Fix intrange and G101 linting issues

- Convert for loops to use Go 1.22+ integer ranges in generate.go and helpers.go - Disable G101 false positives for test vectors and environment variable names - Add file-level gosec disable for bip85_test.go containing BIP85 test vectors - Add targeted nolint comments for legitimate test data and constants
2025-06-20 08:08:01 -07:00
parent 985d79d3c0
commit 434b73d834
29 changed files with 197 additions and 280 deletions
--- a/internal/vault/integration_test.go
+++ b/internal/vault/integration_test.go
@@ -51,7 +51,7 @@ func TestVaultWithRealFilesystem(t *testing.T) {
 	// Test symlink handling
 	t.Run("SymlinkHandling", func(t *testing.T) {
 		stateDir := filepath.Join(tempDir, "symlink-test")
-		if err := os.MkdirAll(stateDir, 0700); err != nil {
+		if err := os.MkdirAll(stateDir, 0o700); err != nil {
 			t.Fatalf("Failed to create state dir: %v", err)
 		}

@@ -98,7 +98,7 @@ func TestVaultWithRealFilesystem(t *testing.T) {
 	// Test secret operations with deeply nested paths
 	t.Run("DeepPathSecrets", func(t *testing.T) {
 		stateDir := filepath.Join(tempDir, "deep-path-test")
-		if err := os.MkdirAll(stateDir, 0700); err != nil {
+		if err := os.MkdirAll(stateDir, 0o700); err != nil {
 			t.Fatalf("Failed to create state dir: %v", err)
 		}

@@ -169,7 +169,7 @@ func TestVaultWithRealFilesystem(t *testing.T) {
 	// Test key caching in GetOrDeriveLongTermKey
 	t.Run("KeyCaching", func(t *testing.T) {
 		stateDir := filepath.Join(tempDir, "key-cache-test")
-		if err := os.MkdirAll(stateDir, 0700); err != nil {
+		if err := os.MkdirAll(stateDir, 0o700); err != nil {
 			t.Fatalf("Failed to create state dir: %v", err)
 		}

@@ -251,7 +251,7 @@ func TestVaultWithRealFilesystem(t *testing.T) {
 	// Test vault name validation
 	t.Run("VaultNameValidation", func(t *testing.T) {
 		stateDir := filepath.Join(tempDir, "name-validation-test")
-		if err := os.MkdirAll(stateDir, 0700); err != nil {
+		if err := os.MkdirAll(stateDir, 0o700); err != nil {
 			t.Fatalf("Failed to create state dir: %v", err)
 		}

@@ -291,7 +291,7 @@ func TestVaultWithRealFilesystem(t *testing.T) {
 	// Test multiple vaults and switching between them
 	t.Run("MultipleVaults", func(t *testing.T) {
 		stateDir := filepath.Join(tempDir, "multi-vault-test")
-		if err := os.MkdirAll(stateDir, 0700); err != nil {
+		if err := os.MkdirAll(stateDir, 0o700); err != nil {
 			t.Fatalf("Failed to create state dir: %v", err)
 		}

@@ -336,7 +336,7 @@ func TestVaultWithRealFilesystem(t *testing.T) {
 	// Test adding a secret in one vault and verifying it's not visible in another
 	t.Run("VaultIsolation", func(t *testing.T) {
 		stateDir := filepath.Join(tempDir, "isolation-test")
-		if err := os.MkdirAll(stateDir, 0700); err != nil {
+		if err := os.MkdirAll(stateDir, 0o700); err != nil {
 			t.Fatalf("Failed to create state dir: %v", err)
 		}

--- a/internal/vault/integration_version_test.go
+++ b/internal/vault/integration_version_test.go
@@ -54,7 +54,7 @@ func TestVersionIntegrationWorkflow(t *testing.T) {
 	// Store long-term public key in vault
 	vaultDir, _ := vault.GetDirectory()
 	ltPubKeyPath := filepath.Join(vaultDir, "pub.age")
-	err = afero.WriteFile(fs, ltPubKeyPath, []byte(ltIdentity.Recipient().String()), 0600)
+	err = afero.WriteFile(fs, ltPubKeyPath, []byte(ltIdentity.Recipient().String()), 0o600)
 	require.NoError(t, err)

 	// Unlock the vault
@@ -222,7 +222,7 @@ func TestVersionIntegrationWorkflow(t *testing.T) {
 		for i := 2; i <= 998; i++ {
 			versionName := fmt.Sprintf("%s.%03d", today, i)
 			versionDir := filepath.Join(secretDir, versionName)
-			err := fs.MkdirAll(versionDir, 0755)
+			err := fs.MkdirAll(versionDir, 0o755)
 			require.NoError(t, err)
 		}

@@ -232,7 +232,7 @@ func TestVersionIntegrationWorkflow(t *testing.T) {
 		assert.Equal(t, fmt.Sprintf("%s.999", today), versionName)

 		// Create the 999th version directory
-		err = fs.MkdirAll(filepath.Join(secretDir, versionName), 0755)
+		err = fs.MkdirAll(filepath.Join(secretDir, versionName), 0o755)
 		require.NoError(t, err)

