From 4aae1bfbc7d1ccd27e572294faebed2cc96ef2ba Mon Sep 17 00:00:00 2001 From: Thomas Tendyck Date: Fri, 15 Mar 2024 14:45:44 +0100 Subject: [PATCH 1/2] rename ego module --- ego/cli/bundle_test.go | 5 ++--- ego/cli/cli.go | 3 +-- ego/cli/elf_test.go | 3 +-- ego/cli/run.go | 2 +- ego/cli/sign.go | 2 +- ego/cli/sign_test.go | 3 +-- ego/cmd/bundle/main.go | 3 +-- ego/cmd/clidocgen/main.go | 3 +-- ego/cmd/integration-test/main.go | 2 +- ego/cmd/marble-test/main.go | 2 +- ego/cmd/test-marble/main.go | 2 +- ego/ego/cmd/util.go | 5 ++--- ego/ego/main.go | 2 +- ego/go.mod | 2 +- ego/premain/core/core.go | 3 +-- ego/premain/core/core_test.go | 3 +-- ego/premain/main.go | 2 +- 17 files changed, 19 insertions(+), 28 deletions(-) diff --git a/ego/cli/bundle_test.go b/ego/cli/bundle_test.go index e7a03fe5..b50bb418 100644 --- a/ego/cli/bundle_test.go +++ b/ego/cli/bundle_test.go @@ -18,9 +18,8 @@ import ( "path/filepath" "testing" - "ego/config" - "ego/internal/launch" - + "github.com/edgelesssys/ego/ego/config" + "github.com/edgelesssys/ego/ego/internal/launch" "github.com/spf13/afero" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/ego/cli/cli.go b/ego/cli/cli.go index 0951f704..6776974a 100644 --- a/ego/cli/cli.go +++ b/ego/cli/cli.go @@ -10,8 +10,7 @@ import ( "os" "path/filepath" - "ego/internal/launch" - + "github.com/edgelesssys/ego/ego/internal/launch" "github.com/spf13/afero" ) diff --git a/ego/cli/elf_test.go b/ego/cli/elf_test.go index 021f0979..9b9ecd41 100644 --- a/ego/cli/elf_test.go +++ b/ego/cli/elf_test.go @@ -15,8 +15,7 @@ import ( "path/filepath" "testing" - "ego/config" - + "github.com/edgelesssys/ego/ego/config" "github.com/spf13/afero" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/ego/cli/run.go b/ego/cli/run.go index fa68174c..95400b9a 100644 --- a/ego/cli/run.go +++ b/ego/cli/run.go @@ -9,7 +9,7 @@ package cli import ( "path/filepath" - "ego/internal/launch" + "github.com/edgelesssys/ego/ego/internal/launch" ) // Run runs a signed executable in standalone mode. diff --git a/ego/cli/sign.go b/ego/cli/sign.go index bd9ab4dc..f2c58037 100644 --- a/ego/cli/sign.go +++ b/ego/cli/sign.go @@ -15,7 +15,7 @@ import ( "path/filepath" "strconv" - "ego/config" + "github.com/edgelesssys/ego/ego/config" ) const ( diff --git a/ego/cli/sign_test.go b/ego/cli/sign_test.go index 52ea65b4..aa0b8fbe 100644 --- a/ego/cli/sign_test.go +++ b/ego/cli/sign_test.go @@ -15,8 +15,7 @@ import ( "strings" "testing" - "ego/config" - + "github.com/edgelesssys/ego/ego/config" "github.com/google/go-cmp/cmp" "github.com/spf13/afero" "github.com/stretchr/testify/assert" diff --git a/ego/cmd/bundle/main.go b/ego/cmd/bundle/main.go index 213aa3e7..d3005328 100644 --- a/ego/cmd/bundle/main.go +++ b/ego/cmd/bundle/main.go @@ -18,8 +18,7 @@ import ( "path/filepath" "syscall" - "ego/internal/launch" - + "github.com/edgelesssys/ego/ego/internal/launch" "github.com/spf13/afero" ) diff --git a/ego/cmd/clidocgen/main.go b/ego/cmd/clidocgen/main.go index eec58fe0..4c2e53f0 100644 --- a/ego/cmd/clidocgen/main.go +++ b/ego/cmd/clidocgen/main.go @@ -12,8 +12,7 @@ import ( "fmt" "regexp" - "ego/ego/cmd" - + "github.com/edgelesssys/ego/ego/ego/cmd" "github.com/spf13/cobra" "github.com/spf13/cobra/doc" ) diff --git a/ego/cmd/integration-test/main.go b/ego/cmd/integration-test/main.go index 22f5adcf..12b01a78 100644 --- a/ego/cmd/integration-test/main.go +++ b/ego/cmd/integration-test/main.go @@ -7,11 +7,11 @@ package main import ( - "ego/test" "io" "log" "os" + "github.com/edgelesssys/ego/ego/test" "github.com/klauspost/cpuid/v2" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/ego/cmd/marble-test/main.go b/ego/cmd/marble-test/main.go index dd594858..c6c84d44 100644 --- a/ego/cmd/marble-test/main.go +++ b/ego/cmd/marble-test/main.go @@ -13,7 +13,6 @@ import ( "crypto/tls" "crypto/x509" "crypto/x509/pkix" - "ego/test" "io/ioutil" "math/big" "net" @@ -23,6 +22,7 @@ import ( "syscall" "time" + "github.com/edgelesssys/ego/ego/test" "github.com/edgelesssys/marblerun/coordinator/rpc" "github.com/stretchr/testify/require" "google.golang.org/grpc" diff --git a/ego/cmd/test-marble/main.go b/ego/cmd/test-marble/main.go index a2ec5776..b33cf226 100644 --- a/ego/cmd/test-marble/main.go +++ b/ego/cmd/test-marble/main.go @@ -7,9 +7,9 @@ package main import ( - "ego/test" "os" + "github.com/edgelesssys/ego/ego/test" "github.com/stretchr/testify/assert" ) diff --git a/ego/ego/cmd/util.go b/ego/ego/cmd/util.go index 311e2f35..fb4613a0 100644 --- a/ego/ego/cmd/util.go +++ b/ego/ego/cmd/util.go @@ -10,9 +10,8 @@ import ( "fmt" "os" - "ego/cli" - "ego/internal/launch" - + "github.com/edgelesssys/ego/ego/cli" + "github.com/edgelesssys/ego/ego/internal/launch" "github.com/klauspost/cpuid/v2" "github.com/spf13/afero" "github.com/spf13/cobra" diff --git a/ego/ego/main.go b/ego/ego/main.go index 6d77d253..8f0ae674 100644 --- a/ego/ego/main.go +++ b/ego/ego/main.go @@ -10,7 +10,7 @@ import ( "fmt" "os" - "ego/ego/cmd" + "github.com/edgelesssys/ego/ego/ego/cmd" ) // Don't touch! Automatically injected at build-time. diff --git a/ego/go.mod b/ego/go.mod index 80a240ad..32e7b16d 100644 --- a/ego/go.mod +++ b/ego/go.mod @@ -1,4 +1,4 @@ -module ego +module github.com/edgelesssys/ego/ego go 1.20 diff --git a/ego/premain/core/core.go b/ego/premain/core/core.go index 8c17754f..99e9a91a 100644 --- a/ego/premain/core/core.go +++ b/ego/premain/core/core.go @@ -17,8 +17,7 @@ import ( "strings" "syscall" - "ego/config" - + "github.com/edgelesssys/ego/ego/config" "github.com/edgelesssys/marblerun/marble/premain" "github.com/spf13/afero" ) diff --git a/ego/premain/core/core_test.go b/ego/premain/core/core_test.go index d3a75d08..0c560182 100644 --- a/ego/premain/core/core_test.go +++ b/ego/premain/core/core_test.go @@ -16,8 +16,7 @@ import ( "syscall" "testing" - "ego/config" - + "github.com/edgelesssys/ego/ego/config" "github.com/spf13/afero" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/ego/premain/main.go b/ego/premain/main.go index 09f4405e..47e491e7 100644 --- a/ego/premain/main.go +++ b/ego/premain/main.go @@ -9,11 +9,11 @@ package main import "C" import ( - "ego/premain/core" "os" "syscall" "unsafe" + "github.com/edgelesssys/ego/ego/premain/core" "github.com/spf13/afero" ) From b87b4aed3b2249c0bdbb1f4104503b0a277dfb07 Mon Sep 17 00:00:00 2001 From: Thomas Tendyck Date: Fri, 15 Mar 2024 14:49:52 +0100 Subject: [PATCH 2/2] add golangci-lint --- .github/workflows/golangci-lint.yml | 35 +++++++++++++++++++ .golangci.yml | 6 ++++ attestation/attestation.go | 3 +- eclient/doc.go | 3 ++ ecrypto/doc.go | 2 +- ecrypto/ecrypto.go | 2 ++ ecrypto/ecrypto_test.go | 2 ++ ego/cli/bundle.go | 8 ++--- ego/cli/elf_test.go | 7 ++-- ego/cli/install.go | 14 ++++---- ego/cli/install_test.go | 43 +++++++++++++----------- ego/cli/sign.go | 2 +- ego/cmd/bundle/main.go | 2 +- ego/cmd/bundle/main_test.go | 5 ++- ego/cmd/concurrency-test/main.go | 2 +- ego/cmd/marble-test/main.go | 3 +- enclave/doc.go | 3 +- enclave/enclave_test.go | 2 +- enclave/ert.go | 10 +++--- internal/attestation/attestation_test.go | 2 +- internal/attestation/claim.go | 1 + internal/attestation/maa.go | 4 +-- internal/attestation/maa_test.go | 2 +- marble/marble_test.go | 2 +- 24 files changed, 108 insertions(+), 57 deletions(-) create mode 100644 .github/workflows/golangci-lint.yml create mode 100644 .golangci.yml diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml new file mode 100644 index 00000000..60138ee8 --- /dev/null +++ b/.github/workflows/golangci-lint.yml @@ -0,0 +1,35 @@ +name: