From 11acdb1a67bf24d99ecb7767bbb4f73a2969e0af Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 12 Oct 2022 19:27:38 +0200 Subject: [PATCH 01/12] gha: update golangci-lint to v1.50 release notes: https://github.com/golangci/golangci-lint/releases/tag/v1.50.0 Signed-off-by: Sebastiaan van Stijn --- .github/workflows/validate.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 5134517..a07d81e 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -36,7 +36,7 @@ jobs: go-version: 1.19.x - uses: golangci/golangci-lint-action@v3 with: - version: v1.49 + version: v1.50 cross: runs-on: ubuntu-20.04 @@ -54,7 +54,7 @@ jobs: go-version: 1.19.x - uses: golangci/golangci-lint-action@v3 with: - version: v1.49 + version: v1.50 - name: test-stubs run: make test From e4a3457dec06794d05b7e5a8e9bc7a0d4b27853b Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 11 Oct 2022 14:12:53 +0200 Subject: [PATCH 02/12] golangci: enable govet shadow-check, remove whitespace, sort linters - The whitespace linter overlaps with gofumpt, so doesn't bring much. - Enable govet's shadow check to check for shadowed variables. - Add a short description to each linter. pkg/pwalk/pwalk_test.go:78:8: shadow: declaration of "err" shadows declaration at line 69 (govet) fi, err := os.CreateTemp(dir, "f-") ^ pkg/pwalkdir/pwalkdir_test.go:82:8: shadow: declaration of "err" shadows declaration at line 73 (govet) fi, err := os.CreateTemp(dir, "f-") ^ Signed-off-by: Sebastiaan van Stijn --- .golangci.yml | 18 ++++++++++++++---- pkg/pwalk/pwalk_test.go | 11 +++++------ pkg/pwalkdir/pwalkdir_test.go | 9 ++++----- 3 files changed, 23 insertions(+), 15 deletions(-) diff --git a/.golangci.yml b/.golangci.yml index b7bec81..f7cf4c9 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -4,7 +4,17 @@ run: deadline: 5m linters: enable: - - whitespace - - gocritic - - errorlint - - gofumpt + - errorlint # Detects code that may cause problems with Go 1.13 error wrapping. + - gocritic # Metalinter; detects bugs, performance, and styling issues. + - gofumpt # Detects whether code was gofumpt-ed. +linters-settings: + govet: + check-shadowing: true + settings: + shadow: + strict: true +issues: + exclude-rules: + - text: '^shadow: declaration of "err" shadows declaration' + linters: + - govet diff --git a/pkg/pwalk/pwalk_test.go b/pkg/pwalk/pwalk_test.go index 636de1c..86f2d68 100644 --- a/pkg/pwalk/pwalk_test.go +++ b/pkg/pwalk/pwalk_test.go @@ -75,11 +75,12 @@ func makeManyDirs(prefix string, levels, dirs, files int) (count int, err error) } count++ for f := 0; f < files; f++ { - fi, err := os.CreateTemp(dir, "f-") + var fi *os.File + fi, err = os.CreateTemp(dir, "f-") if err != nil { return count, err } - fi.Close() + _ = fi.Close() count++ } if levels == 0 { @@ -172,15 +173,13 @@ func BenchmarkWalk(b *testing.B) { walker := w.walker walkFn := bm.walk // preheat - err := w.walker(dir, bm.walk) - if err != nil { + if err := w.walker(dir, bm.walk); err != nil { b.Errorf("walk failed: %v", err) } // benchmark b.Run(bm.name+"/"+w.name, func(b *testing.B) { for i := 0; i < b.N; i++ { - err := walker(dir, walkFn) - if err != nil { + if err := walker(dir, walkFn); err != nil { b.Errorf("walk failed: %v", err) } } diff --git a/pkg/pwalkdir/pwalkdir_test.go b/pkg/pwalkdir/pwalkdir_test.go index a4da905..5f0a23c 100644 --- a/pkg/pwalkdir/pwalkdir_test.go +++ b/pkg/pwalkdir/pwalkdir_test.go @@ -79,7 +79,8 @@ func makeManyDirs(prefix string, levels, dirs, files int) (count int, err error) } count++ for f := 0; f < files; f++ { - fi, err := os.CreateTemp(dir, "f-") + var fi *os.File + fi, err = os.CreateTemp(dir, "f-") if err != nil { return