diff --git a/.golangci.yaml b/.golangci.yaml index b249de7aaa..80a6159ba6 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -25,16 +25,15 @@ linters: gocritic: disabled-checks: - appendAssign - - unnamedResult - - whyNoLint + - commentedOutCode + - hugeParam - importShadow # FIXME - indexAlloc - - octalLiteral - - hugeParam - rangeValCopy - regexpSimplify - sloppyReassign - - commentedOutCode + - unnamedResult + - whyNoLint enabled-tags: - diagnostic - style diff --git a/integration/standalone_tar_test.go b/integration/standalone_tar_test.go index 4a0027e774..490ef07159 100644 --- a/integration/standalone_tar_test.go +++ b/integration/standalone_tar_test.go @@ -588,7 +588,7 @@ cache: for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { configPath := filepath.Join(t.TempDir(), "trivy.yaml") - err := os.WriteFile(configPath, []byte(tt.configFile), 0600) + err := os.WriteFile(configPath, []byte(tt.configFile), 0o600) require.NoError(t, err) osArgs := []string{ diff --git a/internal/dbtest/db.go b/internal/dbtest/db.go index 7976a54e8b..b8cbf58196 100644 --- a/internal/dbtest/db.go +++ b/internal/dbtest/db.go @@ -21,7 +21,7 @@ func InitDB(t *testing.T, fixtureFiles []string) string { dbDir := db.Dir(cacheDir) dbPath := trivydb.Path(dbDir) - err := os.MkdirAll(dbDir, 0700) + err := os.MkdirAll(dbDir, 0o700) require.NoError(t, err) // Load testdata into BoltDB diff --git a/internal/testutil/fs.go b/internal/testutil/fs.go index 842cf7042c..1ed303933e 100644 --- a/internal/testutil/fs.go +++ b/internal/testutil/fs.go @@ -65,7 +65,7 @@ func MustReadYAML(t *testing.T, path string, out any) { } func MustMkdirAll(t *testing.T, dir string) { - err := os.MkdirAll(dir, 0750) + err := os.MkdirAll(dir, 0o750) require.NoError(t, err) } @@ -87,6 +87,6 @@ func MustWriteFile(t *testing.T, filePath string, content []byte) { dir := filepath.Dir(filePath) MustMkdirAll(t, dir) - err := os.WriteFile(filePath, content, 0600) + err := os.WriteFile(filePath, content, 0o600) require.NoError(t, err) } diff --git a/magefiles/fixture.go b/magefiles/fixture.go index 83eca420e3..b466c85977 100644 --- a/magefiles/fixture.go +++ b/magefiles/fixture.go @@ -23,7 +23,7 @@ var auth = crane.WithAuthFromKeychain(authn.NewMultiKeychain(authn.DefaultKeycha func fixtureContainerImages() error { var testImages = testutil.ImageName("", "", "") - if err := os.MkdirAll(dir, 0750); err != nil { + if err := os.MkdirAll(dir, 0o750); err != nil { return err } tags, err := crane.ListTags(testImages, auth) @@ -71,7 +71,7 @@ func fixtureVMImages() error { titleAnnotation = "org.opencontainers.image.title" dir = "integration/testdata/fixtures/vm-images/" ) - if err := os.MkdirAll(dir, 0750); err != nil { + if err := os.MkdirAll(dir, 0o750); err != nil { return err } tags, err := crane.ListTags(testVMImages, auth) diff --git a/magefiles/helm_test.go b/magefiles/helm_test.go index f2e3233d28..355dacf049 100644 --- a/magefiles/helm_test.go +++ b/magefiles/helm_test.go @@ -78,7 +78,7 @@ keywords: - trivy - vulnerability ` - err = os.WriteFile(tempFile.Name(), []byte(content), 0644) + err = os.WriteFile(tempFile.Name(), []byte(content), 0o644) assert.NoError(t, err) newVersion, err := bumpHelmChart(tempFile.Name(), "0.55.1") diff --git a/magefiles/schema.go b/magefiles/schema.go index 6cbf8b950a..5b29487d40 100644 --- a/magefiles/schema.go +++ b/magefiles/schema.go @@ -45,7 +45,7 @@ func GenSchema() error { if err != nil { return err } - if err := os.WriteFile(schemaPath, data, 0600); err != nil { + if err := os.WriteFile(schemaPath, data, 0o600); err != nil { return err } return nil diff --git a/pkg/cache/fs.go b/pkg/cache/fs.go index edfac70b04..5b43a11050 100644 --- a/pkg/cache/fs.go +++ b/pkg/cache/fs.go @@ -21,11 +21,11 @@ type FSCache struct { func NewFSCache(cacheDir string) (FSCache, error) { dir := filepath.Join(cacheDir, scanCacheDirName) - if err := os.MkdirAll(dir, 0700); err != nil { + if err := os.MkdirAll(dir, 0o700); err != nil { return FSCache{}, xerrors.Errorf("failed to create cache dir: %w", err) } - db, err := bolt.Open(filepath.Join(dir, "fanal.db"), 0600, nil) + db, err := bolt.Open(filepath.Join(dir, "fanal.db"), 0o600, nil) if err != nil { return FSCache{}, xerrors.Errorf("unable to open DB: %w", err) } diff --git a/pkg/cache/fs_test.go b/pkg/cache/fs_test.go index e2c517017b..3729a0763e 100644 --- a/pkg/cache/fs_test.go +++ b/pkg/cache/fs_test.go @@ -20,7 +20,7 @@ func newTempDB(t *testing.T, dbPath string) (string, error) { dir := t.TempDir() if dbPath != "" { d := filepath.Join(dir, "fanal") - if err := os.MkdirAll(d, 0700); err != nil { + if err := os.MkdirAll(d, 0o700); err != nil { return "", err } diff --git a/pkg/commands/auth/run_test.go b/pkg/commands/auth/run_test.go index 37495eca23..5b9ea3a0b0 100644 --- a/pkg/commands/auth/run_test.go +++ b/pkg/commands/auth/run_test.go @@ -120,7 +120,7 @@ func TestLogout(t *testing.T) { t.Run("success", func(t *testing.T) { configFile := filepath.Join(tmpDir, "config.json") - err := os.WriteFile(configFile, []byte(`{"auths": {"auth.test": {"auth": "dXNlcjpwYXNz"}}}`), 0600) + err := os.WriteFile(configFile, []byte(`{"auths": {"auth.test": {"auth": "dXNlcjpwYXNz"}}}`), 0o600) require.NoError(t, err) err = auth.Logout(t.Context(), "auth.test") diff --git a/pkg/commands/clean/run_test.go b/pkg/commands/clean/run_test.go index 4f1c26bc4c..84080a88d9 100644 --- a/pkg/commands/clean/run_test.go +++ b/pkg/commands/clean/run_test.go @@ -152,11 +152,11 @@ func createTestFiles(t *testing.T, dir string) { "vex", } for _, subdir := range subdirs { - err := os.MkdirAll(filepath.Join(dir, subdir), 0755) + err := os.MkdirAll(filepath.Join(dir, subdir), 0o755) require.NoError(t, err) testFile := filepath.Join(dir, subdir, "testfile.txt") - err = os.WriteFile(testFile, []byte("test content"), 0644) + err = os.WriteFile(testFile, []byte("test content"), 0o644) require.NoError(t, err) } } diff --git a/pkg/detector/ospkg/alpine/alpine.go b/pkg/detector/ospkg/alpine/alpine.go index f29e4e9ee5..6a04bbe267 100644 --- a/pkg/detector/ospkg/alpine/alpine.go +++ b/pkg/detector/ospkg/alpine/alpine.go @@ -17,41 +17,39 @@ import ( "github.com/aquasecurity/trivy/pkg/types" ) -var ( - eolDates = map[string]time.Time{ - "2.0": time.Date(2012, 4, 1, 23, 59, 59, 0, time.UTC), - "2.1": time.Date(2012, 11, 1, 23, 59, 59, 0, time.UTC), - "2.2": time.Date(2013, 5, 1, 23, 59, 59, 0, time.UTC), - "2.3": time.Date(2013, 11, 1, 23, 59, 59, 0, time.UTC), - "2.4": time.Date(2014, 5, 1, 23, 59, 59, 0, time.UTC), - "2.5": time.Date(2014, 11, 1, 23, 59, 59, 0, time.UTC), - "2.6": time.Date(2015, 5, 1, 23, 59, 59, 0, time.UTC), - "2.7": time.Date(2015, 11, 1, 23, 59, 59, 0, time.UTC), - "3.0": time.Date(2016, 5, 1, 23, 59, 59, 0, time.UTC), - "3.1": time.Date(2016, 11, 1, 23, 59, 59, 0, time.UTC), - "3.2": time.Date(2017, 5, 1, 23, 59, 59, 0, time.UTC), - "3.3": time.Date(2017, 11, 1, 23, 59, 59, 0, time.UTC), - "3.4": time.Date(2018, 5, 1, 23, 59, 59, 0, time.UTC), - "3.5": time.Date(2018, 11, 1, 23, 59, 59, 0, time.UTC), - "3.6": time.Date(2019, 5, 1, 23, 59, 59, 0, time.UTC), - "3.7": time.Date(2019, 11, 1, 23, 59, 59, 0, time.UTC), - "3.8": time.Date(2020, 5, 1, 23, 59, 59, 0, time.UTC), - "3.9": time.Date(2020, 11, 1, 23, 59, 59, 0, time.UTC), - "3.10": time.Date(2021, 5, 1, 23, 59, 59, 0, time.UTC), - "3.11": time.Date(2021, 11, 1, 23, 59, 59, 0, time.UTC), - "3.12": time.Date(2022, 5, 1, 23, 59, 59, 0, time.UTC), - "3.13": time.Date(2022, 11, 1, 23, 59, 59, 0, time.UTC), - "3.14": time.Date(2023, 5, 1, 23, 59, 59, 0, time.UTC), - "3.15": time.Date(2023, 11, 1, 23, 59, 59, 0, time.UTC), - "3.16": time.Date(2024, 5, 23, 23, 59, 59, 0, time.UTC), - "3.17": time.Date(2024, 11, 22, 23, 59, 59, 0, time.UTC), - "3.18": time.Date(2025, 5, 9, 23, 59, 59, 0, time.UTC), - "3.19": time.Date(2025, 