Fix some linting warnings

helpers.go

@@ -182,7 +182,7 @@ func GetCallInfo(n ast.Node, ctx *Context) (string, string, error) {
 }
 
 // GetCallStringArgsValues returns the values of strings arguments if they can be resolved
-func GetCallStringArgsValues(n ast.Node, ctx *Context) []string {
+func GetCallStringArgsValues(n ast.Node, _ *Context) []string {
 	values := []string{}
 	switch node := n.(type) {
 	case *ast.CallExpr:

import_tracker.go

@@ -51,9 +51,7 @@ func (t *ImportTracker) TrackPackages(pkgs ...*types.Package) {
 func (t *ImportTracker) TrackImport(imported *ast.ImportSpec) {
 	importPath := strings.Trim(imported.Path.Value, `"`)
 	if imported.Name != nil {
-		if imported.Name.Name == "_" {
-			// Initialization only import
-		} else {
+		if imported.Name.Name != "_" {
 			// Aliased import
 			t.Imported[importPath] = append(t.Imported[importPath], imported.Name.String())
 		}

report/formatter_test.go

@@ -288,10 +288,10 @@ var _ = Describe("Formatter", func() {
 			for _, rule := range grules {
 				cwe := issue.GetCweByRule(rule)
 				newissue := createIssue(rule, cwe)
-				error := map[string][]gosec.Error{}
+				errors := map[string][]gosec.Error{}
 
 				buf := new(bytes.Buffer)
-				reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, error)
+				reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, errors)
 				err := CreateReport(buf, "csv", false, []string{}, reportInfo)
 				Expect(err).ShouldNot(HaveOccurred())
 				pattern := "/home/src/project/test.go,1,test,HIGH,HIGH,1: testcode,CWE-%s\n"
@@ -303,10 +303,10 @@ var _ = Describe("Formatter", func() {
 			for _, rule := range grules {
 				cwe := issue.GetCweByRule(rule)
 				newissue := createIssue(rule, cwe)
-				error := map[string][]gosec.Error{}
+				errors := map[string][]gosec.Error{}
 
 				buf := new(bytes.Buffer)
-				reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{NumFiles: 0, NumLines: 0, NumNosec: 0, NumFound: 0}, error).WithVersion("v2.7.0")
+				reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{NumFiles: 0, NumLines: 0, NumNosec: 0, NumFound: 0}, errors).WithVersion("v2.7.0")
 				err := CreateReport(buf, "xml", false, []string{}, reportInfo)
 				Expect(err).ShouldNot(HaveOccurred())
 				pattern := "Results:\n\n\n[/home/src/project/test.go:1] - %s (CWE-%s): test (Confidence: HIGH, Severity: HIGH)\n  > 1: testcode\n\n\n\nSummary:\n  Gosec  : v2.7.0\n  Files  : 0\n  Lines  : 0\n  Nosec  : 0\n  Issues : 0\n\n"
@@ -318,7 +318,7 @@ var _ = Describe("Formatter", func() {
 			for _, rule := range grules {
 				cwe := issue.GetCweByRule(rule)
 				newissue := createIssue(rule, cwe)
-				error := map[string][]gosec.Error{}
+				errors := map[string][]gosec.Error{}
 
 				data := createReportInfo(rule, cwe)
 
@@ -327,7 +327,7 @@ var _ = Describe("Formatter", func() {
 				err := enc.Encode(data)
 				Expect(err).ShouldNot(HaveOccurred())
 				buf := new(bytes.Buffer)
-				reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, error)
+				reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, errors)
 				err = CreateReport(buf, "json", false, []string{}, reportInfo)
 				Expect(err).ShouldNot(HaveOccurred())
 				result := stripString(buf.String())
@@ -339,7 +339,7 @@ var _ = Describe("Formatter", func() {
 			for _, rule := range grules {
 				cwe := issue.GetCweByRule(rule)
 				newissue := createIssue(rule, cwe)
-				error := map[string][]gosec.Error{}
+				errors := map[string][]gosec.Error{}
 
 				data := createReportInfo(rule, cwe)
 
@@ -348,7 +348,7 @@ var _ = Describe("Formatter", func() {
 				err := enc.Encode(data)
 				Expect(err).ShouldNot(HaveOccurred())
 				buf := new(bytes.Buffer)
-				reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, error)
+				reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, errors)
 				err = CreateReport(buf, "html", false, []string{}, reportInfo)
 				Expect(err).ShouldNot(HaveOccurred())
 				result := stripString(buf.String())
@@ -360,7 +360,7 @@ var _ = Describe("Formatter", func() {
 			for _, rule := range grules {
 				cwe := issue.GetCweByRule(rule)
 				newissue := createIssue(rule, cwe)
-				error := map[string][]gosec.Error{}
+				errors := map[string][]gosec.Error{}
 
 				data := createReportInfo(rule, cwe)
 