count, err } @@ -176,15 +177,13 @@ func BenchmarkWalk(b *testing.B) { walker := w.walker walkFn := bm.walk // preheat - err := w.walker(dir, bm.walk) - if err != nil { + if err := w.walker(dir, bm.walk); err != nil { b.Errorf("walk failed: %v", err) } // benchmark b.Run(bm.name+"/"+w.name, func(b *testing.B) { for i := 0; i < b.N; i++ { - err := walker(dir, walkFn) - if err != nil { + if err := walker(dir, walkFn); err != nil { b.Errorf("walk failed: %v", err) } } From 46e6de39b3ed6fcbb82c76d777013e21d92d2bf8 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 11 Oct 2022 15:10:03 +0200 Subject: [PATCH 03/12] go-selinux: fix variable naming (revive) go-selinux/selinux_linux.go:1089:2: var-naming: don't use underscores in Go names; var exclude_paths should be excludePaths (revive) go-selinux/selinux_linux.go:622:1: receiver-naming: receiver name l1 should be consistent with previous receiver name l for level (revive) Signed-off-by: Sebastiaan van Stijn --- go-selinux/selinux_linux.go | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/go-selinux/selinux_linux.go b/go-selinux/selinux_linux.go index 305524e..90702fb 100644 --- a/go-selinux/selinux_linux.go +++ b/go-selinux/selinux_linux.go @@ -607,17 +607,17 @@ func bitsetToStr(c *big.Int) string { return str } -func (l1 *level) equal(l2 *level) bool { - if l2 == nil || l1 == nil { - return l1 == l2 +func (l *level) equal(l2 *level) bool { + if l2 == nil || l == nil { + return l == l2 } - if l1.sens != l2.sens { + if l2.sens != l.sens { return false } - if l2.cats == nil || l1.cats == nil { - return l2.cats == l1.cats + if l2.cats == nil || l.cats == nil { + return l2.cats == l.cats } - return l1.cats.Cmp(l2.cats) == 0 + return l.cats.Cmp(l2.cats) == 0 } // String returns an mlsRange as a string. @@ -1046,7 +1046,7 @@ func chcon(fpath string, label string, recurse bool) error { return nil } - exclude_paths := map[string]bool{ + excludePaths := map[string]bool{ "/": true, "/bin": true, "/boot": true, @@ -1074,19 +1074,19 @@ func chcon(fpath string, label string, recurse bool) error { } if home := os.Getenv("HOME"); home != "" { - exclude_paths[home] = true + excludePaths[home] = true } if sudoUser := os.Getenv("SUDO_USER"); sudoUser != "" { if usr, err := user.Lookup(sudoUser); err == nil { - exclude_paths[usr.HomeDir] = true + excludePaths[usr.HomeDir] = true } } if fpath != "/" { fpath = strings.TrimSuffix(fpath, "/") } - if exclude_paths[fpath] { + if excludePaths[fpath] { return fmt.Errorf("SELinux relabeling of %s is not allowed", fpath) } From f2c3ea100b063d7ff308b5c374bf49b15b96db5a Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 11 Oct 2022 15:16:15 +0200 Subject: [PATCH 04/12] go-selinux: rename InvalidLabel to ErrInvalidLabel (revive) go-selinux/selinux.go:27:2: error-naming: error var InvalidLabel should have name of the form ErrFoo (revive) Signed-off-by: Sebastiaan van Stijn --- go-selinux/selinux.go | 7 ++++++- go-selinux/selinux_linux.go | 2 +- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/go-selinux/selinux.go b/go-selinux/selinux.go index 8b23f94..a9bb36a 100644 --- a/go-selinux/selinux.go +++ b/go-selinux/selinux.go @@ -23,8 +23,13 @@ var ( // ErrEmptyPath is returned when an empty path has been specified. ErrEmptyPath = errors.New("empty path") + // ErrInvalidLabel is returned when an invalid label is specified. + ErrInvalidLabel = errors.New("invalid Label") + // InvalidLabel is returned when an invalid label is specified. - InvalidLabel = errors.New("Invalid Label") + // + // Deprecated: use [ErrInvalidLabel]. + InvalidLabel = ErrInvalidLabel // ErrIncomparable is returned two levels are not comparable