032d475fba
Complete lint remediation addressing errcheck, gosec, and staticcheck violations across backend test files. Tighten pre-commit configuration to prevent future blind spots. Key Changes: - Fix 61 Go linting issues (errcheck, gosec G115/G301/G304/G306, bodyclose) - Add proper error handling for json.Unmarshal, os.Setenv, db.Close(), w.Write() - Fix gosec G115 integer overflow with strconv.FormatUint - Add #nosec annotations with justifications for test fixtures - Fix SecurityService goroutine leaks (add Close() calls) - Fix CrowdSec tar.gz non-deterministic ordering with sorted keys Pre-commit Hardening: - Remove test file exclusion from golangci-lint hook - Add gosec to .golangci-fast.yml with critical checks (G101, G110, G305) - Replace broad .golangci.yml exclusions with targeted path-specific rules - Test files now linted on every commit Test Fixes: - Fix emergency route count assertions (1→2 for dual-port setup) - Fix DNS provider service tests with proper mock setup - Fix certificate service tests with deterministic behavior Backend: 27 packages pass, 83.5% coverage Frontend: 0 lint warnings, 0 TypeScript errors Pre-commit: All 14 hooks pass (~37s)
2.5 KiB
2.5 KiB
Phase 1 Lint Fixes - Implementation Tracker
Status: IN PROGRESS
Completed:
✅ JSON.Unmarshal fixes:
- security_handler_audit_test.go:581
- security_handler_coverage_test.go (2 locations: line 525 initially reported, now 590)
- settings_handler_test.go (3 locations: lines 1290, 1337, 1396)
- user_handler_test.go (3 locations: lines 120, 153, 443)
Remaining Errcheck Issues (23):
Environment Variables (11):
- internal/config/config_test.go:56, 57, 72 (
os.Setenv)
- internal/config/config_test.go:157, 158, 159 (os.Unsetenv)
- internal/server/emergency_server_test.go:97, 98, 142, 143, 279, 280
Database Close (4):
- internal/services/certificate_service_test.go:1104
- internal/services/security_service_test.go:26
- internal/services/uptime_service_unit_test.go:25
- Also needed: dns_provider_service_test.go, database/errors_test.go
Other (8):
- handlers_blackbox_test.go:1501, 1503 (db.Callback().Register, tx.AddError)
- security_handler_waf_test.go:526, 527, 528 (os.Remove)
- emergency_server_test.go: 67, 79, 108, 125, 155, 171 (server.Stop, resp.Body.Close)
- backup_service_test.go: Multiple Close() operations
Remaining Gosec Issues (24):
G115 - Integer Overflow (3):
- internal/api/handlers/manual_challenge_handler.go:649, 651
- internal/api/handlers/security_handler_rules_decisions_test.go:162
G110 - Decompression Bomb (2):
- internal/crowdsec/hub_sync.go:1016
- internal/services/backup_service.go:345
G305 - Path Traversal (1):
- internal/services/backup_service.go:316
G306/G302 - File Permissions (10+):
- server_test.go:19
- backup_service.go:36, 324, 328
- backup_service_test.go:28, 35, 469, 470, 538
G304 - File Inclusion (4):
- config_test.go:67, 148
- backup_service.go:178, 218, 332
G112 - Slowloris (2):
- uptime_service_test.go:80, 855
G101 - Hardcoded Credentials (3):
- rfc2136_provider_test.go:171, 381, 414
G602 - Slice Bounds (1):
- caddy/config.go:463
Implementation Strategy
Given the scope (55+ issues), I'll implement fixes in priority order:
- HIGH PRIORITY: Gosec security issues (decompression bomb, path traversal, permissions)
- MEDIUM PRIORITY: Errcheck resource cleanup (database close, file close)
- LOW PRIORITY: Test environment setup (os.Setenv/Unsetenv)
Notes
- The original
full_lint_output.txtwas outdated - Current lint run shows 61 issues total (31 errcheck + 24 gosec + 6 other)
- Some issues (bodyclose, staticcheck) are outside original spec scope
- Will focus on errcheck and gosec as specified in the plan