From 3250b2ecc1b32dd0540937de60f6ad1776dab63b Mon Sep 17 00:00:00 2001
From: Julien Bachmann <jbachmann@google.com>
Date: Thu, 7 Dec 2023 15:37:06 +0000
Subject: [PATCH] resolving linter issues

Signed-off-by: Cosmin Cojocar <gcojocar@adobe.com>
---
 .../v1alpha1/apparmorprofile_types.go         |  4 +-
 internal/pkg/cli/recorder/options.go          |  3 +-
 internal/pkg/cli/recorder/recorder.go         |  6 +--
 .../daemon/bpfrecorder/apparmor_filters.go    |  4 +-
 .../pkg/daemon/bpfrecorder/bpfrecorder.go     | 46 ++++++++++---------
 5 files changed, 33 insertions(+), 30 deletions(-)

diff --git a/api/apparmorprofile/v1alpha1/apparmorprofile_types.go b/api/apparmorprofile/v1alpha1/apparmorprofile_types.go
index f340c5095d..9736fba241 100644
--- a/api/apparmorprofile/v1alpha1/apparmorprofile_types.go
+++ b/api/apparmorprofile/v1alpha1/apparmorprofile_types.go
@@ -43,8 +43,8 @@ type AppArmorFsRules struct {
 }
 
 type AppArmorAllowedProtocols struct {
-	AllowTCP *bool `json:"allowTCP,omitempty"`
-	AllowUDP *bool `json:"allowUDP,omitempty"`
+	AllowTCP *bool `json:"allowTcp,omitempty"`
+	AllowUDP *bool `json:"allowUdp,omitempty"`
 }
 
 type AppArmorNetworkRules struct {
diff --git a/internal/pkg/cli/recorder/options.go b/internal/pkg/cli/recorder/options.go
index 9b127a27d1..b0ce600c08 100644
--- a/internal/pkg/cli/recorder/options.go
+++ b/internal/pkg/cli/recorder/options.go
@@ -57,7 +57,8 @@ func FromContext(ctx *cli.Context) (*Options, error) {
 	if ctx.IsSet(FlagType) {
 		options.typ = Type(ctx.String(FlagType))
 	}
-	if options.typ != TypeSeccomp && options.typ != TypeRawSeccomp && options.typ != TypeApparmor && options.typ != TypeRawAppArmor {
+	if options.typ != TypeSeccomp && options.typ != TypeRawSeccomp &&
+		options.typ != TypeApparmor && options.typ != TypeRawAppArmor {
 		return nil, fmt.Errorf("unsupported %s: %s", FlagType, options.typ)
 	}
 
diff --git a/internal/pkg/cli/recorder/recorder.go b/internal/pkg/cli/recorder/recorder.go
index 95006d0f2c..25d035722a 100644
--- a/internal/pkg/cli/recorder/recorder.go
+++ b/internal/pkg/cli/recorder/recorder.go
@@ -184,17 +184,17 @@ func (r *Recorder) generateAppArmorProfile() apparmorprofileapi.AppArmorAbstract
 		abstract.Filesystem = &files
 	}
 
-	if processed.Socket.UseRaw || processed.Socket.UseTcp || processed.Socket.UseUdp {
+	if processed.Socket.UseRaw || processed.Socket.UseTCP || processed.Socket.UseUDP {
 		net := apparmorprofileapi.AppArmorNetworkRules{}
 		proto := apparmorprofileapi.AppArmorAllowedProtocols{}
 		if processed.Socket.UseRaw {
 			net.AllowRaw = &enabled
 		}
-		if processed.Socket.UseTcp {
+		if processed.Socket.UseTCP {
 			proto.AllowTCP = &enabled
 			net.Protocols = &proto
 		}
-		if processed.Socket.UseUdp {
+		if processed.Socket.UseUDP {
 			proto.AllowUDP = &enabled
 			net.Protocols = &proto
 		}
diff --git a/internal/pkg/daemon/bpfrecorder/apparmor_filters.go b/internal/pkg/daemon/bpfrecorder/apparmor_filters.go
index afa5b3659b..193a000ac1 100644
--- a/internal/pkg/daemon/bpfrecorder/apparmor_filters.go
+++ b/internal/pkg/daemon/bpfrecorder/apparmor_filters.go
@@ -4,7 +4,7 @@
 package bpfrecorder
 