ErrIncomparable = errors.New("incomparable levels") diff --git a/go-selinux/selinux_linux.go b/go-selinux/selinux_linux.go index 90702fb..9abff8b 100644 --- a/go-selinux/selinux_linux.go +++ b/go-selinux/selinux_linux.go @@ -748,7 +748,7 @@ func newContext(label string) (Context, error) { if len(label) != 0 { con := strings.SplitN(label, ":", 4) if len(con) < 3 { - return c, InvalidLabel + return c, ErrInvalidLabel } c["user"] = con[0] c["role"] = con[1] From e528b8994a008b7b073cfede6e9ef5c42cfbf210 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 11 Oct 2022 15:24:07 +0200 Subject: [PATCH 05/12] golangci: enable revive Signed-off-by: Sebastiaan van Stijn --- .golangci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.golangci.yml b/.golangci.yml index f7cf4c9..b732fd7 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -7,6 +7,7 @@ linters: - errorlint # Detects code that may cause problems with Go 1.13 error wrapping. - gocritic # Metalinter; detects bugs, performance, and styling issues. - gofumpt # Detects whether code was gofumpt-ed. + - revive # Metalinter; drop-in replacement for golint. linters-settings: govet: check-shadowing: true From 0f6292837af991803ea795b84d0e4078756d55d6 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 12 Oct 2022 17:30:34 +0200 Subject: [PATCH 06/12] golangci: enable dupword Signed-off-by: Sebastiaan van Stijn --- .golangci.yml | 1 + go-selinux/selinux.go | 6 +++--- go-selinux/selinux_linux.go | 4 ++-- go-selinux/selinux_linux_test.go | 1 + 4 files changed, 7 insertions(+), 5 deletions(-) diff --git a/.golangci.yml b/.golangci.yml index b732fd7..0edca48 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -4,6 +4,7 @@ run: deadline: 5m linters: enable: + - dupword # Detects duplicate words. - errorlint # Detects code that may cause problems with Go 1.13 error wrapping. - gocritic # Metalinter; detects bugs, performance, and styling issues. - gofumpt # Detects whether code was gofumpt-ed. diff --git a/go-selinux/selinux.go b/go-selinux/selinux.go index a9bb36a..fa3d62f 100644 --- a/go-selinux/selinux.go +++ b/go-selinux/selinux.go @@ -163,7 +163,7 @@ func SetTaskLabel(label string) error { // SetSocketLabel takes a process label and tells the kernel to assign the // label to the next socket that gets created. Calls to SetSocketLabel // should be wrapped in runtime.LockOSThread()/runtime.UnlockOSThread() until -// the the socket is created to guarantee another goroutine does not migrate +// the socket is created to guarantee another goroutine does not migrate // to the current thread before execution is complete. func SetSocketLabel(label string) error { return writeCon(attrPath("sockcreate"), label) @@ -225,7 +225,7 @@ func SetEnforceMode(mode int) error { } // DefaultEnforceMode returns the systems default SELinux mode Enforcing, -// Permissive or Disabled. Note this is is just the default at boot time. +// Permissive or Disabled. Note this is just the default at boot time. // EnforceMode tells you the systems current mode. func DefaultEnforceMode() int { return defaultEnforceMode() @@ -271,7 +271,7 @@ func CopyLevel(src, dest string) (string, error) { return copyLevel(src, dest) } -// Chcon changes the fpath file object to the SELinux label label. +// Chcon changes the fpath file object to the SELinux label. // If fpath is a directory and recurse is true, then Chcon walks the // directory tree setting the label. // diff --git a/go-selinux/selinux_linux.go b/go-selinux/selinux_linux.go index 9abff8b..92cc02a 100644 --- a/go-selinux/selinux_linux.go +++ b/go-selinux/selinux_linux.go @@ -803,7 +803,7 @@ func setEnforceMode(mode