fix nits

google/internal/externalaccount/basecredentials.go

@@ -62,16 +62,16 @@ var (
 	validTokenURLPatterns = []*regexp.Regexp{
 		// The complicated part in the middle matches any number of characters that
 		// aren't period, spaces, or slashes.
-		regexp.MustCompile("(?i)^[^\\.\\s\\/\\\\]+\\.sts\\.googleapis\\.com$"),
+		regexp.MustCompile(`(?i)^[^\.\s\/\\]+\.sts\.googleapis\.com$`),
-		regexp.MustCompile("(?i)^sts\\.googleapis\\.com$"),
+		regexp.MustCompile(`(?i)^sts\.googleapis\.com$`),
-		regexp.MustCompile("(?i)^sts\\.[^\\.\\s\\/\\\\]+\\.googleapis\\.com$"),
+		regexp.MustCompile(`(?i)^sts\.[^\.\s\/\\]+\.googleapis\.com$`),
-		regexp.MustCompile("(?i)^[^\\.\\s\\/\\\\]+-sts\\.googleapis\\.com$"),
+		regexp.MustCompile(`(?i)^[^\.\s\/\\]+-sts\.googleapis\.com$`),
 	}
 	validImpersonateURLPatterns = []*regexp.Regexp{
-		regexp.MustCompile("^[^\\.\\s\\/\\\\]+\\.iamcredentials\\.googleapis\\.com$"),
+		regexp.MustCompile(`^[^\.\s\/\\]+\.iamcredentials\.googleapis\.com$`),
-		regexp.MustCompile("^iamcredentials\\.googleapis\\.com$"),
+		regexp.MustCompile(`^iamcredentials\.googleapis\.com$`),
-		regexp.MustCompile("^iamcredentials\\.[^\\.\\s\\/\\\\]+\\.googleapis\\.com$"),
+		regexp.MustCompile(`^iamcredentials\.[^\.\s\/\\]+\.googleapis\.com$`),
-		regexp.MustCompile("^[^\\.\\s\\/\\\\]+-iamcredentials\\.googleapis\\.com$"),
+		regexp.MustCompile(`^[^\.\s\/\\]+-iamcredentials\.googleapis\.com$`),
 	}
 )
 
@@ -80,14 +80,14 @@ func validateURL(input string, patterns []*regexp.Regexp, scheme string) bool {
 	if err != nil {
 		return false
 	}
-	if strings.ToLower(parsed.Scheme) != strings.ToLower(scheme) {
+	if !strings.EqualFold(parsed.Scheme, scheme) {
 		return false
 	}
 	toTest := parsed.Host
 
 	for _, pattern := range patterns {
-		valid := pattern.MatchString(toTest)
+
-		if valid {
+		if valid := pattern.MatchString(toTest); valid {
 			return true
 		}
 	}
@@ -103,13 +103,11 @@ func (c *Config) TokenSource(ctx context.Context) (oauth2.TokenSource, error) {
 // because the unit test URLs are mocked, and would otherwise fail the
 // validity check.
 func (c *Config) tokenSource(ctx context.Context, tokenURLValidPats []*regexp.Regexp, impersonateURLValidPats []*regexp.Regexp, scheme string) (oauth2.TokenSource, error) {
-	// Check the validity of TokenURL.
 	valid := validateURL(c.TokenURL, tokenURLValidPats, scheme)
 	if !valid {
 		return nil, fmt.Errorf("oauth2/google: invalid TokenURL provided while constructing tokenSource")
 	}
 
-	// If ServiceAccountImpersonationURL is present, check its validity.
 	if c.ServiceAccountImpersonationURL != "" {
 		valid := validateURL(c.ServiceAccountImpersonationURL, impersonateURLValidPats, scheme)
 		if !valid {

