From af17bf03857aa65d0f96d39c1cf4f4885c034519 Mon Sep 17 00:00:00 2001 From: Siu Wa Wu Date: Fri, 5 Jun 2026 14:31:40 +1000 Subject: [PATCH] update linter and fix lints --- Makefile | 4 ++-- pkg/awsutil/sts.go | 2 +- pkg/elevate/elevate_test.go | 4 ++-- pkg/utils/jwt_test.go | 14 +++++++------- 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/Makefile b/Makefile index 9ac3b8c7..e62c7165 100644 --- a/Makefile +++ b/Makefile @@ -11,7 +11,7 @@ GO_BUILD_FLAGS_LINUX_CROSS :=-tags 'include_gcs include_oss containers_image_ope GO_VERSION=go1.25.3+auto -GOLANGCI_LINT_VERSION=v2.5.0 +GOLANGCI_LINT_VERSION=v2.12.2 GORELEASER_VERSION=v2.15.3 GOVULNCHECK_VERSION=v1.1.4 @@ -69,7 +69,7 @@ test-in-container: build-image getlint: @mkdir -p $(GOPATH)/bin @echo "Installing golangci-lint $(GOLANGCI_LINT_VERSION)..." - curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(GOPATH)/bin $(GOLANGCI_LINT_VERSION) + curl -sSfL https://golangci-lint.run/install.sh | sh -s -- -b $(GOPATH)/bin $(GOLANGCI_LINT_VERSION) .PHONY: lint lint: getlint $(GOPATH)/bin/golangci-lint run --timeout 5m diff --git a/pkg/awsutil/sts.go b/pkg/awsutil/sts.go index 26c4a068..90e307c2 100644 --- a/pkg/awsutil/sts.go +++ b/pkg/awsutil/sts.go @@ -240,7 +240,7 @@ func GetSigninToken(awsCredentials aws.Credentials, region string) (*AWSSigninTo SessionToken: awsCredentials.SessionToken, } - data, err := json.Marshal(sessionData) + data, err := json.Marshal(sessionData) //#nosec G117 -- SessionKey contains AWS credentials for federated signin if err != nil { return nil, fmt.Errorf("failed to marshal session data: %w", err) } diff --git a/pkg/elevate/elevate_test.go b/pkg/elevate/elevate_test.go index 0b9dad68..95bce8ce 100644 --- a/pkg/elevate/elevate_test.go +++ b/pkg/elevate/elevate_test.go @@ -16,7 +16,7 @@ import ( func fakeExecCommandError(command string, args ...string) *exec.Cmd { cs := []string{"-test.run=TestHelperProcessError", "--", command} cs = append(cs, args...) - cmd := exec.Command(os.Args[0], cs...) //#nosec: G204 + cmd := exec.Command(os.Args[0], cs...) //#nosec G204,G702 -- test helper uses os.Args[0] intentionally cmd.Env = []string{"GO_WANT_HELPER_PROCESS=1"} return cmd } @@ -24,7 +24,7 @@ func fakeExecCommandError(command string, args ...string) *exec.Cmd { func fakeExecCommandSuccess(command string, args ...string) *exec.Cmd { cs := []string{"-test.run=TestHelperProcessSuccess", "--", command} cs = append(cs, args...) - cmd := exec.Command(os.Args[0], cs...) //#nosec: G204 + cmd := exec.Command(os.Args[0], cs...) //#nosec G204,G702 -- test helper uses os.Args[0] intentionally cmd.Env = []string{"GO_WANT_HELPER_PROCESS=1"} return cmd } diff --git a/pkg/utils/jwt_test.go b/pkg/utils/jwt_test.go index d3c35883..fd364e3d 100644 --- a/pkg/utils/jwt_test.go +++ b/pkg/utils/jwt_test.go @@ -15,25 +15,25 @@ func TestGetFieldFromJWT(t *testing.T) { tests := []testCase{ { name: "Get string field", - token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c", // notsecret + token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c", //#nosec G101 -- test JWT field: "sub", want: "1234567890", }, { name: "Get number field", - token: "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJPbmxpbmUgSldUIEJ1aWxkZXIiLCJpYXQiOjAsImV4cCI6MTcxNjY1MDA3MSwiYXVkIjoid3d3LmV4YW1wbGUuY29tIiwic3ViIjoianJvY2tldEBleGFtcGxlLmNvbSJ9._CyJxncO4NBOH6a-Q_2oIVelCRZKJh9YiPBm4XEBZgI", // notsecret + token: "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJPbmxpbmUgSldUIEJ1aWxkZXIiLCJpYXQiOjAsImV4cCI6MTcxNjY1MDA3MSwiYXVkIjoid3d3LmV4YW1wbGUuY29tIiwic3ViIjoianJvY2tldEBleGFtcGxlLmNvbSJ9._CyJxncO4NBOH6a-Q_2oIVelCRZKJh9YiPBm4XEBZgI", //#nosec G101 -- test JWT field: "iat", wantErr: true, }, { name: "Get field that doesn't exist", - token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c", // notsecret + token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c", //#nosec G101 -- test JWT field: "foo", wantErr: true, }, { name: "Invalid token", - token: "abcdefg", // notsecret + token: "abcdefg", field: "foo", wantErr: true, }, @@ -62,17 +62,17 @@ func TestGetUsernameFromJWT(t *testing.T) { tests := []testCase{ { name: "Get username", - token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJyZWRoYXQuY29tIiwiZXhwIjoxMTIwODI4MzQ0LCJ1c2VybmFtZSI6InRlc3R1c2VyIn0.2uBp-c/dIUtipUsnT1J6zjkJNVlIE640ZbuCvWevWRQ", // notsecret + token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJyZWRoYXQuY29tIiwiZXhwIjoxMTIwODI4MzQ0LCJ1c2VybmFtZSI6InRlc3R1c2VyIn0.2uBp-c/dIUtipUsnT1J6zjkJNVlIE640ZbuCvWevWRQ", //#nosec G101 -- test JWT want: "testuser", }, { name: "Get username when username field is missing", - token: "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJPbmxpbmUgSldUIEJ1aWxkZXIiLCJpYXQiOjAsImV4cCI6MTcxNjY1MDA3MSwiYXVkIjoid3d3LmV4YW1wbGUuY29tIiwic3ViIjoianJvY2tldEBleGFtcGxlLmNvbSJ9._CyJxncO4NBOH6a-Q_2oIVelCRZKJh9YiPBm4XEBZgI", // notsecret + token: "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJPbmxpbmUgSldUIEJ1aWxkZXIiLCJpYXQiOjAsImV4cCI6MTcxNjY1MDA3MSwiYXVkIjoid3d3LmV4YW1wbGUuY29tIiwic3ViIjoianJvY2tldEBleGFtcGxlLmNvbSJ9._CyJxncO4NBOH6a-Q_2oIVelCRZKJh9YiPBm4XEBZgI", //#nosec G101 -- test JWT want: "anonymous", }, { name: "Invalid token", - token: "abcdefg", // notsecret + token: "abcdefg", want: "anonymous", }, }