golangci-lint +on: + push: + branches: + - master + - main + pull_request: + +permissions: + contents: read + # Optional: allow read access to pull request. Use with `only-new-issues` option. + # pull-requests: read + +jobs: + golangci: + name: lint + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - uses: actions/setup-go@v5 + with: + go-version: "1.21" + cache: false + + - name: golangci-lint / + uses: golangci/golangci-lint-action@v4 + with: + version: v1.56 + + - name: golangci-lint /ego + uses: golangci/golangci-lint-action@v4 + with: + version: v1.56 + working-directory: ego diff --git a/.golangci.yml b/.golangci.yml new file mode 100644 index 00000000..59225156 --- /dev/null +++ b/.golangci.yml @@ -0,0 +1,6 @@ +run: + timeout: 10m + build-tags: [ego_mock_eclient] + +linters: + enable: [gofumpt] diff --git a/attestation/attestation.go b/attestation/attestation.go index 540221ee..11dbca05 100644 --- a/attestation/attestation.go +++ b/attestation/attestation.go @@ -57,5 +57,6 @@ func VerifyAzureAttestationToken(token string, providerURL string) (Report, erro Debug: report.Debug, UniqueID: report.UniqueID, SignerID: report.SignerID, - ProductID: report.ProductID}, nil + ProductID: report.ProductID, + }, nil } diff --git a/eclient/doc.go b/eclient/doc.go index 579241ed..5238ee6d 100644 --- a/eclient/doc.go +++ b/eclient/doc.go @@ -11,13 +11,16 @@ Use this package for programs that don't run in an enclave themselves but intera enclaved programs. Those non-enclaved programs are often called third parties or relying parties. This package requires libcrypto. On Ubuntu install it with: + sudo apt install libssl-dev This package requires the following environment variables to be set during build: + CGO_CFLAGS=-I/opt/ego/include CGO_LDFLAGS=-L/opt/ego/lib Or if using the EGo snap: + CGO_CFLAGS=-I/snap/ego-dev/current/opt/ego/include CGO_LDFLAGS=-L/snap/ego-dev/current/opt/ego/lib diff --git a/ecrypto/doc.go b/ecrypto/doc.go index 135dda93..e37f32a8 100644 --- a/ecrypto/doc.go +++ b/ecrypto/doc.go @@ -7,7 +7,7 @@ /* Package ecrypto provides convenience functions for cryptography inside an enclave. -Sealing +# Sealing Sealing is the process of encrypting data with a key derived from the enclave and the CPU it is running on. Sealed data can only be decrypted by the same enclave and CPU. Use it to persist data to disk. diff --git a/ecrypto/ecrypto.go b/ecrypto/ecrypto.go index d8c6f725..21340842 100644 --- a/ecrypto/ecrypto.go +++ b/ecrypto/ecrypto.go @@ -29,9 +29,11 @@ type enclaveSealer struct{} func (enclaveSealer) GetUniqueSealKey() (key, keyInfo []byte, err error) { return enclave.GetUniqueSealKey() } + func (enclaveSealer) GetProductSealKey() (key, keyInfo []byte, err error) { return enclave.GetProductSealKey() } + func (enclaveSealer) GetSealKey(keyInfo []byte) ([]byte, error) { return enclave.GetSealKey(keyInfo) } diff --git a/ecrypto/ecrypto_test.go b/ecrypto/ecrypto_test.go index 550e023b..ce7bcaa5 100644 --- a/ecrypto/ecrypto_test.go +++ b/ecrypto/ecrypto_test.go @@ -22,9 +22,11 @@ type stubSealer struct{} func (stubSealer) GetUniqueSealKey() (key, keyInfo []byte, err error) { return []byte("1234567890123456"), []byte("unique"), nil } + func (stubSealer) GetProductSealKey() (key, keyInfo []byte, err error) { return []byte("2345678901234567"), []byte("product"), nil } + func (stubSealer) GetSealKey(keyInfo []byte) ([]byte, error) { switch string(keyInfo) { case "unique": diff --git a/ego/cli/bundle.go b/ego/cli/bundle.go index 172f8f34..254f97f7 100644 --- a/ego/cli/bundle.go +++ b/ego/cli/bundle.go @@ -39,7 +39,7 @@ func (c *Cli) Bundle(filename string, outputFilename string) (reterr error) { if err != nil { return err } - defer c.fs.Remove(tarFilename) + defer func() { _ = c.fs.Remove(tarFilename) }() if