 // List of known paths containing systems libraries.
-// Taken from /etc/apparmor.d/abstractions/base
+// Taken from /etc/apparmor.d/abstractions/base.
 var knownLibrariesPrefixes = []string{
 	"/usr/lib32/locale/",
 	"/usr/lib64/locale/",
@@ -18,7 +18,7 @@ var knownLibrariesPrefixes = []string{
 }
 
 // List of known paths for commonly read from files.
-// Taken from /etc/apparmor.d/abstractions/base
+// Taken from /etc/apparmor.d/abstractions/base.
 var knownReadPrefixes = []string{
 	"/dev/random",
 	"/dev/urandom",
diff --git a/internal/pkg/daemon/bpfrecorder/bpfrecorder.go b/internal/pkg/daemon/bpfrecorder/bpfrecorder.go
index f9ddce4e83..24115b2bdc 100644
--- a/internal/pkg/daemon/bpfrecorder/bpfrecorder.go
+++ b/internal/pkg/daemon/bpfrecorder/bpfrecorder.go
@@ -144,8 +144,8 @@ type BpfAppArmorFileProcessed struct {
 
 type BpfAppArmorSocketEvent struct {
 	UseRaw bool
-	UseTcp bool
-	UseUdp bool
+	UseTCP bool
+	UseUDP bool
 }
 
 type BpfAppArmorProcessed struct {
@@ -246,7 +246,6 @@ func (b *BpfRecorder) Syscalls() *bpf.BPFMap {
 	return b.syscalls
 }
 
-// TODO: move in BpfRecorderAppArmor
 func (b *BpfRecorder) GetAppArmorProcessed() BpfAppArmorProcessed {
 	var processed BpfAppArmorProcessed
 
@@ -751,7 +750,7 @@ func (b *BpfRecorder) processEvents(events chan []byte) {
 	}
 }
 
-func fileDataToString(data [pathMax]uint8) string {
+func fileDataToString(data *[pathMax]uint8) string {
 	var eos int
 	for i, c := range data {
 		if c == 0 {
@@ -770,9 +769,9 @@ func (b *BpfRecorder) handleAppArmorFileEvents(fileEvent bpfAppArmorEvent) {
 	switch fileEvent.Type {
 	case uint8(probeTypeOpen):
 		var fileEv bpfAppArmorFileEvent
-		fileEv.Filename = fileDataToString(fileEvent.Data)
+		fileEv.Filename = fileDataToString(&fileEvent.Data)
 		fileEv.Flags = fileEvent.Flags
-		if (int)(fileEvent.Fd) < 0 {
+		if int(fileEvent.Fd) < 0 {
 			fileEv.GotError = true
 		}
 		b.recordedFiles = append(b.recordedFiles, fileEv)
@@ -835,16 +834,16 @@ func (b *BpfRecorder) handleAppArmorFileEvents(fileEvent bpfAppArmorEvent) {
 	}
 }
 
-func (b *BpfRecorder) handleAppArmorExecEvents(execEvent bpfAppArmorEvent) {
+func (b *BpfRecorder) handleAppArmorExecEvents(execEvent *bpfAppArmorEvent) {
 
 	b.lockRecordedExecs.Lock()
 	defer b.lockRecordedExecs.Unlock()
 
-	path := fileDataToString(execEvent.Data)
+	path := fileDataToString(&execEvent.Data)
 	b.recordedExecs = append(b.recordedExecs, path)
 }
 
-func (b *BpfRecorder) handleAppArmorSocketEvents(socketEvent bpfAppArmorEvent) {
+func (b *BpfRecorder) handleAppArmorSocketEvents(socketEvent *bpfAppArmorEvent) {
 
 	b.lockRecordedSocketsUse.Lock()
 	defer b.lockRecordedSocketsUse.Unlock()
@@ -854,25 +853,25 @@ func (b *BpfRecorder) handleAppArmorSocketEvents(socketEvent bpfAppArmorEvent) {
 	case uint64(sockRaw):
 		b.recordedSocketsUse.UseRaw = true
 	case uint64(sockStream):
-		b.recordedSocketsUse.UseTcp = true
+		b.recordedSocketsUse.UseTCP = true
 	case uint64(sockDgram):
-		b.recordedSocketsUse.UseUdp = true
+		b.recordedSocketsUse.UseUDP = true
 	}
 }
 
