[lint] Add golangci-lint automation + fix existing issues

deepfence · Nov 21, 2023 · 1076a69 · 1076a69
1 parent 662cd54
commit 1076a69
Show file tree

Hide file tree

Showing 21 changed files with 396 additions and 343 deletions.
diff --git a/.github/workflows/golang-linter.yaml b/.github/workflows/golang-linter.yaml
@@ -0,0 +1,54 @@
+name: golangci-lint
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+
+permissions:
+  contents: read
+  pull-requests: read
+
+jobs:
+  lint:
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          submodules: recursive
+          fetch-depth: "0"
+      - name: Install system deps
+        run: |
+          sudo apt-get update && sudo apt-get install -y --no-install-recommends \
+            build-essential \
+            dh-autoreconf \
+            libjansson-dev \
+            libmagic-dev \
+            pkg-config \
+            libpcap-dev \
+            libcap-dev \
+            curl \
+            bison
+      - name: Install yara
+        run: |
+          cd /tmp
+          wget https://github.com/VirusTotal/yara/archive/refs/tags/v4.3.2.tar.gz
+          tar -zxf v4.3.2.tar.gz
+          cd yara-4.3.2
+          ./bootstrap.sh
+          ./configure --prefix=$HOME/.local/yara --disable-dotnet --enable-magic --enable-cuckoo --disable-shared --enable-static
+          make -j$(nproc)
+          make install
+          cd $HOME/.local
+          tar -czf yara.tar.gz yara
+          export PKG_CONFIG_PATH="$HOME/.local/yara/lib/pkgconfig"
+
+      - uses: actions/setup-go@v4
+        with:
+          go-version: '1.21'
+          cache: false
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v3
+        with:
+          version: v1.55
+          only-new-issues: true
diff --git a/.golangci.yml b/.golangci.yml
@@ -0,0 +1,11 @@
+linters:
+  enable:
+  - stylecheck
+  - gocritic
+  # - dupl
+  - durationcheck
+  # - goconst
+  - gofmt
+  - goimports
+  # - misspell
+  # - nestif
diff --git a/constants/config.go b/constants/config.go
@@ -1,7 +1,7 @@
 package constants
 
 const (
-	PLUGIN_NAME            = "MalwareScanner"
+	PluginName             = "MalwareScanner"
 	TempDirSuffix          = "YaraHunter"
 	ExtractedImageFilesDir = "ExtractedFiles"
 )
diff --git a/constants/filelinux.go b/constants/filelinux.go
@@ -1,3 +1,4 @@
+//nolint:stylecheck
 package constants
 
 const (

diff --git a/core/match.go b/core/match.go
@@ -42,8 +42,8 @@ func IsSkippableFileExtension(excludedExtensions []string, path string) bool {
 }
 
 // UpdateDirsPermissionsRW Update permissions for dirs in container images, so that they can be properly deleted
-func UpdateDirsPermissionsRW(dir string) {
-	filepath.WalkDir(dir, func(path string, f os.DirEntry, err error) error {
+func UpdateDirsPermissionsRW(dir string) error {
+	return filepath.WalkDir(dir, func(path string, f os.DirEntry, err error) error {
 		if f.IsDir() {
 			err := os.Chmod(path, 0700)
 			if err != nil {

diff --git a/core/util.go b/core/util.go
@@ -22,15 +22,15 @@ import (
 // Error - Errors if any. Otherwise, returns nil
 func CreateRecursiveDir(completePath string) error {
 	if _, err := os.Stat(completePath); os.IsNotExist(err) {
-		log.Debug("Folder does not exist. Creating folder... %s", completePath)
+		log.Debugf("Folder does not exist. Creating folder... %s", completePath)
 		err = os.MkdirAll(completePath, os.ModePerm)
 		if err != nil {
 			log.Errorf("createRecursiveDir %q: %s", completePath, err)
 		}
 		return err
 	} else if err != nil {
 		log.Errorf("createRecursiveDir %q: %s. Deleting temp dir", completePath, err)
-		DeleteTmpDir(completePath)
+		_ = DeleteTmpDir(completePath)
 		return err
 	}
 
@@ -43,6 +43,7 @@ func CreateRecursiveDir(completePath string) error {
 // @returns
 // string - Sanitized string which can used as part of filename
 func getSanitizedString(imageName string) string {
+	//nolint:gocritic
 	reg, err := regexp.Compile("[^A-Za-z0-9]+")
 	if err != nil {
 		return "error"
@@ -51,13 +52,13 @@ func getSanitizedString(imageName string) string {
 	return sanitizedName
 }
 
