Merge branch 'main' into gitlab_tests

Signed-off-by: Nathaniel Wert <[email protected]>

.github/workflows/depsreview.yml

@@ -24,4 +24,4 @@ jobs:
       - name: 'Checkout Repository'
         uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
       - name: 'Dependency Review'
-        uses: actions/dependency-review-action@23d1ffffb6fa5401173051ec21eba8c35242733f
+        uses: actions/dependency-review-action@2b96ea7f03d82de498e97b42e6bee3f7cb0dafaa

.golangci.yml

@@ -18,7 +18,6 @@ linters:
   disable-all: true
   enable:
     - asciicheck
-    - bodyclose
     - deadcode
     - depguard
     - dogsled
@@ -50,17 +49,13 @@ linters:
     - misspell
     - nakedret
     - nestif
-    - noctx
-    - nolintlint
     - paralleltest
     - predeclared
     - staticcheck
     - stylecheck
     - thelper
-    - tparallel
     - typecheck
     - unconvert
-    - unparam
     - unused
     - varcheck
     - whitespace

checker/check_result.go

@@ -64,6 +64,7 @@ const (
 )
 
 // CheckResult captures result from a check run.
+//
 //nolint:govet
 type CheckResult struct {
 	Name    string
@@ -94,6 +95,7 @@ type CheckDetail struct {
 
 // LogMessage is a structure that encapsulates detail's information.
 // This allows updating the definition easily.
+//
 //nolint:govet
 type LogMessage struct {
 	Text        string       // A short string explaining why the detail was recorded/logged.

checks/fileparser/listing_test.go

@@ -535,6 +535,7 @@ func TestOnMatchingFileContent(t *testing.T) {
 }
 
 // TestOnAllFilesDo tests the OnAllFilesDo function.
+//
 //nolint:gocognit
 func TestOnAllFilesDo(t *testing.T) {
 	t.Parallel()

checks/raw/branch_protection_test.go

@@ -33,7 +33,7 @@ var (
 	mainBranchName    = "main"
 )
 
-//nolint: govet
+// nolint: govet
 type branchArg struct {
 	err           error
 	name          string

checks/raw/license_test.go

@@ -103,6 +103,7 @@ func TestLicenseFileCheck(t *testing.T) {
 		},
 	}
 
+	//nolint: paralleltest
 	for _, tt := range tests {
 		tt := tt // Re-initializing variable so it is not changed while executing the closure below
 		for _, ext := range tt.extensions {

checks/raw/shell_download_validate.go

@@ -890,7 +890,7 @@ func validateShellFileAndRecord(pathfn string, startLine, endLine uint, content
 		// TODO: support other interpreters.
 		// Example: https://github.com/apache/airflow/blob/main/scripts/ci/kubernetes/ci_run_kubernetes_tests.sh#L75
 		// HOST_PYTHON_VERSION=$(python3 -c 'import sys; print(f"{sys.version_info[0]}.{sys.version_info[1]}")')``
-		// nolinter
+		// nolint
 		if ok && isShellInterpreterOrCommand([]string{i}) {
 			start, end := getLine(startLine, endLine, node)
 			e := validateShellFileAndRecord(pathfn, start, end,

clients/githubrepo/client.go

@@ -273,6 +273,9 @@ func CreateGithubRepoClientWithTransport(ctx context.Context, rt http.RoundTripp
 		languages: &languagesHandler{
 			ghclient: client,
 		},
+		tarball: tarballHandler{
+			httpClient: httpClient,
+		},
 	}
 }
 

clients/githubrepo/graphql.go

@@ -322,7 +322,7 @@ func parseCheckRuns(data *checkRunsGraphqlData) checkRunCache {
 	return checkCache
 }
 