@@ -369,7 +369,7 @@ var _ = Describe("Formatter", func() {
 				err := enc.Encode(data)
 				Expect(err).ShouldNot(HaveOccurred())
 				buf := new(bytes.Buffer)
-				reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, error)
+				reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, errors)
 				err = CreateReport(buf, "yaml", false, []string{}, reportInfo)
 				Expect(err).ShouldNot(HaveOccurred())
 				result := stripString(buf.String())
@@ -381,7 +381,7 @@ var _ = Describe("Formatter", func() {
 			for _, rule := range grules {
 				cwe := issue.GetCweByRule(rule)
 				newissue := createIssue(rule, cwe)
-				error := map[string][]gosec.Error{}
+				errors := map[string][]gosec.Error{}
 
 				data := createReportInfo(rule, cwe)
 
@@ -390,7 +390,7 @@ var _ = Describe("Formatter", func() {
 				err := enc.Encode(data)
 				Expect(err).ShouldNot(HaveOccurred())
 				buf := new(bytes.Buffer)
-				reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, error)
+				reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, errors)
 				err = CreateReport(buf, "junit-xml", false, []string{}, reportInfo)
 				Expect(err).ShouldNot(HaveOccurred())
 				expectation := stripString(fmt.Sprintf("[/home/src/project/test.go:1] - test (Confidence: 2, Severity: 2, CWE: %s)", cwe.ID))
@@ -402,7 +402,7 @@ var _ = Describe("Formatter", func() {
 			for _, rule := range grules {
 				cwe := issue.GetCweByRule(rule)
 				newissue := createIssue(rule, cwe)
-				error := map[string][]gosec.Error{}
+				errors := map[string][]gosec.Error{}
 
 				data := createReportInfo(rule, cwe)
 
@@ -411,7 +411,7 @@ var _ = Describe("Formatter", func() {
 				err := enc.Encode(data)
 				Expect(err).ShouldNot(HaveOccurred())
 				buf := new(bytes.Buffer)
-				reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, error)
+				reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, errors)
 				err = CreateReport(buf, "text", false, []string{}, reportInfo)
 				Expect(err).ShouldNot(HaveOccurred())
 				expectation := stripString(fmt.Sprintf("[/home/src/project/test.go:1] - %s (CWE-%s): test (Confidence: HIGH, Severity: HIGH)", rule, cwe.ID))
@@ -423,9 +423,9 @@ var _ = Describe("Formatter", func() {
 			for _, rule := range grules {
 				cwe := issue.GetCweByRule(rule)
 				newissue := createIssue(rule, cwe)
-				error := map[string][]gosec.Error{}
+				errors := map[string][]gosec.Error{}
 				buf := new(bytes.Buffer)
-				reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, error)
+				reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, errors)
 				err := CreateReport(buf, "sonarqube", false, []string{"/home/src/project"}, reportInfo)
 				Expect(err).ShouldNot(HaveOccurred())
 
@@ -444,10 +444,10 @@ var _ = Describe("Formatter", func() {
 			for _, rule := range grules {
 				cwe := issue.GetCweByRule(rule)
 				newissue := createIssue(rule, cwe)
-				error := map[string][]gosec.Error{}
+				errors := map[string][]gosec.Error{}
 
 				buf := new(bytes.Buffer)
-				reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, error)
+				reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, errors)
 				err := CreateReport(buf, "golint", false, []string{}, reportInfo)
 				Expect(err).ShouldNot(HaveOccurred())
 				pattern := "/home/src/project/test.go:1:1: [CWE-%s] test (Rule:%s, Severity:HIGH, Confidence:HIGH)\n"
@@ -459,10 +459,10 @@ var _ = Describe("Formatter", func() {
 			for _, rule := range grules {
 				cwe := issue.GetCweByRule(rule)
 				newissue := createIssue(rule, cwe)
-				error := map[string][]gosec.Error{}
+				errors := map[string][]gosec.Error{}
 
 				buf := new(bytes.Buffer)
-				reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, error).WithVersion("v2.7.0")
+				reportInfo := gosec.NewReportInfo([]*issue.Issue{&newissue}, &gosec.Metrics{}, errors).WithVersion("v2.7.0")
 				err := CreateReport(buf, "sarif", false, []string{}, reportInfo)
 				Expect(err).ShouldNot(HaveOccurred())
 
