chore(deps): bump golangci/golangci-lint-action from 6 to 7 (#2166)

* chore(deps): bump golangci/golangci-lint-action from 6 to 7

Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 6 to 7.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](golangci/golangci-lint-action@v6...v7)

---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>

* chore: fix lint error

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: MaineK00n <[email protected]>

Author: dependabot[bot]

.github/workflows/golangci.yml

@@ -6,8 +6,8 @@ on:
     branches:
       - master
   pull_request:
-permissions: 
-  contents: read  
+permissions:
+  contents: read
 jobs:
   golangci:
     name: lint
@@ -20,7 +20,6 @@ jobs:
         with:
           go-version-file: go.mod
       - name: golangci-lint
-        uses: golangci/golangci-lint-action@v6
+        uses: golangci/golangci-lint-action@v7
         with:
-          version: v1.64.7
-          args: --timeout=10m
+          version: v2.0.2

.golangci.yml

@@ -1,51 +1,60 @@
-run:
-  timeout: 10m
-  
-linters-settings:
-  revive:
-    # see https://github.com/mgechev/revive#available-rules for details.
-    ignore-generated-header: true
-    severity: warning
-    confidence: 0.8
-    rules:
-      - name: blank-imports
-      - name: context-as-argument
-      - name: context-keys-type
-      - name: dot-imports
-      - name: error-return
-      - name: error-strings
-      - name: error-naming
-      - name: exported
-      - name: if-return
-      - name: increment-decrement
-      - name: var-naming
-      - name: var-declaration
-      - name: package-comments
-      - name: range
-      - name: receiver-naming
-      - name: time-naming
-      - name: unexported-return
-      - name: indent-error-flow
-      - name: errorf
-      - name: empty-block
-      - name: superfluous-else
-      - name: unused-parameter
-      - name: unreachable-code
-      - name: redefines-builtin-id
-  staticcheck:
-    # https://staticcheck.io/docs/options#checks
-    checks: ["all", "-SA1019"]
-  # errcheck:
-    #exclude: /path/to/file.txt
+version: "2"
 
 linters:
-  disable-all: true
+  default: none
   enable:
-    - goimports
-    - revive
+    - errcheck
     - govet
+    - ineffassign
     - misspell
-    - errcheck
-    - staticcheck
     - prealloc
-    - ineffassign
+    - revive
+    - staticcheck
+  settings:
+    revive: # https://golangci-lint.run/usage/linters/#revive
+      rules:
+        - name: blank-imports
+        - name: context-as-argument
+        - name: context-keys-type
+        - name: dot-imports
+        - name: empty-block
+        - name: error-naming
+        - name: error-return
+        - name: error-strings
+        - name: errorf
+        - name: exported
+        - name: if-return
+        - name: increment-decrement
+        - name: indent-error-flow
+        - name: package-comments
+          disabled: true
+        - name: range
+        - name: receiver-naming
+        - name: redefines-builtin-id
+        - name: superfluous-else
+        - name: time-naming
+        - name: unexported-return
+        - name: unreachable-code
+        - name: unused-parameter
+        - name: var-declaration
+        - name: var-naming
+    staticcheck: # https://golangci-lint.run/usage/linters/#staticcheck
+      checks:
+        - all
+        - -ST1000 # at least one file in a package should have a package comment
+        - -ST1005 # error strings should not be capitalized
+  exclusions:
+    rules:
+      - source: "defer .+\\.Close\\(\\)"
+        linters:
+          - errcheck
+      - source: "defer os.Remove\\(.+\\)"
+        linters:
+          - errcheck
+
+formatters:
+  enable:
+    - goimports
+
+run:
+  timeout: 10m

cache/bolt_test.go

@@ -54,7 +54,6 @@ func TestSetupBolt(t *testing.T) {
 		}
 		return nil
 	})
-
 }
 
 func TestEnsureBuckets(t *testing.T) {

config/config_v1.go

@@ -133,7 +133,7 @@ func convertToLatestConfig(pathToToml string) error {
 	if err := toml.NewEncoder(&buf).Encode(c); err != nil {
 		return xerrors.Errorf("Failed to encode to toml: %w", err)
 	}
-	str := strings.Replace(buf.String(), "\n  [", "\n\n  [", -1)
+	str := strings.ReplaceAll(buf.String(), "\n  [", "\n\n  [")
 	str = fmt.Sprintf("%s\n\n%s",
 		"# See README for details: https://vuls.io/docs/en/config.toml.html",
 		str)

