golangci: enable all govet linters, run gosec on tests as well#48825
Merged
thaJeztah merged 39 commits intomoby:masterfrom Nov 7, 2024
Merged
golangci: enable all govet linters, run gosec on tests as well#48825thaJeztah merged 39 commits intomoby:masterfrom
thaJeztah merged 39 commits intomoby:masterfrom
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| } | ||
|
|
||
| f, err := os.OpenFile(req.File, syscall.O_RDONLY, 0o700) | ||
| f, err := os.OpenFile(req.File, syscall.O_RDONLY, 0o600) |
Check failure
Code scanning / CodeQL
Uncontrolled data used in path expression
integration/plugin/logging/cmd/discard/driver.go:40:13: G302: Expect file permissions to be 0600 or less (gosec)
f, err := os.OpenFile(req.File, syscall.O_RDONLY, 0o700)
^
Signed-off-by: Sebastiaan van Stijn <[email protected]>
…(gosec)
volume/mounts/linux_parser_test.go:335:38: G601: Implicit memory aliasing in for loop. (gosec)
data, err := p.ConvertTmpfsOptions(&tc.opt, tc.readOnly)
^
Signed-off-by: Sebastiaan van Stijn <[email protected]>
integration-cli/docker_utils_test.go:149:8: G601: Implicit memory aliasing in for loop. (gosec)
m = &c
^
Signed-off-by: Sebastiaan van Stijn <[email protected]>
integration-cli/docker_utils_test.go:187:12: G302: Expect file permissions to be 0600 or less (gosec)
f, err := os.OpenFile(dst, os.O_CREATE|os.O_RDWR|os.O_TRUNC, 0o700)
^
Signed-off-by: Sebastiaan van Stijn <[email protected]>
…(gosec)
integration-cli/docker_cli_run_test.go:401:12: G302: Expect file permissions to be 0600 or less (gosec)
f, err := os.OpenFile(filepath.Join(dir, "test"), os.O_CREATE, 0o700)
^
Signed-off-by: Sebastiaan van Stijn <[email protected]>
These already had a comment, so let's make it a ignore-comment
integration-cli/docker_cli_exec_test.go:409:13: G302: Expect file permissions to be 0600 or less (gosec)
f, err := os.OpenFile(netFilePath, os.O_WRONLY|os.O_SYNC|os.O_APPEND, 0o644)
^
integration-cli/docker_cli_run_test.go:3050:12: G302: Expect file permissions to be 0600 or less (gosec)
if err := os.Chmod(filename, 0o646); err != nil {
^
integration-cli/docker_cli_run_test.go:3072:12: G302: Expect file permissions to be 0600 or less (gosec)
if err := os.Chmod(filename, 0o646); err != nil {
^
integration-cli/docker_cli_run_test.go:3094:12: G302: Expect file permissions to be 0600 or less (gosec)
if err := os.Chmod(filename, 0o646); err != nil {
^
Signed-off-by: Sebastiaan van Stijn <[email protected]>
Not a real issue for tests, but easy to fix;
client/hijack_test.go:23:34: G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (gosec)
Signed-off-by: Sebastiaan van Stijn <[email protected]>
Not a real issue for tests, but easy to fix;
pkg/authorization/authz_unix_test.go:387:12: G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server (gosec)
Signed-off-by: Sebastiaan van Stijn <[email protected]>
Not a real issue for tests, but easy to fix;
daemon/logger/splunk/splunkhecmock_test.go:79:9: G114: Use of net/http serve function that has no support for setting timeouts (gosec)
return http.Serve(hec.tcpListener, hec)
^
Signed-off-by: Sebastiaan van Stijn <[email protected]>
…osec)
daemon/logger/awslogs/cloudwatchlogs_test.go:1652:2: G101: Potential hardcoded credentials (gosec)
credsResp := `{
"AccessKeyId" : "test-access-key-id",
"SecretAccessKey": "test-secret-access-key"
}`
Signed-off-by: Sebastiaan van Stijn <[email protected]>
…Version too low
integration-cli/docker_cli_daemon_test.go:1528:101: G402: TLS MinVersion too low. (gosec)
Signed-off-by: Sebastiaan van Stijn <[email protected]>
pkg/tarsum/tarsum_test.go:555:15: G110: Potential DoS vulnerability via decompression bomb (gosec)
if _, err = io.Copy(io.Discard, tr); err != nil {
^
Signed-off-by: Sebastiaan van Stijn <[email protected]>
…e (gosec)
distribution/xfer/download_test.go:72:53: G602: slice index out of range (gosec)
return createChainIDFromParent(layer.ChainID(dgsts[0]), dgsts[1:]...)
