generated: Run golangci-lint with fix: true

Signed-off-by: Stephen Augustus <[email protected]>

checker/client.go

@@ -32,7 +32,8 @@ func GetClients(ctx context.Context, repoURI, localURI string, logger *log.Logge
 	clients.RepoClient, // ossFuzzClient
 	clients.CIIBestPracticesClient, // ciiClient
 	clients.VulnerabilitiesClient, // vulnClient
-	error) {
+	error,
+) {
 	var githubRepo clients.Repo
 	if localURI != "" {
 		localRepo, errLocal := localdir.MakeLocalDirRepo(localURI)

checks/dangerous_workflow.go

@@ -109,7 +109,8 @@ func DangerousWorkflow(c *checker.CheckRequest) checker.CheckResult {
 // Check file content.
 var validateGitHubActionWorkflowPatterns fileparser.DoWhileTrueOnFileContent = func(path string,
 	content []byte,
-	args ...interface{}) (bool, error) {
+	args ...interface{},
+) (bool, error) {
 	if !fileparser.IsWorkflowFile(path) {
 		return true, nil
 	}
@@ -160,7 +161,8 @@ var validateGitHubActionWorkflowPatterns fileparser.DoWhileTrueOnFileContent = f
 }
 
 func validateSecretsInPullRequests(workflow *actionlint.Workflow, path string,
-	dl checker.DetailLogger, pdata *patternCbData) error {
+	dl checker.DetailLogger, pdata *patternCbData,
+) error {
 	triggers := make(map[triggerName]bool)
 
 	// We need pull request trigger.
@@ -194,7 +196,8 @@ func validateSecretsInPullRequests(workflow *actionlint.Workflow, path string,
 }
 
 func validateUntrustedCodeCheckout(workflow *actionlint.Workflow, path string,
-	dl checker.DetailLogger, pdata *patternCbData) error {
+	dl checker.DetailLogger, pdata *patternCbData,
+) error {
 	if !usesEventTrigger(workflow, triggerPullRequestTarget) {
 		return nil
 	}
@@ -229,7 +232,8 @@ func jobUsesEnvironment(job *actionlint.Job) bool {
 }
 
 func checkJobForUsedSecrets(job *actionlint.Job, triggers map[triggerName]bool,
-	path string, dl checker.DetailLogger, pdata *patternCbData) error {
+	path string, dl checker.DetailLogger, pdata *patternCbData,
+) error {
 	if job == nil {
 		return nil
 	}
@@ -271,7 +275,8 @@ func checkJobForUsedSecrets(job *actionlint.Job, triggers map[triggerName]bool,
 }
 
 func workflowUsesCodeCheckoutAndNoEnvironment(workflow *actionlint.Workflow,
-	triggers map[triggerName]bool) bool {
+	triggers map[triggerName]bool,
+) bool {
 	if workflow == nil {
 		return false
 	}
@@ -318,7 +323,8 @@ func jobUsesCodeCheckout(job *actionlint.Job) (bool, string) {
 }
 
 func checkJobForUntrustedCodeCheckout(job *actionlint.Job, path string,
-	dl checker.DetailLogger, pdata *patternCbData) error {
+	dl checker.DetailLogger, pdata *patternCbData,
+) error {
 	if job == nil {
 		return nil
 	}
@@ -359,7 +365,8 @@ func checkJobForUntrustedCodeCheckout(job *actionlint.Job, path string,
 }
 
 func validateScriptInjection(workflow *actionlint.Workflow, path string,
-	dl checker.DetailLogger, pdata *patternCbData) error {
+	dl checker.DetailLogger, pdata *patternCbData,
+) error {
 	for _, job := range workflow.Jobs {
 		if job == nil {
 			continue
@@ -382,7 +389,8 @@ func validateScriptInjection(workflow *actionlint.Workflow, path string,
 }
 
 func checkWorkflowSecretInEnv(workflow *actionlint.Workflow, triggers map[triggerName]bool,
-	path string, dl checker.DetailLogger, pdata *patternCbData) error {
+	path string, dl checker.DetailLogger, pdata *patternCbData,
+) error {
 	// We need code checkout and not environment rule protection.
 	if !workflowUsesCodeCheckoutAndNoEnvironment(workflow, triggers) {
 		return nil
@@ -392,7 +400,8 @@ func checkWorkflowSecretInEnv(workflow *actionlint.Workflow, triggers map[trigge
 }
 
 func checkSecretInEnv(env *actionlint.Env, path string,
-	dl checker.DetailLogger, pdata *patternCbData) error {
+	dl checker.DetailLogger, pdata *patternCbData,
+) error {
 	if env == nil {
 		return nil
 	}
@@ -406,7 +415,8 @@ func checkSecretInEnv(env *actionlint.Env, path string,
 }
 