config/scanmodule.go

@@ -56,7 +56,7 @@ func (s ScanModule) IsScanPort() bool {
 
 // IsZero return the struct value are all false
 func (s ScanModule) IsZero() bool {
-	return !(s.IsScanOSPkg() || s.IsScanWordPress() || s.IsScanLockFile() || s.IsScanPort())
+	return !s.IsScanOSPkg() && !s.IsScanWordPress() && !s.IsScanLockFile() && !s.IsScanPort()
 }
 
 func (s *ScanModule) ensure() error {

config/slackconf.go

@@ -32,10 +32,8 @@ func (c *SlackConf) Validate() (errs []error) {
 	if len(c.Channel) == 0 {
 		errs = append(errs, xerrors.New("slack.channel must not be empty"))
 	} else {
-		if !(strings.HasPrefix(c.Channel, "#") ||
-			c.Channel == "${servername}") {
-			errs = append(errs, xerrors.Errorf(
-				"channel's prefix must be '#', channel: %s", c.Channel))
+		if !strings.HasPrefix(c.Channel, "#") && c.Channel != "${servername}" {
+			errs = append(errs, xerrors.Errorf("channel's prefix must be '#', channel: %s", c.Channel))
 		}
 	}
 

contrib/future-vuls/pkg/config/config.go

@@ -2,10 +2,15 @@
 package config
 
 const (
-	DiscoverTomlFileName        = "discover_list.toml"
-	SnmpVersion                 = "v2c"
-	FvulsDomain                 = "vuls.biz"
-	Community                   = "public"
+	// DiscoverTomlFileName ...
+	DiscoverTomlFileName = "discover_list.toml"
+	// SnmpVersion ...
+	SnmpVersion = "v2c"
+	// FvulsDomain ...
+	FvulsDomain = "vuls.biz"
+	// Community ...
+	Community = "public"
+	// DiscoverTomlTimeStampFormat ...
 	DiscoverTomlTimeStampFormat = "20060102150405"
 )
 

contrib/future-vuls/pkg/discover/discover.go

@@ -113,7 +113,9 @@ func executeSnmp2cpe(addr string, snmpVersion string, community string) (cpes ma
 	if _, err := stdin.Write(result); err != nil {
 		return nil, fmt.Errorf("failed to write to stdIn. err: %v", err)
 	}
-	stdin.Close()
+	if err := stdin.Close(); err != nil {
+		return nil, fmt.Errorf("failed to close stdIn. err: %v", err)
+	}
 	output, err := cmd.Output()
 	if err != nil {
 		return nil, fmt.Errorf("failed to convert snmp2cpe result. err: %v", err)

contrib/snmp2cpe/pkg/cmd/version/version.go

@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"os"
 
+	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 
 	"github.com/future-architect/vuls/config"
@@ -15,8 +16,11 @@ func NewCmdVersion() *cobra.Command {
 		Use:   "version",
 		Short: "Print the version",
 		Args:  cobra.NoArgs,
-		Run: func(_ *cobra.Command, _ []string) {
-			fmt.Fprintf(os.Stdout, "snmp2cpe %s %s\n", config.Version, config.Revision)
+		RunE: func(_ *cobra.Command, _ []string) error {
+			if _, err := fmt.Fprintf(os.Stdout, "snmp2cpe %s %s\n", config.Version, config.Revision); err != nil {
+				return errors.Wrap(err, "failed to print version")
+			}
+			return nil
 		},
 	}
 	return cmd

contrib/trivy/pkg/converter.go

@@ -154,7 +154,8 @@ func Convert(results types.Results) (result *models.ScanResult, err error) {
 		}
 