-// GetJsonFilepath Return complete path and filename for json output file
+// GetJSONFilepath Return complete path and filename for json output file
 // @parameters
 // image - Name of the container image or dir, for which json filename and path will be created
 // @returns
 // string - Sanitized string which can used as path and filename of json output file
 // Error - Errors if path can't be created. Otherwise, returns nil
-func GetJsonFilepath(jsonFilename, outputPath string) (string, error) {
+func GetJSONFilepath(jsonFilename, outputPath string) (string, error) {
 	if jsonFilename == "" {
 		return "", nil
 	}
@@ -70,7 +71,7 @@ func GetJsonFilepath(jsonFilename, outputPath string) (string, error) {
 		}
 	}
 	jsonFilePath := filepath.Join(outputDir, jsonFilename)
-	log.Info("Complete json file path and name: %s", jsonFilePath)
+	log.Infof("Complete json file path and name: %s", jsonFilePath)
 	return jsonFilePath, nil
 }
 
@@ -82,11 +83,11 @@ func GetJsonFilepath(jsonFilename, outputPath string) (string, error) {
 // Error - Errors if any. Otherwise, returns nil
 func GetTmpDir(imageName, tempDirectory string) (string, error) {
 
-	var scanId string = "df_" + getSanitizedString(imageName)
+	scanID := "df_" + getSanitizedString(imageName)
 
-	tempPath := filepath.Join(tempDirectory, "Deepfence", constants.TempDirSuffix, scanId)
+	tempPath := filepath.Join(tempDirectory, "Deepfence", constants.TempDirSuffix, scanID)
 
-	//if runtime.GOOS == "windows" {
+	// if runtime.GOOS == "windows" {
 	//	tempPath = dir + "\temp\Deepfence\IOCScanning\df_" + scanId
 	//}
 

diff --git a/main.go b/main.go
@@ -57,18 +57,18 @@ func main() {
 
 	opts, err := config.ParseOptions()
 	if err != nil {
-		log.Fatal("main: failed to parse options: %v", err)
+		log.Panicf("main: failed to parse options: %v", err)
 	}
 	config, err := config.ParseConfig(*opts.ConfigPath)
 	if err != nil {
-		log.Fatal("main: failed to parse options: %v", err)
+		log.Panicf("main: failed to parse options: %v", err)
 	}
 
 	if *opts.EnableUpdater {
 		wg.Add(1)
-		err := runner.StartYaraHunterUpdater(*opts.ConfigPath, *opts.RulesPath, *opts.RulesListingUrl)
+		err := runner.StartYaraHunterUpdater(*opts.ConfigPath, *opts.RulesPath, *opts.RulesListingURL)
 		if err != nil {
-			log.Fatal("main: failed to serve: %v", err)
+			log.Panicf("main: failed to serve: %v", err)
 		}
 		go runner.ScheduleYaraHunterUpdater(opts, &wg)
 	}

diff --git a/pkg/config/config.go b/pkg/config/config.go
@@ -52,13 +52,13 @@ func ParseConfig(configPath string) (*Config, error) {
 	pathSeparator := string(os.PathSeparator)
 	var excludedPaths []string
 	for _, path := range config.ExcludedPaths {
-		excludedPaths = append(excludedPaths, strings.Replace(path, "{sep}", pathSeparator, -1))
+		excludedPaths = append(excludedPaths, strings.ReplaceAll(path, "{sep}", pathSeparator))
 	}
 	config.ExcludedPaths = excludedPaths
 
 	var excludedContainerPaths []string
 	for _, path := range config.ExcludedContainerPaths {
-		excludedContainerPaths = append(excludedContainerPaths, strings.Replace(path, "{sep}", pathSeparator, -1))
+		excludedContainerPaths = append(excludedContainerPaths, strings.ReplaceAll(path, "{sep}", pathSeparator))
 	}
 	config.ExcludedContainerPaths = excludedContainerPaths
 

diff --git a/pkg/config/options.go b/pkg/config/options.go
@@ -6,7 +6,7 @@ import (
 )
 
 const (
-	JsonOutput  = "json"
+	JSONOutput  = "json"
 	TableOutput = "table"
 )
 
