Multiple style fixes for linters compliance

quarkslab · Sep 30, 2022 · 712ecdc · 712ecdc
1 parent 65e6d75
commit 712ecdc
Show file tree

Hide file tree

Showing 30 changed files with 141 additions and 140 deletions.
diff --git a/commands/dig.go b/commands/dig.go
@@ -28,6 +28,10 @@ var sideEffects bool
 // flag to force admission creation
 var admForce bool
 
+// output formats
+const outputHuman = "human"
+const outputJSON = "json"
+
 // digCmd represents the dig command
 var digCmd = &cobra.Command{
 	Use:     "dig [buckets]",
@@ -48,7 +52,7 @@ arguments.`,
 		}
 
 		// apply default colored human only if the color flag was not set
-		if !cmd.Flags().Changed("color") && output == "human" {
+		if !cmd.Flags().Changed("color") && output == outputHuman {
 			color = true
 		}
 
@@ -107,7 +111,7 @@ arguments.`,
 				if err != nil {
 					// loading the context failed and is required so skip this
 					// execution after printing the error with the name
-					err := printError(fmt.Errorf("failed loading context to initialize client: %s", err.Error()), name)
+					err := printError(fmt.Errorf("failed loading context to initialize client: %w", err), name)
 					if err != nil {
 						return err
 					}

diff --git a/commands/gen.go b/commands/gen.go
@@ -47,7 +47,7 @@ boolean flags to disabled security features. Examples:
 		pod := kgen.Generate(opts)
 
 		var p printers.ResourcePrinter
-		if output == "json" {
+		if output == outputJSON {
 			p = &printers.JSONPrinter{}
 		} else {
 			p = &printers.YAMLPrinter{}

diff --git a/commands/root.go b/commands/root.go
@@ -48,8 +48,8 @@ cluster. For that you can use multiples buckets. Buckets are plugins that can
 scan specific aspects of a cluster or bring expertise to automate the Kubernetes
 pentest process.`,
 	PersistentPreRunE: func(cmd *cobra.Command, args []string) error {
-		if output != "human" && output != "json" {
-			return fmt.Errorf("ouput flag must be one of human|json, got %q", output)
+		if output != outputHuman && output != outputJSON {
+			return fmt.Errorf("output flag must be one of %s|%s, got %q", outputHuman, outputJSON, output)
 		}
 		return nil
 	},
@@ -58,8 +58,8 @@ pentest process.`,
 func init() {
 	cobra.OnInitialize(registerBuckets)
 
-	rootCmd.PersistentFlags().StringVarP(&output, "output", "o", "human", "Output format. One of: human|json.")
-	rootCmd.PersistentFlags().IntVarP(&outputWidth, "width", "w", 140, "Width for the human output")
+	rootCmd.PersistentFlags().StringVarP(&output, "output", "o", outputHuman, fmt.Sprintf("Output format. One of: %s|%s.", outputHuman, outputJSON))
+	rootCmd.PersistentFlags().IntVarP(&outputWidth, "width", "w", 140, fmt.Sprintf("Width for the %s output", outputHuman))
 }
 
 // Execute adds all child commands to the root command and sets flags appropriately.
@@ -99,9 +99,9 @@ func registerBuckets() {
 // printResults prints results with the output format selected by the flags
 func printResults(r bucket.Results, opts bucket.ResultsOpts) error {
 	switch output {
-	case "human":
+	case outputHuman:
 		fmt.Print(r.Human(opts))
-	case "json":
+	case outputJSON:
 		p, err := r.JSON(opts)
 		if err != nil {
 			return err
@@ -117,10 +117,10 @@ func printResults(r bucket.Results, opts bucket.ResultsOpts) error {
 // struct that can contains the error directly?
 func printError(err error, name string) error {
 	switch output {
-	case "human":
+	case outputHuman:
 		fmt.Printf("### %s ###\n", strings.ToUpper(name))
 		fmt.Printf("Error: %s\n", err.Error())
-	case "json":
+	case outputJSON:
 		jsonErr := struct {
 			Bucket string `json:"bucket"`
 			Error  string `json:"error"`

diff --git a/pkg/automaticontext/automaticontext.go b/pkg/automaticontext/automaticontext.go
@@ -9,9 +9,11 @@ import (
 	"strings"
 