int) error { } // defaultEnforceMode returns the systems default SELinux mode Enforcing, -// Permissive or Disabled. Note this is is just the default at boot time. +// Permissive or Disabled. Note this is just the default at boot time. // EnforceMode tells you the systems current mode. func defaultEnforceMode() int { switch readConfig(selinuxTag) { @@ -1035,7 +1035,7 @@ func copyLevel(src, dest string) (string, error) { return tcon.Get(), nil } -// chcon changes the fpath file object to the SELinux label label. +// chcon changes the fpath file object to the SELinux label. // If fpath is a directory and recurse is true, then chcon walks the // directory tree setting the label. func chcon(fpath string, label string, recurse bool) error { diff --git a/go-selinux/selinux_linux_test.go b/go-selinux/selinux_linux_test.go index 7dc1fe6..ce4db36 100644 --- a/go-selinux/selinux_linux_test.go +++ b/go-selinux/selinux_linux_test.go @@ -186,6 +186,7 @@ func TestCanonicalizeContext(t *testing.T) { } func TestFindSELinuxfsInMountinfo(t *testing.T) { + //nolint:dupword // ignore duplicate words (sysfs sysfs) const mountinfo = `18 62 0:17 / /sys rw,nosuid,nodev,noexec,relatime shared:6 - sysfs sysfs rw,seclabel 19 62 0:3 / /proc rw,nosuid,nodev,noexec,relatime shared:5 - proc proc rw 20 62 0:5 / /dev rw,nosuid shared:2 - devtmpfs devtmpfs rw,seclabel,size=3995472k,nr_inodes=998868,mode=755 From f7275d531bbdeae62cdb7702ae02d4aa0e8a6e98 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 12 Oct 2022 17:41:57 +0200 Subject: [PATCH 07/12] golangci: enable various additional linters Signed-off-by: Sebastiaan van Stijn --- .golangci.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.golangci.yml b/.golangci.yml index 0edca48..be523a8 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -6,9 +6,19 @@ linters: enable: - dupword # Detects duplicate words. - errorlint # Detects code that may cause problems with Go 1.13 error wrapping. + - exportloopref # Detects pointers to enclosing loop variables. - gocritic # Metalinter; detects bugs, performance, and styling issues. - gofumpt # Detects whether code was gofumpt-ed. + - misspell # Detects commonly misspelled English words in comments. + - nilerr # Detects code that returns nil even if it checks that the error is not nil. + - nolintlint # Detects ill-formed or insufficient nolint directives. + - prealloc # Detects slice declarations that could potentially be pre-allocated. + - predeclared # Detects code that shadows one of Go's predeclared identifiers - revive # Metalinter; drop-in replacement for golint. + - tenv # Detects using os.Setenv instead of t.Setenv. + - thelper # Detects test helpers without t.Helper(). + - tparallel # Detects inappropriate usage of t.Parallel(). + - unconvert # Detects unnecessary type conversions. linters-settings: govet: check-shadowing: true From c249d6bd18a54e880f348b115df938a6881ee197 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 12 Oct 2022 17:50:35 +0200 Subject: [PATCH 08/12] golangci: show all linting issues By default, output is limited to 50 issues per linter, and 3 "same" issues. When enabling a new linter, this requires multiple runs of the linter to get a list of all issues. Let's assume we don't introduce "many" new issues at a time, and just show all the issues that were found. Signed-off-by: Sebastiaan van Stijn --- .golangci.