@@ -502,8 +502,8 @@ var _ = Describe("Formatter", func() {
 		suppressedIssue.WithSuppressions(suppressions)
 
 		It("text formatted report should contain the suppressed issues", func() {
-			error := map[string][]gosec.Error{}
-			reportInfo := gosec.NewReportInfo([]*issue.Issue{&suppressedIssue}, &gosec.Metrics{}, error)
+			errors := map[string][]gosec.Error{}
+			reportInfo := gosec.NewReportInfo([]*issue.Issue{&suppressedIssue}, &gosec.Metrics{}, errors)
 
 			buf := new(bytes.Buffer)
 			err := CreateReport(buf, "text", false, []string{}, reportInfo)
@@ -514,8 +514,8 @@ var _ = Describe("Formatter", func() {
 		})
 
 		It("sarif formatted report should contain the suppressed issues", func() {
-			error := map[string][]gosec.Error{}
-			reportInfo := gosec.NewReportInfo([]*issue.Issue{&suppressedIssue}, &gosec.Metrics{}, error)
+			errors := map[string][]gosec.Error{}
+			reportInfo := gosec.NewReportInfo([]*issue.Issue{&suppressedIssue}, &gosec.Metrics{}, errors)
 
 			buf := new(bytes.Buffer)
 			err := CreateReport(buf, "sarif", false, []string{}, reportInfo)
@@ -526,8 +526,8 @@ var _ = Describe("Formatter", func() {
 		})
 
 		It("json formatted report should contain the suppressed issues", func() {
-			error := map[string][]gosec.Error{}
-			reportInfo := gosec.NewReportInfo([]*issue.Issue{&suppressedIssue}, &gosec.Metrics{}, error)
+			errors := map[string][]gosec.Error{}
+			reportInfo := gosec.NewReportInfo([]*issue.Issue{&suppressedIssue}, &gosec.Metrics{}, errors)
 
 			buf := new(bytes.Buffer)
 			err := CreateReport(buf, "json", false, []string{}, reportInfo)

resolve.go

@@ -66,7 +66,7 @@ func resolveBinExpr(n *ast.BinaryExpr, c *Context) bool {
 	return (TryResolve(n.X, c) && TryResolve(n.Y, c))
 }
 
-func resolveCallExpr(n *ast.CallExpr, c *Context) bool {
+func resolveCallExpr(_ *ast.CallExpr, _ *Context) bool {
 	// TODO(tkelsey): next step, full function resolution
 	return false
 }

rules/archive.go

@@ -49,7 +49,7 @@ func (a *archive) Match(n ast.Node, c *gosec.Context) (*issue.Issue, error) {
 }
 
 // NewArchive creates a new rule which detects the file traversal when extracting zip/tar archives
-func NewArchive(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
+func NewArchive(id string, _ gosec.Config) (gosec.Rule, []ast.Node) {
 	calls := gosec.NewCallList()
 	calls.Add("path/filepath", "Join")
 	calls.Add("path", "Join")

rules/bind.go

@@ -67,7 +67,7 @@ func (r *bindsToAllNetworkInterfaces) Match(n ast.Node, c *gosec.Context) (*issu
 
 // NewBindsToAllNetworkInterfaces detects socket connections that are setup to
 // listen on all network interfaces.
-func NewBindsToAllNetworkInterfaces(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
+func NewBindsToAllNetworkInterfaces(id string, _ gosec.Config) (gosec.Rule, []ast.Node) {
 	calls := gosec.NewCallList()
 	calls.Add("net", "Listen")
 	calls.Add("crypto/tls", "Listen")

rules/blocklist.go

@@ -28,9 +28,9 @@ type blocklistedImport struct {
 }
 
 func unquote(original string) string {
-	copy := strings.TrimSpace(original)
-	copy = strings.TrimLeft(copy, `"`)
-	return strings.TrimRight(copy, `"`)
+	cleaned := strings.TrimSpace(original)
+	cleaned = strings.TrimLeft(cleaned, `"`)
+	return strings.TrimRight(cleaned, `"`)
 }
 
 func (r *blocklistedImport) ID() string {
@@ -48,7 +48,7 @@ func (r *blocklistedImport) Match(n ast.Node, c *gosec.Context) (*issue.Issue, e
 
