diff --git a/.golangci.yml b/.golangci.yml index 1d8f1ba60d6b..92c94a5348f4 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -1,7 +1,6 @@ linters: enable: - bodyclose - - deadcode - depguard - dogsled - gocyclo @@ -14,14 +13,12 @@ linters: - megacheck - misspell - nakedret + - revive - staticcheck - - structcheck - typecheck - unconvert - unparam - unused - - revive - - varcheck disable: - errcheck @@ -98,6 +95,12 @@ issues: linters: - gosec + # G113 Potential uncontrolled memory consumption in Rat.SetString (CVE-2022-23772) + # only affects gp < 1.16.14. and go < 1.17.7 + - text: "(G113)" + linters: + - gosec + # Looks like the match in "EXC0007" above doesn't catch this one # TODO: consider upstreaming this to golangci-lint's default exclusion rules - text: "G204: Subprocess launched with a potential tainted input or cmd arguments" @@ -109,6 +112,11 @@ issues: linters: - gosec + # TODO: make sure all packages have a description. Currently, there's 67 packages without. + - text: "package-comments: should have a package comment" + linters: + - revive + # Exclude some linters from running on tests files. - path: _test\.go linters: diff --git a/cli-plugins/manager/plugin.go b/cli-plugins/manager/plugin.go index e501af722837..99db25d5c812 100644 --- a/cli-plugins/manager/plugin.go +++ b/cli-plugins/manager/plugin.go @@ -33,8 +33,6 @@ type Plugin struct { // is set, and is always a `pluginError`, but the `Plugin` is still // returned with no error. An error is only returned due to a // non-recoverable error. -// -//nolint:gocyclo func newPlugin(c Candidate, rootcmd *cobra.Command) (Plugin, error) { path := c.Path() if path == "" { diff --git a/cli/command/cli_options_test.go b/cli/command/cli_options_test.go index 008502391384..4ed0f8f90e2c 100644 --- a/cli/command/cli_options_test.go +++ b/cli/command/cli_options_test.go @@ -15,23 +15,13 @@ func contentTrustEnabled(t *testing.T) bool { // NB: Do not t.Parallel() this test -- it messes with the process environment. func TestWithContentTrustFromEnv(t *testing.T) { - envvar := "DOCKER_CONTENT_TRUST" - if orig, ok := os.LookupEnv(envvar); ok { - defer func() { - os.Setenv(envvar, orig) - }() - } else { - defer func() { - os.Unsetenv(envvar) - }() - } - - os.Setenv(envvar, "true") - assert.Assert(t, contentTrustEnabled(t)) - os.Setenv(envvar, "false") - assert.Assert(t, !contentTrustEnabled(t)) - os.Setenv(envvar, "invalid") - assert.Assert(t, contentTrustEnabled(t)) + const envvar = "DOCKER_CONTENT_TRUST" + t.Setenv(envvar, "true") + assert.Check(t, contentTrustEnabled(t)) + t.Setenv(envvar, "false") + assert.Check(t, !contentTrustEnabled(t)) + t.Setenv(envvar, "invalid") + assert.Check(t, contentTrustEnabled(t)) os.Unsetenv(envvar) - assert.Assert(t, !contentTrustEnabled(t)) + assert.Check(t, !contentTrustEnabled(t)) } diff --git a/cli/command/config/inspect.go b/cli/command/config/inspect.go index 1f0abd91c3b8..956246eba2e5 100644 --- a/cli/command/config/inspect.go +++ b/cli/command/config/inspect.go @@ -2,7 +2,7 @@ package config import ( "context" - "fmt" + "errors" "strings" "github.com/docker/cli/cli" @@ -56,7 +56,7 @@ func RunConfigInspect(dockerCli command.Cli, opts InspectOptions) error { // check if the user is trying to apply a template to the pretty format, which // is not supported if strings.HasPrefix(f, "pretty") && f != "pretty" { - return fmt.Errorf("Cannot supply extra formatting options to the pretty template") + return errors.New("cannot supply extra formatting options to the pretty template") } configCtx := formatter.Context{ diff --git a/cli/command/container/opts.go b/cli/command/container/opts.go index 4d21783d7c89..f00c9126d01b 100644 --- a/cli/command/container/opts.go +++ b/cli/command/container/opts.go @@ -925,8 +925,7 @@ func parseDevice(device, serverOS string) (container.DeviceMapping, error) { // parseLinuxDevice parses a device mapping string to a container.DeviceMapping struct // knowing that the target is a Linux daemon func parseLinuxDevice(device string) (container.DeviceMapping, error) { - src := "" - dst := "" + var src, dst string permissions := "rwm" arr := strings.Split(device, ":") switch len(arr) { diff --git a/cli/command/formatter/tabwriter/tabwriter.go