diff --git a/internal/httputil/tls_config.go b/internal/httputil/tls_config.go deleted file mode 100644 index b92f4d983..000000000 --- a/internal/httputil/tls_config.go +++ /dev/null @@ -1,22 +0,0 @@ -package httputil - -import "crypto/tls" - -// MinTLSVersion is the minimum TLS version enforced across gateway listeners -// and outbound HTTP clients. -const MinTLSVersion = tls.VersionTLS12 - -// NewServerTLSConfig creates a server TLS config with the standard minimum TLS -// version and a single certificate chain. -func NewServerTLSConfig(cert tls.Certificate) *tls.Config { - return &tls.Config{ - Certificates: []tls.Certificate{cert}, - MinVersion: MinTLSVersion, - } -} - -// NewClientTLSConfig creates an HTTP client TLS config with the standard -// minimum TLS version. -func NewClientTLSConfig() *tls.Config { - return &tls.Config{MinVersion: MinTLSVersion} -} diff --git a/internal/httputil/tls_config_test.go b/internal/httputil/tls_config_test.go deleted file mode 100644 index 26e7167ca..000000000 --- a/internal/httputil/tls_config_test.go +++ /dev/null @@ -1,27 +0,0 @@ -package httputil - -import ( - "crypto/tls" - "testing" - - "github.com/stretchr/testify/assert" -) - -func TestNewServerTLSConfig(t *testing.T) { - cert := tls.Certificate{Certificate: [][]byte{[]byte("cert")}} - - cfg := NewServerTLSConfig(cert) - - assert.NotNil(t, cfg) - assert.Equal(t, uint16(MinTLSVersion), cfg.MinVersion) - assert.Len(t, cfg.Certificates, 1) - assert.Equal(t, cert, cfg.Certificates[0]) -} - -func TestNewClientTLSConfig(t *testing.T) { - cfg := NewClientTLSConfig() - - assert.NotNil(t, cfg) - assert.Equal(t, uint16(MinTLSVersion), cfg.MinVersion) - assert.Empty(t, cfg.Certificates) -} diff --git a/internal/sys/container_detect_test.go b/internal/sys/container_detect_test.go index 9ea9147c0..5a0483986 100644 --- a/internal/sys/container_detect_test.go +++ b/internal/sys/container_detect_test.go @@ -217,6 +217,8 @@ func TestDetectContainerIDWithPaths_MultipleIndicatorLines(t *testing.T) { // TestExtractContainerIDFromCgroupFiles_ReturnsFirstFound tests that // extractContainerIDFromCgroupFiles returns the ID from the first file that yields one. func TestExtractContainerIDFromCgroupFiles_ReturnsFirstFound(t *testing.T) { + t.Parallel() + dir := t.TempDir() first := writeTempFile(t, dir, "cgroup1", "0::/docker/aabbccdd1234\n") @@ -229,6 +231,8 @@ func TestExtractContainerIDFromCgroupFiles_ReturnsFirstFound(t *testing.T) { // TestExtractContainerIDFromCgroupFiles_SkipsEmptyFile tests that a file with // no container ID is skipped and the next file is tried. func TestExtractContainerIDFromCgroupFiles_SkipsEmptyFile(t *testing.T) { + t.Parallel() + dir := t.TempDir() noMatch := writeTempFile(t, dir, "cgroup1", "0::/user.slice\n") @@ -241,6 +245,8 @@ func TestExtractContainerIDFromCgroupFiles_SkipsEmptyFile(t *testing.T) { // TestExtractContainerIDFromCgroupFiles_AllEmpty tests that "" is returned when // no files yield a container ID. func TestExtractContainerIDFromCgroupFiles_AllEmpty(t *testing.T) { + t.Parallel() + dir := t.TempDir() f1 := writeTempFile(t, dir, "cgroup1", "0::/\n") @@ -252,12 +258,14 @@ func TestExtractContainerIDFromCgroupFiles_AllEmpty(t *testing.T) { // TestExtractContainerIDFromCgroupFiles_NilPaths tests the nil-slice edge case. func TestExtractContainerIDFromCgroupFiles_NilPaths(t *testing.T) { + t.Parallel() id := extractContainerIDFromCgroupFiles(nil) assert.Empty(t, id) } // TestExtractContainerIDFromCgroupFiles_EmptyPaths tests the empty-slice edge case. func TestExtractContainerIDFromCgroupFiles_EmptyPaths(t *testing.T) { + t.Parallel() id := extractContainerIDFromCgroupFiles([]string{}) assert.Empty(t, id) } @@ -265,6 +273,7 @@ func TestExtractContainerIDFromCgroupFiles_EmptyPaths(t *testing.T) { // TestExtractContainerIDFromCgroupFiles_NonexistentPaths tests that missing files // are silently skipped and "" is returned when none exist. func TestExtractContainerIDFromCgroupFiles_NonexistentPaths(t *testing.T) { + t.Parallel() id := extractContainerIDFromCgroupFiles([]string{"/nonexistent/a", "/nonexistent/b"}) assert.Empty(t, id) } diff --git a/internal/sys/container_test.go b/internal/sys/container_test.go index 9cff56d3d..af672f628 100644 --- a/internal/sys/container_test.go +++ b/internal/sys/container_test.go @@ -1,6 +1,7 @@ package sys import ( + "bufio" "os" "strings" "testing" @@ -273,6 +274,8 @@ func TestDetectContainerID_ConsistentWithIsRunningInContainer(t *testing.T) { } func TestExtractContainerIDFromContent(t *testing.T) { + t.Parallel() + tests := []struct { name string content string @@ -348,10 +351,18 @@ func TestExtractContainerIDFromContent(t *testing.T) { content: "0::/system.slice/docker.service", expected: "", }, + { + // A line that exceeds bufio.MaxScanTokenSize (64 KiB) causes the scanner + // to fail with bufio.ErrTooLong. The function logs the error and returns "". + name: "single line exceeding scanner buffer limit returns empty string", + content: strings.Repeat("x", bufio.MaxScanTokenSize+1), + expected: "", + }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { + t.Parallel() result := extractContainerIDFromContent(tt.content) assert.Equal(t, tt.expected, result) }) @@ -423,6 +434,8 @@ func containsAny(s string, substrings []string) bool { } func TestContainsAny_Helper(t *testing.T) { + t.Parallel() + // Test the helper function itself tests := []struct { name string @@ -482,6 +495,7 @@ func TestContainsAny_Helper(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { + t.Parallel() result := containsAny(tt.input, tt.substrings) assert.Equal(t, tt.want, result) })