 // NewBlocklistedImports reports when a blocklisted import is being used.
 // Typically when a deprecated technology is being used.
-func NewBlocklistedImports(id string, conf gosec.Config, blocklist map[string]string) (gosec.Rule, []ast.Node) {
+func NewBlocklistedImports(id string, _ gosec.Config, blocklist map[string]string) (gosec.Rule, []ast.Node) {
 	return &blocklistedImport{
 		MetaData: issue.MetaData{
 			ID:         id,

rules/decompression-bomb.go

@@ -83,7 +83,7 @@ func (d *decompressionBombCheck) Match(node ast.Node, ctx *gosec.Context) (*issu
 }
 
 // NewDecompressionBombCheck detects if there is potential DoS vulnerability via decompression bomb
-func NewDecompressionBombCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
+func NewDecompressionBombCheck(id string, _ gosec.Config) (gosec.Rule, []ast.Node) {
 	readerCalls := gosec.NewCallList()
 	readerCalls.Add("compress/gzip", "NewReader")
 	readerCalls.AddAll("compress/zlib", "NewReader", "NewReaderDict")

rules/directory-traversal.go

@@ -30,8 +30,8 @@ func (r *traversal) matchCallExpr(assign *ast.CallExpr, ctx *gosec.Context) (*is
 		if basiclit, ok1 := i.(*ast.BasicLit); ok1 {
 			if fun, ok2 := assign.Fun.(*ast.SelectorExpr); ok2 {
 				if x, ok3 := fun.X.(*ast.Ident); ok3 {
-					string := x.Name + "." + fun.Sel.Name + "(" + basiclit.Value + ")"
-					if r.pattern.MatchString(string) {
+					str := x.Name + "." + fun.Sel.Name + "(" + basiclit.Value + ")"
+					if r.pattern.MatchString(str) {
 						return ctx.NewIssue(assign, r.ID(), r.What, r.Severity, r.Confidence), nil
 					}
 				}

rules/http_serve.go

@@ -25,7 +25,7 @@ func (r *httpServeWithoutTimeouts) Match(n ast.Node, c *gosec.Context) (gi *issu
 }
 
 // NewHTTPServeWithoutTimeouts detects use of net/http serve functions that have no support for setting timeouts.
-func NewHTTPServeWithoutTimeouts(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
+func NewHTTPServeWithoutTimeouts(id string, _ gosec.Config) (gosec.Rule, []ast.Node) {
 	return &httpServeWithoutTimeouts{
 		pkg:   "net/http",
 		calls: []string{"ListenAndServe", "ListenAndServeTLS", "Serve", "ServeTLS"},

rules/implicit_aliasing.go

@@ -90,7 +90,7 @@ func (r *implicitAliasing) Match(n ast.Node, c *gosec.Context) (*issue.Issue, er
 }
 
 // NewImplicitAliasing detects implicit memory aliasing of type: for blah := SomeCall() {... SomeOtherCall(&blah) ...}
-func NewImplicitAliasing(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
+func NewImplicitAliasing(id string, _ gosec.Config) (gosec.Rule, []ast.Node) {
 	return &implicitAliasing{
 		aliases:         make(map[*ast.Object]struct{}),
 		rightBrace:      token.NoPos,

rules/integer_overflow.go

@@ -75,7 +75,7 @@ func (i *integerOverflowCheck) Match(node ast.Node, ctx *gosec.Context) (*issue.
 }
 
 // NewIntegerOverflowCheck detects if there is potential Integer OverFlow
-func NewIntegerOverflowCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
+func NewIntegerOverflowCheck(id string, _ gosec.Config) (gosec.Rule, []ast.Node) {
 	calls := gosec.NewCallList()
 	calls.Add("strconv", "Atoi")
 	return &integerOverflowCheck{

rules/pprof.go

@@ -29,7 +29,7 @@ func (p *pprofCheck) Match(n ast.Node, c *gosec.Context) (*issue.Issue, error) {
 }
 
 // NewPprofCheck detects when the profiling endpoint is automatically exposed
-func NewPprofCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
+func NewPprofCheck(id string, _ gosec.Config) (gosec.Rule, []ast.Node) {
 	return &pprofCheck{
 		MetaData: issue.MetaData{
 			ID:         id,

rules/rand.go

@@ -42,7 +42,7 @@ func (w *weakRand) Match(n ast.Node, c *gosec.Context) (*issue.Issue, error) {
 }
 