11, 1, 23, 59, 59, 0, time.UTC), - "3.20": time.Date(2026, 04, 1, 23, 59, 59, 0, time.UTC), - "3.21": time.Date(2026, 12, 5, 23, 59, 59, 0, time.UTC), - "edge": time.Date(9999, 1, 1, 0, 0, 0, 0, time.UTC), - } -) +var eolDates = map[string]time.Time{ + "2.0": time.Date(2012, 4, 1, 23, 59, 59, 0, time.UTC), + "2.1": time.Date(2012, 11, 1, 23, 59, 59, 0, time.UTC), + "2.2": time.Date(2013, 5, 1, 23, 59, 59, 0, time.UTC), + "2.3": time.Date(2013, 11, 1, 23, 59, 59, 0, time.UTC), + "2.4": time.Date(2014, 5, 1, 23, 59, 59, 0, time.UTC), + "2.5": time.Date(2014, 11, 1, 23, 59, 59, 0, time.UTC), + "2.6": time.Date(2015, 5, 1, 23, 59, 59, 0, time.UTC), + "2.7": time.Date(2015, 11, 1, 23, 59, 59, 0, time.UTC), + "3.0": time.Date(2016, 5, 1, 23, 59, 59, 0, time.UTC), + "3.1": time.Date(2016, 11, 1, 23, 59, 59, 0, time.UTC), + "3.2": time.Date(2017, 5, 1, 23, 59, 59, 0, time.UTC), + "3.3": time.Date(2017, 11, 1, 23, 59, 59, 0, time.UTC), + "3.4": time.Date(2018, 5, 1, 23, 59, 59, 0, time.UTC), + "3.5": time.Date(2018, 11, 1, 23, 59, 59, 0, time.UTC), + "3.6": time.Date(2019, 5, 1, 23, 59, 59, 0, time.UTC), + "3.7": time.Date(2019, 11, 1, 23, 59, 59, 0, time.UTC), + "3.8": time.Date(2020, 5, 1, 23, 59, 59, 0, time.UTC), + "3.9": time.Date(2020, 11, 1, 23, 59, 59, 0, time.UTC), + "3.10": time.Date(2021, 5, 1, 23, 59, 59, 0, time.UTC), + "3.11": time.Date(2021, 11, 1, 23, 59, 59, 0, time.UTC), + "3.12": time.Date(2022, 5, 1, 23, 59, 59, 0, time.UTC), + "3.13": time.Date(2022, 11, 1, 23, 59, 59, 0, time.UTC), + "3.14": time.Date(2023, 5, 1, 23, 59, 59, 0, time.UTC), + "3.15": time.Date(2023, 11, 1, 23, 59, 59, 0, time.UTC), + "3.16": time.Date(2024, 5, 23, 23, 59, 59, 0, time.UTC), + "3.17": time.Date(2024, 11, 22, 23, 59, 59, 0, time.UTC), + "3.18": time.Date(2025, 5, 9, 23, 59, 59, 0, time.UTC), + "3.19": time.Date(2025, 11, 1, 23, 59, 59, 0, time.UTC), + "3.20": time.Date(2026, 4, 1, 23, 59, 59, 0, time.UTC), + "3.21": time.Date(2026, 12, 5, 23, 59, 59, 0, time.UTC), + "edge": time.Date(9999, 1, 1, 0, 0, 0, 0, time.UTC), +} // Scanner implements the Alpine scanner type Scanner struct { diff --git a/pkg/fanal/analyzer/analyzer_test.go b/pkg/fanal/analyzer/analyzer_test.go index d096b32b1c..02fe82cc84 100644 --- a/pkg/fanal/analyzer/analyzer_test.go +++ b/pkg/fanal/analyzer/analyzer_test.go @@ -534,9 +534,9 @@ func TestAnalyzerGroup_AnalyzeFile(t *testing.T) { if tt.args.testFilePath == "testdata/error" { return nil, xerrors.New("error") } else if tt.args.testFilePath == "testdata/no-permission" { - os.Chmod(tt.args.testFilePath, 0000) + os.Chmod(tt.args.testFilePath, 0o000) t.Cleanup(func() { - os.Chmod(tt.args.testFilePath, 0644) + os.Chmod(tt.args.testFilePath, 0o644) }) } return os.Open(tt.args.testFilePath) diff --git a/pkg/fanal/analyzer/fs.go b/pkg/fanal/analyzer/fs.go index 2d2922e7c3..244bd5bdaa 100644 --- a/pkg/fanal/analyzer/fs.go +++ b/pkg/fanal/analyzer/fs.go @@ -54,7 +54,7 @@ func (c *CompositeFS) CopyFileToTemp(opener Opener, _ os.FileInfo) (string, erro } // Use 0600 instead of file permissions to avoid errors when a file uses incorrect permissions (e.g. 0044). - if err = os.Chmod(f.Name(), 0600); err != nil { + if err = os.Chmod(f.Name(), 0o600); err != nil { return "", xerrors.Errorf("chmod error: %w", err) } diff --git a/pkg/fanal/analyzer/imgconf/dockerfile/dockerfile.go b/pkg/fanal/analyzer/imgconf/dockerfile/dockerfile.go index 5dcd0fc19a..6dea2cd81e 100644 --- a/pkg/fanal/analyzer/imgconf/dockerfile/dockerfile.go +++ b/pkg/fanal/analyzer/imgconf/dockerfile/dockerfile.go @@ -58,7 +58,7 @@ func (a *historyAnalyzer) Analyze(ctx context.Context, input analyzer.ConfigAnal fsys := mapfs.New() if err := fsys.WriteVirtualFile( - "Dockerfile", imageConfigToDockerfile(input.Config), 0600); err != nil { + "Dockerfile", imageConfigToDockerfile(input.Config), 0o600); err != nil { return nil, xerrors.Errorf("mapfs write error: %w", err) } diff --git a/pkg/fanal/analyzer/language/golang/binary/binary_test.go b/pkg/fanal/analyzer/language/golang/binary/binary_test.go index 352c918a92..f4a7a4242a 100644 --- a/pkg/fanal/analyzer/language/golang/binary/binary_test.go +++ b/pkg/fanal/analyzer/language/golang/binary/binary_test.go @@ -125,5 +125,4 @@ func Test_gobinaryLibraryAnalyzer_Required(t *testing.T) { assert.Equal(t, tt.want, got, fileInfo.Mode().Perm()) }) } - } diff --git a/pkg/fanal/analyzer/language/python/pip/pip_test.go b/pkg/fanal/analyzer/language/python/pip/pip_test.go index eb07ed409e..8121d0ad41 100644 --- a/pkg/fanal/analyzer/language/python/pip/pip_test.go +++ b/pkg/fanal/analyzer/language/python/pip/pip_test.go @@ -163,7 +163,7 @@ func Test_pipAnalyzer_Analyze(t *testing.T) { pythonExecFileName = "python.exe" } // create temp python3 Executable - err = os.WriteFile(filepath.Join(tt.pythonExecDir, pythonExecFileName), nil, 0755) + err = os.WriteFile(filepath.Join(tt.pythonExecDir, pythonExecFileName), nil, 0o755) require.NoError(t, err) newPATH, err = filepath.Abs(tt.pythonExecDir) @@ -245,7 +245,7 @@ func Test_pythonExecutablePath(t *testing.T) { if runtime.GOOS == "windows" { tt.execName += ".exe" } - err = os.WriteFile(filepath.Join(binDir, tt.execName), nil, 0755) + err = os.WriteFile(filepath.Join(binDir, tt.execName), nil, 0o755) require.NoError(t, err) t.Setenv("PATH", binDir) diff --git a/pkg/fanal/artifact/repo/git_test.go b/pkg/fanal/artifact/repo/git_test.go index 9b6b35f686..70c1014b1d 100644 --- a/pkg/fanal/artifact/repo/git_test.go +++ b/pkg/fanal/artifact/repo/git_test.go @@ -209,7 +209,7 @@ func TestArtifact_Inspect(t *testing.T) { name: "dirty repository", rawurl: "../../../../internal/gittest/testdata/test-repo", setup: func(t *testing.T, dir string, _ cache.ArtifactCache) { - require.NoError(t, os.WriteFile(filepath.Join(dir, "new-file.txt"), []byte("test"), 0644)) + require.NoError(t, os.WriteFile(filepath.Join(dir, "new-file.txt"), []byte("test"), 0o644)) t.Cleanup(func() { require.NoError(t, os.Remove(filepath.Join(dir, "new-file.txt"))) }) diff --git a/pkg/fanal/image/image_test.go b/pkg/fanal/image/image_test.go index abdd3467fd..43d3154d54 100644 --- a/pkg/fanal/image/image_test.go +++ b/pkg/fanal/image/image_test.go @@ -163,16 +163,16 @@ func TestNewDockerImage(t *testing.T) { wantConfigFile: &v1.ConfigFile{ Architecture: "amd64", Container: "7f4a36a667d138b079b5ff059485ff65bfbb5ebc48f24a89f983b918e73f4f28", - Created: v1.Time{Time: time.Date(2020, 1, 23, 16, 53, 06, 686519038, time.UTC)}, + Created: v1.Time{Time: time.Date(2020, 1, 23, 16, 53, 6, 686519038, time.UTC)}, DockerVersion: "18.06.1-ce", History: []v1.History{ { - Created: v1.Time{Time: time.Date(2020, 1, 23, 16, 53, 06, 551172402, time.UTC)}, + Created: v1.Time{Time: time.Date(2020, 1, 23, 16, 53, 6, 551172402, time.UTC)}, CreatedBy: "/bin/sh -c #(nop) ADD file:d48cac34fac385cbc1de6adfdd88300f76f9bbe346cd17e64fd834d042a98326 in / ", EmptyLayer: false, }, { - Created: v1.Time{Time: time.Date(2020, 1, 23, 16, 53, 06, 686519038, time.UTC)}, + Created: v1.Time{Time: time.Date(2020, 1, 23, 16, 53, 6, 686519038, time.UTC)}, CreatedBy: "/bin/sh -c #(nop) CMD [\"/bin/sh\"]", Comment: "", EmptyLayer: true, @@ -222,16 +222,16 @@ func TestNewDockerImage(t *testing.T) { wantConfigFile: &v1.ConfigFile{ Architecture: "amd64", Container: "7f4a36a667d138b079b5ff059485ff65bfbb5ebc48f24a89f983b918e73f4f28", - Created: v1.Time{Time: time.Date(2020, 1, 23, 16, 53, 06, 686519038, time.UTC)}, + Created: v1.Time{Time: time.Date(2020, 1, 23, 16, 53, 6, 686519038, time.UTC)}, DockerVersion: "18.06.1-ce", History: []v1.History{ { - Created: v1.Time{Time: time.Date(2020, 1, 23, 16, 53, 06, 551172402, time.UTC)}, + Created: v1.Time{Time: time.Date(2020, 1, 23, 16, 53, 6, 551172402, time.UTC)}, CreatedBy: "/bin/sh -c #(nop) ADD file:d48cac34fac385cbc1de6adfdd88300f76f9bbe346cd17e64fd834d042a98326 