diff --git a/.golangci.yml b/.golangci.yml index 7c38dcc8..5fbec07c 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -18,7 +18,6 @@ linters: disable-all: true enable: - asciicheck - - bodyclose - deadcode - depguard - dogsled @@ -50,17 +49,13 @@ linters: - misspell - nakedret - nestif - - noctx - - nolintlint - paralleltest - predeclared - staticcheck - stylecheck - thelper - - tparallel - typecheck - unconvert - - unparam - unused - varcheck - whitespace diff --git a/checker/check_result.go b/checker/check_result.go index 19149829..2866d121 100644 --- a/checker/check_result.go +++ b/checker/check_result.go @@ -64,6 +64,7 @@ const ( ) // CheckResult captures result from a check run. +// //nolint:govet type CheckResult struct { Name string @@ -94,6 +95,7 @@ type CheckDetail struct { // LogMessage is a structure that encapsulates detail's information. // This allows updating the definition easily. +// //nolint:govet type LogMessage struct { Text string // A short string explaining why the detail was recorded/logged. diff --git a/checks/fileparser/listing_test.go b/checks/fileparser/listing_test.go index 778a800e..ff14e008 100644 --- a/checks/fileparser/listing_test.go +++ b/checks/fileparser/listing_test.go @@ -535,6 +535,7 @@ func TestOnMatchingFileContent(t *testing.T) { } // TestOnAllFilesDo tests the OnAllFilesDo function. +// //nolint:gocognit func TestOnAllFilesDo(t *testing.T) { t.Parallel() diff --git a/checks/raw/branch_protection_test.go b/checks/raw/branch_protection_test.go index 6abc820b..71364c27 100644 --- a/checks/raw/branch_protection_test.go +++ b/checks/raw/branch_protection_test.go @@ -33,7 +33,7 @@ var ( mainBranchName = "main" ) -//nolint: govet +// nolint: govet type branchArg struct { err error name string diff --git a/checks/raw/license_test.go b/checks/raw/license_test.go index 8f49fdb9..a8563472 100644 --- a/checks/raw/license_test.go +++ b/checks/raw/license_test.go @@ -103,6 +103,7 @@ func TestLicenseFileCheck(t *testing.T) { }, } + //nolint: paralleltest for _, tt := range tests { tt := tt // Re-initializing variable so it is not changed while executing the closure below for _, ext := range tt.extensions { diff --git a/checks/raw/shell_download_validate.go b/checks/raw/shell_download_validate.go index 3af817c2..a7d77ef8 100644 --- a/checks/raw/shell_download_validate.go +++ b/checks/raw/shell_download_validate.go @@ -890,7 +890,7 @@ func validateShellFileAndRecord(pathfn string, startLine, endLine uint, content // TODO: support other interpreters. // Example: https://github.com/apache/airflow/blob/main/scripts/ci/kubernetes/ci_run_kubernetes_tests.sh#L75 // HOST_PYTHON_VERSION=$(python3 -c 'import sys; print(f"{sys.version_info[0]}.{sys.version_info[1]}")')`` - // nolinter + // nolint if ok && isShellInterpreterOrCommand([]string{i}) { start, end := getLine(startLine, endLine, node) e := validateShellFileAndRecord(pathfn, start, end, diff --git a/clients/githubrepo/graphql.go b/clients/githubrepo/graphql.go index b208aead..91f53ceb 100644 --- a/clients/githubrepo/graphql.go +++ b/clients/githubrepo/graphql.go @@ -322,7 +322,7 @@ func parseCheckRuns(data *checkRunsGraphqlData) checkRunCache { return checkCache } -//nolint:all +//nolint func commitsFrom(data *graphqlData, repoOwner, repoName string) ([]clients.Commit, error) { ret := make([]clients.Commit, 0) for _, commit := range data.Repository.Object.Commit.History.Nodes { diff --git a/clients/githubrepo/roundtripper/tokens/server/main.go b/clients/githubrepo/roundtripper/tokens/server/main.go index 4678dd5d..178fa579 100644 --- a/clients/githubrepo/roundtripper/tokens/server/main.go +++ b/clients/githubrepo/roundtripper/tokens/server/main.go @@ -42,6 +42,7 @@ func main() { panic(err) } + //nolint: gosec // internal server. if err := http.Serve(l, nil); err != nil { panic(err) } diff --git a/clients/githubrepo/tarball.go b/clients/githubrepo/tarball.go index 36a5635a..55505f42 100644 --- a/clients/githubrepo/tarball.go +++ b/clients/githubrepo/tarball.go @@ -155,7 +155,7 @@ func (handler *tarballHandler) getTarball() error { return nil } -//nolint: gocognit +// nolint: gocognit func (handler *tarballHandler) extractTarball() error { in, err := os.OpenFile(handler.tempTarFile, os.O_RDONLY, 0o644) if err != nil { diff --git a/clients/githubrepo/tarball_test.go b/clients/githubrepo/tarball_test.go index f0d71fbb..be13c186 100644 --- a/clients/githubrepo/tarball_test.go +++ b/clients/githubrepo/tarball_test.go @@ -71,7 +71,7 @@ func setup(inputFile string) (tarballHandler, error) { return tarballHandler, nil } -//nolint: gocognit +// nolint: gocognit func TestExtractTarball(t *testing.T) { t.Parallel() testcases := []struct { diff --git a/cmd/package_managers_test.go b/cmd/package_managers_test.go index 608ac9d9..1aedc6ca 100644 --- a/cmd/package_managers_test.go +++ b/cmd/package_managers_test.go @@ -18,7 +18,7 @@ package cmd import ( "bytes" "errors" - "io/ioutil" + "io" "net/http" "testing" @@ -143,7 +143,7 @@ func Test_fetchGitRepositoryFromNPM(t *testing.T) { return &http.Response{ StatusCode: 200, - Body: ioutil.NopCloser(bytes.NewBufferString(tt.args.result)), + Body: io.NopCloser(bytes.NewBufferString(tt.args.result)), }, nil }).AnyTimes() got, err := fetchGitRepositoryFromNPM(tt.args.packageName, p) @@ -423,7 +423,7 @@ func Test_fetchGitRepositoryFromPYPI(t *testing.T) { return &http.Response{ StatusCode: 200, - Body: ioutil.NopCloser(bytes.NewBufferString(tt.args.result)), + Body: io.NopCloser(bytes.NewBufferString(tt.args.result)), }, nil }).AnyTimes() got, err := fetchGitRepositoryFromPYPI(tt.args.packageName, p) @@ -692,7 +692,7 @@ func Test_fetchGitRepositoryFromRubyGems(t *testing.T) { return &http.Response{ StatusCode: 200, - Body: ioutil.NopCloser(bytes.NewBufferString(tt.args.result)), + Body: io.NopCloser(bytes.NewBufferString(tt.args.result)), }, nil }).AnyTimes() got, err := fetchGitRepositoryFromRubyGems(tt.args.packageName, p) diff --git a/cmd/packagemanager_client.go b/cmd/packagemanager_client.go index e14b6d2c..cf9b5919 100644 --- a/cmd/packagemanager_client.go +++ b/cmd/packagemanager_client.go @@ -26,7 +26,7 @@ type packageManagerClient interface { type packageManager struct{} -//nolint: noctx +// nolint: noctx func (c *packageManager) Get(url, packageName string) (*http.Response, error) { const timeout = 10 client := &http.Client{ diff --git a/cmd/serve.go b/cmd/serve.go index 0771b520..078451e5 100644 --- a/cmd/serve.go +++ b/cmd/serve.go @@ -95,6 +95,7 @@ func serveCmd(o *options.Options) *cobra.Command { port = "8080" } fmt.Printf("Listening on localhost:%s\n", port) + //nolint: gosec // unsused. err = http.ListenAndServe(fmt.Sprintf("0.0.0.0:%s", port), nil) if err != nil { // TODO(log): Should this actually panic? diff --git a/cron/internal/data/update/main.go b/cron/internal/data/update/main.go index 8b5df908..07d0d914 100644 --- a/cron/internal/data/update/main.go +++ b/cron/internal/data/update/main.go @@ -24,7 +24,8 @@ import ( // Adds "project=${PROJECT},dependency=true" to the repositories metadata. // Args: -// file path to old_projects.csv new_projects.csv +// +// file path to old_projects.csv new_projects.csv func main() { if len(os.Args) != 3 { panic("must provide 2 arguments") diff --git a/cron/internal/webhook/main.go b/cron/internal/webhook/main.go index b6fc889a..7b7f03bc 100644 --- a/cron/internal/webhook/main.go +++ b/cron/internal/webhook/main.go @@ -81,6 +81,7 @@ func scriptHandler(w http.ResponseWriter, r *http.Request) { func main() { http.HandleFunc("/", scriptHandler) fmt.Printf("Starting HTTP server on port 8080 ...