Merge pull request #336 from vulncheck-oss/bump-to-1.24.1

Bumped to go 1.24.1, golangci-lint 1.64.7, documented more linters, ran autofix

Author: j-baines

.github/workflows/go.yml

@@ -19,10 +19,10 @@ jobs:
     - name: Set up Go
       uses: actions/setup-go@v4
       with:
-        go-version: '1.23.1'
+        go-version: '1.24.1'
 
     - name: Install golangci-lint
-      run: curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.60.3
+      run: curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v1.64.7
 
     - name: Build
       run: go build -v ./...

.golangci.yml

@@ -6,7 +6,6 @@ linters:
 # https://golangci-lint.run/usage/linters/
 
   enable:
-
     - errcheck
     - gosimple
     - govet
@@ -53,6 +52,9 @@ linters:
     - goimports
     - gomoddirectives
     - gomodguard
+    #- goprintffuncname
+    #- gosec
+    - gosmopolitan
     - grouper
     - importas
     - interfacebloat
@@ -62,17 +64,24 @@ linters:
     - makezero
     - mirror
     - misspell
+    #- mnd
+    - musttag
     - nakedret
     #- nestif
     - nilerr
+    - nilnesserr
     - nilnil
     - nlreturn
+    #- noctx
     - nolintlint
     - nonamedreturns
+    - perfsprint
     - prealloc
     - predeclared
     - promlinter
+    - protogetter
     - reassign
+    - recvcheck
     - revive
     - rowserrcheck
     - sloglint
@@ -82,15 +91,15 @@ linters:
     - stylecheck
     - tagalign
     - tagliatelle
-    - tenv
+    - testifylint
     - unconvert
     - unparam
     - usestdlibvars
     #- varnamelen
     - wastedassign
     - whitespace
     - wrapcheck
-
+    - zerologlint
 
 linters-settings:
   cyclop:

cli/commandline.go

@@ -488,28 +488,28 @@ func printDetails(conf *config.Config) {
 		customFlags = append(customFlags, CustomFlag{
 			Name:    key,
 			Type:    fmt.Sprintf("%T", *value),
-			Default: fmt.Sprintf("%v", *value),
+			Default: *value,
 		})
 	}
 	for key, value := range conf.UintFlagsMap {
 		customFlags = append(customFlags, CustomFlag{
 			Name:    key,
 			Type:    fmt.Sprintf("%T", *value),
-			Default: fmt.Sprintf("%v", *value),
+			Default: strconv.FormatUint(uint64(*value), 10),
 		})
 	}
 	for key, value := range conf.IntFlagsMap {
 		customFlags = append(customFlags, CustomFlag{
 			Name:    key,
 			Type:    fmt.Sprintf("%T", *value),
-			Default: fmt.Sprintf("%v", *value),
+			Default: strconv.Itoa(*value),
 		})
 	}
 	for key, value := range conf.BoolFlagsMap {
 		customFlags = append(customFlags, CustomFlag{
 			Name:    key,
 			Type:    fmt.Sprintf("%T", *value),
-			Default: fmt.Sprintf("%v", *value),
+			Default: strconv.FormatBool(*value),
 		})
 	}
 

framework.go

@@ -210,7 +210,7 @@ func doVerify(sploit Exploit, conf *config.Config) bool {
 	if result {
 		output.PrintFrameworkSuccess("Target verification succeeded!", "host", conf.Rhost, "port", conf.Rport, "verified", true)
 	} else {
-		output.PrintFrameworkStatus(fmt.Sprintf("The target isn't recognized as %s", conf.Product), "host", conf.Rhost, "port", conf.Rport, "verified", false)
+		output.PrintFrameworkStatus("The target isn't recognized as "+conf.Product, "host", conf.Rhost, "port", conf.Rport, "verified", false)
 	}
 
 	return result
@@ -381,7 +381,7 @@ func doScan(sploit Exploit, conf *config.Config) bool {
 // Prints the version to the log file using status VERSION and a parsable version string (version=).
 // Additionally, updates the database if it's in use. Typically should be called from the exploit.
 func StoreVersion(conf *config.Config, version string) {
-	output.PrintVersion(fmt.Sprintf("The reported version is %s", version), conf.Rhost, conf.Rport, version)
+	output.PrintVersion("The reported version is "+version, conf.Rhost, conf.Rport, version)
 	db.UpdateVerified(conf.Product, true, version, conf.Rhost, conf.Rport)
 }
 

go.mod

@@ -1,6 +1,6 @@
 module github.com/vulncheck-oss/go-exploit
 
-go 1.23.1
+go 1.24.1
 
 require (
 	github.com/lor00x/goldap v0.0.0-20240304151906-8d785c64d1c8

java/javagadget.go

@@ -144,7 +144,7 @@ func Commons6ModifiedBashCommandBytecode(commandStr string) (string, error) {
 	return payloadBytes, nil
 }
 
-// Generated using ysoserial with CommonsCollections10
+// Generated using ysoserial with CommonsCollections10.
 func Commons10CommandBytecode(commandStr string) (string, error) {
 	if len(commandStr) > 255 || len(commandStr) < 1 {
 		return "", ErrorInvalidCommandLength("command must be between 1 and 255 characters")

protocol/afp/afp.go

@@ -796,7 +796,6 @@ func GetAppl(conn net.Conn, volID uint16, creator [4]byte, aIndex uint16, bitmap
 	return response, ok
 }
 
-
 // Sends the setfileparams command to the AFP server.
 func SetFilParams(conn net.Conn, volID uint16, dirID uint32, bitmap uint16, path string, buffer []byte) bool {
 	data := []byte{}
@@ -830,7 +829,6 @@ func SetFilParams(conn net.Conn, volID uint16, dirID uint32, bitmap uint16, path
 	return ok
 }
 
-
 // Sends the Delete command to the AFP server.
 func Delete(conn net.Conn, volumeID uint16, dirID uint32, path string) bool {
 	// requires protocol 3.2 and specific support configured at build time.

protocol/httphelper.go

@@ -67,7 +67,7 @@ func BuildURI(paths ...string) string {
 
 // BasicAuth takes a username and password and returns a string suitable for an Authorization header.
 func BasicAuth(username, password string) string {
-	return fmt.Sprintf("Basic %s", transform.EncodeBase64(username+":"+password))
+	return "Basic " + transform.EncodeBase64(username+":"+password)
 }
 
 func parseCookies(headers []string) string {

protocol/tcpsocket.go

@@ -110,7 +110,7 @@ func TCPReadAmount(conn net.Conn, amount int) ([]byte, bool) {
 	return reply, true
 }
 
-// Read an amount and dont log errors if we fail to read from the socket
+// Read an amount and dont log errors if we fail to read from the socket.
 func TCPReadAmountBlind(conn net.Conn, amount int) ([]byte, bool) {
 	reply := make([]byte, amount)
 	totalRead := 0