outputFilename == "" { outputFilename = filepath.Base(filename) + "-bundle" @@ -51,7 +51,7 @@ func (c *Cli) Bundle(filename string, outputFilename string) (reterr error) { } defer func() { if reterr != nil { - c.fs.Remove(outputFilename) + _ = c.fs.Remove(outputFilename) } }() @@ -125,7 +125,7 @@ func (c *Cli) buildImage(enclaveFilename string) (tempFileName string, reterr er } defer func() { if reterr != nil { - c.fs.Remove(tempFile.Name()) + _ = c.fs.Remove(tempFile.Name()) } }() defer tempFile.Close() @@ -209,7 +209,7 @@ func (c *Cli) prepareBundle(inputFilename string, outputFilename string) (reterr } defer func() { if reterr != nil { - c.fs.Remove(binaryToPack.Name()) + _ = c.fs.Remove(binaryToPack.Name()) } }() defer binaryToPack.Close() diff --git a/ego/cli/elf_test.go b/ego/cli/elf_test.go index 9b9ecd41..a8dd6590 100644 --- a/ego/cli/elf_test.go +++ b/ego/cli/elf_test.go @@ -9,7 +9,6 @@ package cli import ( "debug/elf" "encoding/json" - "io/ioutil" "os" "os/exec" "path/filepath" @@ -31,7 +30,7 @@ var elfUnsigned = func() []byte { panic(err) } - dir, err := ioutil.TempDir("", "") + dir, err := os.MkdirTemp("", "") if err != nil { panic(err) } @@ -39,7 +38,7 @@ var elfUnsigned = func() []byte { // write minimal source file const src = `package main;import _"time";func main(){}` - if err := ioutil.WriteFile(filepath.Join(dir, srcFile), []byte(src), 0o400); err != nil { + if err := os.WriteFile(filepath.Join(dir, srcFile), []byte(src), 0o400); err != nil { panic(err) } @@ -54,7 +53,7 @@ var elfUnsigned = func() []byte { } // read resulting executable - data, err := ioutil.ReadFile(filepath.Join(dir, outFile)) + data, err := os.ReadFile(filepath.Join(dir, outFile)) if err != nil { panic(err) } diff --git a/ego/cli/install.go b/ego/cli/install.go index 18a87fb5..1b85bcaf 100644 --- a/ego/cli/install.go +++ b/ego/cli/install.go @@ -11,7 +11,7 @@ import ( "encoding/json" "errors" "fmt" - "io/ioutil" + "io" "net/http" "os" "os/exec" @@ -23,10 +23,12 @@ import ( const shellToUse = "bash" -var ErrTargetNotSupported = errors.New("component not found") -var ErrInstallUserQuit = errors.New("user denied installation") -var ErrExitCodeValue = errors.New("exit code not 0") -var ErrSysInfoFail = errors.New("could not determine necessary details about operating system") +var ( + ErrTargetNotSupported = errors.New("component not found") + ErrInstallUserQuit = errors.New("user denied installation") + ErrExitCodeValue = errors.New("exit code not 0") + ErrSysInfoFail = errors.New("could not determine necessary details about operating system") +) type installInfoV1 struct { Desc map[string]string @@ -184,7 +186,7 @@ func httpGet(url string) ([]byte, error) { if resp.StatusCode != http.StatusOK { return nil, fmt.Errorf("http response has status %v", resp.Status) } - body, err := ioutil.ReadAll(resp.Body) + body, err := io.ReadAll(resp.Body) if err != nil { return nil, err } diff --git a/ego/cli/install_test.go b/ego/cli/install_test.go index 21d4a4dd..29934d80 100644 --- a/ego/cli/install_test.go +++ b/ego/cli/install_test.go @@ -45,8 +45,10 @@ func (i *installerRunner) ClearRun() { i.run = make([]*exec.Cmd, 0) } -const ubuntu1804 = "ID=ubuntu\nVERSION_ID=18.04" -const ubuntu2004 = "ID=ubuntu\nVERSION_ID=20.04" +const ( + ubuntu1804 = "ID=ubuntu\nVERSION_ID=18.04" + ubuntu2004 = "ID=ubuntu\nVERSION_ID=20.04" +) var jsonData = ` { @@ -129,30 +131,31 @@ var jsonData = ` // Test whether getOsInfo can correctly determine details from os-release func TestInstallGetOsInfo(t *testing.T) { assert := assert.New(t) + require := require.New(t) runner := installerRunner{} fs := afero.NewMemMapFs() cli := NewCli(&runner, fs) - cli.fs.WriteFile("/etc/os-release", []byte("ID=\"ubuntu\"\nsome other infos\nVERSION_ID=\"20.04\""), 