Merge pull request #389 from meshery/feat/security

Update ci configuration and fixed the code error and security issue

.github/workflows/ci.yml

@@ -20,16 +20,8 @@ jobs:
       - name: golangci-lint
         uses: golangci/golangci-lint-action@v3
         with:
-          # Required: the version of golangci-lint is required and must be specified without patch version: we always use the latest patch version.
-          version: v1.54
-
-          # Optional: working directory, useful for monorepos
-          # working-directory: somedir
-
-          # Optional: golangci-lint command line arguments.
-
-          # Optional: show only new issues if it's a pull request. The default value is `false`.
-          # only-new-issues: true
+          version: latest
+          args: --timeout=5m
   tests:
      name: Tests
      runs-on: ubuntu-latest

.golangci.yml

@@ -1,135 +1,64 @@
 linters-settings:
-  depguard:
-    list-type: blacklist
-    packages:
-      # logging is allowed only by logutils.Log, logrus
-      # is allowed to use only in logutils package
-      - github.com/sirupsen/logrus
-    packages-with-error-message:
-      - github.com/sirupsen/logrus: "logging is allowed only by logutils.Log"
-  dupl:
-    threshold: 100
-  exhaustive:
-    default-signifies-exhaustive: false
-  funlen:
-    lines: 100
-    statements: 50
   gci:
-    local-prefixes: github.com/golangci/golangci-lint
+    enabled: true
+    max-len: 120
+    line-length: 120
   goconst:
-    min-len: 2
-    min-occurrences: 2
+    enabled: true
   gocritic:
-    enabled-tags:
-      - diagnostic
-      - experimental
-      - opinionated
-      - performance
-      - style
-    disabled-checks:
-      - dupImport # https://github.com/go-critic/go-critic/issues/845
-      - ifElseChain
-      - octalLiteral
-      - whyNoLint
-      - wrapperFunc
-  gocyclo:
-    min-complexity: 15
-  goimports:
-    local-prefixes: github.com/golangci/golangci-lint
-  golint:
-    min-confidence: 0
-  gomnd:
-    settings:
-      mnd:
-        # don't include the "operation" and "assign"
-        checks: 
-          - argument
-          - case
-          - condition
-          - return
-  gosec:
-    settings:
-      exclude: -G204
+    enabled: true
+    disable:
+      - parallelize
+      - nesting
+      - hugeParam
+      - hugeStruct
+      - nestParam
+      - prealloc
   govet:
-    check-shadowing: false
-    settings:
-      printf:
-        funcs:
-          - (github.com/golangci/golangci-lint/pkg/logutils.Log).Infof
-          - (github.com/golangci/golangci-lint/pkg/logutils.Log).Warnf
-          - (github.com/golangci/golangci-lint/pkg/logutils.Log).Errorf
-          - (github.com/golangci/golangci-lint/pkg/logutils.Log).Fatalf
-  lll:
-    line-length: 950
-  maligned:
-    suggest-new: true
-  misspell:
-    # Correct spellings using locale preferences for US or UK.
-    # Setting locale to US will correct the British spelling of 'colour' to 'color'.
-    # Default is to use a neutral variety of English.
-    locale: US
-    ignore-words:
-      - eles
-  nolintlint:
-    allow-leading-space: true # don't require machine-readable nolint directives (i.e. with no leading space)
-    allow-unused: false # report any unused nolint directives
-    require-explanation: false # don't require an explanation for nolint directives
-    require-specific: false # don't require nolint directives to be specific about which linter is being skipped
+    enabled: true
+    check-shadowing: true
+    tests: true
+  golint:
+    enabled: true
+    min-confidence: 0.8
+  unused:
+    enabled: true
+    check-exported: true
+    check-packages: true
+    check-generated: true
+    tests: true
+    allow-unused-type-export: true
+  cyclop:
+    enabled: true
+    average-strictness: 7
+  scopelint:
+    enabled: true
+    tests: true
 