b/cli/command/formatter/tabwriter/tabwriter.go index 2dcbcd0eb8b7..0fbaeb5010d3 100644 --- a/cli/command/formatter/tabwriter/tabwriter.go +++ b/cli/command/formatter/tabwriter/tabwriter.go @@ -12,7 +12,7 @@ // based on https://github.com/golang/go/blob/master/src/text/tabwriter/tabwriter.go Last modified 690ac40 on 31 Jan -//nolint:gocyclo,nakedret,revive,unused // ignore linting errors, so that we can stick close to upstream +//nolint:gocyclo,nakedret,revive,stylecheck,unused // ignore linting errors, so that we can stick close to upstream package tabwriter import ( diff --git a/cli/command/image/build/context.go b/cli/command/image/build/context.go index 65529733b3f7..94855b6d972f 100644 --- a/cli/command/image/build/context.go +++ b/cli/command/image/build/context.go @@ -235,7 +235,7 @@ func getWithStatusError(url string) (resp *http.Response, err error) { if resp, err = http.Get(url); err != nil { return nil, err } - if resp.StatusCode < 400 { + if resp.StatusCode < http.StatusBadRequest { return resp, nil } msg := fmt.Sprintf("failed to GET %s with status %s", url, resp.Status) diff --git a/cli/command/image/formatter_history_test.go b/cli/command/image/formatter_history_test.go index 2facc0c90f43..4655b8167193 100644 --- a/cli/command/image/formatter_history_test.go +++ b/cli/command/image/formatter_history_test.go @@ -186,14 +186,14 @@ func TestHistoryContext_Table(t *testing.T) { {ID: "imageID3", Created: unixTime, CreatedBy: "/bin/bash ls", Size: int64(182964289), Comment: "Hi", Tags: []string{"image:tag2"}}, {ID: "imageID4", Created: unixTime, CreatedBy: "/bin/bash grep", Size: int64(182964289), Comment: "Hi", Tags: []string{"image:tag2"}}, } - //nolint:lll - expectedNoTrunc := `IMAGE CREATED CREATED BY SIZE COMMENT + + const expectedNoTrunc = `IMAGE CREATED CREATED BY SIZE COMMENT imageID1 24 hours ago /bin/bash ls && npm i && npm run test && karma -c karma.conf.js start && npm start && more commands here && the list goes on 183MB Hi imageID2 24 hours ago /bin/bash echo 183MB Hi imageID3 24 hours ago /bin/bash ls 183MB Hi imageID4 24 hours ago /bin/bash grep 183MB Hi ` - expectedTrunc := `IMAGE CREATED CREATED BY SIZE COMMENT + const expectedTrunc = `IMAGE CREATED CREATED BY SIZE COMMENT imageID1 24 hours ago /bin/bash ls && npm i && npm run test && kar… 183MB Hi imageID2 24 hours ago /bin/bash echo 183MB Hi imageID3 24 hours ago /bin/bash ls 183MB Hi diff --git a/cli/command/manifest/inspect_test.go b/cli/command/manifest/inspect_test.go index 3d59cff8aedf..9f4139e08cb5 100644 --- a/cli/command/manifest/inspect_test.go +++ b/cli/command/manifest/inspect_test.go @@ -7,7 +7,6 @@ import ( "github.com/docker/cli/cli/manifest/store" "github.com/docker/cli/cli/manifest/types" - manifesttypes "github.com/docker/cli/cli/manifest/types" "github.com/docker/cli/internal/test" "github.com/docker/distribution" "github.com/docker/distribution/manifest/schema2" @@ -80,10 +79,10 @@ func TestInspectCommandNotFound(t *testing.T) { cli := test.NewFakeCli(nil) cli.SetManifestStore(store) cli.SetRegistryClient(&fakeRegistryClient{ - getManifestFunc: func(_ context.Context, _ reference.Named) (manifesttypes.ImageManifest, error) { - return manifesttypes.ImageManifest{}, errors.New("missing") + getManifestFunc: func(_ context.Context, _ reference.Named) (types.ImageManifest, error) { + return types.ImageManifest{}, errors.New("missing") }, - getManifestListFunc: func(ctx context.Context, ref reference.Named) ([]manifesttypes.ImageManifest, error) { + getManifestListFunc: func(ctx context.Context, ref reference.Named) ([]types.ImageManifest, error) { return nil, errors.Errorf("No such manifest: %s", ref) }, }) @@ -119,7 +118,7 @@ func TestInspectcommandRemoteManifest(t *testing.T) { cli := test.NewFakeCli(nil) cli.SetManifestStore(store) cli.SetRegistryClient(&fakeRegistryClient{ - getManifestFunc: func(_ context.Context, ref reference.Named) (manifesttypes.ImageManifest, error) { + getManifestFunc: func(_ context.Context, ref reference.Named) (types.ImageManifest, error) { return fullImageManifest(t, ref), nil }, }) diff --git a/cli/command/node/inspect.go b/cli/command/node/inspect.go index 977026f641de..96abfd192755 100644 --- a/cli/command/node/inspect.go +++ b/cli/command/node/inspect.go @@ -2,7 +2,7 @@ package node import ( "context" - "fmt" + "errors" "strings" "github.com/docker/cli/cli" @@ -58,7 +58,7 @@ func runInspect(dockerCli command.Cli, opts inspectOptions) error { // check if the user is trying to apply a template to the pretty format, which // is not supported if strings.HasPrefix(f, "pretty") && f != "pretty" { - return fmt.Errorf("Cannot supply extra formatting options to the pretty template") + return errors.New("cannot supply extra formatting options to the pretty template") } nodeCtx := formatter.Context{ diff --git a/cli/command/secret/inspect.go b/cli/command/secret/inspect.go index 7df5fdafb7bd..2b63ecc4b258 100644 --- a/cli/command/secret/inspect.go +++ b/cli/command/secret/inspect.go @@ -2,7 +2,7 @@ package secret import ( "context" - "fmt" + "errors" "strings" "github.com/docker/cli/cli" @@ -54,7 +54,7 @@ func runSecretInspect(dockerCli command.Cli, opts inspectOptions) error { // check if the user is trying to apply a template to the pretty format, which // is not supported if strings.HasPrefix(f, "pretty") && f != "pretty" { - return fmt.Errorf("Cannot supply extra formatting options to the pretty template") + return errors.New("cannot supply extra formatting options to the pretty template") } secretCtx := formatter.Context{ diff --git a/cli/command/service/list.go b/cli/command/service/list.go index efaa8a193b4e..3bca98b70eef 100644 --- a/cli/command/service/list.go +++ b/cli/command/service/list.go @@ -109,8 +109,6 @@ func runList(dockerCli command.Cli, opts listOptions) error { // there may be other situations where the client uses the "default" version. // To take these situations into account, we do a quick check for services // that don't have ServiceStatus set, and perform a lookup for those. -// -//nolint:gocyclo func AppendServiceStatus(ctx context.Context, c client.APIClient, services []swarm.Service) ([]swarm.Service, error) { status := map[string]*swarm.ServiceStatus{} taskFilter := filters.NewArgs() diff --git a/cli/command/stack/swarm/deploy_composefile.go b/cli/command/stack/swarm/deploy_composefile.go index 8c77ca92f795..d574125d2c19 100644 --- a/cli/command/stack/swarm/deploy_composefile.go +++ b/cli/command/stack/swarm/deploy_composefile.go @@ -12,7 +12,6 @@ import ( "github.com/docker/docker/api/types/container" "github.com/docker/docker/api/types/swarm" apiclient "github.com/docker/docker/client" - dockerclient "github.com/docker/docker/client" "github.com/pkg/errors" ) @@ -77,7 +76,7 @@ func getServicesDeclaredNetworks(serviceConfigs []composetypes.ServiceConfig) ma return serviceNetworks } -func validateExternalNetworks(ctx context.Context, client dockerclient.NetworkAPIClient, externalNetworks []string) error { +func validateExternalNetworks(ctx context.Context, client apiclient.NetworkAPIClient, externalNetworks []string) error { for _, networkName := range externalNetworks { if !container.NetworkMode(networkName).IsUserDefined() { // Networks that are not user defined always exist on all nodes as @@ -86,7 +85,7 @@ func validateExternalNetworks(ctx context.Context, client dockerclient.NetworkAP } network, err := client.NetworkInspect(ctx, networkName, types.NetworkInspectOptions{}) switch { - case dockerclient.IsErrNotFound(err): + case apiclient.IsErrNotFound(err): return errors.Errorf("network %q is declared as external, but could not be found. You need to create a swarm-scoped network before the stack is deployed", networkName) case err != nil: return err @@ -175,7 +174,6 @@ func createNetworks(ctx context.Context, dockerCli command.Cli, namespace conver return nil } -//nolint:gocyclo func deployServices(ctx context.Context, dockerCli command.Cli, services map[string]swarm.ServiceSpec, namespace convert.Namespace, sendAuth bool, resolveImage string) error { apiClient := dockerCli.Client() out := dockerCli.Out() diff --git a/cli/command/swarm/opts_test.go b/cli/command/swarm/opts_test.go index b3c0e8467b80..407cfa0f9a3d 100644 --- a/cli/command/swarm/opts_test.go +++ b/cli/command/swarm/opts_test.go @@ -34,7 +34,7 @@ func TestNodeAddrOptionSetPortOnly(t *testing.T) { func TestNodeAddrOptionSetInvalidFormat(t *testing.T) { opt := NewListenAddrOption() - assert.Error(t, opt.Set("http://localhost:4545"), "Invalid proto, expected tcp: http://localhost:4545") + assert.Error(t, opt.Set("http://localhost:4545"), "invalid proto, expected tcp: http://localhost:4545") } func TestExternalCAOptionErrors(t *testing.T) { diff --git a/cli/command/trust/common.go b/cli/command/trust/common.go index 1e22bc1fcbe8..d2ad89ac2f2e 100644 --- a/cli/command/trust/common.go +++ b/cli/command/trust/common.go @@ -74,7 +74,7 @@ func lookupTrustInfo(cli command.Cli, remote string) ([]trustTagRow, []client.Ro logrus.Debug(trust.NotaryError(remote, err)) // print an empty table if we don't have signed targets, but have an initialized notary repo if _, ok := err.(client.ErrNoSuchTarget); !ok { - return []trustTagRow{}, []client.RoleWithSignatures{}, []data.Role{}, fmt.Errorf("No signatures or cannot access %s", remote) + return []trustTagRow{}, []client.RoleWithSignatures{}, []data.Role{}, fmt.Errorf("no signatures or cannot access %s", remote) } } signatureRows := matchReleasedSignatures(allSignedTargets) @@ -82,7 +82,7 @@ func lookupTrustInfo(cli command.Cli, remote string) ([]trustTagRow, []client.Ro // get the administrative roles adminRolesWithSigs, err := notaryRepo.ListRoles() if err != nil { - return []trustTagRow{}, []client.RoleWithSignatures{}, []data.Role{}, fmt.Errorf("No signers for %s", remote) + return []trustTagRow{}, []client.RoleWithSignatures{}, []data.Role{}, fmt.Errorf("no signers for %s", remote) } // get delegation roles with the canonical key IDs diff --git a/cli/command/trust/inspect_pretty_test.go b/cli/command/trust/inspect_pretty_test.go index 2d6e456e8ab2..4c6e3ffca912 100644 --- a/cli/command/trust/inspect_pretty_test.go +++ b/cli/command/trust/inspect_pretty_test.go @@ -11,7 +11,7 @@ import ( "github.com/docker/cli/internal/test" notaryfake "github.com/docker/cli/internal/test/notary" "github.com/docker/docker/api/types" - dockerClient "github.com/docker/docker/client" + apiclient "github.com/docker/docker/client" "github.com/theupdateframework/notary" "github.com/theupdateframework/notary/client" "github.com/theupdateframework/notary/tuf/data" @@ -24,7 +24,7 @@ import ( // TODO(n4ss): remove common tests with the regular inspect command type fakeClient struct { - dockerClient.Client + apiclient.Client } func (c *fakeClient) Info(ctx context.Context) (types.Info, error) { @@ -77,7 +77,7 @@ func TestTrustInspectPrettyCommandOfflineErrors(t *testing.T) { cmd.Flags().Set("pretty", "true") cmd.SetArgs([]string{"nonexistent-reg-name.io/image"}) cmd.SetOut(io.Discard) - assert.ErrorContains(t, cmd.Execute(), "No signatures or cannot access nonexistent-reg-name.io/image") + assert.ErrorContains(t, cmd.Execute(), "no signatures or cannot access nonexistent-reg-name.io/image") cli = test.NewFakeCli(&fakeClient{}) cli.SetNotaryClient(notaryfake.GetOfflineNotaryRepository) @@ -85,7 +85,7 @@ func TestTrustInspectPrettyCommandOfflineErrors(t *testing.T) { cmd.Flags().Set("pretty", "true") cmd.SetArgs([]string{"nonexistent-reg-name.io/image:tag"}) cmd.SetOut(io.Discard) - assert.ErrorContains(t, cmd.Execute(), "No signatures or cannot access nonexistent-reg-name.io/image") + assert.ErrorContains(t, cmd.Execute(), "no signatures or cannot access nonexistent-reg-name.io/image") } func TestTrustInspectPrettyCommandUninitializedErrors(t *testing.T) { @@ -95,7 +95,7 @@ func TestTrustInspectPrettyCommandUninitializedErrors(t *testing.T) { cmd.Flags().Set("pretty", "true") cmd.SetArgs([]string{"reg/unsigned-img"}) cmd.SetOut(io.Discard) - assert.ErrorContains(t, cmd.Execute(), "No signatures or cannot access reg/unsigned-img") + assert.ErrorContains(t, cmd.Execute(), "no signatures or cannot access reg/unsigned-img") cli = test.NewFakeCli(&fakeClient{}) cli.SetNotaryClient(notaryfake.GetUninitializedNotaryRepository) @@ -103,7 +103,7 @@ func TestTrustInspectPrettyCommandUninitializedErrors(t *testing.T) { cmd.Flags().Set("pretty", "true") cmd.SetArgs([]string{"reg/unsigned-img:tag"}) cmd.SetOut(io.Discard) - assert.ErrorContains(t, cmd.Execute(), "No signatures or cannot access reg/unsigned-img:tag") + assert.ErrorContains(t, cmd.Execute(), "no signatures