lint/deep-exit: avoid log.Fatal

.golangci.yml

@@ -424,16 +424,6 @@ issues:
       path: "cmd/crowdsec-cli/main.go"
       text: "deep-exit: .*"
 
-    - linters:
-        - revive
-      path: "cmd/crowdsec-cli/clihub/item_metrics.go"
-      text: "deep-exit: .*"
-
-    - linters:
-        - revive
-      path: "cmd/crowdsec-cli/idgen/password.go"
-      text: "deep-exit: .*"
-
     - linters:
         - revive
       path: "pkg/leakybucket/overflows.go"

cmd/crowdsec-cli/clicapi/capi.go

@@ -66,7 +66,12 @@
 		return fmt.Errorf("unable to generate machine id: %w", err)
 	}
 
-	password := strfmt.Password(idgen.GeneratePassword(idgen.PasswordLength))
+	pstr, err := idgen.GeneratePassword(idgen.PasswordLength)
+	if err != nil {
+		return err
+	}
+
+	password := strfmt.Password(pstr)
 
 	apiurl, err := url.Parse(types.CAPIBaseURL)
 	if err != nil {

cmd/crowdsec-cli/clihub/item_metrics.go

@@ -1,6 +1,7 @@
 package clihub
 
 import (
+	"fmt"
 	"net/http"
 	"strconv"
 	"strings"
@@ -19,10 +20,16 @@
 func showMetrics(prometheusURL string, hubItem *cwhub.Item, wantColor string) error {
 	switch hubItem.Type {
 	case cwhub.PARSERS:
-		metrics := getParserMetric(prometheusURL, hubItem.Name)
+		metrics, err := getParserMetric(prometheusURL, hubItem.Name)
+		if err != nil {
+			return err
+		}
 		parserMetricsTable(color.Output, wantColor, hubItem.Name, metrics)
 	case cwhub.SCENARIOS:
-		metrics := getScenarioMetric(prometheusURL, hubItem.Name)
+		metrics, err := getScenarioMetric(prometheusURL, hubItem.Name)
+		if err != nil {
+			return err
+		}
 		scenarioMetricsTable(color.Output, wantColor, hubItem.Name, metrics)
 	case cwhub.COLLECTIONS:
 		for _, sub := range hubItem.SubItems() {
@@ -31,7 +38,10 @@
 			}
 		}
 	case cwhub.APPSEC_RULES:
-		metrics := getAppsecRuleMetric(prometheusURL, hubItem.Name)
+		metrics, err := getAppsecRuleMetric(prometheusURL, hubItem.Name)
+		if err != nil {
+			return err
+		}
 		appsecMetricsTable(color.Output, wantColor, hubItem.Name, metrics)
 	default: // no metrics for this item type
 	}
@@ -40,11 +50,15 @@
 }
 
 // getParserMetric is a complete rip from prom2json
-func getParserMetric(url string, itemName string) map[string]map[string]int {
+func getParserMetric(url string, itemName string) (map[string]map[string]int, error) {
 	stats := make(map[string]map[string]int)
 
-	result := getPrometheusMetric(url)
-	for idx, fam := range result {
+	results, err := getPrometheusMetric(url)
+	if err != nil {
+		return nil, err
+	}
+
+	for idx, fam := range results {
 		if !strings.HasPrefix(fam.Name, "cs_") {
 			continue
 		}
@@ -128,10 +142,10 @@
 		}
 	}
 
-	return stats
+	return stats, nil
 }
 
-func getScenarioMetric(url string, itemName string) map[string]int {
+func getScenarioMetric(url string, itemName string) (map[string]int, error) {
 	stats := make(map[string]int)
 
 	stats["instantiation"] = 0
@@ -140,8 +154,12 @@
 	stats["pour"] = 0
 	stats["underflow"] = 0
 
-	result := getPrometheusMetric(url)
-	for idx, fam := range result {
+	results, err := getPrometheusMetric(url)
+	if err != nil {
+		return nil, err
+	}
+
+	for idx, fam := range results {
 		if !strings.HasPrefix(fam.Name, "cs_") {
 			continue
 		}
@@ -192,16 +210,20 @@
 		}
 	}
 
-	return stats
+	return stats, nil
 }
 
-func getAppsecRuleMetric(url string, itemName string) map[string]int {
+func getAppsecRuleMetric(url string, itemName string) (map[string]int, error) {
 	stats := make(map[string]int)
 
 	stats["inband_hits"] = 0
 	stats["outband_hits"] = 0
 
-	results := getPrometheusMetric(url)
+	results, err := getPrometheusMetric(url)
+	if err != nil {
+		return nil, err
+	}
+
 	for idx, fam := range results {
 		if !strings.HasPrefix(fam.Name, "cs_") {
 			continue
@@ -257,10 +279,10 @@
 		}
 	}
 