\n") + // nolint:gosec // internal server. if err := http.ListenAndServe(":8080", nil); err != nil { log.Fatal(err) } diff --git a/cron/internal/worker/main.go b/cron/internal/worker/main.go index b28a71e3..12787007 100644 --- a/cron/internal/worker/main.go +++ b/cron/internal/worker/main.go @@ -50,7 +50,7 @@ const ( var ignoreRuntimeErrors = flag.Bool("ignoreRuntimeErrors", false, "if set to true any runtime errors will be ignored") -//nolint: gocognit +// nolint: gocognit func processRequest(ctx context.Context, batchRequest *data.ScorecardBatchRequest, blacklistedChecks []string, bucketURL, rawBucketURL, apiBucketURL string, @@ -267,6 +267,7 @@ func main() { // Exposed for monitoring runtime profiles go func() { // TODO(log): Previously Fatal. Need to handle the error here. + //nolint: gosec // internal server. logger.Info(fmt.Sprintf("%v", http.ListenAndServe(":8080", nil))) }() diff --git a/docs/checks/internal/generate/main.go b/docs/checks/internal/generate/main.go index 15c5b123..0d3cd72a 100644 --- a/docs/checks/internal/generate/main.go +++ b/docs/checks/internal/generate/main.go @@ -4,7 +4,7 @@ // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // -// http://www.apache.org/licenses/LICENSE-2.0 +// http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, diff --git a/docs/checks/internal/reader.go b/docs/checks/internal/reader.go index 563cb564..4f262fa1 100644 --- a/docs/checks/internal/reader.go +++ b/docs/checks/internal/reader.go @@ -27,6 +27,7 @@ import ( var checksYAML []byte // Check stores a check's information. +// //nolint:govet type Check struct { Risk string `yaml:"risk"` diff --git a/e2e/binary_artifacts_test.go b/e2e/binary_artifacts_test.go index 9a39a678..236f7eae 100644 --- a/e2e/binary_artifacts_test.go +++ b/e2e/binary_artifacts_test.go @@ -16,7 +16,6 @@ package e2e import ( "context" - "io/ioutil" "os" "github.com/go-git/go-git/v5" @@ -173,7 +172,7 @@ var _ = Describe("E2E TEST:"+checks.CheckBinaryArtifacts, func() { }) It("Should return binary artifacts present at commit in source code when using local repoClient", func() { // create temp dir - tmpDir, err := ioutil.TempDir("", "") + tmpDir, err := os.MkdirTemp("", "") Expect(err).Should(BeNil()) defer os.RemoveAll(tmpDir) diff --git a/e2e/dangerous_workflow_test.go b/e2e/dangerous_workflow_test.go index aa377c7c..4b0fdcc0 100644 --- a/e2e/dangerous_workflow_test.go +++ b/e2e/dangerous_workflow_test.go @@ -4,7 +4,7 @@ // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // -// http://www.apache.org/licenses/LICENSE-2.0 +// http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, @@ -15,7 +15,6 @@ package e2e import ( "context" - "io/ioutil" "os" "github.com/go-git/go-git/v5" @@ -83,7 +82,7 @@ var _ = Describe("E2E TEST:"+checks.CheckTokenPermissions, func() { It("Should return dangerous workflow for local repoClient", func() { dl := scut.TestDetailLogger{} - tmpDir, err := ioutil.TempDir("", "") + tmpDir, err := os.MkdirTemp("", "") Expect(err).Should(BeNil()) defer os.RemoveAll(tmpDir) diff --git a/e2e/license_test.go b/e2e/license_test.go index 83a9a5f4..31ed4924 100644 --- a/e2e/license_test.go +++ b/e2e/license_test.go @@ -4,7 +4,7 @@ // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // -// http://www.apache.org/licenses/LICENSE-2.0 +// http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, @@ -15,7 +15,6 @@ package e2e import ( "context" - "io/ioutil" "os" "github.com/go-git/go-git/v5" @@ -85,7 +84,7 @@ var _ = Describe("E2E TEST:"+checks.CheckLicense, func() { It("Should return license check works for the local repoclient", func() { dl := scut.TestDetailLogger{} - tmpDir, err := ioutil.TempDir("", "") + tmpDir, err := os.MkdirTemp("", "") Expect(err).Should(BeNil()) defer os.RemoveAll(tmpDir) diff --git a/e2e/permissions_test.go b/e2e/permissions_test.go index 7f25a03d..4bed2107 100644 --- a/e2e/permissions_test.go +++ b/e2e/permissions_test.go @@ -15,7 +15,6 @@ package e2e import ( "context" - "io/ioutil" "os" "github.com/go-git/go-git/v5" @@ -85,7 +84,7 @@ var _ = Describe("E2E TEST:"+checks.CheckTokenPermissions, func() { It("Should return token permission for a local repo client", func() { dl := scut.TestDetailLogger{} - tmpDir, err := ioutil.TempDir("", "") + tmpDir, err := os.MkdirTemp("", "") Expect(err).Should(BeNil()) defer os.RemoveAll(tmpDir) diff --git a/e2e/pinned_dependencies_test.go b/e2e/pinned_dependencies_test.go index e38f7374..aa6c08a2 100644 --- a/e2e/pinned_dependencies_test.go +++ b/e2e/pinned_dependencies_test.go @@ -4,7 +4,7 @@ // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // -// http://www.apache.org/licenses/LICENSE-2.0 +// http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, @@ -15,7 +15,6 @@ package e2e import ( "context" - "io/ioutil" "os" "github.com/go-git/go-git/v5" @@ -87,7 +86,7 @@ var _ = Describe("E2E TEST:"+checks.CheckPinnedDependencies, func() { It("Should return dependencies check for a local repoClient", func() { dl := scut.TestDetailLogger{} - tmpDir, err := ioutil.TempDir("", "") + tmpDir, err := os.MkdirTemp("", "") Expect(err).Should(BeNil()) defer os.RemoveAll(tmpDir) diff --git a/e2e/security_policy_test.go b/e2e/security_policy_test.go index 293e2916..3a4b35dd 100644 --- a/e2e/security_policy_test.go +++ b/e2e/security_policy_test.go @@ -4,7 +4,7 @@ // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // -// http://www.apache.org/licenses/LICENSE-2.0 +// http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, @@ -15,7 +15,6 @@ package e2e import ( "context" - "io/ioutil" "os" "github.com/go-git/go-git/v5" @@ -139,7 +138,7 @@ var _ = Describe("E2E TEST:"+checks.CheckSecurityPolicy, func() { It("Should return valid security policy for local repoClient at head", func() { dl := scut.TestDetailLogger{} - tmpDir, err := ioutil.TempDir("", "") + tmpDir, err := os.MkdirTemp("", "") Expect(err).Should(BeNil()) defer os.RemoveAll(tmpDir) diff --git a/pkg/json.go b/pkg/json.go index 4806a0d7..0159ea4d 100644 --- a/pkg/json.go +++ b/pkg/json.go @@ -24,7 +24,7 @@ import ( "github.com/ossf/scorecard/v4/log" ) -//nolint +// nolint: govet type jsonCheckResult struct { Name string Details []string @@ -45,7 +45,7 @@ type jsonCheckDocumentationV2 struct { // Can be extended if needed. } -//nolint +// nolint: govet type jsonCheckResultV2 struct { Details []string `json:"details"` Score int `json:"score"` @@ -71,8 +71,9 @@ func (s jsonFloatScore) MarshalJSON() ([]byte, error) { return []byte(fmt.Sprintf("%.1f", s)), nil } -//nolint:govet // JSONScorecardResultV2 exports results as JSON for new detail format. +// +//nolint:govet type JSONScorecardResultV2 struct { Date string `json:"date"` Repo jsonRepoV2 `json:"repo"` diff --git a/pkg/scorecard_test.go b/pkg/scorecard_test.go index 6d778a31..a06f6413 100644 --- a/pkg/scorecard_test.go +++ b/pkg/scorecard_test.go @@ -4,7 +4,7 @@ // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // -// http://www.apache.org/licenses/LICENSE-2.0 +// http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, diff --git a/utests/utlib.go b/utests/utlib.go index 590614cb..5cfabd34 100644 --- a/utests/utlib.go +++ b/utests/utlib.go @@ -99,7 +99,7 @@ func errCmp(e1, e2 error) bool { } // ValidateTestReturn validates expected TestReturn with actual checker.CheckResult values. -//nolint: thelper +// nolint: thelper func ValidateTestReturn( t *testing.T, name string,