or cannot access reg/unsigned-img:tag") } func TestTrustInspectPrettyCommandEmptyNotaryRepoErrors(t *testing.T) { diff --git a/cli/command/trust/inspect_test.go b/cli/command/trust/inspect_test.go index af76731eddc3..692c5a6737df 100644 --- a/cli/command/trust/inspect_test.go +++ b/cli/command/trust/inspect_test.go @@ -55,26 +55,26 @@ func TestTrustInspectCommandRepositoryErrors(t *testing.T) { doc: "OfflineErrors", args: []string{"nonexistent-reg-name.io/image"}, notaryRepository: notary.GetOfflineNotaryRepository, - err: "No signatures or cannot access nonexistent-reg-name.io/image", + err: "no signatures or cannot access nonexistent-reg-name.io/image", }, { doc: "OfflineErrorsWithImageTag", args: []string{"nonexistent-reg-name.io/image:tag"}, notaryRepository: notary.GetOfflineNotaryRepository, - err: "No signatures or cannot access nonexistent-reg-name.io/image:tag", + err: "no signatures or cannot access nonexistent-reg-name.io/image:tag", }, { doc: "UninitializedErrors", args: []string{"reg/unsigned-img"}, notaryRepository: notary.GetUninitializedNotaryRepository, - err: "No signatures or cannot access reg/unsigned-img", + err: "no signatures or cannot access reg/unsigned-img", golden: "trust-inspect-uninitialized.golden", }, { doc: "UninitializedErrorsWithImageTag", args: []string{"reg/unsigned-img:tag"}, notaryRepository: notary.GetUninitializedNotaryRepository, - err: "No signatures or cannot access reg/unsigned-img:tag", + err: "no signatures or cannot access reg/unsigned-img:tag", golden: "trust-inspect-uninitialized.golden", }, } diff --git a/cli/command/trust/sign.go b/cli/command/trust/sign.go index 0841e7b9c7e5..a34b5fc755e4 100644 --- a/cli/command/trust/sign.go +++ b/cli/command/trust/sign.go @@ -132,9 +132,9 @@ func validateTag(imgRefAndAuth trust.ImageRefAndAuth) error { tag := imgRefAndAuth.Tag() if tag == "" { if imgRefAndAuth.Digest() != "" { - return fmt.Errorf("cannot use a digest reference for IMAGE:TAG") + return errors.New("cannot use a digest reference for IMAGE:TAG") } - return fmt.Errorf("No tag specified for %s", imgRefAndAuth.Name()) + return fmt.Errorf("no tag specified for %s", imgRefAndAuth.Name()) } return nil } @@ -148,7 +148,7 @@ func createTarget(notaryRepo client.Repository, tag string) (client.Target, erro target := &client.Target{} var err error if tag == "" { - return *target, fmt.Errorf("No tag specified") + return *target, errors.New("no tag specified") } target.Name = tag target.Hashes, target.Length, err = getSignedManifestHashAndSize(notaryRepo, tag) diff --git a/cli/command/trust/sign_test.go b/cli/command/trust/sign_test.go index f318d955180c..99e2facd3085 100644 --- a/cli/command/trust/sign_test.go +++ b/cli/command/trust/sign_test.go @@ -52,7 +52,7 @@ func TestTrustSignCommandErrors(t *testing.T) { { name: "no-tag", args: []string{"reg/img"}, - expectedError: "No tag specified for reg/img", + expectedError: "no tag specified for reg/img", }, { name: "digest-reference", @@ -232,7 +232,7 @@ func TestCreateTarget(t *testing.T) { notaryRepo, err := client.NewFileCachedRepository(t.TempDir(), "gun", "https://localhost", nil, passphrase.ConstantRetriever(passwd), trustpinning.TrustPinConfig{}) assert.NilError(t, err) _, err = createTarget(notaryRepo, "") - assert.Error(t, err, "No tag specified") + assert.Error(t, err, "no tag specified") _, err = createTarget(notaryRepo, "1") assert.Error(t, err, "client is offline") } diff --git a/cli/command/trust/signer_add.go b/cli/command/trust/signer_add.go index 307d864deafb..85d8ac4356ab 100644 --- a/cli/command/trust/signer_add.go +++ b/cli/command/trust/signer_add.go @@ -74,7 +74,7 @@ func addSigner(cli command.Cli, options signerAddOptions) error { } } if len(errRepos) > 0 { - return fmt.Errorf("Failed to add signer to: %s", strings.Join(errRepos, ", ")) + return fmt.Errorf("failed to add signer to: %s", strings.Join(errRepos, ", ")) } return nil } diff --git a/cli/command/trust/signer_add_test.go b/cli/command/trust/signer_add_test.go index 50165283bb1a..5452ecb5a930 100644 --- a/cli/command/trust/signer_add_test.go +++ b/cli/command/trust/signer_add_test.go @@ -111,7 +111,7 @@ func TestSignerAddCommandInvalidRepoName(t *testing.T) { cmd.SetArgs([]string{"--key", pubKeyFilepath, "alice", imageName}) cmd.SetOut(io.Discard) - assert.Error(t, cmd.Execute(), "Failed to add signer to: 870d292919d01a0af7e7f056271dc78792c05f55f49b9b9012b6d89725bd9abd") + assert.Error(t, cmd.Execute(), "failed to add signer to: 870d292919d01a0af7e7f056271dc78792c05f55f49b9b9012b6d89725bd9abd") expectedErr := fmt.Sprintf("invalid repository name (%s), cannot specify 64-byte hexadecimal strings\n\n", imageName) assert.Check(t, is.Equal(expectedErr, cli.ErrBuffer().String())) diff --git a/cli/command/trust/signer_remove.go b/cli/command/trust/signer_remove.go index d4e8eec42b92..f92750c35357 100644 --- a/cli/command/trust/signer_remove.go +++ b/cli/command/trust/signer_remove.go @@ -49,7 +49,7 @@ func removeSigner(cli command.Cli, options signerRemoveOptions) error { } } if len(errRepos) > 0 { - return fmt.Errorf("Error removing signer from: %s", strings.Join(errRepos, ", ")) + return errors.Errorf("error removing signer from: %s", strings.Join(errRepos, ", ")) } return nil } @@ -64,7 +64,7 @@ func isLastSignerForReleases(roleWithSig data.Role, allRoles []client.RoleWithSi } counter := len(releasesRoleWithSigs.Signatures) if counter == 0 { - return false, fmt.Errorf("All signed tags are currently revoked, use docker trust sign to fix") + return false, errors.New("all signed tags are currently revoked, use docker trust sign to fix") } for _, signature := range releasesRoleWithSigs.Signatures { for _, key := range roleWithSig.KeyIDs { @@ -87,7 +87,7 @@ func removeSingleSigner(cli command.Cli, repoName, signerName string, forceYes b signerDelegation := data.RoleName("targets/" + signerName) if signerDelegation == releasesRoleTUFName { - return false, fmt.Errorf("releases is a reserved keyword and cannot be removed") + return false, errors.Errorf("releases is a reserved keyword and cannot be removed") } notaryRepo, err := cli.NotaryClient(imgRefAndAuth, trust.ActionsPushAndPull) if err != nil { @@ -105,7 +105,7 @@ func removeSingleSigner(cli command.Cli, repoName, signerName string, forceYes b } } if role.Name == "" { - return false, fmt.Errorf("No signer %s for repository %s", signerName, repoName) + return false, errors.Errorf("no signer %s for repository %s", signerName, repoName) } allRoles, err := notaryRepo.ListRoles() if err != nil { diff --git a/cli/command/trust/signer_remove_test.go b/cli/command/trust/signer_remove_test.go index c268fc82a54f..d8ad0bf04fc9 100644 --- a/cli/command/trust/signer_remove_test.go +++ b/cli/command/trust/signer_remove_test.go @@ -72,7 +72,7 @@ func TestRemoveSingleSigner(t *testing.T) { cli := test.NewFakeCli(&fakeClient{}) cli.SetNotaryClient(notaryfake.GetLoadedNotaryRepository) removed, err := removeSingleSigner(cli, "signed-repo", "test", true) - assert.Error(t, err, "No signer test for repository signed-repo") + assert.Error(t, err, "no signer test for repository signed-repo") assert.Equal(t, removed, false, "No signer should be removed") removed, err = removeSingleSigner(cli, "signed-repo", "releases", true) @@ -84,9 +84,9 @@ func TestRemoveMultipleSigners(t *testing.T) { cli := test.NewFakeCli(&fakeClient{}) cli.SetNotaryClient(notaryfake.GetLoadedNotaryRepository) err := removeSigner(cli, signerRemoveOptions{signer: "test", repos: []string{"signed-repo", "signed-repo"}, forceYes: true}) - assert.Error(t, err, "Error removing signer from: signed-repo, signed-repo") + assert.Error(t, err, "error removing signer from: signed-repo, signed-repo") assert.Check(t, is.Contains(cli.ErrBuffer().String(), - "No signer test for repository signed-repo")) + "no signer test for repository signed-repo")) assert.Check(t, is.Contains(cli.OutBuffer().String(), "Removing signer \"test\" from signed-repo...