 	"k8s.io/client-go/kubernetes"
-	_ "k8s.io/client-go/plugin/pkg/client/auth"
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/clientcmd"
+
+	// import all auth clients
+	_ "k8s.io/client-go/plugin/pkg/client/auth"
 )
 
 func Config(kubeconfigPath string) (*rest.Config, error) {

diff --git a/pkg/bucket/bucket.go b/pkg/bucket/bucket.go
@@ -11,11 +11,11 @@ import (
 
 var ErrMissingClient = errors.New("buckets need a kubernetes client for initialization")
 
-type ErrUnknownBucket struct {
+type UnknownBucketError struct {
 	name string
 }
 
-func (e ErrUnknownBucket) Error() string {
+func (e UnknownBucketError) Error() string {
 	return fmt.Sprintf("unknown bucket %q", e.name)
 }
 
@@ -170,14 +170,14 @@ func (bs *Buckets) InitBucket(name string, config Config) (Interface, error) {
 	}
 
 	bucket, found, err := bs.getBucket(name, config)
-	if err == ErrMissingClient {
+	if errors.Is(err, ErrMissingClient) {
 		return nil, err
 	}
 	if err != nil {
-		return nil, fmt.Errorf("couldn't init bucket %q: %v", name, err)
+		return nil, fmt.Errorf("couldn't init bucket %q: %w", name, err)
 	}
 	if !found {
-		err := ErrUnknownBucket{
+		err := UnknownBucketError{
 			name: name,
 		}
 		return nil, err

diff --git a/pkg/bucket/format.go b/pkg/bucket/format.go
@@ -10,7 +10,7 @@ import (
 )
 
 // checkWidthsCoherence checks if headers and data are both sets, that the
-// width is consistant between them.
+// width is consistent between them.
 func (r Results) checkWidthsCoherence() bool {
 	headerWidth := len(r.headers)
 
@@ -28,10 +28,8 @@ func (r Results) checkWidthsCoherence() bool {
 	// one is not set
 	if headerWidth == 0 || dataWidth == 0 {
 		return true
-	} else {
-		return headerWidth == dataWidth
 	}
-
+	return headerWidth == dataWidth
 }
 
 func nrColumnsToMaxWidth(termWidth int, n int) int {

diff --git a/pkg/plugins/admission/admission.go b/pkg/plugins/admission/admission.go
@@ -22,8 +22,8 @@ var bucketAliases = []string{"admissions", "adm"}
 
 var currentNamespace string
 
-// AdmissionBucket implements Bucket
-type AdmissionBucket struct {
+// Bucket implements Bucket
+type Bucket struct {
 	client kubernetes.Interface
 
 	podFactoryChain []podFactory
@@ -53,7 +53,7 @@ func Register(b *bucket.Buckets) {
 }
 
 // Run runs the admission test.
-func (a *AdmissionBucket) Run() (bucket.Results, error) {
+func (a *Bucket) Run() (bucket.Results, error) {
 	res := bucket.NewResults(bucketName)
 	if !a.config.AdmForce && !a.CanIDelete() {
 		return *res, errors.New("cannot delete pod, will not be able to clean the scan artifacts, force creation --admission-force")
@@ -62,7 +62,7 @@ func (a *AdmissionBucket) Run() (bucket.Results, error) {
 	c := make(chan admissionResult, len(a.podFactoryChain))
 
 	for _, f := range a.podFactoryChain {
-		go func(a *AdmissionBucket, f podFactory, c chan admissionResult) {
+		go func(a *Bucket, f podFactory, c chan admissionResult) {
 			err := a.use(f)
 			if err != nil {
 				// if kerrors.IsForbidden(err) {
@@ -99,26 +99,24 @@ func (a *AdmissionBucket) Run() (bucket.Results, error) {
 	err := a.Cleanup()
 	if a.config.AdmForce {
 		return *res, nil
-	} else {
-		return *res, err
 	}
+	return *res, err
 }
 