-//nolint:all
+//nolint
 func commitsFrom(data *graphqlData, repoOwner, repoName string) ([]clients.Commit, error) {
 	ret := make([]clients.Commit, 0)
 	for _, commit := range data.Repository.Object.Commit.History.Nodes {

clients/githubrepo/roundtripper/tokens/server/main.go

@@ -42,6 +42,7 @@ func main() {
 		panic(err)
 	}
 
+	//nolint: gosec // internal server.
 	if err := http.Serve(l, nil); err != nil {
 		panic(err)
 	}

clients/githubrepo/tarball.go

@@ -69,6 +69,7 @@ type tarballHandler struct {
 	once        *sync.Once
 	ctx         context.Context
 	repo        *github.Repository
+	httpClient  *http.Client
 	commitSHA   string
 	tempDir     string
 	tempTarFile string
@@ -122,9 +123,9 @@ func (handler *tarballHandler) getTarball() error {
 	if err != nil {
 		return fmt.Errorf("http.NewRequestWithContext: %w", err)
 	}
-	resp, err := http.DefaultClient.Do(req)
+	resp, err := handler.httpClient.Do(req)
 	if err != nil {
-		return fmt.Errorf("http.DefaultClient.Do: %w", err)
+		return fmt.Errorf("handler.httpClient.Do: %w", err)
 	}
 	defer resp.Body.Close()
 
@@ -154,7 +155,7 @@ func (handler *tarballHandler) getTarball() error {
 	return nil
 }
 
-//nolint: gocognit
+// nolint: gocognit
 func (handler *tarballHandler) extractTarball() error {
 	in, err := os.OpenFile(handler.tempTarFile, os.O_RDONLY, 0o644)
 	if err != nil {

clients/githubrepo/tarball_test.go

@@ -71,7 +71,7 @@ func setup(inputFile string) (tarballHandler, error) {
 	return tarballHandler, nil
 }
 
-//nolint: gocognit
+// nolint: gocognit
 func TestExtractTarball(t *testing.T) {
 	t.Parallel()
 	testcases := []struct {

clients/gitlabrepo/branches.go

@@ -43,6 +43,8 @@ func (handler *branchesHandler) init(repourl *repoURL) {
 	handler.once = new(sync.Once)
 }
 
+
+// nolint: nestif
 func (handler *branchesHandler) setup() error {
 	handler.once.Do(func() {
 		if !strings.EqualFold(handler.repourl.commitSHA, clients.HeadSHA) {
@@ -75,6 +77,7 @@ func (handler *branchesHandler) setup() error {
 
 			projectStatusChecks, resp, err := handler.glClient.ExternalStatusChecks.ListProjectStatusChecks(
 				handler.repourl.projectID, &gitlab.ListOptions{})
+
 			if err != nil && resp.StatusCode != 404 && resp.StatusCode != 401 {
 				handler.errSetup = fmt.Errorf("request for external status checks failed with error %w", err)
 				return
@@ -179,7 +182,6 @@ func (handler *branchesHandler) getBranch(commitOrBranch string) (*clients.Branc
 			return nil, fmt.Errorf("could not obtain the branch: %w", err)
 		}
 	}
-
 	if bran.Protected {
 		protectedBranch, _, err := handler.glClient.ProtectedBranches.GetProtectedBranch(handler.repourl.projectID, bran.Name)
 		if err != nil {
@@ -188,6 +190,7 @@ func (handler *branchesHandler) getBranch(commitOrBranch string) (*clients.Branc
 
 		projectStatusChecks, resp, err := handler.glClient.ExternalStatusChecks.ListProjectStatusChecks(
 			handler.repourl.projectID, &gitlab.ListOptions{})
+
 		// Project Status Checks are only allowed for GitLab ultimate members so we will assume they are
 		// null if user does not have permissions.
 		if err != nil && resp.StatusCode != 404 && resp.StatusCode != 401 {
@@ -225,10 +228,8 @@ func makeBranchRefFrom(branch *gitlab.Branch, protectedBranch *gitlab.ProtectedB
 	projectApprovalRule *gitlab.ProjectApprovals,
 ) *clients.BranchRef {
 	requiresStatusChecks := newFalse()
-	if projectStatusChecks != nil {
-		if len(projectStatusChecks) > 0 {
-			requiresStatusChecks = newTrue()
-		}
+	if len(projectStatusChecks) > 0 {
+		requiresStatusChecks = newTrue()
 	}
 
 	statusChecksRule := clients.StatusChecksRule{

clients/gitlabrepo/client.go

@@ -52,7 +52,6 @@ type Client struct {
 	languages     *languagesHandler
 	ctx           context.Context
 	tarball       tarballHandler
-}
 