\n")) } func TestRemoveLastSignerWarning(t *testing.T) { diff --git a/cli/context/store/tlsstore.go b/cli/context/store/tlsstore.go index 797fbaf51f88..8267e879644f 100644 --- a/cli/context/store/tlsstore.go +++ b/cli/context/store/tlsstore.go @@ -43,7 +43,7 @@ func (s *tlsStore) getData(contextID contextdir, endpointName, filename string) return data, nil } -func (s *tlsStore) remove(contextID contextdir, endpointName, filename string) error { //nolint:unused +func (s *tlsStore) remove(contextID contextdir, endpointName, filename string) error { err := os.Remove(s.filePath(contextID, endpointName, filename)) if os.IsNotExist(err) { return nil diff --git a/cli/trust/trust.go b/cli/trust/trust.go index 0b2059730700..d668aa4955df 100644 --- a/cli/trust/trust.go +++ b/cli/trust/trust.go @@ -136,7 +136,7 @@ func GetNotaryRepository(in io.Reader, out io.Writer, userAgent string, repoInfo Timeout: 5 * time.Second, } endpointStr := server + "/v2/" - req, err := http.NewRequest("GET", endpointStr, nil) + req, err := http.NewRequest(http.MethodGet, endpointStr, nil) if err != nil { return nil, err } diff --git a/dockerfiles/Dockerfile.lint b/dockerfiles/Dockerfile.lint index 6c1ce4225b99..46368784db3c 100644 --- a/dockerfiles/Dockerfile.lint +++ b/dockerfiles/Dockerfile.lint @@ -1,7 +1,7 @@ # syntax=docker/dockerfile:1 ARG GO_VERSION=1.18.5 -ARG GOLANGCI_LINT_VERSION=v1.45.2 +ARG GOLANGCI_LINT_VERSION=v1.49.0 FROM golangci/golangci-lint:${GOLANGCI_LINT_VERSION}-alpine AS golangci-lint diff --git a/docs/reference/commandline/trust_inspect.md b/docs/reference/commandline/trust_inspect.md index 48103117a908..7be776be75c8 100644 --- a/docs/reference/commandline/trust_inspect.md +++ b/docs/reference/commandline/trust_inspect.md @@ -160,7 +160,7 @@ display any signed tags. ```console $ docker trust inspect unsigned-img -No signatures or cannot access unsigned-img +no signatures or cannot access unsigned-img ``` However, if other tags are signed in the same image repository, diff --git a/docs/reference/commandline/trust_sign.md b/docs/reference/commandline/trust_sign.md index 9166f6690841..605887b6b403 100644 --- a/docs/reference/commandline/trust_sign.md +++ b/docs/reference/commandline/trust_sign.md @@ -137,7 +137,7 @@ When signing an image on a repo for the first time, `docker trust sign` sets up ```console $ docker trust inspect --pretty example/trust-demo -No signatures or cannot access example/trust-demo +no signatures or cannot access example/trust-demo ``` ```console diff --git a/docs/reference/commandline/trust_signer_add.md b/docs/reference/commandline/trust_signer_add.md index 9c594a55508a..4ae9a2f5fb0b 100644 --- a/docs/reference/commandline/trust_signer_add.md +++ b/docs/reference/commandline/trust_signer_add.md @@ -77,7 +77,7 @@ When adding a signer on a repo for the first time, `docker trust signer add` set ```console $ docker trust inspect --pretty example/trust-demo -No signatures or cannot access example/trust-demo +no signatures or cannot access example/trust-demo ``` ```console @@ -209,5 +209,5 @@ Adding signer "alice" to example/authorized... Enter passphrase for repository key with ID c6772a0: Successfully added signer: alice to example/authorized -Failed to add signer to: example/unauthorized +failed to add signer to: example/unauthorized ``` diff --git a/e2e/plugin/basic/basic.go b/e2e/plugin/basic/basic.go index 892272826f4f..b03ca96ee036 100644 --- a/e2e/plugin/basic/basic.go +++ b/e2e/plugin/basic/basic.go @@ -6,6 +6,7 @@ import ( "net/http" "os" "path/filepath" + "time" ) func main() { @@ -23,8 +24,9 @@ func main() { mux := http.NewServeMux() server := http.Server{ - Addr: l.Addr().String(), - Handler: http.NewServeMux(), + Addr: l.Addr().String(), + Handler: http.NewServeMux(), + ReadHeaderTimeout: 2 * time.Second, // G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server } mux.HandleFunc("/Plugin.Activate", func(w http.ResponseWriter, r *http.Request) { w.Header().Set("Content-Type", "application/vnd.docker.plugins.v1.1+json") diff --git a/opts/envfile_test.go b/opts/envfile_test.go index de84410a05de..be97373fcb4d 100644 --- a/opts/envfile_test.go +++ b/opts/envfile_test.go @@ -154,7 +154,7 @@ HOME t.Fatal("the HOME variable is not properly imported as the first variable (but it is the only one to import)") } - if 1 != len(variables) { + if len(variables) != 1 { t.Fatal("exactly one variable is imported (as the other one is not set at all)") } } diff --git a/opts/hosts.go b/opts/hosts.go index de22161cbc1f..d59421b3084b 100644 --- a/opts/hosts.go +++ b/opts/hosts.go @@ -86,7 +86,7 @@ func parseDockerDaemonHost(addr string) (string, error) { case "ssh": return addr, nil default: - return "", fmt.Errorf("Invalid bind address format: %s", addr) + return "", fmt.Errorf("invalid bind address format: %s", addr) } } @@ -97,7 +97,7 @@ func parseDockerDaemonHost(addr string) (string, error) { func parseSimpleProtoAddr(proto, addr, defaultAddr string) (string, error) { addr = strings.TrimPrefix(addr, proto+"://") if strings.Contains(addr, "://") { - return "", fmt.Errorf("Invalid proto, expected %s: %s", proto, addr) + return "", fmt.Errorf("invalid proto, expected %s: %s", proto, addr) } if addr == "" { addr = defaultAddr @@ -116,7 +116,7 @@ func ParseTCPAddr(tryAddr string, defaultAddr string) (string, error) { } addr := strings.TrimPrefix(tryAddr, "tcp://") if strings.Contains(addr, "://") || addr == "" { - return "", fmt.Errorf("Invalid proto, expected tcp: %s", tryAddr) + return "", fmt.Errorf("invalid proto, expected tcp: %s", tryAddr) } defaultAddr = strings.TrimPrefix(defaultAddr, "tcp://") @@ -141,7 +141,7 @@ func ParseTCPAddr(tryAddr string, defaultAddr string) (string, error) { host, port, err = net.SplitHostPort(net.JoinHostPort(u.Host, defaultPort)) } if err != nil { - return "", fmt.Errorf("Invalid bind address format: %s", tryAddr) + return "", fmt.Errorf("invalid bind address format: %s", tryAddr) } if host == "" { @@ -152,7 +152,7 @@ func ParseTCPAddr(tryAddr string, defaultAddr string) (string, error) { } p, err := strconv.Atoi(port) if err != nil && p == 0 { - return "", fmt.Errorf("Invalid bind address format: %s", tryAddr) + return "", fmt.Errorf("invalid bind address format: %s", tryAddr) } return fmt.Sprintf("tcp://%s%s", net.JoinHostPort(host, port), u.Path), nil diff --git a/opts/hosts_test.go b/opts/hosts_test.go index 7618d117e2e4..3356ca3c0aee 100644 --- a/opts/hosts_test.go +++ b/opts/hosts_test.go @@ -52,14 +52,13 @@ func TestParseHost(t *testing.T) { func TestParseDockerDaemonHost(t *testing.T) { invalids := map[string]string{ - "tcp:a.b.c.d": "", "tcp:a.b.c.d/path": "", - "udp://127.0.0.1": "Invalid bind address format: udp://127.0.0.1", - "udp://127.0.0.1:2375": "Invalid bind address format: udp://127.0.0.1:2375", - "tcp://unix:///run/docker.sock": "Invalid proto, expected tcp: unix:///run/docker.sock", - " tcp://:7777/path ": "Invalid bind address format: tcp://:7777/path ", - "": "Invalid bind address format: ", + "udp://127.0.0.1": "invalid bind address format: udp://127.0.0.1", + "udp://127.0.0.1:2375": "invalid bind address format: udp://127.0.0.1:2375", + "tcp://unix:///run/docker.sock": "invalid proto, expected tcp: unix:///run/docker.sock", + " tcp://:7777/path ": "invalid bind address format: tcp://:7777/path ", + "": "invalid bind address format: ", } valids := map[string]string{ "0.0.0.1:": "tcp://0.0.0.1:2375", @@ -101,8 +100,8 @@ func TestParseTCP(t *testing.T) { invalids := map[string]string{ "tcp:a.b.c.d": "", "tcp:a.b.c.d/path": "", - "udp://127.0.0.1": "Invalid proto, expected tcp: udp://127.0.0.1", - "udp://127.0.0.1:2375": "Invalid proto, expected tcp: udp://127.0.0.1:2375", + "udp://127.0.0.1": "invalid proto, expected tcp: udp://127.0.0.1", + "udp://127.0.0.1:2375": "invalid proto, expected tcp: udp://127.0.0.1:2375", } valids := map[string]string{ "": defaultHTTPHost, @@ -137,10 +136,10 @@ func TestParseTCP(t *testing.T) { } func TestParseInvalidUnixAddrInvalid(t *testing.T) { - if _, err := parseSimpleProtoAddr("unix", "tcp://127.0.0.1", "unix:///var/run/docker.sock"); err == nil || err.Error() != "Invalid proto, expected unix: tcp://127.0.0.1" { + if _, err := parseSimpleProtoAddr("unix", "tcp://127.0.0.1", "unix:///var/run/docker.sock"); err == nil || err.Error() != "invalid proto, expected unix: tcp://127.0.0.1" { t.Fatalf("Expected an error, got %v", err) } - if _, err := parseSimpleProtoAddr("unix", "unix://tcp://127.0.0.1", "/var/run/docker.sock"); err == nil || err.Error() != "Invalid proto, expected unix: tcp://127.0.0.1" { + if _, err := parseSimpleProtoAddr("unix", "unix://tcp://127.0.0.1", "/var/run/docker.sock"); err == nil || err.Error() != "invalid proto, expected unix: tcp://127.0.0.1" { t.Fatalf("Expected an error, got %v", err) } if v, err := parseSimpleProtoAddr("unix", "", "/var/run/docker.sock"); err != nil || v != "unix:///var/run/docker.sock" {