 func checkSecretInRun(step *actionlint.Step, path string,
-	dl checker.DetailLogger, pdata *patternCbData) error {
+	dl checker.DetailLogger, pdata *patternCbData,
+) error {
 	if step == nil || step.Exec == nil {
 		return nil
 	}
@@ -421,7 +431,8 @@ func checkSecretInRun(step *actionlint.Step, path string,
 }
 
 func checkSecretInActionArgs(step *actionlint.Step, path string,
-	dl checker.DetailLogger, pdata *patternCbData) error {
+	dl checker.DetailLogger, pdata *patternCbData,
+) error {
 	if step == nil || step.Exec == nil {
 		return nil
 	}
@@ -442,7 +453,8 @@ func checkSecretInActionArgs(step *actionlint.Step, path string,
 }
 
 func checkSecretInScript(script string, pos *actionlint.Pos, path string,
-	dl checker.DetailLogger, pdata *patternCbData) error {
+	dl checker.DetailLogger, pdata *patternCbData,
+) error {
 	for {
 		s := strings.Index(script, "${{")
 		if s == -1 {
@@ -472,7 +484,8 @@ func checkSecretInScript(script string, pos *actionlint.Pos, path string,
 }
 
 func checkVariablesInScript(script string, pos *actionlint.Pos, path string,
-	dl checker.DetailLogger, pdata *patternCbData) error {
+	dl checker.DetailLogger, pdata *patternCbData,
+) error {
 	for {
 		s := strings.Index(script, "${{")
 		if s == -1 {
@@ -548,7 +561,8 @@ func createResultForDangerousWorkflowPatterns(result patternCbData, err error) c
 }
 
 func testValidateGitHubActionDangerousWorkflow(pathfn string,
-	content []byte, dl checker.DetailLogger) checker.CheckResult {
+	content []byte, dl checker.DetailLogger,
+) checker.CheckResult {
 	data := patternCbData{
 		workflowPattern: make(map[dangerousResults]bool),
 	}

checks/evaluation/binary_artifacts.go

@@ -21,7 +21,8 @@ import (
 
 // BinaryArtifacts applies the score policy for the Binary-Artifacts check.
 func BinaryArtifacts(name string, dl checker.DetailLogger,
-	r *checker.BinaryArtifactData) checker.CheckResult {
+	r *checker.BinaryArtifactData,
+) checker.CheckResult {
 	if r == nil {
 		e := sce.WithMessage(sce.ErrScorecardInternal, "empty raw data")
 		return checker.CreateRuntimeErrorResult(name, e)

checks/evaluation/branch_protection.go

@@ -49,7 +49,8 @@ type levelScore struct {
 
 // BranchProtection runs Branch-Protection check.
 func BranchProtection(name string, dl checker.DetailLogger,
-	r *checker.BranchProtectionsData) checker.CheckResult {
+	r *checker.BranchProtectionsData,
+) checker.CheckResult {
 	var scores []levelScore
 
 	// Check protections on all the branches.

checks/evaluation/code_review.go

@@ -30,7 +30,8 @@ var (
 
 // CodeReview applies the score policy for the Code-Review check.
 func CodeReview(name string, dl checker.DetailLogger,
-	r *checker.CodeReviewData) checker.CheckResult {
+	r *checker.CodeReviewData,
+) checker.CheckResult {
 	if r == nil {
 		e := sce.WithMessage(sce.ErrScorecardInternal, "empty raw data")
 		return checker.CreateRuntimeErrorResult(name, e)

checks/evaluation/dependency_update_tool.go

@@ -23,7 +23,8 @@ import (
 
 // DependencyUpdateTool applies the score policy for the Dependency-Update-Tool check.
 func DependencyUpdateTool(name string, dl checker.DetailLogger,
-	r *checker.DependencyUpdateToolData) checker.CheckResult {
+	r *checker.DependencyUpdateToolData,
+) checker.CheckResult {
 	if r == nil {
 		e := sce.WithMessage(sce.ErrScorecardInternal, "empty raw data")
 		return checker.CreateRuntimeErrorResult(name, e)

checks/evaluation/vulnerabilities.go

@@ -24,7 +24,8 @@ import (
 
 // Vulnerabilities applies the score policy for the Vulnerabilities check.
 func Vulnerabilities(name string, dl checker.DetailLogger,
-	r *checker.VulnerabilitiesData) checker.CheckResult {
+	r *checker.VulnerabilitiesData,
+) checker.CheckResult {
 	if r == nil {
 		e := sce.WithMessage(sce.ErrScorecardInternal, "empty raw data")
 		return checker.CreateRuntimeErrorResult(name, e)