in / ", EmptyLayer: false, }, { - Created: v1.Time{Time: time.Date(2020, 1, 23, 16, 53, 06, 686519038, time.UTC)}, + Created: v1.Time{Time: time.Date(2020, 1, 23, 16, 53, 6, 686519038, time.UTC)}, CreatedBy: "/bin/sh -c #(nop) CMD [\"/bin/sh\"]", Comment: "", EmptyLayer: true, diff --git a/pkg/fanal/utils/utils.go b/pkg/fanal/utils/utils.go index 4dbff6da9c..9b7fd01739 100644 --- a/pkg/fanal/utils/utils.go +++ b/pkg/fanal/utils/utils.go @@ -20,9 +20,7 @@ import ( xio "github.com/aquasecurity/trivy/pkg/x/io" ) -var ( - PathSeparator = fmt.Sprintf("%c", os.PathSeparator) -) +var PathSeparator = fmt.Sprintf("%c", os.PathSeparator) func CacheDir() string { cacheDir, err := os.UserCacheDir() @@ -59,7 +57,7 @@ func IsExecutable(fileInfo os.FileInfo) bool { } // Check unpackaged file - if mode.Perm()&0111 != 0 { + if mode.Perm()&0o111 != 0 { return true } return false diff --git a/pkg/iac/rego/scanner_test.go b/pkg/iac/rego/scanner_test.go index 5443eec833..90f8092918 100644 --- a/pkg/iac/rego/scanner_test.go +++ b/pkg/iac/rego/scanner_test.go @@ -66,12 +66,12 @@ deny { func Test_RegoScanning_AbsolutePolicyPath_Deny(t *testing.T) { tmp := t.TempDir() - require.NoError(t, os.Mkdir(filepath.Join(tmp, "policies"), 0755)) + require.NoError(t, os.Mkdir(filepath.Join(tmp, "policies"), 0o755)) require.NoError(t, os.WriteFile(filepath.Join(tmp, "policies", "test.rego"), []byte(`package defsec.test deny { input.evil -}`), 0600)) +}`), 0o600)) srcFS := os.DirFS(tmp) diff --git a/pkg/iac/scanners/azure/arm/parser/parser_test.go b/pkg/iac/scanners/azure/arm/parser/parser_test.go index 05b06c3841..892f41baff 100644 --- a/pkg/iac/scanners/azure/arm/parser/parser_test.go +++ b/pkg/iac/scanners/azure/arm/parser/parser_test.go @@ -22,7 +22,6 @@ func createMetadata(targetFS fs.FS, filename string, start, end int, ref string, } func TestParser_Parse(t *testing.T) { - filename := "example.json" targetFS := memoryfs.New() @@ -49,7 +48,6 @@ func TestParser_Parse(t *testing.T) { "resources": [] }`, want: func() azure2.Deployment { - root := createMetadata(targetFS, filename, 0, 0, "", nil).WithInternal(resolver.NewResolver()) metadata := createMetadata(targetFS, filename, 1, 13, "", &root) parametersMetadata := createMetadata(targetFS, filename, 4, 11, "parameters", &metadata) @@ -120,7 +118,6 @@ func TestParser_Parse(t *testing.T) { ] }`, want: func() azure2.Deployment { - rootMetadata := createMetadata(targetFS, filename, 0, 0, "", nil).WithInternal(resolver.NewResolver()) fileMetadata := createMetadata(targetFS, filename, 1, 45, "", &rootMetadata) resourcesMetadata := createMetadata(targetFS, filename, 5, 44, "resources", &fileMetadata) @@ -199,8 +196,7 @@ func TestParser_Parse(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - - require.NoError(t, targetFS.WriteFile(filename, []byte(tt.input), 0644)) + require.NoError(t, targetFS.WriteFile(filename, []byte(tt.input), 0o644)) p := New(targetFS) got, err := p.ParseFS(t.Context(), ".") @@ -221,7 +217,6 @@ func TestParser_Parse(t *testing.T) { } func Test_NestedResourceParsing(t *testing.T) { - input := ` { "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", @@ -288,7 +283,7 @@ func Test_NestedResourceParsing(t *testing.T) { targetFS := memoryfs.New() - require.NoError(t, targetFS.WriteFile("nested.json", []byte(input), 0644)) + require.NoError(t, targetFS.WriteFile("nested.json", []byte(input), 0o644)) p := New(targetFS) got, err := p.ParseFS(t.Context(), ".") @@ -316,7 +311,7 @@ func Test_NestedResourceParsing(t *testing.T) { // // targetFS := memoryfs.New() // -// require.NoError(t, targetFS.WriteFile("postgres.json", input, 0644)) +// require.NoError(t, targetFS.WriteFile("postgres.json", input, 0o644)) // // p := New(targetFS, options.ParserWithDebug(os.Stderr)) // got, err := p.ParseFS(context.Background(), ".") diff --git a/pkg/iac/scanners/cloudformation/parser/parser_test.go