google/internal/externalaccount/basecredentials_test.go

@@ -9,7 +9,6 @@ import (
 	"io/ioutil"
 	"net/http"
 	"net/http/httptest"
-	"regexp"
 	"strings"
 	"testing"
 	"time"
@@ -101,27 +100,26 @@ func TestToken(t *testing.T) {
 func TestValidateURLTokenURL(t *testing.T) {
 	var urlValidityTests = []struct {
 		tokURL        string
-		pattern       []*regexp.Regexp
 		expectSuccess bool
 	}{
-		{"https://east.sts.googleapis.com", validTokenURLPatterns, true},
+		{"https://east.sts.googleapis.com", true},
-		{"https://sts.googleapis.com", validTokenURLPatterns, true},
+		{"https://sts.googleapis.com", true},
-		{"https://sts.asfeasfesef.googleapis.com", validTokenURLPatterns, true},
+		{"https://sts.asfeasfesef.googleapis.com", true},
-		{"https://us-east-1-sts.googleapis.com", validTokenURLPatterns, true},
+		{"https://us-east-1-sts.googleapis.com", true},
-		{"https://sts.googleapis.com/your/path/here", validTokenURLPatterns, true},
+		{"https://sts.googleapis.com/your/path/here", true},
-		{"https://.sts.googleapis.com", validTokenURLPatterns, false},
+		{"https://.sts.googleapis.com", false},
-		{"https://badsts.googleapis.com", validTokenURLPatterns, false},
+		{"https://badsts.googleapis.com", false},
-		{"https://sts.asfe.asfesef.googleapis.com", validTokenURLPatterns, false},
+		{"https://sts.asfe.asfesef.googleapis.com", false},
-		{"https://sts..googleapis.com", validTokenURLPatterns, false},
+		{"https://sts..googleapis.com", false},
-		{"https://-sts.googleapis.com", validTokenURLPatterns, false},
+		{"https://-sts.googleapis.com", false},
-		{"https://us-ea.st-1-sts.googleapis.com", validTokenURLPatterns, false},
+		{"https://us-ea.st-1-sts.googleapis.com", false},
-		{"https://sts.googleapis.com.evil.com/whatever/path", validTokenURLPatterns, false},
+		{"https://sts.googleapis.com.evil.com/whatever/path", false},
-		{"https://us-eas\\t-1.sts.googleapis.com", validTokenURLPatterns, false},
+		{"https://us-eas\\t-1.sts.googleapis.com", false},
-		{"https:/us-ea/st-1.sts.googleapis.com", validTokenURLPatterns, false},
+		{"https:/us-ea/st-1.sts.googleapis.com", false},
-		{"https:/us-east 1.sts.googleapis.com", validTokenURLPatterns, false},
+		{"https:/us-east 1.sts.googleapis.com", false},
-		{"https://", validTokenURLPatterns, false},
+		{"https://", false},
-		{"http://us-east-1.sts.googleapis.com", validTokenURLPatterns, false},
+		{"http://us-east-1.sts.googleapis.com", false},
-		{"https://us-east-1.sts.googleapis.comevil.com", validTokenURLPatterns, false},
+		{"https://us-east-1.sts.googleapis.comevil.com", false},
 	}
 	ctx := context.Background()
 	for _, tt := range urlValidityTests {
@@ -158,27 +156,26 @@ func TestValidateURLTokenURL(t *testing.T) {
 func TestValidateURLImpersonateURL(t *testing.T) {
 	var urlValidityTests = []struct {
 		impURL        string
-		pattern       []*regexp.Regexp
 		expectSuccess bool
 	}{
-		{"https://east.iamcredentials.googleapis.com", validImpersonateURLPatterns, true},
+		{"https://east.iamcredentials.googleapis.com", true},
-		{"https://iamcredentials.googleapis.com", validImpersonateURLPatterns, true},
+		{"https://iamcredentials.googleapis.com", true},
-		{"https://iamcredentials.asfeasfesef.googleapis.com", validImpersonateURLPatterns, true},
+		{"https://iamcredentials.asfeasfesef.googleapis.com", true},
-		{"https://us-east-1-iamcredentials.googleapis.com", validImpersonateURLPatterns, true},
+		{"https://us-east-1-iamcredentials.googleapis.com", true},
-		{"https://iamcredentials.googleapis.com/your/path/here", validImpersonateURLPatterns, true},
+		{"https://iamcredentials.googleapis.com/your/path/here", true},
-		{"https://.iamcredentials.googleapis.com", validImpersonateURLPatterns, false},
+		{"https://.iamcredentials.googleapis.com", false},
-		{"https://badiamcredentials.googleapis.com", validImpersonateURLPatterns, false},
+		{"https://badiamcredentials.googleapis.com", false},
-		{"https://iamcredentials.asfe.asfesef.googleapis.com", validImpersonateURLPatterns, false},
+		{"https://iamcredentials.asfe.asfesef.googleapis.com", false},
-		{"https://iamcredentials..googleapis.com", validImpersonateURLPatterns, false},
+		{"https://iamcredentials..googleapis.com", false},
-		{"https://-iamcredentials.googleapis.com", validImpersonateURLPatterns, false},
+		{"https://-iamcredentials.googleapis.com", false},
-		{"https://us-ea.st-1-iamcredentials.googleapis.com", validImpersonateURLPatterns, false},
+		{"https://us-ea.st-1-iamcredentials.googleapis.com", false},
-		{"https://iamcredentials.googleapis.com.evil.com/whatever/path", validImpersonateURLPatterns, false},
+		{"https://iamcredentials.googleapis.com.evil.com/whatever/path", false},
-		{"https://us-eas\\t-1.iamcredentials.googleapis.com", validImpersonateURLPatterns, false},
+		{"https://us-eas\\t-1.iamcredentials.googleapis.com", false},
-		{"https:/us-ea/st-1.iamcredentials.googleapis.com", validImpersonateURLPatterns, false},
+		{"https:/us-ea/st-1.iamcredentials.googleapis.com", false},
-		{"https:/us-east 1.iamcredentials.googleapis.com", validImpersonateURLPatterns, false},
+		{"https:/us-east 1.iamcredentials.googleapis.com", false},
-		{"https://", validImpersonateURLPatterns, false},
+		{"https://", false},
-		{"http://us-east-1.iamcredentials.googleapis.com", validImpersonateURLPatterns, false},
+		{"http://us-east-1.iamcredentials.googleapis.com", false},
-		{"https://us-east-1.iamcredentials.googleapis.comevil.com", validImpersonateURLPatterns, false},
+		{"https://us-east-1.iamcredentials.googleapis.comevil.com", false},
 	}
 	ctx := context.Background()
 	for _, tt := range urlValidityTests {