sneak/secret
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix intrange and G101 linting issues

Browse Source 
- Convert for loops to use Go 1.22+ integer ranges in generate.go and helpers.go
- Disable G101 false positives for test vectors and environment variable names
- Add file-level gosec disable for bip85_test.go containing BIP85 test vectors
- Add targeted nolint comments for legitimate test data and constants
This commit is contained in:
Jeffrey Paul
2025-06-20 08:08:01 -07:00
parent 985d79d3c0
commit 434b73d834
29 changed files with 197 additions and 280 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
internal/secret/secret_test.go
View File

@@ -29,14 +29,14 @@ func (m *MockVault) AddSecret(name string, value []byte, force bool) error {
// Create secret directory with proper storage name conversion
storageName := strings.ReplaceAll(name, "/", "%")
secretDir := filepath.Join(m.directory, "secrets.d", storageName)
if err := m.fs.MkdirAll(secretDir, 0700); err != nil {
if err := m.fs.MkdirAll(secretDir, 0o700); err != nil {
return err
}
// Create version directory with proper path
versionName := "20240101.001" // Use a fixed version name for testing
versionDir := filepath.Join(secretDir, "versions", versionName)
if err := m.fs.MkdirAll(versionDir, 0700); err != nil {
if err := m.fs.MkdirAll(versionDir, 0o700); err != nil {
return err
}
@@ -57,7 +57,7 @@ func (m *MockVault) AddSecret(name string, value []byte, force bool) error {
// Write long-term public key if it doesn't exist
if _, err := m.fs.Stat(ltPubKeyPath); os.IsNotExist(err) {
pubKey := ltIdentity.Recipient().String()
if err := afero.WriteFile(m.fs, ltPubKeyPath, []byte(pubKey), 0600); err != nil {
if err := afero.WriteFile(m.fs, ltPubKeyPath, []byte(pubKey), 0o600); err != nil {
return err
}
}
@@ -70,7 +70,7 @@ func (m *MockVault) AddSecret(name string, value []byte, force bool) error {
// Write version public key
pubKeyPath := filepath.Join(versionDir, "pub.age")
if err := afero.WriteFile(m.fs, pubKeyPath, []byte(versionIdentity.Recipient().String()), 0600); err != nil {
if err := afero.WriteFile(m.fs, pubKeyPath, []byte(versionIdentity.Recipient().String()), 0o600); err != nil {
return err
}
@@ -82,7 +82,7 @@ func (m *MockVault) AddSecret(name string, value []byte, force bool) error {
// Write encrypted value
valuePath := filepath.Join(versionDir, "value.age")
if err := afero.WriteFile(m.fs, valuePath, encryptedValue, 0600); err != nil {
if err := afero.WriteFile(m.fs, valuePath, encryptedValue, 0o600); err != nil {
return err
}
@@ -94,14 +94,14 @@ func (m *MockVault) AddSecret(name string, value []byte, force bool) error {
// Write encrypted version private key
privKeyPath := filepath.Join(versionDir, "priv.age")
if err := afero.WriteFile(m.fs, privKeyPath, encryptedPrivKey, 0600); err != nil {
if err := afero.WriteFile(m.fs, privKeyPath, encryptedPrivKey, 0o600); err != nil {
return err
}
// Create current symlink pointing to the version
currentLink := filepath.Join(secretDir, "current")
// For MemMapFs, write a file with the target path
if err := afero.WriteFile(m.fs, currentLink, []byte("versions/"+versionName), 0600); err != nil {
if err := afero.WriteFile(m.fs, currentLink, []byte("versions/"+versionName), 0o600); err != nil {
return err
}
@@ -164,7 +164,7 @@ func TestPerSecretKeyFunctionality(t *testing.T) {
fs,
ltPubKeyPath,
[]byte(ltIdentity.Recipient().String()),
0600,
0o600,
)
if err != nil {
t.Fatalf("Failed to write long-term public key: %v", err)
@@ -325,7 +325,7 @@ func TestSecretGetValueWithEnvMnemonicUsesVaultDerivationIndex(t *testing.T) {
}()
stateDir := filepath.Join(tempDir, ".secret")
require.NoError(t, fs.MkdirAll(stateDir, 0700))
require.NoError(t, fs.MkdirAll(stateDir, 0o700))
// This test is now in the integration test file where it can use real vaults
// The bug is demonstrated there - see test31EnvMnemonicUsesVaultDerivationIndex