+
+# Configuration for golangci-lint that is suitable for a Kubernetes operator project built with Golang
 linters:
-  # please, do not use `enable-all`: it's deprecated and will be removed soon.
-  # inverted configuration with `enable-all` and `disable` is not scalable during updates of golangci-lint
-  disable-all: true
-  enable:
-    # todo[kushthedude]: commenting most of the checks as our code can't persist all of the changes, however we can plan further on code-quality after v1.0 release.
-    # - bodyclose
-    # - deadcode
-    - dogsled
-    - errcheck
-    # - exhaustive
-    # - funlen
-    # - goconst
-    # - gocritic
-    # - gocyclo
-    - gofmt
-    - goimports
-    # - revive
-    # todo[kusthedude]: restore gosec check, once this issue is resolved https://github.com/golangci/golangci-lint/issues/177
-    # - gosec
-    # - gomnd
-    # - goprintffuncname
-    # - gosimple
+  enable-all: false
+  disable-all: false
+  linters:
+    - gci
+    - goconst
+    - gocritic
     - govet
-    # - ineffassign
-    # - interfacer
-    - lll
-    - misspell
-    # - nakedret
-    # - nolintlint
-    # - rowserrcheck
-    # - scopelint
-    - staticcheck
-    # - structcheck
-    # - stylecheck
-    - typecheck
-    # - unconvert
-    # - unparam
-    # - unused
-    # - varcheck
-    - whitespace
-
-  # don't enable:
-  # - asciicheck
-  # - gochecknoglobals
-  # - gocognit
-  # - godot
-  # - godox
-  # - goerr113
-  # - maligned
-  # - nestif
-  # - prealloc
-  # - testpackage
-  # - wsl
+    - golint
+    - unused
+    - cyclop
+    - scopelint
+  exclude-rules:
+    - testpackage
 
 run:
   timeout: 5m
+  enable-cache: true
+  skip-dirs:
+    - vendor
+    - bundle
+    - config
+    - hack
+    - helpers
+    - img

cmd/errorutil/internal/coder/commands.go

@@ -106,11 +106,11 @@ func commandAnalyze() *cobra.Command {
 		Long:  `analyze analyzes a directory tree for error codes`,
 		Args:  cobra.MinimumNArgs(0),
 		RunE: func(cmd *cobra.Command, args []string) error {
-			globalFlags, err := getGlobalFlags(cmd)
+			gFlags, err := getGlobalFlags(cmd)
 			if err != nil {
 				return err
 			}
-			return walkSummarizeExport(globalFlags, false, false)
+			return walkSummarizeExport(gFlags, false, false)
 		},
 	}
 }
@@ -123,15 +123,15 @@ func commandUpdate() *cobra.Command {
 		Long:  "update replaces error codes where specified, and updates error details",
 		Args:  cobra.MinimumNArgs(0),
 		RunE: func(cmd *cobra.Command, args []string) error {
-			globalFlags, err := getGlobalFlags(cmd)
+			gFlags, err := getGlobalFlags(cmd)
 			if err != nil {
 				return err
 			}
-			updateAll, err := cmd.Flags().GetBool(forceUpdateAllCodesCmdFlag)
+			updateAll, err = cmd.Flags().GetBool(forceUpdateAllCodesCmdFlag)
 			if err != nil {
 				return err
 			}
-			return walkSummarizeExport(globalFlags, true, updateAll)
+			return walkSummarizeExport(gFlags, true, updateAll)
 		},
 	}
 	cmd.PersistentFlags().BoolVar(&updateAll, forceUpdateAllCodesCmdFlag, false, "Update and re-sequence all error codes.")

cmd/syncmodutil/internal/modsync/sync.go

@@ -51,8 +51,7 @@ func (g *GoMod) PrintReplacedVersions() {
 	}
 }
 func (g *GoMod) SyncRequire(f io.Reader, throwerr bool) (gomod string, err error) {
-	var b = make([]byte, 1000)
-	b, err = io.ReadAll(f)
+	b, err := io.ReadAll(f)
 	if err != nil {
 		return string(b), err
 	}
@@ -90,7 +89,6 @@ func (g *GoMod) SyncRequire(f io.Reader, throwerr bool) (gomod string, err error
 
 // NewGoMod takes an io.Reader to a go.mod and returns GoMod struct
 func New(f io.Reader) (*GoMod, error) {
-	var b = make([]byte, 1000)
 	b, err := io.ReadAll(f)
 	if err != nil {
 		return nil, err