 // InitRepo sets up the GitLab project in local storage for improving performance and GitLab token usage efficiency.
 func (client *Client) InitRepo(inputRepo clients.Repo, commitSHA string) error {
@@ -119,10 +118,8 @@ func (client *Client) InitRepo(inputRepo clients.Repo, commitSHA string) error {
 	// Init languagesHandler
 	client.languages.init(client.repourl)
 
-	// Init tarballHandler.
+	// Init tarballHandler
 	client.tarball.init(client.ctx, client.repourl, client.repo, commitSHA)
-	return nil
-}
 
 func (client *Client) URI() string {
 	return fmt.Sprintf("%s/%s/%s", client.repourl.hostname, client.repourl.owner, client.repourl.projectID)

clients/gitlabrepo/commits.go

@@ -38,6 +38,8 @@ func (handler *commitsHandler) init(repourl *repoURL) {
 	handler.once = new(sync.Once)
 }
 
+
+// nolint: gocognit
 func (handler *commitsHandler) setup() error {
 	handler.once.Do(func() {
 		commits, _, err := handler.glClient.Commits.ListCommits(handler.repourl.projectID, &gitlab.ListCommitsOptions{})

clients/gitlabrepo/contributors.go

@@ -73,7 +73,6 @@ func (handler *contributorsHandler) setup() error {
 			}
 
 			// TODO: Handle many users of same name
-
 			if len(users) == 0 {
 				continue
 			}

cmd/package_managers_test.go

@@ -18,7 +18,7 @@ package cmd
 import (
 	"bytes"
 	"errors"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"testing"
 
@@ -143,7 +143,7 @@ func Test_fetchGitRepositoryFromNPM(t *testing.T) {
 
 					return &http.Response{
 						StatusCode: 200,
-						Body:       ioutil.NopCloser(bytes.NewBufferString(tt.args.result)),
+						Body:       io.NopCloser(bytes.NewBufferString(tt.args.result)),
 					}, nil
 				}).AnyTimes()
 			got, err := fetchGitRepositoryFromNPM(tt.args.packageName, p)
@@ -423,7 +423,7 @@ func Test_fetchGitRepositoryFromPYPI(t *testing.T) {
 
 					return &http.Response{
 						StatusCode: 200,
-						Body:       ioutil.NopCloser(bytes.NewBufferString(tt.args.result)),
+						Body:       io.NopCloser(bytes.NewBufferString(tt.args.result)),
 					}, nil
 				}).AnyTimes()
 			got, err := fetchGitRepositoryFromPYPI(tt.args.packageName, p)
@@ -692,7 +692,7 @@ func Test_fetchGitRepositoryFromRubyGems(t *testing.T) {
 
 					return &http.Response{
 						StatusCode: 200,
-						Body:       ioutil.NopCloser(bytes.NewBufferString(tt.args.result)),
+						Body:       io.NopCloser(bytes.NewBufferString(tt.args.result)),
 					}, nil
 				}).AnyTimes()
 			got, err := fetchGitRepositoryFromRubyGems(tt.args.packageName, p)

cmd/packagemanager_client.go

@@ -26,7 +26,7 @@ type packageManagerClient interface {
 
 type packageManager struct{}
 
-//nolint: noctx
+// nolint: noctx
 func (c *packageManager) Get(url, packageName string) (*http.Response, error) {
 	const timeout = 10
 	client := &http.Client{

cmd/serve.go

@@ -95,6 +95,7 @@ func serveCmd(o *options.Options) *cobra.Command {
 				port = "8080"
 			}
 			fmt.Printf("Listening on localhost:%s\n", port)
+			//nolint: gosec // unsused.
 			err = http.ListenAndServe(fmt.Sprintf("0.0.0.0:%s", port), nil)
 			if err != nil {
 				// TODO(log): Should this actually panic?

