Better windows service installer.

Makefile

@@ -21,3 +21,6 @@ clean:
 
 generate:
 	go generate ./vql/windows/win32_windows.go
+
+check:
+	staticcheck ./...

actions/events.go

@@ -37,10 +37,8 @@ func (self *UpdateEventTable) Run(
 
 	// Cancel the context when the cancel channel is closed.
 	go func() {
-		select {
-		case <-table.Done:
-			cancel()
-		}
+		<-table.Done
+		cancel()
 	}()
 
 	logger := logging.GetLogger(config, &logging.ClientComponent)

actions/vql.go

@@ -64,8 +64,10 @@ func (self *VQLClientAction) StartQuery(
 		rate = 1000000
 	}
 
-	throttle := time.Tick(time.Nanosecond *
+	ticker := time.NewTicker(time.Nanosecond *
 		time.Duration((float64(1000000000) / float64(rate))))
+	defer ticker.Stop()
+
 	if arg.Query == nil {
 		responder.RaiseError("Query should be specified.")
 		return
@@ -90,7 +92,7 @@ func (self *VQLClientAction) StartQuery(
 		Set("$responder", responder).
 		Set("$uploader", uploader).
 		Set("config", config_obj).
-		Set("$throttle", throttle).
+		Set("$throttle", ticker.C).
 		Set(vql_subsystem.CACHE_VAR, vql_subsystem.NewScopeCache())
 
 	for _, env_spec := range arg.Env {

api/api.go

@@ -189,13 +189,13 @@ func (self *ApiServer) NotifyClients(
 	ctx context.Context,
 	in *api_proto.NotificationRequest) (*empty.Empty, error) {
 	if in.NotifyAll {
-		self.server_obj.Info("Sending notification to everyone")
+		self.server_obj.Info("sending notification to everyone")
 		self.server_obj.NotificationPool.NotifyAll()
 	} else if in.ClientId != "" {
-		self.server_obj.Info("Sending notification to %s", in.ClientId)
+		self.server_obj.Info("sending notification to %s", in.ClientId)
 		self.server_obj.NotificationPool.Notify(in.ClientId)
 	} else {
-		return nil, errors.New("Client id should be specified.")
+		return nil, errors.New("client id should be specified")
 	}
 	return &empty.Empty{}, nil
 }

api/artifacts.go

@@ -63,11 +63,11 @@ func setArtifactFile(config_obj *api_proto.Config,
 
 	vfs_path = path.Clean(vfs_path)
 	if vfs_path == "" || !strings.HasSuffix(vfs_path, ".yaml") {
-		return errors.New("Artifact filename must end with .yaml")
+		return errors.New("artifact filename must end with .yaml")
 	}
 
 	if !strings.HasPrefix(vfs_path, constants.ARTIFACT_DEFINITION) {
-		return errors.New("Artifacts may only be stored in " +
+		return errors.New("artifacts may only be stored in " +
 			constants.ARTIFACT_DEFINITION)
 	}
 

api/auth.go

@@ -29,7 +29,7 @@ func checkUserCredentialsHandler(
 		w.Header().Set("WWW-Authenticate", `Basic realm="Restricted"`)
 
 		username, password, ok := r.BasicAuth()
-		if ok == false {
+		if !ok {
 			http.Error(w, "Not authorized", http.StatusUnauthorized)
 			return
 		}

api/clients.go

@@ -17,7 +17,7 @@ func GetApiClient(
 	*api_proto.ApiClient, error) {
 
 	if client_id[0] != 'C' {
-		return nil, errors.New("Client_id must start with C")
+		return nil, errors.New("client_id must start with C")
 	}
 
 	result := &api_proto.ApiClient{
@@ -62,9 +62,7 @@ func GetApiClient(
 	}
 
 	if client_info.Knowledgebase != nil {
-		for _, user := range client_info.Knowledgebase.Users {
-			result.Users = append(result.Users, user)
-		}
+		result.Users = append(result.Users, client_info.Knowledgebase.Users...)
 	}
 
 	err = db.GetSubject(

api/oauth.go

@@ -100,6 +100,11 @@ func oauthGoogleCallback(config_obj *api_proto.Config) http.Handler {
 		// Sign and get the complete encoded token as a string using the secret
 		tokenString, err := token.SignedString(
 			[]byte(config_obj.Frontend.PrivateKey))
+		if err != nil {
+			log.Println(err.Error())
+			http.Redirect(w, r, "/", http.StatusTemporaryRedirect)
+			return
+		}
 
 		// Set the cookie and redirect.
 		cookie := &http.Cookie{
@@ -148,7 +153,6 @@ func authenticateOAUTHCookie(
 			// Not authorized - redirect to logon screen.
 			http.Redirect(w, r, "/auth/google/login",
 				http.StatusTemporaryRedirect)
-			return
 		}
 
 		auth_cookie, err := r.Cookie("VelociraptorAuth")
@@ -163,7 +167,7 @@ func authenticateOAUTHCookie(
 			func(token *jwt.Token) (interface{}, error) {
 				_, ok := token.Method.(*jwt.SigningMethodHMAC)
 				if !ok {
-					return nil, errors.New("Invalid signing method")
+					return nil, errors.New("invalid signing method")
 				}
 				return []byte(config_obj.Frontend.PrivateKey), nil
 			})
@@ -174,27 +178,27 @@ func authenticateOAUTHCookie(
 
 		claims, ok := token.Claims.(jwt.MapClaims)
 		if !ok || !token.Valid {
-			reject(errors.New("Token not valid"))
+			reject(errors.New("token not valid"))
 			return
 		}
 
 		// Record the username for handlers lower in the
 		// stack.
 		username, pres := claims["user"].(string)
 		if !pres {
-			reject(errors.New("Username not present"))
+			reject(errors.New("username not present"))
 			return
 		}
 
 		// Check if the claim is too old.
 		expires, pres := claims["expires"].(float64)
 		if !pres {
-			reject(errors.New("Expires field not present in JWT"))
+			reject(errors.New("expires field not present in JWT"))
 			return
 		}
 
 		if expires < float64(time.Now().Unix()) {
-			reject(errors.New("JWT expired - reauthenticate."))
+			reject(errors.New("the JWT is expired - reauthenticate"))
 			return
 		}