Merge branch 'master' of https://github.com/Fenny/fiber

2025-02-22 10:13:11 +00:00 · 2020-07-23 06:07:59 +02:00 · 2020-07-23 06:07:59 +02:00 · c22e7890dd
commit c22e7890dd
parent 6fa6944631 9fc96024fa
6 changed files with 97 additions and 10 deletions
--- a/.github/SECURITY.md
+++ b/.github/SECURITY.md
@ -10,18 +10,18 @@

 The table below shows the supported versions for Fiber which include security updates.

-| Version  | Supported          |
-| -------- | ------------------ |
-| >= 1.9.x | :white_check_mark: |
-| < 1.9.0  | :x: |
+| Version   | Supported          |
+| --------- | ------------------ |
+| >= 1.12.6 | :white_check_mark: |
+| < 1.12.6  | :x:                |

 <a name="reporting"></a>
 ## Reporting security problems to Fiber

 **DO NOT CREATE AN ISSUE** to report a security problem. Instead, please
-join our discord server via [this invite link](https://discord.gg/bSnH7db)
-and create a new ticket in our `#support` channel by typing
-`!new Security problem`.
+send us an e-mail at `team@gofiber.io` or join our discord server via
+[this invite link](https://discord.gg/bSnH7db) and send a private message
+to Fenny or any of the maintainers.

 <a name="contact"></a>
 ## Security Point of Contact
@ -32,7 +32,7 @@ latest.

 In case Fenny does not respond within a reasonable time, the secondary point
 of contact are any of the [@maintainers](https://github.com/orgs/gofiber/teams/maintainers).
-The maintainers only other persons with administrative access to Fiber's source code.
+The maintainers are the only other persons with administrative access to Fiber's source code.

 <a name="process"></a>
 ## Incident Response Process
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@ -0,0 +1,54 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches: [master, ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [master]
+  schedule:
+    - cron: '0 3 * * 6'
+
+jobs:
+  analyse:
+    name: Analyse
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+      with:
+        # We must fetch at least the immediate parents so that if this is
+        # a pull request then we can checkout the head.
+        fetch-depth: 2
+
+    # If this run was triggered by a pull request event, then checkout
+    # the head of the pull request instead of the merge commit.
+    - run: git checkout HEAD^2
+      if: ${{ github.event_name == 'pull_request' }}
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v1
+      # Override language selection by uncommenting this and choosing your languages
+      with:
+        languages: go
+
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v1
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 https://git.io/JvXDl
+
+    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+    #    and modify them (or add more) to build your code if your project
+    #    uses a compiled language
+
+    #- run: |
+    #   make bootstrap
+    #   make release
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v1
--- a/middleware/compress_test.go
+++ b/middleware/compress_test.go
@ -133,6 +133,17 @@ func Test_Middleware_Compress_Skip(t *testing.T) {
 	utils.AssertEqual(t, fiber.MIMETextPlainCharsetUTF8, resp.Header.Get(fiber.HeaderContentType))
 }

+// go test -run Test_Middleware_Compress_Panic
+func Test_Middleware_Compress_Panic(t *testing.T) {
+	defer func() {
+		utils.AssertEqual(t,
+			"Compress: the following option types are allowed: int, func(*fiber.Ctx) bool, CompressConfig",
+			fmt.Sprintf("%s", recover()))
+	}()
+
+	Compress("invalid")
+}
+
 // go test -v -run=^$ -bench=Benchmark_Middleware_Compress -benchmem -count=4
 func Benchmark_Middleware_Compress(b *testing.B) {
 	app := fiber.New()
--- a/middleware/logger.go
+++ b/middleware/logger.go
@ -4,7 +4,6 @@ import (
 	"bytes"
 	"fmt"
 	"io"
-	"log"
 	"os"
 	"strconv"
 	"strings"
@ -178,7 +177,7 @@ func Logger(options ...interface{}) fiber.Handler {
 			case LoggerConfig:
 				config = opt
 			default:
-				log.Fatal("Logger: the following option types are allowed: string, io.Writer, LoggerConfig")
+				panic("Logger: the following option types are allowed: string, io.Writer, LoggerConfig")
 			}
 		}
 	}
--- a/middleware/logger_test.go
+++ b/middleware/logger_test.go
@ -135,6 +135,17 @@ func Test_Middleware_Logger_Options_And_WithConfig(t *testing.T) {
 	}
 }

+// go test -run Test_Middleware_Logger_Panic
+func Test_Middleware_Logger_Panic(t *testing.T) {
+	defer func() {
+		utils.AssertEqual(t,
+			"Logger: the following option types are allowed: string, io.Writer, LoggerConfig",
+			fmt.Sprintf("%s", recover()))
+	}()
+
+	Logger(0)
+}
+
 func Test_isTimeZone(t *testing.T) {
 	type args struct {
 		name string
--- a/middleware/request_id_test.go
+++ b/middleware/request_id_test.go
@ -1,6 +1,7 @@
 package middleware

 import (
+	"fmt"
 	"net/http"
 	"net/http/httptest"
 	"testing"
@ -152,6 +153,17 @@ func Test_Middleware_RequestID_Skip(t *testing.T) {
 	utils.AssertEqual(t, "", resp.Header.Get(RequestIDConfigDefault.Header), RequestIDConfigDefault.Header)
 }

+// go test -run Test_Middleware_RequestID_Panic
+func Test_Middleware_RequestID_Panic(t *testing.T) {
+	defer func() {
+		utils.AssertEqual(t,
+			"RequestID: the following option types are allowed: string, func() string, func(*fiber.Ctx) bool, RequestIDConfig",
+			fmt.Sprintf("%s", recover()))
+	}()
+
+	RequestID(0)
+}
+
 // go test -v -run=^$ -bench=Benchmark_Middleware_RequestID -benchmem -count=4
 func Benchmark_Middleware_RequestID(b *testing.B) {