0) + require.NoError(cli.fs.WriteFile("/etc/os-release", []byte("ID=\"ubuntu\"\nsome other infos\nVERSION_ID=\"20.04\""), 0)) id, versionID, err := cli.getOsInfo() assert.Equal("ubuntu", id) assert.Equal("20.04", versionID) assert.Equal(nil, err) - cli.fs.WriteFile("/etc/os-release", []byte("ID=foo\nVERSION_ID=bar"), 0) + require.NoError(cli.fs.WriteFile("/etc/os-release", []byte("ID=foo\nVERSION_ID=bar"), 0)) id, versionID, err = cli.getOsInfo() assert.Equal("foo", id) assert.Equal("bar", versionID) assert.Equal(nil, err) - cli.fs.WriteFile("/etc/os-release", []byte("VERSION_ID=20.04"), 0) + require.NoError(cli.fs.WriteFile("/etc/os-release", []byte("VERSION_ID=20.04"), 0)) id, versionID, err = cli.getOsInfo() assert.Equal("", id) assert.Equal("", versionID) assert.NotEqual(nil, err) - cli.fs.WriteFile("/etc/os-release", []byte("IID=ubuntu\nVERSION_ID=20.04"), 0) + require.NoError(cli.fs.WriteFile("/etc/os-release", []byte("IID=ubuntu\nVERSION_ID=20.04"), 0)) id, versionID, err = cli.getOsInfo() assert.Equal("", id) assert.Equal("", versionID) @@ -162,12 +165,13 @@ func TestInstallGetOsInfo(t *testing.T) { // Run tests that should all pass the installation func TestInstallValidTests(t *testing.T) { assert := assert.New(t) + require := require.New(t) runner := installerRunner{} cli := NewCli(&runner, afero.NewMemMapFs()) server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - io.WriteString(w, jsonData) + _, _ = io.WriteString(w, jsonData) })) askTrue := func(string) bool { return true } @@ -180,7 +184,7 @@ func TestInstallValidTests(t *testing.T) { fmt.Println("Valid nonflc tests:") fmt.Println("------------------------------------------------------------------------------------") for osReleaseData, testComponents := range validNonflcTests { - cli.fs.WriteFile("/etc/os-release", []byte(osReleaseData), 0600) + require.NoError(cli.fs.WriteFile("/etc/os-release", []byte(osReleaseData), 0o600)) for _, component := range testComponents { fmt.Print("\nStarting installation of \"", component, "\"\n") assert.Equal(nil, cli.install(askTrue, "nonflc", component, server.URL)) @@ -206,7 +210,7 @@ func TestInstallValidTests(t *testing.T) { fmt.Println("Valid flc tests:") fmt.Println("------------------------------------------------------------------------------------") for osReleaseData, testComponents := range validFlcTests { - cli.fs.WriteFile("/etc/os-release", []byte(osReleaseData), 0600) + require.NoError(cli.fs.WriteFile("/etc/os-release", []byte(osReleaseData), 0o600)) for _, component := range testComponents { fmt.Print("\nStarting installation of \"", component, "\"\n") assert.Equal(nil, cli.install(askTrue, "flc", component, server.URL)) @@ -224,7 +228,6 @@ func TestInstallValidTests(t *testing.T) { fmt.Println("------------------------------------------------------------------------------------") } } - } // Run tests that should all fail the installation process @@ -236,7 +239,7 @@ func TestInstallNotValidTests(t *testing.T) { cli := NewCli(&runner, afero.NewMemMapFs()) server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - io.WriteString(w, jsonData) + _, _ = io.WriteString(w, jsonData) })) askTrue := func(string) bool { return true } @@ -249,7 +252,7 @@ func TestInstallNotValidTests(t *testing.T) { unvalidTests[ubuntu2004] = []string{"az-dcap-client", "echo abc", "?libsgx-launch", "! libsgx-launch", "|libsgx-launch", " . libsgx-launch"} for osReleaseData, testComponents := range unvalidTests { - cli.fs.WriteFile("/etc/os-release", []byte(osReleaseData), 0600) + require.NoError(cli.fs.WriteFile("/etc/os-release", []byte(osReleaseData), 0o600)) for _, component := range testComponents { fmt.Print("\nStarting installation of \"", component, "\"\n") assert.NotEqual(nil, cli.install(askTrue, "nonflc", component, server.URL)) @@ -269,7 +272,7 @@ func TestExactCommand(t *testing.T) { cli := NewCli(&runner, afero.NewMemMapFs()) server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - io.WriteString(w, jsonData) + _, _ = io.WriteString(w, jsonData) })) askTrue := func(string) bool { return true } @@ -277,7 +280,7 @@ func TestExactCommand(t *testing.T) { fmt.Println("\n\nExact Command Test") fmt.Println("------------------------------------------------------------------------------------") - cli.fs.WriteFile("/etc/os-release", []byte(ubuntu1804), 0600) + require.NoError(cli.fs.WriteFile("/etc/os-release", []byte(ubuntu1804), 0o600)) assert.Equal(nil, cli.install(askTrue, "flc", "sgx-driver", server.URL)) cmds := runner.run fmt.Println(cmds[0].Dir) @@ -299,7 +302,7 @@ func TestInstallErrorCheck(t *testing.T) { cli := NewCli(&runner, afero.NewMemMapFs()) server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - io.WriteString(w, jsonData) + _, _ = io.WriteString(w, jsonData) })) askTrue := func(string) bool { return true } @@ -308,31 +311,31 @@ func TestInstallErrorCheck(t *testing.T) { fmt.Println("\n\nTest Install Errors") // os-release file does not contain necessary information, but no error - cli.fs.WriteFile("/etc/os-release", []byte(""), 0600) + require.NoError(cli.fs.WriteFile("/etc/os-release", []byte(""), 0o600)) assert.NotEqual(nil, cli.install(askTrue, "flc", "sgx-driver", server.URL)) runner.ClearRun() fmt.Println("------------------------------------------------------------------------------------") // os "foo" does not exist in json file - cli.fs.WriteFile("/etc/os-release", []byte("ID=foo\nVERSION_ID=bar"), 0600) + require.NoError(cli.fs.WriteFile("/etc/os-release", []byte("ID=foo\nVERSION_ID=bar"), 0o600)) assert.Equal(nil, cli.install(askTrue, "flc", "sgx-driver", server.URL)) runner.ClearRun() fmt.Println("------------------------------------------------------------------------------------") // no available components to install for nonsgx - cli.fs.WriteFile("/etc/os-release", []byte(ubuntu2004), 0600) + require.NoError(cli.fs.WriteFile("/etc/os-release", []byte(ubuntu2004), 0o600)) assert.Equal(nil, cli.install(askTrue, "nonsgx", "sgx-driver", server.URL)) runner.ClearRun() fmt.Println("------------------------------------------------------------------------------------") // component "foo" does not exist in json file - cli.fs.WriteFile("/etc/os-release", []byte(ubuntu2004), 0600) + require.NoError(cli.fs.WriteFile("/etc/os-release", []byte(ubuntu2004), 0o600)) assert.Equal(ErrTargetNotSupported, cli.install(askTrue, "nonflc", "foo", server.URL)) runner.ClearRun() fmt.Println("------------------------------------------------------------------------------------") // askFalse: user does not want to continue installation, so installation stops without error - cli.fs.WriteFile("/etc/os-release", []byte(ubuntu2004), 0600) + require.NoError(cli.fs.WriteFile("/etc/os-release", []byte(ubuntu2004), 0o600)) assert.Equal(ErrInstallUserQuit, cli.install(askFalse, "nonflc", "sgx-driver", server.URL)) require.Len(runner.run, 0) runner.ClearRun() diff --git a/ego/cli/sign.go b/ego/cli/sign.go index f2c58037..9252f736 100644 --- a/ego/cli/sign.go +++ b/ego/cli/sign.go @@ -73,7 +73,7 @@ func (c *Cli) signWithJSON(conf *config.Config) error { if err != nil { return err } - defer c.fs.Remove(file.Name()) + defer func() { _ = c.fs.Remove(file.Name()) }() _, err = file.Write([]byte(cProduct + cSecurityVersion + cDebug + cNumHeapPages + cStackPages + cNumTCS + cExecutableHeap)) if err != nil { diff --git a/ego/cmd/bundle/main.go b/ego/cmd/bundle/main.go index d3005328..de98f8ee 100644 --- a/ego/cmd/bundle/main.go +++ b/ego/cmd/bundle/main.go @@ -66,7 +66,7 @@ func run(fs