akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 5 Packages Projects Releases Wiki Activity

chore: remediate 61 Go linting issues and tighten pre-commit config

Browse Source 
Complete lint remediation addressing errcheck, gosec, and staticcheck
violations across backend test files. Tighten pre-commit configuration
to prevent future blind spots.

Key Changes:
- Fix 61 Go linting issues (errcheck, gosec G115/G301/G304/G306, bodyclose)
- Add proper error handling for json.Unmarshal, os.Setenv, db.Close(), w.Write()
- Fix gosec G115 integer overflow with strconv.FormatUint
- Add #nosec annotations with justifications for test fixtures
- Fix SecurityService goroutine leaks (add Close() calls)
- Fix CrowdSec tar.gz non-deterministic ordering with sorted keys

Pre-commit Hardening:
- Remove test file exclusion from golangci-lint hook
- Add gosec to .golangci-fast.yml with critical checks (G101, G110, G305)
- Replace broad .golangci.yml exclusions with targeted path-specific rules
- Test files now linted on every commit

Test Fixes:
- Fix emergency route count assertions (1→2 for dual-port setup)
- Fix DNS provider service tests with proper mock setup
- Fix certificate service tests with deterministic behavior

Backend: 27 packages pass, 83.5% coverage
Frontend: 0 lint warnings, 0 TypeScript errors
Pre-commit: All 14 hooks pass (~37s)
This commit is contained in:
GitHub Actions
2026-02-02 06:17:48 +00:00
parent 64b804329b
commit 032d475fba
117 changed files with 4742 additions and 2587 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
.pre-commit-config.yaml
View File

@@ -1,3 +1,8 @@
# NOTE: golangci-lint-fast now includes test files (_test.go) to catch security
# issues earlier. The fast config uses gosec with critical-only checks (G101,
# G110, G305, G401, G501, G502, G503) for acceptable performance.
# Last updated: 2026-02-02
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v6.0.0
@@ -36,9 +41,9 @@ repos:
entry: scripts/pre-commit-hooks/golangci-lint-fast.sh
language: script
files: '\.go$'
exclude: '_test\.go$'
# Test files are now included to catch security issues (gosec critical checks)
pass_filenames: false
description: "Runs fast, essential linters (staticcheck, govet, errcheck, ineffassign, unused) - BLOCKS commits on failure"
description: "Runs fast, essential linters (staticcheck, govet, errcheck, ineffassign, unused, gosec critical) - BLOCKS commits on failure"
- id: check-version-match
name: Check .version matches latest Git tag
entry: bash -c 'scripts/check-version-match-tag.sh'