From 067500cd7d8f0ceea3666fdf698f9b7d2511df2a Mon Sep 17 00:00:00 2001
From: Will Norris <will@willnorris.com>
Date: Thu, 10 Sep 2020 00:30:25 -0700
Subject: [PATCH] add more golangci-lint checks

---
 .golangci.yml               | 20 +++++++++++++++++++-
 cmd/imageproxy-sign/main.go |  2 +-
 2 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/.golangci.yml b/.golangci.yml
index f20add9..d8c4f69 100644
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -1,6 +1,24 @@
 linters:
   enable:
+    - dogsled
+    - dupl
     - goimports
-    - stylecheck
+    - gosec
     - misspell
+    - nakedret
+    - stylecheck
+    - unconvert
+    - unparam
     - whitespace
+
+issues:
+  exclude-rules:
+    # Some cache implementations use md5 hashes for cached filenames.  There is
+    # a slight risk of cache poisoning if an attacker could construct a URL
+    # with the same hash, but it would also need to be allowed by the proxies
+    # security settings.  Changing these to a more secure hash algorithm would
+    # result in 100% cache misses when users upgrade. For now, just leave these
+    # alone.
+    - path: internal/.*cache
+      linters: gosec
+      text: G(401|501)
diff --git a/cmd/imageproxy-sign/main.go b/cmd/imageproxy-sign/main.go
index 02c94c1..63ce144 100644
--- a/cmd/imageproxy-sign/main.go
+++ b/cmd/imageproxy-sign/main.go
@@ -53,7 +53,7 @@ func sign(key string, s string, urlOnly bool) ([]byte, error) {
 		return nil, fmt.Errorf("error parsing key: %v", err)
 	}
 
-	mac := hmac.New(sha256.New, []byte(k))
+	mac := hmac.New(sha256.New, k)
 	if _, err := mac.Write([]byte(u.String())); err != nil {
 		return nil, err
 	}