b/pkg/iac/scanners/cloudformation/parser/parser_test.go index 4242f02a76..8cc8031e8d 100644 --- a/pkg/iac/scanners/cloudformation/parser/parser_test.go +++ b/pkg/iac/scanners/cloudformation/parser/parser_test.go @@ -14,13 +14,12 @@ import ( func parseFile(t *testing.T, source, name string) (FileContexts, error) { tmp := t.TempDir() - require.NoError(t, os.WriteFile(filepath.Join(tmp, name), []byte(source), 0600)) + require.NoError(t, os.WriteFile(filepath.Join(tmp, name), []byte(source), 0o600)) fs := os.DirFS(tmp) return New().ParseFS(t.Context(), fs, ".") } func Test_parse_yaml(t *testing.T) { - source := `--- Parameters: BucketName: @@ -98,7 +97,6 @@ func Test_parse_json(t *testing.T) { } func Test_parse_yaml_with_map_ref(t *testing.T) { - source := `--- Parameters: BucketName: @@ -135,7 +133,6 @@ Resources: } func Test_parse_yaml_with_intrinsic_functions(t *testing.T) { - source := `--- Parameters: BucketName: @@ -229,7 +226,6 @@ Resources: } func TestParse_WithParameters(t *testing.T) { - fs := testutil.CreateFS(t, map[string]string{ "main.yaml": `AWSTemplateFormatVersion: 2010-09-09 Parameters: diff --git a/pkg/mapfs/fs_test.go b/pkg/mapfs/fs_test.go index d00d5626a9..736ab4eeb2 100644 --- a/pkg/mapfs/fs_test.go +++ b/pkg/mapfs/fs_test.go @@ -21,7 +21,7 @@ type fileInfo struct { } var ( - filePerm = lo.Ternary(runtime.GOOS == "windows", fs.FileMode(0666), fs.FileMode(0644)) + filePerm = lo.Ternary(runtime.GOOS == "windows", fs.FileMode(0o666), fs.FileMode(0o644)) helloFileInfo = fileInfo{ name: "hello.txt", fileMode: filePerm, @@ -36,13 +36,13 @@ var ( } virtualFileInfo = fileInfo{ name: "virtual.txt", - fileMode: 0600, + fileMode: 0o600, isDir: false, size: 7, } cdirFileInfo = fileInfo{ name: "c", - fileMode: fs.FileMode(0700) | fs.ModeDir, + fileMode: fs.FileMode(0o700) | fs.ModeDir, isDir: true, size: 256, } @@ -50,13 +50,13 @@ var ( func initFS(t *testing.T) *mapfs.FS { fsys := mapfs.New() - require.NoError(t, fsys.MkdirAll("a/b/c", 0700)) - require.NoError(t, fsys.MkdirAll("a/b/empty", 0700)) + require.NoError(t, fsys.MkdirAll("a/b/c", 0o700)) + require.NoError(t, fsys.MkdirAll("a/b/empty", 0o700)) require.NoError(t, fsys.WriteFile("hello.txt", "testdata/hello.txt")) require.NoError(t, fsys.WriteFile("a/b/b.txt", "testdata/b.txt")) require.NoError(t, fsys.WriteFile("a/b/c/c.txt", "testdata/c.txt")) require.NoError(t, fsys.WriteFile("a/b/c/.dotfile", "testdata/dotfile")) - require.NoError(t, fsys.WriteVirtualFile("a/b/c/virtual.txt", []byte("virtual"), 0600)) + require.NoError(t, fsys.WriteVirtualFile("a/b/c/virtual.txt", []byte("virtual"), 0o600)) return fsys } @@ -163,12 +163,12 @@ func TestFS_ReadDir(t *testing.T) { want: []dirEntry{ { name: "a", - fileMode: fs.FileMode(0700) | fs.ModeDir, + fileMode: fs.FileMode(0o700) | fs.ModeDir, isDir: true, size: 0x100, fileInfo: fileInfo{ name: "a", - fileMode: fs.FileMode(0700) | fs.ModeDir, + fileMode: fs.FileMode(0o700) | fs.ModeDir, isDir: true, size: 0x100, }, @@ -213,7 +213,7 @@ func TestFS_ReadDir(t *testing.T) { }, { name: "virtual.txt", - fileMode: 0600, + fileMode: 0o600, isDir: false, size: 0, fileInfo: virtualFileInfo, diff --git a/pkg/misconf/scanner.go b/pkg/misconf/scanner.go index acb3a67687..e11d968c4e 100644 --- a/pkg/misconf/scanner.go +++ b/pkg/misconf/scanner.go @@ -454,11 +454,11 @@ func CreateDataFS(dataPaths []string, opts ...string) (fs.FS, []string, error) { // Check if k8sVersion is provided if len(opts) > 0 { k8sVersion := opts[0] - if err := fsys.MkdirAll("system", 0700); err != nil { + if err := fsys.MkdirAll("system", 0o700); err != nil { return nil, nil, err } data := []byte(fmt.Sprintf(`{"k8s": {"version": %q}}`, k8sVersion)) - if err := fsys.WriteVirtualFile("system/k8s-version.json", data, 0600); err != nil { + if err := fsys.WriteVirtualFile("system/k8s-version.json", data, 0o600); err != nil { return nil, nil, err } } diff --git a/pkg/misconf/scanner_test.go