimSpace(strippedValue))) } - return values + return newValues } func GetDefaultHandler(attr string) func(string) bool { diff --git a/go.mod b/go.mod index f004b9f..9712d70 100644 --- a/go.mod +++ b/go.mod @@ -1,12 +1,16 @@ module github.com/microcosm-cc/bluemonday -go 1.19 +go 1.21 require ( github.com/aymerick/douceur v0.2.0 - golang.org/x/net v0.14.0 + golang.org/x/net v0.17.0 ) -require github.com/gorilla/css v1.0.0 // indirect +require ( + github.com/PuerkitoBio/goquery v1.8.1 // indirect + github.com/andybalholm/cascadia v1.3.2 // indirect + github.com/gorilla/css v1.0.0 // indirect +) retract [v1.0.0, v1.0.24] // Retract older versions as only latest is to be depended upon diff --git a/go.sum b/go.sum index 6c31332..1ae1358 100644 --- a/go.sum +++ b/go.sum @@ -1,6 +1,50 @@ +github.com/PuerkitoBio/goquery v1.8.1 h1:uQxhNlArOIdbrH1tr0UXwdVFgDcZDrZVdcpygAcwmWM= +github.com/PuerkitoBio/goquery v1.8.1/go.mod h1:Q8ICL1kNUJ2sXGoAhPGUdYDJvgQgHzJsnnd3H7Ho5jQ= +github.com/andybalholm/cascadia v1.3.1 h1:nhxRkql1kdYCc8Snf7D5/D3spOX+dBgjA6u8x004T2c= +github.com/andybalholm/cascadia v1.3.1/go.mod h1:R4bJ1UQfqADjvDa4P6HZHLh/3OxWWEqc0Sk8XGwHqvA= +github.com/andybalholm/cascadia v1.3.2 h1:3Xi6Dw5lHF15JtdcmAHD3i1+T8plmv7BQ/nsViSLyss= +github.com/andybalholm/cascadia v1.3.2/go.mod h1:7gtRlve5FxPPgIgX36uWBX58OdBsSS6lUvCFb+h7KvU= github.com/aymerick/douceur v0.2.0 h1:Mv+mAeH1Q+n9Fr+oyamOlAkUNPWPlA8PPGR0QAaYuPk= github.com/aymerick/douceur v0.2.0/go.mod h1:wlT5vV2O3h55X9m7iVYN0TBM0NH/MmbLnd30/FjWUq4= github.com/gorilla/css v1.0.0 h1:BQqNyPTi50JCFMTw/b67hByjMVXZRwGha6wxVGkeihY= github.com/gorilla/css v1.0.0/go.mod h1:Dn721qIggHpt4+EFCcTLTU/vk5ySda2ReITrtgBl60c= -golang.org/x/net v0.14.0 h1:BONx9s002vGdD9umnlX1Po8vOZmrgH34qlHcD1MfK14= -golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI= +github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= +golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20210916014120-12bc252f5db8/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns= +golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= +golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= +golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= +golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= +golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= +golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/sanitize.go b/sanitize.go index 2792fb3..1f8d855 100644 --- a/sanitize.go +++ b/sanitize.go @@ -998,7 +998,7 @@ func linkable(elementName string) bool { // stringInSlice returns true if needle exists in haystack func stringInSlice(needle string, haystack []string) bool { for _, straw := range haystack { - if strings.ToLower(straw) == strings.ToLower(needle) { + if strings.EqualFold(straw, needle) { return true } }