 		// --list-all-pkgs flg of trivy will output all installed packages, so collect them.
-		if trivyResult.Class == types.ClassOSPkg {
+		switch trivyResult.Class {
+		case types.ClassOSPkg:
 			for _, p := range trivyResult.Packages {
 				pv := p.Version
 				if p.Release != "" {
@@ -186,7 +187,7 @@ func Convert(results types.Results) (result *models.ScanResult, err error) {
 				v.AddBinaryName(p.Name)
 				srcPkgs[p.SrcName] = v
 			}
-		} else if trivyResult.Class == types.ClassLangPkg {
+		case types.ClassLangPkg:
 			libScanner := uniqueLibraryScannerPaths[trivyResult.Target]
 			libScanner.Type = trivyResult.Type
 			for _, p := range trivyResult.Packages {
@@ -198,6 +199,7 @@ func Convert(results types.Results) (result *models.ScanResult, err error) {
 				})
 			}
 			uniqueLibraryScannerPaths[trivyResult.Target] = libScanner
+		default:
 		}
 	}
 

detector/cti.go

@@ -4,6 +4,7 @@ package detector
 
 import (
 	"encoding/json"
+	"errors"
 	"net/http"
 	"time"
 
@@ -212,7 +213,7 @@ func newCTIDB(cnf config.VulnDictInterface) (ctidb.DB, error) {
 	}
 	driver, err := ctidb.NewDB(cnf.GetType(), path, cnf.GetDebugSQL(), ctidb.Option{})
 	if err != nil {
-		if xerrors.Is(err, ctidb.ErrDBLocked) {
+		if errors.Is(err, ctidb.ErrDBLocked) {
 			return nil, xerrors.Errorf("Failed to init cti DB. SQLite3: %s is locked. err: %w", cnf.GetSQLite3Path(), err)
 		}
 		return nil, xerrors.Errorf("Failed to init cti DB. DB Path: %s, err: %w", path, err)

detector/cve_client.go

@@ -4,6 +4,7 @@ package detector
 
 import (
 	"encoding/json"
+	"errors"
 	"fmt"
 	"net/http"
 	"time"
@@ -68,15 +69,13 @@ func (client goCveDictClient) fetchCveDetails(cveIDs []string) (cveDetails []cve
 		tasks := util.GenWorkers(concurrency)
 		for range cveIDs {
 			tasks <- func() {
-				select {
-				case cveID := <-reqChan:
-					url, err := util.URLPathJoin(client.baseURL, "cves", cveID)
-					if err != nil {
-						errChan <- err
-					} else {
-						logging.Log.Debugf("HTTP Request to %s", url)
-						httpGet(cveID, url, resChan, errChan)
-					}
+				cveID := <-reqChan
+				url, err := util.URLPathJoin(client.baseURL, "cves", cveID)
+				if err != nil {
+					errChan <- err
+				} else {
+					logging.Log.Debugf("HTTP Request to %s", url)
+					httpGet(cveID, url, resChan, errChan)
 				}
 			}
 		}
@@ -214,7 +213,7 @@ func newCveDB(cnf config.VulnDictInterface) (cvedb.DB, error) {
 	}
 	driver, err := cvedb.NewDB(cnf.GetType(), path, cnf.GetDebugSQL(), cvedb.Option{})
 	if err != nil {
-		if xerrors.Is(err, cvedb.ErrDBLocked) {
+		if errors.Is(err, cvedb.ErrDBLocked) {
 			return nil, xerrors.Errorf("Failed to init CVE DB. SQLite3: %s is locked. err: %w", cnf.GetSQLite3Path(), err)
 		}
 		return nil, xerrors.Errorf("Failed to init CVE DB. DB Path: %s, err: %w", path, err)

detector/detector.go

@@ -754,7 +754,6 @@ func FillCweDict(r *models.ScanResult) {
 		dict[id] = entry
 	}
 	r.CweDict = dict
-	return
 }
 
 func fillCweRank(entry *models.CweDictEntry, id string) {

detector/exploitdb.go

@@ -4,6 +4,7 @@ package detector
 
 import (
 	"encoding/json"
+	"errors"
 	"net/http"
 	"time"
 
