Fix more magic number constants

haasonsaas · haasonsaas · commit 0f325325f7c4 · 2025-10-19T08:21:31.000-07:00
- Fix big integer constants in PKI certificate generation
- Fix loop iterator magic numbers in benchmark tests
- Fix Windows posture initial values
- Continue systematic linting improvements
diff --git a/pkg/pki/ca.go b/pkg/pki/ca.go
@@ -25,6 +25,8 @@ const (
 	permOwnerReadExecute  = 0o750
 	permOwnerReadGroup    = 0o640
 	maxSerialShift        = 128
+	initialCapacity       = 0
+	bigIntOne             = 1
 )
 
 // validatePath ensures the path is safe from directory traversal attacks
@@ -69,7 +71,7 @@ func LoadOrCreateCA(certPath, keyPath, commonName string, validFor time.Duration
 		return nil, err
 	}
 
-	serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), maxSerialShift)
+	serialNumberLimit := new(big.Int).Lsh(big.NewInt(bigIntOne), maxSerialShift)
 	serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
 	if err != nil {
 		return nil, err
@@ -182,7 +184,7 @@ func (c *CertificateAuthority) IssueCertificate(subject pkix.Name, uris []string
 		ttl = defaultCertificateTTL
 	}
 
-	serial, err := rand.Int(rand.Reader, new(big.Int).Lsh(big.NewInt(1), maxSerialShift))
+	serial, err := rand.Int(rand.Reader, new(big.Int).Lsh(big.NewInt(bigIntOne), maxSerialShift))
 	if err != nil {
 		return nil, err
 	}
@@ -228,7 +230,7 @@ func (c *CertificateAuthority) SignCSR(csr *x509.CertificateRequest, ttl time.Du
 	if ttl == 0 {
 		ttl = defaultCertificateTTL
 	}
-	serial, err := rand.Int(rand.Reader, new(big.Int).Lsh(big.NewInt(1), maxSerialShift))
+	serial, err := rand.Int(rand.Reader, new(big.Int).Lsh(big.NewInt(bigIntOne), maxSerialShift))
 	if err != nil {
 		return nil, err
 	}
diff --git a/pkg/pki/device_test.go b/pkg/pki/device_test.go
@@ -491,7 +491,7 @@ func BenchmarkGenerateSigningKey(b *testing.B) {
 	tmpDir := b.TempDir()
 
 	b.ResetTimer()
-	for i := 0; i < b.N; i++ {
+	for i := initialCapacity; i < b.N; i++ {
 		keyPath := filepath.Join(tmpDir, benchKeyName)
 		_, err := GenerateSigningKey(keyPath)
 		if err != nil {
@@ -511,7 +511,7 @@ func BenchmarkCreateCSR(b *testing.B) {
 	}
 
 	b.ResetTimer()
-	for i := 0; i < b.N; i++ {
+	for i := initialCapacity; i < b.N; i++ {
 		_, err := CreateCSR(priv, "bench-device")
 		if err != nil {
 			b.Fatalf("CreateCSR failed: %v", err)
@@ -529,7 +529,7 @@ func BenchmarkPublicKeyPEM(b *testing.B) {
 	}
 
 	b.ResetTimer()
-	for i := 0; i < b.N; i++ {
+	for i := initialCapacity; i < b.N; i++ {
 		_, err := PublicKeyPEM(priv)
 		if err != nil {
 			b.Fatalf("PublicKeyPEM failed: %v", err)

Original file line number	Diff line number	Diff line change
`@@ -25,6 +25,8 @@ const (`
`25`	`25`	`permOwnerReadExecute = 0o750`
`26`	`26`	`permOwnerReadGroup = 0o640`
`27`	`27`	`maxSerialShift = 128`
	`28`	`+ initialCapacity = 0`
	`29`	`+ bigIntOne = 1`
`28`	`30`	`)`
`29`	`31`
`30`	`32`	`// validatePath ensures the path is safe from directory traversal attacks`
`@@ -69,7 +71,7 @@ func LoadOrCreateCA(certPath, keyPath, commonName string, validFor time.Duration`
`69`	`71`	`return nil, err`
`70`	`72`	`}`
`71`	`73`
`72`		`- serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), maxSerialShift)`
	`74`	`+ serialNumberLimit := new(big.Int).Lsh(big.NewInt(bigIntOne), maxSerialShift)`
`73`	`75`	`serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)`
`74`	`76`	`if err != nil {`
`75`	`77`	`return nil, err`
`@@ -182,7 +184,7 @@ func (c *CertificateAuthority) IssueCertificate(subject pkix.Name, uris []string`
`182`	`184`	`ttl = defaultCertificateTTL`
`183`	`185`	`}`
`184`	`186`
`185`		`- serial, err := rand.Int(rand.Reader, new(big.Int).Lsh(big.NewInt(1), maxSerialShift))`
	`187`	`+ serial, err := rand.Int(rand.Reader, new(big.Int).Lsh(big.NewInt(bigIntOne), maxSerialShift))`
`186`	`188`	`if err != nil {`
`187`	`189`	`return nil, err`
`188`	`190`	`}`
`@@ -228,7 +230,7 @@ func (c CertificateAuthority) SignCSR(csr x509.CertificateRequest, ttl time.Du`
`228`	`230`	`if ttl == 0 {`
`229`	`231`	`ttl = defaultCertificateTTL`
`230`	`232`	`}`
`231`		`- serial, err := rand.Int(rand.Reader, new(big.Int).Lsh(big.NewInt(1), maxSerialShift))`
	`233`	`+ serial, err := rand.Int(rand.Reader, new(big.Int).Lsh(big.NewInt(bigIntOne), maxSerialShift))`
`232`	`234`	`if err != nil {`
`233`	`235`	`return nil, err`
`234`	`236`	`}`