b/pkg/misconf/scanner_test.go index 81a6c4c049..45dd655284 100644 --- a/pkg/misconf/scanner_test.go +++ b/pkg/misconf/scanner_test.go @@ -150,7 +150,7 @@ func TestScanner_Scan(t *testing.T) { // Create a virtual filesystem for testing fsys := mapfs.New() for _, f := range tt.files { - err := fsys.WriteVirtualFile(f.path, f.content, 0666) + err := fsys.WriteVirtualFile(f.path, f.content, 0o666) require.NoError(t, err) } @@ -172,7 +172,7 @@ func TestScanner_Scan(t *testing.T) { func Test_createPolicyFS(t *testing.T) { t.Run("outside pwd", func(t *testing.T) { tmpDir := t.TempDir() - require.NoError(t, os.MkdirAll(filepath.Join(tmpDir, "subdir", "testdir"), 0750)) + require.NoError(t, os.MkdirAll(filepath.Join(tmpDir, "subdir", "testdir"), 0o750)) f, got, err := CreatePolicyFS([]string{filepath.Join(tmpDir, "subdir", "testdir")}) assertFS(t, tmpDir, f, got, err) }) @@ -181,7 +181,7 @@ func Test_createPolicyFS(t *testing.T) { func Test_CreateDataFS(t *testing.T) { t.Run("outside pwd", func(t *testing.T) { tmpDir := t.TempDir() - require.NoError(t, os.MkdirAll(filepath.Join(tmpDir, "subdir", "testdir"), 0750)) + require.NoError(t, os.MkdirAll(filepath.Join(tmpDir, "subdir", "testdir"), 0o750)) f, got, err := CreateDataFS([]string{filepath.Join(tmpDir, "subdir", "testdir")}) assertFS(t, tmpDir, f, got, err) }) diff --git a/pkg/plugin/manager_unix_test.go b/pkg/plugin/manager_unix_test.go index d37073dcb6..2299407249 100644 --- a/pkg/plugin/manager_unix_test.go +++ b/pkg/plugin/manager_unix_test.go @@ -57,7 +57,7 @@ func modifyManifest(t *testing.T, worktree, version string) { require.NoError(t, err) b = bytes.ReplaceAll(b, []byte("0.2.0"), []byte(version)) - err = os.WriteFile(manifestPath, b, 0644) + err = os.WriteFile(manifestPath, b, 0o644) require.NoError(t, err) } @@ -200,7 +200,7 @@ func TestManager_Install(t *testing.T) { // For plugin index pluginDir := filepath.Join(dst, ".trivy", "plugins") - err := os.MkdirAll(pluginDir, 0755) + err := os.MkdirAll(pluginDir, 0o755) require.NoError(t, err) _, err = fsutils.CopyFile("testdata/.trivy/plugins/index.yaml", filepath.Join(pluginDir, "index.yaml")) require.NoError(t, err) diff --git a/pkg/policy/policy_test.go b/pkg/policy/policy_test.go index bea9d3aa5c..420d652c4a 100644 --- a/pkg/policy/policy_test.go +++ b/pkg/policy/policy_test.go @@ -360,7 +360,7 @@ func TestClient_DownloadBuiltinChecks(t *testing.T) { func TestClient_Clear(t *testing.T) { cacheDir := t.TempDir() - err := os.MkdirAll(filepath.Join(cacheDir, "policy"), 0755) + err := os.MkdirAll(filepath.Join(cacheDir, "policy"), 0o755) require.NoError(t, err) c, err := policy.NewClient(cacheDir, true, "") diff --git a/pkg/remote/remote_test.go b/pkg/remote/remote_test.go index d35051757e..a2efab1d72 100644 --- a/pkg/remote/remote_test.go +++ b/pkg/remote/remote_test.go @@ -51,7 +51,7 @@ func setupDockerConfig(t *testing.T, content string) { cd := setupConfigDir(t) p := filepath.Join(cd, "config.json") - err := os.WriteFile(p, []byte(content), 0600) + err := os.WriteFile(p, []byte(content), 0o600) require.NoError(t, err) } diff --git a/pkg/sbom/cyclonedx/marshal_test.go b/pkg/sbom/cyclonedx/marshal_test.go index e3c7afdd12..c606d3248c 100644 --- a/pkg/sbom/cyclonedx/marshal_test.go +++ b/pkg/sbom/cyclonedx/marshal_test.go @@ -1510,7 +1510,7 @@ func TestMarshaler_MarshalReport(t *testing.T) { References: []string{ "https://access.redhat.com/security/cve/CVE-2022-42003", }, - PublishedDate: lo.ToPtr(time.Date(2022, 10, 02, 05, 15, 0, 0, time.UTC)), + PublishedDate: lo.ToPtr(time.Date(2022, 10, 2, 5, 15, 0, 0, time.UTC)), LastModifiedDate: lo.ToPtr(time.Date(2022, 12, 20, 10, 15, 0, 0, time.UTC)), }, }, @@ -1717,7 +1717,7 @@ func TestMarshaler_MarshalReport(t *testing.T) { "https://github.com/advisories/GHSA-xm2m-2q6h-22jw", }, PublishedDate: lo.ToPtr(time.Date(2023, 6, 12, 16, 15, 0, 0, time.UTC)), - LastModifiedDate: lo.ToPtr(time.Date(2023, 