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.golangci.yml b/.golangci.yml index be523a8..b176cb7 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -26,6 +26,8 @@ linters-settings: shadow: strict: true issues: + max-issues-per-linter: 0 + max-same-issues: 0 exclude-rules: - text: '^shadow: declaration of "err" shadows declaration' linters: From 40803ccdcccb306a83812aa0c5c5c6fb57e989d2 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 12 Oct 2022 18:05:54 +0200 Subject: [PATCH 09/12] golangci: enable gosec linter Signed-off-by: Sebastiaan van Stijn --- .golangci.yml | 1 + go-selinux/selinux_linux.go | 2 ++ pkg/pwalk/pwalk_test.go | 2 +- pkg/pwalkdir/pwalkdir_test.go | 2 +- 4 files changed, 5 insertions(+), 2 deletions(-) diff --git a/.golangci.yml b/.golangci.yml index b176cb7..76c8edf 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -9,6 +9,7 @@ linters: - exportloopref # Detects pointers to enclosing loop variables. - gocritic # Metalinter; detects bugs, performance, and styling issues. - gofumpt # Detects whether code was gofumpt-ed. + - gosec # Detects security problems. - misspell # Detects commonly misspelled English words in comments. - nilerr # Detects code that returns nil even if it checks that the error is not nil. - nolintlint # Detects ill-formed or insufficient nolint directives. diff --git a/go-selinux/selinux_linux.go b/go-selinux/selinux_linux.go index 92cc02a..8c5b528 100644 --- a/go-selinux/selinux_linux.go +++ b/go-selinux/selinux_linux.go @@ -799,6 +799,7 @@ func enforceMode() int { // setEnforceMode sets the current SELinux mode Enforcing, Permissive. // Disabled is not valid, since this needs to be set at boot time. func setEnforceMode(mode int) error { + //nolint:gosec // ignore G306: permissions to be 0600 or less. return os.WriteFile(selinuxEnforcePath(), []byte(strconv.Itoa(mode)), 0o644) } @@ -1006,6 +1007,7 @@ func addMcs(processLabel, fileLabel string) (string, string) { // securityCheckContext validates that the SELinux label is understood by the kernel func securityCheckContext(val string) error { + //nolint:gosec // ignore G306: permissions to be 0600 or less. return os.WriteFile(filepath.Join(getSelinuxMountPoint(), "context"), []byte(val), 0o644) } diff --git a/pkg/pwalk/pwalk_test.go b/pkg/pwalk/pwalk_test.go index 86f2d68..8146b0b 100644 --- a/pkg/pwalk/pwalk_test.go +++ b/pkg/pwalk/pwalk_test.go @@ -212,6 +212,6 @@ func cbReadFile(path string, info os.FileInfo, _ error) error { } func cbRandomSleep(_ string, _ os.FileInfo, _ error) error { - time.Sleep(time.Duration(rand.Intn(500)) * time.Microsecond) + time.Sleep(time.Duration(rand.Intn(500)) * time.Microsecond) //nolint:gosec // ignore G404: Use of weak random number generator return nil } diff --git a/pkg/pwalkdir/pwalkdir_test.go b/pkg/pwalkdir/pwalkdir_test.go index 5f0a23c..8abbb8d 100644 --- a/pkg/pwalkdir/pwalkdir_test.go +++ b/pkg/pwalkdir/pwalkdir_test.go @@ -216,6 +216,6 @@ func cbReadFile(path string, e fs.DirEntry, _ error) error { } func cbRandomSleep(_ string, _ fs.DirEntry, _ error) error { - time.Sleep(time.Duration(rand.Intn(500)) * time.Microsecond) + time.Sleep(time.Duration(rand.Intn(500)) * time.Microsecond) //nolint:gosec // ignore G404: Use of weak random number generator return nil } From c4c67f48db9bf9ac7640778247d9dd0a26705fe0 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Thu, 13 Oct 2022 22:28:03 +0200 Subject: [PATCH 10/12] pkg/(pwalk|pwalkdir): fix fieldalignment (govet) pkg/pwalk/pwalk.go:120:15: fieldalignment: struct with 24 pointer bytes could be 16 (govet) type walkArgs struct { ^ pkg/pwalk/pwalk_test.go:136:18: fieldalignment: struct with 24 pointer bytes could be 16 (govet) benchmarks := []struct { ^ pkg/pwalk/pwalk_test.go:146:15: fieldalignment: struct with 24 pointer bytes could be 16 (govet) walkers := []struct { ^ pkg/pwalkdir/pwalkdir.go:113:15: fieldalignment: struct with 32 pointer bytes