Update configuration

Signed-off-by: Sascha Schwarze <[email protected]>

Author: SaschaSchwarze0

.golangci.yaml

@@ -1,23 +1,31 @@
+version: "2"
+
 linters:
+  disable:
+    - errcheck
   enable:
-    - ineffassign
-    - revive
     - gosec
     - govet
+    - ineffassign
     - misspell
+    - revive
     - staticcheck
-  disable:
-    - errcheck
+    - unused
+
+  exclusions:
+    rules:
+      - path: test
+        linters:
+          - revive
 
-linters-settings:
-  gosec:
-    excludes:
-      - G101 # Look for hard coded credentials
-      - G305 # File traversal when extracting zip/tar archive
-      - G306 # Poor file permissions used when writing to a new file
+  settings:
+    gosec:
+      excludes:
+        - G101 # Look for hard coded credentials
+        - G305 # File traversal when extracting zip/tar archive
+        - G306 # Poor file permissions used when writing to a new file
 
-issues:
-  exclude-rules:
-    - path: test
-      linters:
-        - revive
+    revive:
+      rules:
+        - name: package-comments
+          disabled: true

cmd/git/main.go

@@ -252,6 +252,7 @@ func checkEnvironment(ctx context.Context) error {
 		if flagValues.verbose {
 			log.Printf("Debug: %s %s\n", path, check.versionArg)
 		}
+		// #nosec G204 in the default container configuration, it is impossible to inject other binaries, as such it is safe that we have no hard-coded path
 		out, err := exec.CommandContext(ctx, path, check.versionArg).CombinedOutput()
 		if err != nil {
 			log.Printf("Error: %s: %s\n", check.toolName, strings.TrimRight(string(out), "\n"))
@@ -474,13 +475,16 @@ func git(ctx context.Context, args ...string) (string, error) {
 		fmt.Sprintf("safe.directory=%s", flagValues.target),
 	}
 	fullArgs = append(fullArgs, args...)
+	// #nosec G204 arguments are well-defined by the code
 	cmd := exec.CommandContext(ctx, "git", fullArgs...)
 
 	// Print the command to be executed, but replace the URL with a safe version
 	log.Print(strings.ReplaceAll(cmd.String(), flagValues.url, displayURL))
 
 	// Make sure that the spawned process does not try to prompt for infos
-	os.Setenv("GIT_TERMINAL_PROMPT", "0")
+	if err := os.Setenv("GIT_TERMINAL_PROMPT", "0"); err != nil {
+		return "", err
+	}
 	cmd.Stdin = nil
 
 	out, err := cmd.CombinedOutput()

cmd/git/main_test.go

@@ -524,14 +524,14 @@ var _ = Describe("Git Resource", func() {
 				git_config_nosystem := os.Getenv("GIT_CONFIG_NOSYSTEM")
 
 				// unset all pre-existing git configurations to avoid credential helpers and authentication
-				os.Setenv("GIT_CONFIG_NOSYSTEM", "1")
-				os.Setenv("GIT_CONFIG", "/dev/null")
-				os.Setenv("GIT_CONFIG_GLOBAL", "/dev/null")
+				Expect(os.Setenv("GIT_CONFIG_NOSYSTEM", "1")).To(Succeed())
+				Expect(os.Setenv("GIT_CONFIG", "/dev/null")).To(Succeed())
+				Expect(os.Setenv("GIT_CONFIG_GLOBAL", "/dev/null")).To(Succeed())
 
 				DeferCleanup(func() {
-					os.Setenv("GIT_CONFIG_NOSYSTEM", git_config_nosystem)
-					os.Setenv("GIT_CONFIG", git_config)
-					os.Setenv("GIT_CONFIG_GLOBAL", git_global_config)
+					Expect(os.Setenv("GIT_CONFIG_NOSYSTEM", git_config_nosystem)).To(Succeed())
+					Expect(os.Setenv("GIT_CONFIG", git_config)).To(Succeed())
+					Expect(os.Setenv("GIT_CONFIG_GLOBAL", git_global_config)).To(Succeed())
 				})
 			})
 

cmd/waiter/main_test.go

@@ -31,6 +31,7 @@ var _ = BeforeSuite(func() {
 var _ = Describe("Waiter", func() {
 	// run creates a exec.Command instance using the arguments informed.
 	var run = func(args ...string) *gexec.Session {
+		// #nosec G204 necessary for the test
 		cmd := exec.Command(executable)
 		cmd.Args = append(cmd.Args, args...)
 		stdin := &bytes.Buffer{}

pkg/bundle/bundle.go

@@ -98,6 +98,7 @@ func Pack(directory string) (io.ReadCloser, error) {
 	var split = func(path string) []string { return strings.Split(path, string(filepath.Separator)) }
 
 	var write = func(w io.Writer, path string) error {
+		// #nosec G304 names are safe, they come from the listing
 		file, err := os.Open(path)
 		if err != nil {
 			return err
@@ -127,6 +128,7 @@ func Pack(directory string) (io.ReadCloser, error) {
 	}
 
 	var patterns []gitignore.Pattern
+	// #nosec G304 names are safe
 	if file, err := os.Open(filepath.Join(directory, shpIgnoreFilename)); err == nil {
 		defer file.Close()
 
@@ -293,13 +295,14 @@ func Unpack(in io.Reader, targetPath string) (*UnpackDetails, error) {
 				return nil, err
 			}
 
+			// #nosec G304 names are safe, they come from the listing
 			file, err := os.OpenFile(target, os.O_CREATE|os.O_RDWR, fileMode(header))
 			if err != nil {
 				return nil, err
 			}
 
 			if _, err := io.Copy(file, tr); err != nil {
-				file.Close()
+				_ = file.Close()
 				return nil, err
 			}
 

pkg/metrics/pprof.go

@@ -2,7 +2,7 @@
 //
 // SPDX-License-Identifier: Apache-2.0
 
-// +build pprof_enabled
+//go:build pprof_enabled
 
 package metrics