diff --git a/.golangci.yml b/.golangci.yml index 5bfffb4..64465c3 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -124,6 +124,12 @@ issues: - unparam - goconst + # G306: Expect WriteFile permissions to be 0600 or less + # mainly seen in internal/cli/wrtier.go + - text: "G306:" + linters: + - gosec + # - text: "should have a package comment" # linters: # - golint diff --git a/Makefile b/Makefile index 47705e7..d017b46 100644 --- a/Makefile +++ b/Makefile @@ -38,7 +38,7 @@ DOCKER_IMAGE := quay.io/$(PROJECT_OWNER)/$(PROJECT_NAME) DOCKER_TAG ?= $(DEFAULT_TAG) # Binary versions -GOLANGCI_VERSION := v1.38.0 +GOLANGCI_VERSION := v1.47.2 .PHONY: all all: clean verify checkfmt lint test build diff --git a/format/generator.go b/format/generator.go index baf4c7b..e73f2ff 100644 --- a/format/generator.go +++ b/format/generator.go @@ -209,7 +209,7 @@ func (g *generator) Render(tpl string) (string, error) { }) tt.CustomFunc(gotemplate.FuncMap{ "include": func(s string) string { - content, err := os.ReadFile(filepath.Join(g.path, s)) + content, err := os.ReadFile(filepath.Join(g.path, filepath.Clean(s))) if err != nil { panic(err) } diff --git a/internal/cli/writer.go b/internal/cli/writer.go index 3a00e0c..2514928 100644 --- a/internal/cli/writer.go +++ b/internal/cli/writer.go @@ -28,7 +28,7 @@ type stdoutWriter struct{} // Write content to Stdout func (sw *stdoutWriter) Write(p []byte) (int, error) { - return os.Stdout.Write([]byte(string(p) + "\n")) + return os.Stdout.WriteString(string(p) + "\n") } // fileWriter writes content to file. @@ -82,7 +82,7 @@ func (fw *fileWriter) Write(p []byte) (int, error) { return fw.write(filename, buf.Bytes()) } - content, err := os.ReadFile(filename) + content, err := os.ReadFile(filepath.Clean(filename)) if err != nil { // In mode 'inject', if target file not found: // create it and save the generated output into it. @@ -161,7 +161,7 @@ func (fw *fileWriter) inject(filename string, content string, generated string) func (fw *fileWriter) write(filename string, p []byte) (int, error) { // if run in check mode return exit 1 if fw.check { - f, err := os.ReadFile(filename) + f, err := os.ReadFile(filepath.Clean(filename)) if err != nil { return 0, err } diff --git a/internal/reader/lines_test.go b/internal/reader/lines_test.go index d7e31ac..3b29c92 100644 --- a/internal/reader/lines_test.go +++ b/internal/reader/lines_test.go @@ -11,7 +11,6 @@ the root directory of this source tree. package reader import ( - "path/filepath" "strings" "testing" @@ -122,7 +121,7 @@ func TestReadLinesFromFile(t *testing.T) { t.Run(tt.name, func(t *testing.T) { assert := assert.New(t) lines := Lines{ - FileName: filepath.Join(tt.fileName), + FileName: tt.fileName, LineNum: tt.lineNumber, Condition: func(line string) bool { line = strings.TrimSpace(line) diff --git a/internal/testutil/testing.go b/internal/testutil/testing.go index 620022b..70a3e7d 100644 --- a/internal/testutil/testing.go +++ b/internal/testutil/testing.go @@ -65,5 +65,5 @@ func getExampleFolder(folder string) (string, error) { } func testDataPath() string { - return filepath.Join("testdata") + return "testdata" } diff --git a/scripts/docs/generate.go b/scripts/docs/generate.go index e0f9f2c..3c3664e 100644 --- a/scripts/docs/generate.go +++ b/scripts/docs/generate.go @@ -70,13 +70,13 @@ func generate(cmd *cobra.Command, weight int, basename string) error { } filename := filepath.Join("docs", "reference", basename+".md") - f, err := os.Create(filename) + f, err := os.Create(filepath.Clean(filename)) if err != nil { return err } defer f.Close() //nolint:errcheck,gosec - if _, err := io.WriteString(f, ""); err != nil { + if _, err := f.WriteString(""); err != nil { return err } if err := generateMarkdown(cmd, weight, f); err != nil {