^
distribution/xfer/download_test.go:75:69: G602: slice index out of range (gosec)
dgst := digest.FromBytes([]byte(string(parent) + " " + string(dgsts[0])))
^
distribution/xfer/download_test.go:76:59: G602: slice bounds out of range (gosec)
return createChainIDFromParent(layer.ChainID(dgst), dgsts[1:]...)
^
Signed-off-by: Sebastiaan van Stijn <[email protected]>
Add a single exclusion for use of non-crypto rand in some tests. Signed-off-by: Sebastiaan van Stijn <[email protected]>
… (govet)
libnetwork/datastore/mockstore_test.go:70:12: nilness: tautological condition: non-nil != nil (govet)
if mData != nil && mData.Index != previous.LastIndex {
^
Signed-off-by: Sebastiaan van Stijn <[email protected]>
…govet) Signed-off-by: Sebastiaan van Stijn <[email protected]>
Signed-off-by: Sebastiaan van Stijn <[email protected]>
builder/builder-next/builder.go:435:3: shadow: declaration of "id" shadows declaration at line 294 (govet)
id, ok := resp.ExporterResponse["containerimage.digest"]
^
Signed-off-by: Sebastiaan van Stijn <[email protected]>
daemon/graphdriver/overlay2/overlay.go:430:3: shadow: declaration of "key" shadows declaration at line 429 (govet)
key := strings.ToLower(key)
^
Signed-off-by: Sebastiaan van Stijn <[email protected]>
plugin/backend_linux.go:527:2: shadow: declaration of "manifest" shadows declaration at line 473 (govet)
manifest, err := buildManifest(ctx, pm.blobStore, p.Config, p.Blobsums)
^
Signed-off-by: Sebastiaan van Stijn <[email protected]>
plugin/manager_linux_test.go:215:4: shadow: declaration of "root" shadows declaration at line 173 (govet)
root := filepath.Join(root, desc)
^
Signed-off-by: Sebastiaan van Stijn <[email protected]>
pkg/idtools/usergroupadd_linux.go:94:2: shadow: declaration of "ranges" shadows declaration at line 25 (govet)
ranges, err := parseSubuid(name)
^
pkg/idtools/usergroupadd_linux.go:131:2: shadow: declaration of "ranges" shadows declaration at line 25 (govet)
ranges, err := parseSubuid("ALL")
^
pkg/idtools/usergroupadd_linux.go:140:2: shadow: declaration of "ranges" shadows declaration at line 25 (govet)
ranges, err := parseSubgid("ALL")
^
Signed-off-by: Sebastiaan van Stijn <[email protected]>
libnetwork/bitmap/sequence_test.go:746:5: shadow: declaration of "o" shadows declaration at line 738 (govet)
if o, err := hnd.SetAnyInRange(0, uint64(blockLen), false); err == nil {
^
libnetwork/bitmap/sequence_test.go:750:5: shadow: declaration of "o" shadows declaration at line 738 (govet)
if o, err := hnd.SetAnyInRange(0, firstAv-1, false); err == nil {
^
libnetwork/bitmap/sequence_test.go:754:5: shadow: declaration of "o" shadows declaration at line 738 (govet)
if o, err := hnd.SetAnyInRange(111*uint64(blockLen), 161*uint64(blockLen), false); err == nil {
^
libnetwork/bitmap/sequence_test.go:793:6: shadow: declaration of "o" shadows declaration at line 738 (govet)
if o, err := hnd.SetAnyInRange(0, 7, false); err != nil {
^
libnetwork/bitmap/sequence_test.go:808:6: shadow: declaration of "o" shadows declaration at line 738 (govet)
if o, err := hnd.SetAnyInRange(8, 15, false); err != nil {
^
libnetwork/bitmap/sequence_test.go:824:6: shadow: declaration of "o" shadows declaration at line 738 (govet)
if o, err := hnd.SetAnyInRange(28, 29, false); err != nil {
^
Signed-off-by: Sebastiaan van Stijn <[email protected]>
…e (govet)
builder/builder-next/exporter/mobyexporter/writer.go:83:3: shadow: declaration of "dt" shadows declaration at line 42 (govet)
dt, err := json.Marshal(cache.Data)
^
Signed-off-by: Sebastiaan van Stijn <[email protected]>
…ble (govet)
daemon/containerd/image_delete.go:378:4: shadow: declaration of "img" shadows declaration at line 355 (govet)
img := images.Image{
^
Signed-off-by: Sebastiaan van Stijn <[email protected]>
daemon/containerd/image_test.go:173:3: shadow: declaration of "service" shadows declaration at line 30 (govet)
service := &ImageService{
^
daemon/containerd/image_test.go:207:3: shadow: declaration of "service" shadows declaration at line 30 (govet)
service := &ImageService{
^
Signed-off-by: Sebastiaan van Stijn <[email protected]>
builder/dockerfile/builder.go:361:2: shadow: declaration of "dispatchRequest" shadows declaration at line 189 (govet)