-	return stats
+	return stats, nil
 }
 
-func getPrometheusMetric(url string) []*prom2json.Family {
+func getPrometheusMetric(url string) ([]*prom2json.Family, error) {
 	mfChan := make(chan *dto.MetricFamily, 1024)
 
 	// Start with the DefaultTransport for sane defaults.
@@ -271,12 +293,15 @@
 	// Timeout early if the server doesn't even return the headers.
 	transport.ResponseHeaderTimeout = time.Minute
 
+	var fetchErr error
+
 	go func() {
 		defer trace.CatchPanic("crowdsec/GetPrometheusMetric")
 
-		err := prom2json.FetchMetricFamilies(url, mfChan, transport)
-		if err != nil {
-			log.Fatalf("failed to fetch prometheus metrics : %v", err)
+		// mfChan is closed by prom2json.FetchMetricFamilies in all cases.
+		if err := prom2json.FetchMetricFamilies(url, mfChan, transport); err != nil {
+			fetchErr = fmt.Errorf("failed to fetch prometheus metrics: %w", err)
+			return
 		}
 	}()
 
@@ -285,7 +310,11 @@
 		result = append(result, prom2json.NewFamily(mf))
 	}
 
+	if fetchErr != nil {
+		return nil, fetchErr
+	}
+
 	log.Debugf("Finished reading prometheus output, %d entries", len(result))
 
-	return result
+	return result, nil
 }

cmd/crowdsec-cli/clilapi/register.go

@@ -28,7 +28,12 @@
 		}
 	}
 
-	password := strfmt.Password(idgen.GeneratePassword(idgen.PasswordLength))
+	pstr, err := idgen.GeneratePassword(idgen.PasswordLength)
+	if err != nil {
+		return err
+	}
+
+	password := strfmt.Password(pstr)
 
 	apiurl, err := prepareAPIURL(cfg.API.Client, apiURL)
 	if err != nil {

cmd/crowdsec-cli/climachine/add.go

@@ -65,7 +65,10 @@
 			return errors.New("please specify a password with --password or use --auto")
 		}
 
-		machinePassword = idgen.GeneratePassword(idgen.PasswordLength)
+		machinePassword, err = idgen.GeneratePassword(idgen.PasswordLength)
+		if err != nil {
+			return err
+		}
 	} else if machinePassword == "" && interactive {
 		qs := &survey.Password{
 			Message: "Please provide a password for the machine:",

cmd/crowdsec-cli/dashboard.go

@@ -144,7 +144,11 @@
 			if metabasePassword == "" {
 				isValid := passwordIsValid(metabasePassword)
 				for !isValid {
-					metabasePassword = idgen.GeneratePassword(16)
+					var err error
+					metabasePassword, err = idgen.GeneratePassword(16)
+					if err != nil {
+						return err
+					}
 					isValid = passwordIsValid(metabasePassword)
 				}
 			}

cmd/crowdsec-cli/idgen/machineid.go

@@ -42,7 +42,11 @@
 	}
 
 	prefix = strings.ReplaceAll(prefix, "-", "")[:32]
-	suffix := GeneratePassword(16)
+
+	suffix, err := GeneratePassword(16)
+	if err != nil {
+		return "", err
+	}
 
 	return prefix + suffix, nil
 }

cmd/crowdsec-cli/idgen/password.go

@@ -2,14 +2,13 @@
 
 import (
 	saferand "crypto/rand"
+	"fmt"
 	"math/big"
-
-	log "github.com/sirupsen/logrus"
 )
 
 const PasswordLength = 64
 
-func GeneratePassword(length int) string {
+func GeneratePassword(length int) (string, error) {
 	upper := "ABCDEFGHIJKLMNOPQRSTUVWXY"
 	lower := "abcdefghijklmnopqrstuvwxyz"
 	digits := "0123456789"
@@ -22,11 +21,11 @@
 	for i := range length {
 		rInt, err := saferand.Int(saferand.Reader, big.NewInt(int64(charsetLength)))
 		if err != nil {
-			log.Fatalf("failed getting data from prng for password generation : %s", err)
+			return "", fmt.Errorf("prng failed to generate unique id or password: %w", err)
 		}
 
 		buf[i] = charset[rInt.Int64()]
 	}
 
-	return string(buf)
+	return string(buf), nil
 }

pkg/leakybucket/overflows.go

@@ -149,6 +149,7 @@
 				leaky.logger.Tracef("Valid range from %s : %s", src.IP, src.Range)
 			}
 		}
+
 		if leaky.scopeType.Scope == types.Ip {
 			src.Value = &src.IP
 		} else if leaky.scopeType.Scope == types.Range {
@@ -364,6 +365,7 @@
 		if err := newApiAlert.Validate(strfmt.Default); err != nil {
 			log.Errorf("Generated alerts isn't valid")
 			log.Errorf("->%s", spew.Sdump(newApiAlert))
+			// XXX: deep-exit - note other errors returned from this function are not fatal
 			log.Fatalf("error : %s", err)
 		}