could be 24 (govet) type walkArgs struct { ^ pkg/pwalkdir/pwalkdir_test.go:140:18: fieldalignment: struct with 24 pointer bytes could be 16 (govet) benchmarks := []struct { ^ pkg/pwalkdir/pwalkdir_test.go:150:15: fieldalignment: struct with 24 pointer bytes could be 16 (govet) walkers := []struct { ^ Signed-off-by: Sebastiaan van Stijn --- pkg/pwalk/pwalk.go | 2 +- pkg/pwalk/pwalk_test.go | 34 +++++++++++++++++----------------- pkg/pwalkdir/pwalkdir.go | 2 +- pkg/pwalkdir/pwalkdir_test.go | 34 +++++++++++++++++----------------- 4 files changed, 36 insertions(+), 36 deletions(-) diff --git a/pkg/pwalk/pwalk.go b/pkg/pwalk/pwalk.go index ff4909a..a28b4c4 100644 --- a/pkg/pwalk/pwalk.go +++ b/pkg/pwalk/pwalk.go @@ -118,6 +118,6 @@ func WalkN(root string, walkFn WalkFunc, num int) error { // walkArgs holds the arguments that were passed to the Walk or WalkN // functions. type walkArgs struct { - path string info *os.FileInfo + path string } diff --git a/pkg/pwalk/pwalk_test.go b/pkg/pwalk/pwalk_test.go index 8146b0b..bf50613 100644 --- a/pkg/pwalk/pwalk_test.go +++ b/pkg/pwalk/pwalk_test.go @@ -134,31 +134,31 @@ func BenchmarkWalk(b *testing.B) { ) benchmarks := []struct { - name string walk filepath.WalkFunc + name string }{ - {"Empty", cbEmpty}, - {"ReadFile", cbReadFile}, - {"ChownChmod", cbChownChmod}, - {"RandomSleep", cbRandomSleep}, + {name: "Empty", walk: cbEmpty}, + {name: "ReadFile", walk: cbReadFile}, + {name: "ChownChmod", walk: cbChownChmod}, + {name: "RandomSleep", walk: cbRandomSleep}, } walkers := []struct { - name string walker walkerFunc + name string }{ - {"filepath.Walk", filepath.Walk}, - {"pwalk.Walk", Walk}, + {name: "filepath.Walk", walker: filepath.Walk}, + {name: "pwalk.Walk", walker: Walk}, // test WalkN with various values of N - {"pwalk.Walk1", genWalkN(1)}, - {"pwalk.Walk2", genWalkN(2)}, - {"pwalk.Walk4", genWalkN(4)}, - {"pwalk.Walk8", genWalkN(8)}, - {"pwalk.Walk16", genWalkN(16)}, - {"pwalk.Walk32", genWalkN(32)}, - {"pwalk.Walk64", genWalkN(64)}, - {"pwalk.Walk128", genWalkN(128)}, - {"pwalk.Walk256", genWalkN(256)}, + {name: "pwalk.Walk1", walker: genWalkN(1)}, + {name: "pwalk.Walk2", walker: genWalkN(2)}, + {name: "pwalk.Walk4", walker: genWalkN(4)}, + {name: "pwalk.Walk8", walker: genWalkN(8)}, + {name: "pwalk.Walk16", walker: genWalkN(16)}, + {name: "pwalk.Walk32", walker: genWalkN(32)}, + {name: "pwalk.Walk64", walker: genWalkN(64)}, + {name: "pwalk.Walk128", walker: genWalkN(128)}, + {name: "pwalk.Walk256", walker: genWalkN(256)}, } dir, total, err := prepareTestSet(levels, dirs, files) diff --git a/pkg/pwalkdir/pwalkdir.go b/pkg/pwalkdir/pwalkdir.go index a5796b2..0f5d9f5 100644 --- a/pkg/pwalkdir/pwalkdir.go +++ b/pkg/pwalkdir/pwalkdir.go @@ -111,6 +111,6 @@ func WalkN(root string, walkFn fs.WalkDirFunc, num int) error { // walkArgs holds the arguments that were passed to the Walk or WalkN // functions. type walkArgs struct { - path string entry fs.DirEntry + path string } diff --git a/pkg/pwalkdir/pwalkdir_test.go b/pkg/pwalkdir/pwalkdir_test.go index 8abbb8d..c173001 100644 --- a/pkg/pwalkdir/pwalkdir_test.go +++ b/pkg/pwalkdir/pwalkdir_test.go @@ -138,31 +138,31 @@ func BenchmarkWalk(b *testing.B) { ) benchmarks := []struct { - name string walk fs.WalkDirFunc + name string }{ - {"Empty", cbEmpty}, - {"ReadFile", cbReadFile}, - {"ChownChmod", cbChownChmod}, - {"RandomSleep", cbRandomSleep}, + {name: "Empty", walk: cbEmpty}, + {name: "ReadFile", walk: cbReadFile}, + {name: "ChownChmod", walk: cbChownChmod}, + {name: "RandomSleep", walk: cbRandomSleep}, } walkers := []struct { - name string walker walkerFunc + name string }{ - {"filepath.WalkDir", filepath.WalkDir}, - {"pwalkdir.Walk", Walk}, + {name: "filepath.WalkDir", walker: filepath.WalkDir}, + {name: "pwalkdir.Walk", walker: Walk}, // test WalkN with various values of N - {"pwalkdir.Walk1", genWalkN(1)}, - {"pwalkdir.Walk2", genWalkN(2)}, - {"pwalkdir.Walk4", genWalkN(4)}, - {"pwalkdir.Walk8", genWalkN(8)}, - {"pwalkdir.Walk16", genWalkN(16)}, - {"pwalkdir.Walk32", genWalkN(32)}, - {"pwalkdir.Walk64", genWalkN(64)}, - {"pwalkdir.Walk128", genWalkN(128)}, - {"pwalkdir.Walk256", genWalkN(256)}, + {name: "pwalkdir.Walk1", walker: genWalkN(1)}, + {name: "pwalkdir.Walk2", walker: genWalkN(2)}, + {name: "pwalkdir.Walk4", walker: genWalkN(4)}, + {name: "pwalkdir.Walk8", walker: genWalkN(8)}, + {name: "pwalkdir.Walk16", walker: genWalkN(16)}, + {name: "pwalkdir.Walk32", walker: genWalkN(32)}, + {name: "pwalkdir.Walk64", walker: genWalkN(64)}, + {name: "pwalkdir.Walk128", walker: genWalkN(128)}, + {name: "pwalkdir.Walk256", walker: genWalkN(256)}, } dir, total, err := prepareTestSet(levels, dirs, files) From 3e945d50e76be298c1fef852a5b73b09f7893c28 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Sun, 16 Oct 2022 22:26:39 +0200 Subject: [PATCH 11/12] go-selinux: fix fieldalignment (govet) go-selinux/selinux_linux.go:37:19: fieldalignment: struct with 40 pointer bytes could be 16 (govet) type selinuxState struct { ^ go-selinux/selinux_linux.go:46:12: fieldalignment: struct with 16 pointer bytes could be 8 (govet) type level struct { ^ go-selinux/selinux_linux.go:56:19: fieldalignment: struct with 88 pointer bytes could be 80 (govet) type defaultSECtx struct { ^ go-selinux/selinux_linux_test.go:310:13: fieldalignment: struct with 64 pointer bytes could be 56 (govet) tests := []struct { ^ Signed-off-by: Sebastiaan van Stijn --- go-selinux/selinux_linux.go | 16 ++++++++-------- go-selinux/selinux_linux_test.go | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/go-selinux/selinux_linux.go b/go-selinux/selinux_linux.go index 8c5b528..373e501 100644 --- a/go-selinux/selinux_linux.go +++ b/go-selinux/selinux_linux.go @@ -35,17 +35,17 @@ const ( ) type selinuxState struct { + mcsList map[string]bool + selinuxfs string + selinuxfsOnce sync.Once enabledSet bool enabled bool - selinuxfsOnce sync.Once - selinuxfs string - mcsList map[string]bool sync.Mutex } type level struct { - sens uint cats *big.Int + sens uint } type mlsRange struct { @@ -54,10 +54,10 @@ type mlsRange struct { } type defaultSECtx struct { - user, level, scon string - userRdr, defaultRdr io.Reader - - verifier func(string) error + userRdr io.Reader + verifier func(string) error + defaultRdr io.Reader + user, level, scon string } type levelItem byte diff --git a/go-selinux/selinux_linux_test.go b/go-selinux/selinux_linux_test.go index ce4db36..faf0120 100644 --- a/go-selinux/selinux_linux_test.go +++ b/go-selinux/selinux_linux_test.go @@ -308,10 +308,10 @@ func TestComputeCreateContext(t *testing.T) { func TestGlbLub(t *testing.T) { tests := []struct { + expectedErr error sourceRange string targetRange string expectedRange string - expectedErr error }{ { sourceRange: "s0:c0.c100-s10:c0.c150", From ba8946ade8b33cdc7d782680aaf2c03f237c692f Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Sun, 16 Oct 2022 22:11:24 +0200 Subject: [PATCH 12/12] golangci-lint: enable all govet checks Signed-off-by: Sebastiaan van Stijn --- .golangci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.golangci.yml b/.golangci.yml index 76c8edf..a570a2e 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -23,6 +23,7 @@ linters: linters-settings: govet: check-shadowing: true + enable-all: true settings: shadow: strict: true