dispatchRequest := newDispatchRequest(b, dockerfile.EscapeToken, nil, NewBuildArgs(b.options.BuildArgs), newStagesBuildResults())
^
builder/dockerfile/copy.go:217:2: shadow: declaration of "copyInfo" shadows declaration at line 39 (govet)
copyInfo, err := copyInfoForFile(o.source, origPath)
^
builder/dockerfile/dispatchers.go:97:2: shadow: declaration of "copyInstruction" shadows declaration at line 60 (govet)
copyInstruction, err := copier.createCopyInstruction(c.SourcesAndDest, "ADD")
^
builder/dockerfile/dispatchers.go:124:2: shadow: declaration of "copyInstruction" shadows declaration at line 60 (govet)
copyInstruction, err := copier.createCopyInstruction(c.SourcesAndDest, "COPY")
^
builder/dockerfile/dispatchers.go:162:3: shadow: declaration of "v" shadows declaration at line 161 (govet)
v, err := d.getExpandedString(d.shlex, v)
^
Signed-off-by: Sebastiaan van Stijn <[email protected]>
libnetwork/service_linux.go:226:7: shadow: declaration of "ep" shadows declaration at line 175 (govet)
if ep := sb.getGatewayEndpoint(); ep != nil {
^
Signed-off-by: Sebastiaan van Stijn <[email protected]>
…es (govet)
distribution/push_v2.go:558:9: shadow: declaration of "exists" shadows declaration at line 538 (govet)
if _, exists := digestToMetadata[meta.Digest]; exists {
^
distribution/push_v2.go:562:9: shadow: declaration of "exists" shadows declaration at line 538 (govet)
if _, exists := pd.checkedDigests[meta.Digest]; exists {
^
Signed-off-by: Sebastiaan van Stijn <[email protected]>
…les (govet)
daemon/graphdriver/btrfs/btrfs.go:562:3: shadow: declaration of "key" shadows declaration at line 561 (govet)
key := strings.ToLower(key)
^
Signed-off-by: Sebastiaan van Stijn <[email protected]>
pkg/plugins/plugins.go:231:6: shadow: declaration of "pl" shadows declaration at line 214 (govet)
if pl, exists := storage.plugins[name]; exists {
^
Signed-off-by: Sebastiaan van Stijn <[email protected]>
layer/ro_layer.go:167:6: shadow: declaration of "n" shadows declaration at line 164 (govet)
if n, err := vrc.verifier.Write(p[:n]); err != nil {
^
Signed-off-by: Sebastiaan van Stijn <[email protected]>
integration-cli/docker_utils_test.go:492:3: shadow: declaration of "line" shadows declaration at line 491 (govet)
line := strings.TrimSpace(line)
^
Signed-off-by: Sebastiaan van Stijn <[email protected]>
daemon/containerd/image_import.go:370:9: nilness: impossible condition: nil != nil (govet)
if err != nil {
^
Signed-off-by: Sebastiaan van Stijn <[email protected]>
daemon/images/image.go:269:9: unusedwrite: unused write to field Variant (govet)
otherN.Variant = "" // normalization adds a default variant... which is the whole problem with `platforms.Only`
^
Signed-off-by: Sebastiaan van Stijn <[email protected]>
This was added in 9ca3bb6, but looks like the manifest-type was never used. distribution/manifest.go:236:7: unusedwrite: unused write to field MediaType (govet) desc.MediaType = mt ^ Signed-off-by: Sebastiaan van Stijn <[email protected]>
distribution/push_v2_test.go:417:7: deepequalerrors: avoid using reflect.DeepEqual with errors (govet)
if !reflect.DeepEqual(err, tc.expectedError) {
^
Signed-off-by: Sebastiaan van Stijn <[email protected]>
govet produces this linting warning because the Plugin types that are
compared contain a activateErr field. This should be fine to ignore here.
pkg/plugins/discovery_unix_test.go:48:7: deepequalerrors: avoid using reflect.DeepEqual with errors (govet)
if !reflect.DeepEqual(p, pp) {
^
Signed-off-by: Sebastiaan van Stijn <[email protected]>
Enable all rules, except for fieldalignment, which needs some work. Signed-off-by: Sebastiaan van Stijn <[email protected]>
thaJeztah
force-pushed
the
update_linting
branch
from
48c4521 to
7766b35
Compare
thaJeztah
commented
Nov 6, 2024
Comment on lines
-298
to
+177
| ) | ||
| testcases := []struct { |
Member
Author
There was a problem hiding this comment.
Oh! This must've been gofumpt kicking in; let me know if you want me to revert this part of the diff.
thaJeztah
requested review from
cpuguy83,
samuelkarp and
tonistiigi
as code owners
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
- A picture of a cute animal (not mandatory but encouraged)