-func (a *AdmissionBucket) use(f podFactory) error {
+func (a *Bucket) use(f podFactory) error {
 	pod := f.NewPod()
 	pod, err := a.client.CoreV1().Pods(pod.Namespace).Create(context.TODO(), pod, metav1.CreateOptions{})
 	if err != nil {
 		return err
-	} else {
-		a.cleaningLock.Lock()
-		a.podsToClean = append(a.podsToClean, pod)
-		a.cleaningLock.Unlock()
 	}
+	a.cleaningLock.Lock()
+	a.podsToClean = append(a.podsToClean, pod)
+	a.cleaningLock.Unlock()
 	return nil
 }
 
 // initialize initiliazes the pod factory chain to use during the scan.
-func (a *AdmissionBucket) initialize() {
+func (a *Bucket) initialize() {
 	a.podFactoryChain = []podFactory{
 		privilegedPod{},
 		hostPathPod{},
@@ -129,14 +127,14 @@ func (a *AdmissionBucket) initialize() {
 	}
 }
 
-func (a AdmissionBucket) CanIDelete() bool {
+func (a Bucket) CanIDelete() bool {
 	err := a.client.CoreV1().Pods(currentNamespace).Delete(context.TODO(), "delete-test", metav1.DeleteOptions{})
 	return !kerrors.IsForbidden(err)
 }
 
-// Cleanup deletes side effects pods that were successfuly created during the scan.
+// Cleanup deletes side effects pods that were successfully created during the scan.
 // TODO parallelize maybe?
-func (a AdmissionBucket) Cleanup() error {
+func (a Bucket) Cleanup() error {
 	for _, p := range a.podsToClean {
 		err := a.client.CoreV1().Pods(p.Namespace).Delete(context.TODO(), p.Name, metav1.DeleteOptions{})
 		if err != nil {
@@ -147,12 +145,12 @@ func (a AdmissionBucket) Cleanup() error {
 }
 
 // NewAdmissionBucket creates a new admission bucket with the kubernetes client.
-func NewAdmissionBucket(cf bucket.Config) (*AdmissionBucket, error) {
+func NewAdmissionBucket(cf bucket.Config) (*Bucket, error) {
 	if cf.Client == nil {
 		return nil, bucket.ErrMissingClient
 	}
 	currentNamespace = cf.Namespace
-	return &AdmissionBucket{
+	return &Bucket{
 		client:       cf.Client,
 		cleaningLock: &sync.Mutex{},
 		config:       cf,

diff --git a/pkg/plugins/apiresources/apiresources.go b/pkg/plugins/apiresources/apiresources.go
@@ -11,11 +11,11 @@ const (
 
 var bucketAliases = []string{"api", "apiresource"}
 
-type APIResourcesBucket struct {
+type Bucket struct {
 	config bucket.Config
 }
 
-func (n APIResourcesBucket) Run() (bucket.Results, error) {
+func (n Bucket) Run() (bucket.Results, error) {
 	// executes here the code of your plugin
 	res := bucket.NewResults(bucketName)
 