checks/fileparser/github_workflow.go

@@ -332,7 +332,8 @@ type JobMatcherStep struct {
 
 // AnyJobsMatch returns true if any of the jobs have a match in the given workflow.
 func AnyJobsMatch(workflow *actionlint.Workflow, jobMatchers []JobMatcher, fp string, dl checker.DetailLogger,
-	logMsgNoMatch string) bool {
+	logMsgNoMatch string,
+) bool {
 	for _, job := range workflow.Jobs {
 		for _, matcher := range jobMatchers {
 			if !matcher.matches(job) {

checks/fileparser/listing.go

@@ -71,7 +71,8 @@ type DoWhileTrueOnFileContent func(path string, content []byte, args ...interfac
 // Continues iterating along the matched files until onFileContent returns
 // either a false value or an error.
 func OnMatchingFileContentDo(repoClient clients.RepoClient, matchPathTo PathMatcher,
-	onFileContent DoWhileTrueOnFileContent, args ...interface{}) error {
+	onFileContent DoWhileTrueOnFileContent, args ...interface{},
+) error {
 	predicate := func(filepath string) (bool, error) {
 		// Filter out test files.
 		if isTestdataFile(filepath) {

checks/permissions.go

@@ -92,7 +92,8 @@ func TokenPermissions(c *checker.CheckRequest) checker.CheckResult {
 // Check file content.
 var validateGitHubActionTokenPermissions fileparser.DoWhileTrueOnFileContent = func(path string,
 	content []byte,
-	args ...interface{}) (bool, error) {
+	args ...interface{},
+) (bool, error) {
 	if !fileparser.IsWorkflowFile(path) {
 		return true, nil
 	}
@@ -146,7 +147,8 @@ var validateGitHubActionTokenPermissions fileparser.DoWhileTrueOnFileContent = f
 
 func validatePermission(permissionKey permission, permissionValue *actionlint.PermissionScope,
 	permLevel, path string, dl checker.DetailLogger, pPermissions map[permission]bool,
-	ignoredPermissions map[permission]bool) error {
+	ignoredPermissions map[permission]bool,
+) error {
 	if permissionValue.Value == nil {
 		return sce.WithMessage(sce.ErrScorecardInternal, errInvalidGitHubWorkflow.Error())
 	}
@@ -188,7 +190,8 @@ func validatePermission(permissionKey permission, permissionValue *actionlint.Pe
 
 func validateMapPermissions(scopes map[string]*actionlint.PermissionScope, permLevel, path string,
 	dl checker.DetailLogger, pPermissions map[permission]bool,
-	ignoredPermissions map[permission]bool) error {
+	ignoredPermissions map[permission]bool,
+) error {
 	for key, v := range scopes {
 		if err := validatePermission(permission(key), v, permLevel, path, dl, pPermissions, ignoredPermissions); err != nil {
 			return err
@@ -223,7 +226,8 @@ func recordAllPermissionsWrite(p *permissionCbData, permLevel, path string) {
 
 func validatePermissions(permissions *actionlint.Permissions, permLevel, path string,
 	dl checker.DetailLogger, pdata *permissionCbData,
-	ignoredPermissions map[permission]bool) error {
+	ignoredPermissions map[permission]bool,
+) error {
 	allIsSet := permissions != nil && permissions.All != nil && permissions.All.Value != ""
 	scopeIsSet := permissions != nil && len(permissions.Scopes) > 0
 	if permissions == nil || (!allIsSet && !scopeIsSet) {
@@ -264,7 +268,8 @@ func validatePermissions(permissions *actionlint.Permissions, permLevel, path st
 }
 
 func validateTopLevelPermissions(workflow *actionlint.Workflow, path string,
-	dl checker.DetailLogger, pdata *permissionCbData) error {
+	dl checker.DetailLogger, pdata *permissionCbData,
+) error {
 	// Check if permissions are set explicitly.
 	if workflow.Permissions == nil {
 		dl.Warn(&checker.LogMessage{
@@ -283,7 +288,8 @@ func validateTopLevelPermissions(workflow *actionlint.Workflow, path string,
 
 func validatejobLevelPermissions(workflow *actionlint.Workflow, path string,
 	dl checker.DetailLogger, pdata *permissionCbData,
-	ignoredPermissions map[permission]bool) error {
+	ignoredPermissions map[permission]bool,
+) error {
 	for _, job := range workflow.Jobs {
 		// Run-level permissions may be left undefined.
 		// For most workflows, no write permissions are needed,

checks/permissions_test.go

@@ -30,7 +30,8 @@ type file struct {
 }
 
 func testValidateGitHubActionTokenPermissions(files []file,
-	dl checker.DetailLogger) checker.CheckResult {
+	dl checker.DetailLogger,
+) checker.CheckResult {
 	data := permissionCbData{
 		workflows: make(map[string]permissions),
 	}