afero.Fs, selfElfFile *elf.File, runner launch.Runner) (int, error) if err != nil { return 1, err } - defer fs.RemoveAll(tempEGoRootPath) + defer func() { _ = fs.RemoveAll(tempEGoRootPath) }() // Register cleanup handler to clean-up on STRG+C cleanupHandler(tempEGoRootPath) diff --git a/ego/cmd/bundle/main_test.go b/ego/cmd/bundle/main_test.go index d72cfcdb..28b76d50 100644 --- a/ego/cmd/bundle/main_test.go +++ b/ego/cmd/bundle/main_test.go @@ -13,7 +13,6 @@ import ( "debug/elf" "fmt" "io" - "io/ioutil" "os" "os/exec" "path/filepath" @@ -34,7 +33,7 @@ var elfUnsigned = func() []byte { panic(err) } - dir, err := ioutil.TempDir("", "") + dir, err := os.MkdirTemp("", "") if err != nil { panic(err) } @@ -168,7 +167,7 @@ func TestUnpackBundledImage(t *testing.T) { fs := afero.NewMemMapFs() unpackingPath, err := afero.TempDir(fs, "", "ego-unittest") require.NoError(err) - defer fs.RemoveAll(unpackingPath) + defer func() { _ = fs.RemoveAll(unpackingPath) }() assert.NoError(unpackBundledImage(fs, unpackingPath, elfFile)) diff --git a/ego/cmd/concurrency-test/main.go b/ego/cmd/concurrency-test/main.go index c9d88f8e..cd659554 100644 --- a/ego/cmd/concurrency-test/main.go +++ b/ego/cmd/concurrency-test/main.go @@ -68,7 +68,7 @@ func work(in, out chan int) { out <- x // cgo call triggers specific scheduling logic - syscall.Nanosleep(&syscall.Timespec{Sec: 0, Nsec: 1_000}, nil) + _ = syscall.Nanosleep(&syscall.Timespec{Sec: 0, Nsec: 1_000}, nil) // triggers GC from time to time garbage = make([]byte, 1024) diff --git a/ego/cmd/marble-test/main.go b/ego/cmd/marble-test/main.go index c6c84d44..77fc25d7 100644 --- a/ego/cmd/marble-test/main.go +++ b/ego/cmd/marble-test/main.go @@ -13,7 +13,6 @@ import ( "crypto/tls" "crypto/x509" "crypto/x509/pkix" - "io/ioutil" "math/big" "net" "os" @@ -54,7 +53,7 @@ func main() { // Run the test marble. // - uuidDir, err := ioutil.TempDir("", "") + uuidDir, err := os.MkdirTemp("", "") require.NoError(err) defer os.RemoveAll(uuidDir) diff --git a/enclave/doc.go b/enclave/doc.go index 0806dc71..37eda379 100644 --- a/enclave/doc.go +++ b/enclave/doc.go @@ -7,7 +7,7 @@ /* Package enclave provides functionality for Go enclaves like remote attestation and sealing. -Using remote reports +# Using remote reports Remote reports are generated by an enclave platform to attest the integrity and confidentiality of an enclaved app instance. A remote report also attests that an app was @@ -55,6 +55,5 @@ party must additionally verify the content of the remote report: return errors.New("report data does not match the certificate's hash") } // we ensured the cert was generated by the enclave - */ package enclave diff --git a/enclave/enclave_test.go b/enclave/enclave_test.go index 4e9387a0..4e27b11f 100644 --- a/enclave/enclave_test.go +++ b/enclave/enclave_test.go @@ -20,7 +20,7 @@ func ExampleCreateAttestationServerTLSConfig() { // Create HTTPS server. http.HandleFunc("/test", func(w http.ResponseWriter, r *http.Request) { - w.Write([]byte("this is a test handler")) + _, _ = w.Write([]byte("this is a test handler")) }) server := http.Server{Addr: "0.0.0.0:8080", TLSConfig: tlsConfig} log.Fatal(server.ListenAndServeTLS("", "")) diff --git a/enclave/ert.go b/enclave/ert.go index cf05a387..ce310654 100644 --- a/enclave/ert.go +++ b/enclave/ert.go @@ -65,7 +65,7 @@ func GetRemoteReport(reportData []byte) ([]byte, error) { } result := C.GoBytes(unsafe.Pointer(report), C.int(reportSize)) - syscall.Syscall(sysFreeReport, uintptr(unsafe.Pointer(report)), 0, 0) + _, _, _ = syscall.Syscall(sysFreeReport, uintptr(unsafe.Pointer(report)), 0, 0) return result, nil } @@ -100,7 +100,7 @@ func VerifyRemoteReport(reportBytes []byte) (attestation.Report, error) { verifyErr = attestation.ErrTCBLevelInvalid } - defer