-func (b *BpfRecorder) handleAppArmorCapabilityEvents(capEvent bpfAppArmorEvent) {
+func (b *BpfRecorder) handleAppArmorCapabilityEvents(capEvent *bpfAppArmorEvent) {
 
 	b.lockRecordedCapabilities.Lock()
 	defer b.lockRecordedCapabilities.Unlock()
 
-	cap := capEvent.Flags
+	requestedCap := capEvent.Flags
 
 	for _, recordedCap := range b.recordedCapabilities {
-		if recordedCap == capabilities[int(cap)] {
+		if recordedCap == capabilities[int(requestedCap)] {
 			return
 		}
 	}
-	b.recordedCapabilities = append(b.recordedCapabilities, capabilities[int(cap)])
+	b.recordedCapabilities = append(b.recordedCapabilities, capabilities[int(requestedCap)])
 }
 
 func (b *BpfRecorder) handleAppArmorEvents(apparmorEvents chan []byte) {
@@ -888,14 +887,15 @@ func (b *BpfRecorder) handleAppArmorEvents(apparmorEvents chan []byte) {
 			return
 		}
 		switch apparmorEvent.Type {
-		case uint8(probeTypeOpen), uint8(probeTypeClose), uint8(probeTypeMmapExec), uint8(probeTypeRead), uint8(probeTypeWrite):
+		case uint8(probeTypeOpen), uint8(probeTypeClose),
+			uint8(probeTypeMmapExec), uint8(probeTypeRead), uint8(probeTypeWrite):
 			b.handleAppArmorFileEvents(apparmorEvent)
 		case uint8(probeTypeExec):
-			b.handleAppArmorExecEvents(apparmorEvent)
+			b.handleAppArmorExecEvents(&apparmorEvent)
 		case uint8(probeTypeSocket):
-			b.handleAppArmorSocketEvents(apparmorEvent)
+			b.handleAppArmorSocketEvents(&apparmorEvent)
 		case uint8(probeTypeCap):
-			b.handleAppArmorCapabilityEvents(apparmorEvent)
+			b.handleAppArmorCapabilityEvents(&apparmorEvent)
 		case uint8(probeTypeExit):
 			b.lockAppArmorRecording.Unlock()
 		}
@@ -925,7 +925,7 @@ func (b *BpfRecorder) processExecFsEvents() BpfAppArmorFileProcessed {
 			currentFilename = filepath.Clean(currentFile.Filename)
 		}
 		// loaded library
-		if currentFile.GotExec == true && !b.isKnownFile(currentFile.Filename, knownLibrariesPrefixes) {
+		if currentFile.GotExec && !b.isKnownFile(currentFile.Filename, knownLibrariesPrefixes) {
 			processedEvents.AllowedLibraries = append(processedEvents.AllowedLibraries, currentFilename)
 			continue
 		}
@@ -941,8 +941,10 @@ func (b *BpfRecorder) processExecFsEvents() BpfAppArmorFileProcessed {
 			continue
 		}
 		// read write file
-		if currentFile.GotRead && currentFile.GotWrite && !b.isKnownFile(currentFile.Filename, knownReadPrefixes) &&
-			!b.isKnownFile(currentFile.Filename, knownWritePrefixes) && !b.isKnownFile(currentFile.Filename, knownLibrariesPrefixes) {
+		if currentFile.GotRead && currentFile.GotWrite &&
+			!b.isKnownFile(currentFile.Filename, knownReadPrefixes) &&
+			!b.isKnownFile(currentFile.Filename, knownWritePrefixes) &&
+			!b.isKnownFile(currentFile.Filename, knownLibrariesPrefixes) {
 			processedEvents.ReadWritePaths = append(processedEvents.ReadWritePaths, currentFilename)
 			continue
 		}