6, 21, 02, 20, 0, 0, time.UTC)), + LastModifiedDate: lo.ToPtr(time.Date(2023, 6, 21, 2, 20, 0, 0, time.UTC)), }, }, { @@ -1768,7 +1768,7 @@ func TestMarshaler_MarshalReport(t *testing.T) { "https://github.com/advisories/GHSA-xm2m-2q6h-22jw", }, PublishedDate: lo.ToPtr(time.Date(2023, 6, 12, 16, 15, 0, 0, time.UTC)), - LastModifiedDate: lo.ToPtr(time.Date(2023, 6, 21, 02, 20, 0, 0, time.UTC)), + LastModifiedDate: lo.ToPtr(time.Date(2023, 6, 21, 2, 20, 0, 0, time.UTC)), }, }, }, diff --git a/pkg/vex/repo/manager.go b/pkg/vex/repo/manager.go index b157156bdf..8fe2d90190 100644 --- a/pkg/vex/repo/manager.go +++ b/pkg/vex/repo/manager.go @@ -66,7 +66,7 @@ func NewManager(cacheRoot string, opts ...ManagerOption) *Manager { } func (m *Manager) writeConfig(conf Config) error { - if err := os.MkdirAll(filepath.Dir(m.configFile), 0700); err != nil { + if err := os.MkdirAll(filepath.Dir(m.configFile), 0o700); err != nil { return xerrors.Errorf("failed to mkdir: %w", err) } f, err := os.Create(m.configFile) diff --git a/pkg/vex/repo/manager_test.go b/pkg/vex/repo/manager_test.go index 9235bc3a30..74aa7a05e7 100644 --- a/pkg/vex/repo/manager_test.go +++ b/pkg/vex/repo/manager_test.go @@ -321,9 +321,9 @@ func TestManager_Clear(t *testing.T) { // Create some dummy files cacheDir := filepath.Join(tempDir, "vex") - require.NoError(t, os.MkdirAll(cacheDir, 0755)) + require.NoError(t, os.MkdirAll(cacheDir, 0o755)) dummyFile := filepath.Join(cacheDir, "dummy.txt") - require.NoError(t, os.WriteFile(dummyFile, []byte("dummy"), 0644)) + require.NoError(t, os.WriteFile(dummyFile, []byte("dummy"), 0o644)) err := m.Clear() require.NoError(t, err) diff --git a/pkg/vex/repo/repo.go b/pkg/vex/repo/repo.go index b9637c229e..9a24d17631 100644 --- a/pkg/vex/repo/repo.go +++ b/pkg/vex/repo/repo.go @@ -147,7 +147,7 @@ func (r *Repository) Index(ctx context.Context) (Index, error) { } func (r *Repository) downloadManifest(ctx context.Context, opts Options) error { - if err := os.MkdirAll(r.dir, 0700); err != nil { + if err := os.MkdirAll(r.dir, 0o700); err != nil { return xerrors.Errorf("failed to mkdir: %w", err) } @@ -227,7 +227,7 @@ func (r *Repository) download(ctx context.Context, ver Version, dst string, opts if len(ver.Locations) == 0 { return xerrors.Errorf("no locations found for version %s", ver.SpecVersion) } - if err := os.MkdirAll(dst, 0700); err != nil { + if err := os.MkdirAll(dst, 0o700); err != nil { return xerrors.Errorf("failed to mkdir: %w", err) } diff --git a/pkg/vex/repo_test.go b/pkg/vex/repo_test.go index 2495584ea6..5316b718eb 100644 --- a/pkg/vex/repo_test.go +++ b/pkg/vex/repo_test.go @@ -90,12 +90,12 @@ repositories: // Create the vex directory in the temporary directory vexDir := filepath.Join(tmpDir, ".trivy", "vex") - err := os.MkdirAll(vexDir, 0755) + err := os.MkdirAll(vexDir, 0o755) require.NoError(t, err) // Write the config file configPath := filepath.Join(vexDir, "repository.yaml") - err = os.WriteFile(configPath, []byte(tt.configContent), 0644) + err = os.WriteFile(configPath, []byte(tt.configContent), 0o644) require.NoError(t, err) ctx := t.Context() diff --git a/pkg/vex/vex_test.go b/pkg/vex/vex_test.go index e85c270f86..6d9f25e92c 100644 --- a/pkg/vex/vex_test.go +++ b/pkg/vex/vex_test.go @@ -481,7 +481,7 @@ func TestFilter(t *testing.T) { setup: func(t *testing.T, tmpDir string) { // Create repository.yaml vexDir := filepath.Join(tmpDir, ".trivy", "vex") - require.NoError(t, os.MkdirAll(vexDir, 0755)) + require.NoError(t, os.MkdirAll(vexDir, 0o755)) configPath := filepath.Join(vexDir, "repository.yaml") configContent := ` @@ -489,7 +489,7 @@ repositories: - name: default url: https://example.com/vex/default enabled: true` - require.NoError(t, os.WriteFile(configPath, []byte(configContent), 0644)) + require.NoError(t, os.WriteFile(configPath, []byte(configContent), 0o644)) }, args: args{ report: imageReport([]types.Result{