syscall.Syscall(sysFreeClaims, claims, claimsLength, 0) + defer func() { _, _, _ = syscall.Syscall(sysFreeClaims, claims, claimsLength, 0) }() report, err := internal.ParseClaims(claims, claimsLength) if err != nil { @@ -150,7 +150,7 @@ func GetLocalReport(reportData []byte, targetReport []byte) ([]byte, error) { } result := C.GoBytes(unsafe.Pointer(report), C.int(reportSize)) - syscall.Syscall(sysFreeReport, uintptr(unsafe.Pointer(report)), 0, 0) + _, _, _ = syscall.Syscall(sysFreeReport, uintptr(unsafe.Pointer(report)), 0, 0) return result, nil } @@ -231,7 +231,7 @@ func GetSealKey(keyInfo []byte) ([]byte, error) { } key := C.GoBytes(unsafe.Pointer(keyBuffer), C.int(keySize)) - syscall.Syscall(sysFreeSealKey, uintptr(unsafe.Pointer(keyBuffer)), 0, 0) + _, _, _ = syscall.Syscall(sysFreeSealKey, uintptr(unsafe.Pointer(keyBuffer)), 0, 0) return key, nil } @@ -257,7 +257,7 @@ func getSealKeyByPolicy(sealPolicy uintptr) (key, keyInfo []byte, err error) { key = C.GoBytes(unsafe.Pointer(keyBuffer), C.int(keySize)) keyInfo = C.GoBytes(unsafe.Pointer(keyInfoBuffer), C.int(keyInfoSize)) - syscall.Syscall( + _, _, _ = syscall.Syscall( sysFreeSealKey, uintptr(unsafe.Pointer(keyBuffer)), uintptr(unsafe.Pointer(keyInfoBuffer)), diff --git a/internal/attestation/attestation_test.go b/internal/attestation/attestation_test.go index cce06428..30a2bbf0 100644 --- a/internal/attestation/attestation_test.go +++ b/internal/attestation/attestation_test.go @@ -92,7 +92,7 @@ func TestTLSConfig(t *testing.T) { require.NoError(err) server := httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - io.WriteString(w, "hello") + _, _ = io.WriteString(w, "hello") })) server.TLS = serverConfig diff --git a/internal/attestation/claim.go b/internal/attestation/claim.go index c78b80c7..a1ca0d5d 100644 --- a/internal/attestation/claim.go +++ b/internal/attestation/claim.go @@ -8,6 +8,7 @@ package attestation // #include "claim.h" import "C" + import ( "errors" "unsafe" diff --git a/internal/attestation/maa.go b/internal/attestation/maa.go index d3b1d5c5..5d592b02 100644 --- a/internal/attestation/maa.go +++ b/internal/attestation/maa.go @@ -16,7 +16,7 @@ import ( "encoding/json" "errors" "fmt" - "io/ioutil" + "io" "net/http" "net/url" "time" @@ -212,7 +212,7 @@ func httpGet(url string) ([]byte, error) { if resp.StatusCode != http.StatusOK { return nil, fmt.Errorf("http response has status %v", resp.Status) } - body, err := ioutil.ReadAll(resp.Body) + body, err := io.ReadAll(resp.Body) if err != nil { return nil, err } diff --git a/internal/attestation/maa_test.go b/internal/attestation/maa_test.go index 456c9137..828e308b 100644 --- a/internal/attestation/maa_test.go +++ b/internal/attestation/maa_test.go @@ -156,7 +156,7 @@ func TestVerifyAzureAttestationToken(t *testing.T) { http.Error(w, "could not marshal json keys", http.StatusInternalServerError) } w.Header().Set("Content-Type", "application/json") - w.Write(response) + _, _ = w.Write(response) } attestationProvider := httptest.NewServer(http.HandlerFunc(serveKeys)) defer attestationProvider.Close() diff --git a/marble/marble_test.go b/marble/marble_test.go index 24d03499..44d70d58 100644 --- a/marble/marble_test.go +++ b/marble/marble_test.go @@ -149,7 +149,7 @@ func resetEnv() { // x509 cert pools don't allow to extract certificates inside them. How great is that? So we gotta extract the ASN.1 subject and work with it. // This was taken (and slightly modified) from: https://github.com/golang/go/issues/26614#issuecomment-613640345 func getCommonNameFromX509Pool(pool *x509.CertPool) (string, error) { - poolSubjects := pool.Subjects() + poolSubjects := pool.Subjects() //nolint:staticcheck var rdnSequence pkix.RDNSequence _, err := asn1.Unmarshal(poolSubjects[0], &rdnSequence)