 // NewWeakRandCheck detects the use of random number generator that isn't cryptographically secure
-func NewWeakRandCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
+func NewWeakRandCheck(id string, _ gosec.Config) (gosec.Rule, []ast.Node) {
 	return &weakRand{
 		funcNames: []string{
 			"New", "Read", "Float32", "Float64", "Int", "Int31",

rules/readfile.go

@@ -126,7 +126,7 @@ func (r *readfile) Match(n ast.Node, c *gosec.Context) (*issue.Issue, error) {
 }
 
 // NewReadFile detects cases where we read files
-func NewReadFile(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
+func NewReadFile(id string, _ gosec.Config) (gosec.Rule, []ast.Node) {
 	rule := &readfile{
 		pathJoin: gosec.NewCallList(),
 		clean:    gosec.NewCallList(),

rules/rsa.go

@@ -42,7 +42,7 @@ func (w *weakKeyStrength) Match(n ast.Node, c *gosec.Context) (*issue.Issue, err
 }
 
 // NewWeakKeyStrength builds a rule that detects RSA keys < 2048 bits
-func NewWeakKeyStrength(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
+func NewWeakKeyStrength(id string, _ gosec.Config) (gosec.Rule, []ast.Node) {
 	calls := gosec.NewCallList()
 	calls.Add("crypto/rsa", "GenerateKey")
 	bits := 2048

rules/slowloris.go

@@ -59,7 +59,7 @@ func (r *slowloris) Match(n ast.Node, ctx *gosec.Context) (*issue.Issue, error)
 }
 
 // NewSlowloris attempts to find the http.Server struct and check if the ReadHeaderTimeout is configured.
-func NewSlowloris(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
+func NewSlowloris(id string, _ gosec.Config) (gosec.Rule, []ast.Node) {
 	return &slowloris{
 		MetaData: issue.MetaData{
 			ID:         id,

rules/sql.go

@@ -161,7 +161,7 @@ func (s *sqlStrConcat) Match(n ast.Node, ctx *gosec.Context) (*issue.Issue, erro
 }
 
 // NewSQLStrConcat looks for cases where we are building SQL strings via concatenation
-func NewSQLStrConcat(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
+func NewSQLStrConcat(id string, _ gosec.Config) (gosec.Rule, []ast.Node) {
 	rule := &sqlStrConcat{
 		sqlStatement: sqlStatement{
 			patterns: []*regexp.Regexp{
@@ -324,7 +324,7 @@ func (s *sqlStrFormat) Match(n ast.Node, ctx *gosec.Context) (*issue.Issue, erro
 }
 
 // NewSQLStrFormat looks for cases where we're building SQL query strings using format strings
-func NewSQLStrFormat(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
+func NewSQLStrFormat(id string, _ gosec.Config) (gosec.Rule, []ast.Node) {
 	rule := &sqlStrFormat{
 		CallList:      gosec.NewCallList(),
 		fmtCalls:      gosec.NewCallList(),

rules/ssh.go

@@ -25,7 +25,7 @@ func (r *sshHostKey) Match(n ast.Node, c *gosec.Context) (gi *issue.Issue, err e
 }
 
 // NewSSHHostKey rule detects the use of insecure ssh HostKeyCallback.
-func NewSSHHostKey(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
+func NewSSHHostKey(id string, _ gosec.Config) (gosec.Rule, []ast.Node) {
 	return &sshHostKey{
 		pkg:   "golang.org/x/crypto/ssh",
 		calls: []string{"InsecureIgnoreHostKey"},

rules/ssrf.go

@@ -52,7 +52,7 @@ func (r *ssrf) Match(n ast.Node, c *gosec.Context) (*issue.Issue, error) {
 }
 
 // NewSSRFCheck detects cases where HTTP requests are sent
-func NewSSRFCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
+func NewSSRFCheck(id string, _ gosec.Config) (gosec.Rule, []ast.Node) {
 	rule := &ssrf{
 		CallList: gosec.NewCallList(),
 		MetaData: issue.MetaData{

rules/subproc.go

@@ -110,7 +110,7 @@ func (r *subprocess) isContext(n ast.Node, ctx *gosec.Context) bool {
 }
 
 // NewSubproc detects cases where we are forking out to an external process
-func NewSubproc(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
+func NewSubproc(id string, _ gosec.Config) (gosec.Rule, []ast.Node) {
 	rule := &subprocess{issue.MetaData{ID: id}, gosec.NewCallList()}
 	rule.Add("os/exec", "Command")
 	rule.Add("os/exec", "CommandContext")