@@ -51,11 +51,11 @@ func Register(b *bucket.Buckets) {
 	})
 }
 
-func NewAPIResourcesBucket(config bucket.Config) (*APIResourcesBucket, error) {
+func NewAPIResourcesBucket(config bucket.Config) (*Bucket, error) {
 	if config.Client == nil {
 		return nil, bucket.ErrMissingClient
 	}
-	return &APIResourcesBucket{
+	return &Bucket{
 		config: config,
 	}, nil
 }
diff --git a/pkg/plugins/authorization/authorization.go b/pkg/plugins/authorization/authorization.go
@@ -20,11 +20,11 @@ const (
 
 var bucketAliases = []string{"authorizations", "auth"}
 
-type AuthorizationBucket struct {
+type Bucket struct {
 	config bucket.Config
 }
 
-func (n AuthorizationBucket) Run() (bucket.Results, error) {
+func (n Bucket) Run() (bucket.Results, error) {
 	res := bucket.NewResults(bucketName)
 
 	// create the self subject rules review object
@@ -80,11 +80,11 @@ func Register(b *bucket.Buckets) {
 	})
 }
 
-func NewAuthorizationBucket(c bucket.Config) (*AuthorizationBucket, error) {
+func NewAuthorizationBucket(c bucket.Config) (*Bucket, error) {
 	if c.Client == nil {
 		return nil, bucket.ErrMissingClient
 	}
-	return &AuthorizationBucket{
+	return &Bucket{
 		config: c,
 	}, nil
 }

diff --git a/pkg/plugins/capabilities/capabilities.go b/pkg/plugins/capabilities/capabilities.go
@@ -33,9 +33,9 @@ var dangerousCap = []capability.Cap{
 	capability.CAP_SETFCAP,
 }
 
-type CapabilitiesBucket struct{}
+type Bucket struct{}
 
-func (n CapabilitiesBucket) Run() (bucket.Results, error) {
+func (n Bucket) Run() (bucket.Results, error) {
 	capabilities, err := getCapabilities(0)
 
 	if err != nil {
@@ -88,11 +88,11 @@ func Register(b *bucket.Buckets) {
 	})
 }
 
-func NewCapabilitiesBucket(config bucket.Config) (*CapabilitiesBucket, error) {
+func NewCapabilitiesBucket(config bucket.Config) (*Bucket, error) {
 	if !config.Color {
 		text.DisableColors()
 	}
-	return &CapabilitiesBucket{}, nil
+	return &Bucket{}, nil
 }
 
 func isDangerousCap(cap capability.Cap) bool {

diff --git a/pkg/plugins/cgroups/cgroups.go b/pkg/plugins/cgroups/cgroups.go
@@ -16,15 +16,15 @@ const (
 
 var bucketAliases = []string{"cgroup", "cg"}
 
-type CgroupsBucket struct{}
+type Bucket struct{}
 
 type Cgroup struct {
 	HierarchyID    string
 	ControllerList string
 	CgroupPath     string
 }
 
-func (n CgroupsBucket) Run() (bucket.Results, error) {
+func (n Bucket) Run() (bucket.Results, error) {
 	// executes here the code of your plugin
 	cgroups, err := readCgroupFile()
 	if err != nil {
@@ -34,7 +34,7 @@ func (n CgroupsBucket) Run() (bucket.Results, error) {
 	res := bucket.NewResults(bucketName)
 	if len(cgroups) <= 1 {
 		// https://stackoverflow.com/a/69005753
-		res.AddComment("This kernel might use cgroups v2, thus explaning the lack of information.")
+		res.AddComment("This kernel might use cgroups v2, thus explaining the lack of information.")
 	}
 	res.SetHeaders([]string{"hierarchyID", "controllerList", "cgroupPath"})
 	for _, cgroup := range cgroups {
@@ -56,8 +56,8 @@ func Register(b *bucket.Buckets) {
 	})
 }
 
-func NewCgroupsBucket(config bucket.Config) (*CgroupsBucket, error) {
-	return &CgroupsBucket{}, nil
+func NewCgroupsBucket(config bucket.Config) (*Bucket, error) {
+	return &Bucket{}, nil
 }
 
 func readCgroupFile() ([]Cgroup, error) {