@@ -20,22 +20,22 @@ type Options struct {
 	ConfigPath           *string
 	ImageName            *string
 	MaxIOC               *uint
-	ContainerId          *string
+	ContainerID          *string
 	ContainerNS          *string
 	SocketPath           *string
 	RulesPath            *string
 	FailOnCompileWarning *bool
 	WorkersPerScan       *int
 	InactiveThreshold    *int
 	OutFormat            *string
-	ConsoleUrl           *string
+	ConsoleURL           *string
 	ConsolePort          *int
 	DeepfenceKey         *string
 	FailOnCount          *int
 	FailOnHighCount      *int
 	FailOnMediumCount    *int
 	FailOnLowCount       *int
-	RulesListingUrl      *string
+	RulesListingURL      *string
 	EnableUpdater        *bool
 }
 
@@ -52,20 +52,20 @@ func ParseOptions() (*Options, error) {
 		ConfigPath:           flag.String("config-path", "", "Searches for config.yaml from given directory. If not set, tries to find it from YaraHunter binary's and current directory"),
 		ImageName:            flag.String("image-name", "", "Name of the image along with tag to scan for IOC"),
 		MaxIOC:               flag.Uint("max-ioc", 1000, "Maximum number of indicator of compromise to find in one container image or file system."),
-		ContainerId:          flag.String("container-id", "", "Id of existing container ID"),
+		ContainerID:          flag.String("container-id", "", "Id of existing container ID"),
 		ContainerNS:          flag.String("container-ns", "", "Namespace of existing container to scan, empty for docker runtime"),
 		SocketPath:           flag.String("socket-path", "", "The gRPC server unix socket path"),
 		WorkersPerScan:       flag.Int("workers-per-scan", 1, "Number of concurrent workers per scan"),
 		InactiveThreshold:    flag.Int("inactive-threshold", 600, "Threshold for Inactive scan in seconds"),
 		OutFormat:            flag.String("output", TableOutput, "Output format: json or table"),
-		ConsoleUrl:           flag.String("console-url", "", "Deepfence Management Console URL"),
+		ConsoleURL:           flag.String("console-url", "", "Deepfence Management Console URL"),
 		ConsolePort:          flag.Int("console-port", 443, "Deepfence Management Console Port"),
 		DeepfenceKey:         flag.String("deepfence-key", "", "Deepfence key for auth"),
 		FailOnCount:          flag.Int("fail-on-count", -1, "Exit with status 1 if number of malwares found is >= this value (Default: -1)"),
 		FailOnHighCount:      flag.Int("fail-on-high-count", -1, "Exit with status 1 if number of high malwares found is >= this value (Default: -1)"),
 		FailOnMediumCount:    flag.Int("fail-on-medium-count", -1, "Exit with status 1 if number of medium malwares found is >= this value (Default: -1)"),
 		FailOnLowCount:       flag.Int("fail-on-low-count", -1, "Exit with status 1 if number of low malwares found is >= this value (Default: -1)"),
-		RulesListingUrl:      flag.String("rules-listing-url", "https://threat-intel.deepfence.io/yara-rules/listing.json", "Deepfence threat intel yara rules listing (Default: threat-intel.deepfence.io/yara-rules/listing.json)"),
+		RulesListingURL:      flag.String("rules-listing-url", "https://threat-intel.deepfence.io/yara-rules/listing.json", "Deepfence threat intel yara rules listing (Default: threat-intel.deepfence.io/yara-rules/listing.json)"),
 		EnableUpdater:        flag.Bool("enable-updater", true, "Enable rules updater (Default: true)"),
 	}
 	flag.Parse()
@@ -96,7 +96,7 @@ func NewDefaultOptions() *Options {
 		ConfigPath:           &emptyValue,
 		ImageName:            &emptyValue,
 		MaxIOC:               &maxIOC,
-		ContainerId:          &emptyValue,
+		ContainerID:          &emptyValue,
 		ContainerNS:          &emptyValue,
 		SocketPath:           &emptyValue,
 	}

diff --git a/pkg/jobs/common.go b/pkg/jobs/common.go
@@ -3,17 +3,17 @@ package jobs
 import "sync/atomic"
 
 var (
-	running_jobs_num atomic.Int32
+	runningJobsNum atomic.Int32
 )
 
 func StartScanJob() {
-	running_jobs_num.Add(1)
+	runningJobsNum.Add(1)
 }
 
 func StopScanJob() {
-	running_jobs_num.Add(-1)
+	runningJobsNum.Add(-1)
 }
 
 func GetRunningJobCount() int32 {
-	return running_jobs_num.Load()
+	return runningJobsNum.Load()
 }