cron/internal/data/update/main.go

@@ -24,7 +24,8 @@ import (
 
 // Adds "project=${PROJECT},dependency=true" to the repositories metadata.
 // Args:
-//     file path to old_projects.csv new_projects.csv
+//
+//	file path to old_projects.csv new_projects.csv
 func main() {
 	if len(os.Args) != 3 {
 		panic("must provide 2 arguments")

cron/internal/webhook/main.go

@@ -81,6 +81,7 @@ func scriptHandler(w http.ResponseWriter, r *http.Request) {
 func main() {
 	http.HandleFunc("/", scriptHandler)
 	fmt.Printf("Starting HTTP server on port 8080 ...\n")
+	// nolint:gosec // internal server.
 	if err := http.ListenAndServe(":8080", nil); err != nil {
 		log.Fatal(err)
 	}

cron/internal/worker/main.go

@@ -50,7 +50,7 @@ const (
 
 var ignoreRuntimeErrors = flag.Bool("ignoreRuntimeErrors", false, "if set to true any runtime errors will be ignored")
 
-//nolint: gocognit
+// nolint: gocognit
 func processRequest(ctx context.Context,
 	batchRequest *data.ScorecardBatchRequest,
 	blacklistedChecks []string, bucketURL, rawBucketURL, apiBucketURL string,
@@ -267,6 +267,7 @@ func main() {
 	// Exposed for monitoring runtime profiles
 	go func() {
 		// TODO(log): Previously Fatal. Need to handle the error here.
+		//nolint: gosec // internal server.
 		logger.Info(fmt.Sprintf("%v", http.ListenAndServe(":8080", nil)))
 	}()
 

docs/checks/internal/generate/main.go

@@ -4,7 +4,7 @@
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
-//      http://www.apache.org/licenses/LICENSE-2.0
+//	http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,

docs/checks/internal/reader.go

@@ -27,6 +27,7 @@ import (
 var checksYAML []byte
 
 // Check stores a check's information.
+//
 //nolint:govet
 type Check struct {
 	Risk        string   `yaml:"risk"`

e2e/permissions_test.go

@@ -15,7 +15,6 @@ package e2e
 
 import (
 	"context"
-	"io/ioutil"
 	"os"
 
 	"github.com/go-git/go-git/v5"
@@ -85,7 +84,7 @@ var _ = Describe("E2E TEST:"+checks.CheckTokenPermissions, func() {
 		It("Should return token permission for a local repo client", func() {
 			dl := scut.TestDetailLogger{}
 
-			tmpDir, err := ioutil.TempDir("", "")
+			tmpDir, err := os.MkdirTemp("", "")
 			Expect(err).Should(BeNil())
 			defer os.RemoveAll(tmpDir)
 

pkg/json.go

@@ -24,7 +24,7 @@ import (
 	"github.com/ossf/scorecard/v4/log"
 )
 
-//nolint
+// nolint: govet
 type jsonCheckResult struct {
 	Name       string
 	Details    []string
@@ -45,7 +45,7 @@ type jsonCheckDocumentationV2 struct {
 	// Can be extended if needed.
 }
 
-//nolint
+// nolint: govet
 type jsonCheckResultV2 struct {
 	Details []string                 `json:"details"`
 	Score   int                      `json:"score"`
@@ -71,8 +71,9 @@ func (s jsonFloatScore) MarshalJSON() ([]byte, error) {
 	return []byte(fmt.Sprintf("%.1f", s)), nil
 }
 
-//nolint:govet
 // JSONScorecardResultV2 exports results as JSON for new detail format.
+//
+//nolint:govet
 type JSONScorecardResultV2 struct {
 	Date           string              `json:"date"`
 	Repo           jsonRepoV2          `json:"repo"`

pkg/scorecard_test.go

@@ -4,7 +4,7 @@
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
-//      http://www.apache.org/licenses/LICENSE-2.0
+//	http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,