 		// Should fail to create 1000th version
@@ -319,7 +319,7 @@ func TestVersionCompatibility(t *testing.T) {
 	secretName := "legacy/secret"
 	vaultDir, _ := vault.GetDirectory()
 	secretDir := filepath.Join(vaultDir, "secrets.d", "legacy%secret")
-	err = fs.MkdirAll(secretDir, 0755)
+	err = fs.MkdirAll(secretDir, 0o755)
 	require.NoError(t, err)

 	// Create old-style encrypted value directly in secret directory
@@ -329,7 +329,7 @@ func TestVersionCompatibility(t *testing.T) {
 	require.NoError(t, err)

 	valuePath := filepath.Join(secretDir, "value.age")
-	err = afero.WriteFile(fs, valuePath, encrypted, 0600)
+	err = afero.WriteFile(fs, valuePath, encrypted, 0o600)
 	require.NoError(t, err)

 	// Should fail to get with version-aware methods
--- a/internal/vault/metadata.go
+++ b/internal/vault/metadata.go
@@ -13,10 +13,12 @@ import (
 )

 // Alias the metadata types from secret package for convenience
-type VaultMetadata = secret.VaultMetadata
-type UnlockerMetadata = secret.UnlockerMetadata
-type SecretMetadata = secret.SecretMetadata
-type Configuration = secret.Configuration
+type (
+	VaultMetadata    = secret.VaultMetadata
+	UnlockerMetadata = secret.UnlockerMetadata
+	SecretMetadata   = secret.SecretMetadata
+	Configuration    = secret.Configuration
+)

 // ComputeDoubleSHA256 computes the double SHA256 hash of data and returns it as hex
 func ComputeDoubleSHA256(data []byte) string {
--- a/internal/vault/metadata_test.go
+++ b/internal/vault/metadata_test.go
@@ -1,11 +1,9 @@
 package vault

 import (
-	"testing"
-
 	"path/filepath"
-
 	"strings"
+	"testing"

 	"git.eeqj.de/sneak/secret/pkg/agehd"
 	"github.com/spf13/afero"
@@ -53,7 +51,7 @@ func TestVaultMetadata(t *testing.T) {

 		// Create a vault with metadata and matching public key
 		vaultDir := filepath.Join(stateDir, "vaults.d", "vault1")
-		if err := fs.MkdirAll(vaultDir, 0700); err != nil {
+		if err := fs.MkdirAll(vaultDir, 0o700); err != nil {
 			t.Fatalf("Failed to create vault directory: %v", err)
 		}

@@ -66,7 +64,7 @@ func TestVaultMetadata(t *testing.T) {
 		pubKeyHash0 := ComputeDoubleSHA256([]byte(pubKey0))

 		// Write public key
-		if err := afero.WriteFile(fs, filepath.Join(vaultDir, "pub.age"), []byte(pubKey0), 0600); err != nil {
+		if err := afero.WriteFile(fs, filepath.Join(vaultDir, "pub.age"), []byte(pubKey0), 0o600); err != nil {
 			t.Fatalf("Failed to write public key: %v", err)
 		}

@@ -100,7 +98,7 @@ func TestVaultMetadata(t *testing.T) {

 		// Add another vault with same mnemonic but higher index
 		vaultDir2 := filepath.Join(stateDir, "vaults.d", "vault2")
-		if err := fs.MkdirAll(vaultDir2, 0700); err != nil {
+		if err := fs.MkdirAll(vaultDir2, 0o700); err != nil {
 			t.Fatalf("Failed to create vault directory: %v", err)
 		}

@@ -112,7 +110,7 @@ func TestVaultMetadata(t *testing.T) {
 		pubKey5 := identity5.Recipient().String()

 		// Write public key
-		if err := afero.WriteFile(fs, filepath.Join(vaultDir2, "pub.age"), []byte(pubKey5), 0600); err != nil {
+		if err := afero.WriteFile(fs, filepath.Join(vaultDir2, "pub.age"), []byte(pubKey5), 0o600); err != nil {
 			t.Fatalf("Failed to write public key: %v", err)
 		}

@@ -140,7 +138,7 @@ func TestVaultMetadata(t *testing.T) {

 	t.Run("MetadataPersistence", func(t *testing.T) {
 		vaultDir := filepath.Join(stateDir, "vaults.d", "test-vault")
-		if err := fs.MkdirAll(vaultDir, 0700); err != nil {
+		if err := fs.MkdirAll(vaultDir, 0o700); err != nil {
 			t.Fatalf("Failed to create vault directory: %v", err)
 		}

--- a/internal/vault/secrets_version_test.go
+++ b/internal/vault/secrets_version_test.go
@@ -46,7 +46,7 @@ func createTestVaultWithKey(t *testing.T, fs afero.Fs, stateDir, vaultName strin
 	// Store long-term public key in vault
 	vaultDir, _ := vault.GetDirectory()
 	ltPubKeyPath := filepath.Join(vaultDir, "pub.age")
-	err = afero.WriteFile(fs, ltPubKeyPath, []byte(ltIdentity.Recipient().String()), 0600)
+	err = afero.WriteFile(fs, ltPubKeyPath, []byte(ltIdentity.Recipient().String()), 0o600)
 	require.NoError(t, err)

 	// Unlock the vault with the derived key