Implement fixes, ignore G115 for header mode

Signed-off-by: egibs <[email protected]>
chainguard-dev · Oct 7, 2024 · acd0eaf · acd0eaf
1 parent ea1d80f
commit acd0eaf
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 7 deletions.
diff --git a/.golangci.yml b/.golangci.yml
@@ -100,6 +100,7 @@ linters:
   enable:
     - asciicheck
     - bodyclose
+    - copyloopvar
     - cyclop
     - dogsled
     - dupl
@@ -108,7 +109,6 @@ linters:
     - errname
     - errorlint
     - exhaustive
-    - exportloopref
     - forcetypeassert
     - gocognit
     - goconst

diff --git a/pkg/action/archive.go b/pkg/action/archive.go
@@ -10,6 +10,7 @@ import (
 	"fmt"
 	"io"
 	"io/fs"
+	"math"
 	"os"
 	"path/filepath"
 	"strings"
@@ -72,9 +73,19 @@ func extractTar(ctx context.Context, d string, f string) error {
 
 	for {
 		header, err := tr.Next()
-		if errors.Is(err, io.ErrUnexpectedEOF) || errors.Is(err, io.EOF) {
+
+		mode := func(v int64) (uint32, bool) {
+			if v > math.MaxUint32 {
+				return math.MaxUint32, false
+			}
+			return uint32(v), true // #nosec G115
+		}
+
+		hm, ok := mode(header.Mode)
+		if errors.Is(err, io.ErrUnexpectedEOF) || errors.Is(err, io.EOF) || !ok {
 			break
 		}
+
 		if err != nil {
 			return fmt.Errorf("failed to read tar header: %w", err)
 		}
@@ -84,7 +95,7 @@ func extractTar(ctx context.Context, d string, f string) error {
 		}
 		target := filepath.Join(d, clean)
 		if header.FileInfo().IsDir() {
-			if err := os.MkdirAll(target, os.FileMode(header.Mode)); err != nil {
+			if err := os.MkdirAll(target, os.FileMode(hm)); err != nil { // #nosec G115
 				return fmt.Errorf("failed to create directory: %w", err)
 			}
 			continue
@@ -94,7 +105,7 @@ func extractTar(ctx context.Context, d string, f string) error {
 			return fmt.Errorf("failed to create directory for file: %w", err)
 		}
 
-		f, err := os.OpenFile(target, os.O_RDWR|os.O_CREATE|os.O_TRUNC, os.FileMode(header.Mode))
+		f, err := os.OpenFile(target, os.O_RDWR|os.O_CREATE|os.O_TRUNC, os.FileMode(hm)) // #nosec G115
 		if err != nil {
 			return fmt.Errorf("failed to create file: %w", err)
 		}

diff --git a/pkg/action/archive_test.go b/pkg/action/archive_test.go
@@ -38,7 +38,6 @@ func TestExtractionMethod(t *testing.T) {
 	}
 
 	for _, tt := range tests {
-		tt := tt
 		t.Run(tt.name, func(t *testing.T) {
 			got := extractionMethod(tt.ext)
 			if (got == nil) != (tt.want == nil) {
@@ -72,7 +71,6 @@ func TestExtractionMultiple(t *testing.T) {
 		},
 	}
 	for _, tt := range tests {
-		tt := tt
 		t.Run(tt.path, func(t *testing.T) {
 			t.Parallel()
 			ctx := context.Background()

diff --git a/pkg/action/scan.go b/pkg/action/scan.go
@@ -314,7 +314,6 @@ func recursiveScan(ctx context.Context, c malcontent.Config) (*malcontent.Report
 		var g errgroup.Group
 		g.SetLimit(maxConcurrency)
 		for path := range pc {
-			path := path
 			g.Go(func() error {
 				if isSupportedArchive(path) {
 					return handleArchive(path)