@@ -248,7 +249,7 @@ func newExploitDB(cnf config.VulnDictInterface) (exploitdb.DB, error) {
 	}
 	driver, err := exploitdb.NewDB(cnf.GetType(), path, cnf.GetDebugSQL(), exploitdb.Option{})
 	if err != nil {
-		if xerrors.Is(err, exploitdb.ErrDBLocked) {
+		if errors.Is(err, exploitdb.ErrDBLocked) {
 			return nil, xerrors.Errorf("Failed to init exploit DB. SQLite3: %s is locked. err: %w", cnf.GetSQLite3Path(), err)
 		}
 		return nil, xerrors.Errorf("Failed to init exploit DB. DB Path: %s, err: %w", path, err)

detector/kevuln.go

@@ -4,6 +4,7 @@ package detector
 
 import (
 	"encoding/json"
+	"errors"
 	"net/http"
 	"time"
 
@@ -90,7 +91,7 @@ func FillWithKEVuln(r *models.ScanResult, cnf config.KEVulnConf, logOpts logging
 						KnownRansomwareCampaignUse: k.KnownRansomwareCampaignUse,
 						DateAdded:                  k.DateAdded,
 						DueDate: func() *time.Time {
-							if k.DueDate == time.Date(1000, time.January, 1, 0, 0, 0, 0, time.UTC) {
+							if k.DueDate.Equal(time.Date(1000, time.January, 1, 0, 0, 0, 0, time.UTC)) {
 								return nil
 							}
 							return &k.DueDate
@@ -174,7 +175,7 @@ func FillWithKEVuln(r *models.ScanResult, cnf config.KEVulnConf, logOpts logging
 						KnownRansomwareCampaignUse: k.KnownRansomwareCampaignUse,
 						DateAdded:                  k.DateAdded,
 						DueDate: func() *time.Time {
-							if k.DueDate == time.Date(1000, time.January, 1, 0, 0, 0, 0, time.UTC) {
+							if k.DueDate.Equal(time.Date(1000, time.January, 1, 0, 0, 0, 0, time.UTC)) {
 								return nil
 							}
 							return &k.DueDate
@@ -343,7 +344,7 @@ func newKEVulnDB(cnf config.VulnDictInterface) (kevulndb.DB, error) {
 	}
 	driver, err := kevulndb.NewDB(cnf.GetType(), path, cnf.GetDebugSQL(), kevulndb.Option{})
 	if err != nil {
-		if xerrors.Is(err, kevulndb.ErrDBLocked) {
+		if errors.Is(err, kevulndb.ErrDBLocked) {
 			return nil, xerrors.Errorf("Failed to init kevuln DB. SQLite3: %s is locked. err: %w", cnf.GetSQLite3Path(), err)
 		}
 		return nil, xerrors.Errorf("Failed to init kevuln DB. DB Path: %s, err: %w", path, err)

detector/msf.go

@@ -4,6 +4,7 @@ package detector
 
 import (
 	"encoding/json"
+	"errors"
 	"net/http"
 	"time"
 
@@ -234,7 +235,7 @@ func newMetasploitDB(cnf config.VulnDictInterface) (metasploitdb.DB, error) {
 	}
 	driver, err := metasploitdb.NewDB(cnf.GetType(), path, cnf.GetDebugSQL(), metasploitdb.Option{})
 	if err != nil {
-		if xerrors.Is(err, metasploitdb.ErrDBLocked) {
+		if errors.Is(err, metasploitdb.ErrDBLocked) {
 			return nil, xerrors.Errorf("Failed to init metasploit DB. SQLite3: %s is locked. err: %w", cnf.GetSQLite3Path(), err)
 		}
 		return nil, xerrors.Errorf("Failed to init metasploit DB. DB Path: %s, err: %w", path, err)

detector/wordpress.go

@@ -78,10 +78,9 @@ func detectWordPressCves(r *models.ScanResult, cnf config.WpScanConf) (int, erro
 		return 0, nil
 	}
 	// Core
-	ver := strings.Replace(r.WordPressPackages.CoreVersion(), ".", "", -1)
+	ver := strings.ReplaceAll(r.WordPressPackages.CoreVersion(), ".", "")
 	if ver == "" {
-		return 0, errof.New(errof.ErrFailedToAccessWpScan,
-			fmt.Sprintf("Failed to get WordPress core version."))
+		return 0, errof.New(errof.ErrFailedToAccessWpScan, "Failed to get WordPress core version.")
 	}
 	url := fmt.Sprintf("https://wpscan.com/api/v3/wordpresses/%s", ver)
 	wpVinfos, err := wpscan(url, ver, cnf.Token, true)