Upgrading golangci-lint to v1.51.2 (#705)

.github/workflows/golangci-lint.yml

@@ -18,10 +18,12 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v2
         with:
-          go-version: ^1.18
-
+          go-version: ^1.20
+      - name: Install golangci-lint
+        run: |
+          wget https://github.com/golangci/golangci-lint/releases/download/v1.51.2/golangci-lint-1.51.2-linux-amd64.deb
+          sudo apt install -y ./golangci-lint-1.51.2-linux-amd64.deb\
       - name: Run golangci-lint
-        uses: golangci/golangci-lint-action@v3
-        with:
-          version: v1.45.2
-          working-directory: v3
+        run: |
+          cd v3
+          golangci-lint run

.golangci.yaml

@@ -9,6 +9,11 @@ linters-settings:
 linters:
   enable-all: true
   disable:
+    - interfacer
+    - nosnakecase
+    - tparallel
+    - nonamedreturns
+    - exhaustruct
     - stylecheck
     - gosec
     - dupl

v3/cmd/zlint-gtld-update/main.go

@@ -185,6 +185,7 @@ func getGTLDData() ([]util.GTLDPeriod, error) {
 		return nil, fmt.Errorf("error getting ICANN gTLD JSON : %s", err)
 	}
 
+	//nolint:musttag
 	var results struct {
 		GTLDs []util.GTLDPeriod
 	}

v3/integration/config.go

@@ -1,4 +1,4 @@
-// +build integration
+//go:build integration
 
 package integration
 

v3/integration/corpus_test.go

@@ -1,4 +1,4 @@
-// +build integration
+//go:build integration
 
 package integration
 

v3/integration/csv.go

@@ -1,4 +1,4 @@
-// +build integration
+//go:build integration
 
 package integration
 
@@ -45,7 +45,8 @@ type workItem struct {
 // directory, writing work items to the workChannel as they are available.
 //
 // Expected CSV format:
-//   subject_dn, issuer_dn, raw, fingerprint_sha256
+//
+//	subject_dn, issuer_dn, raw, fingerprint_sha256
 func loadCSV(workChannel chan<- workItem, directory string) {
 	log.Printf("Reading data from %d CSV files", len(conf.Files))
 	for i, dataFile := range conf.Files {

v3/integration/integration_test.go

@@ -1,4 +1,4 @@
-// +build integration
+//go:build integration
 
 package integration
 

v3/integration/lints/filters/nodes.go

@@ -8,10 +8,10 @@ import "go/ast"
 //
 // For example, the following returns a list of only function declarations.
 //
-//		filters.Declarations(tree.Decls, func(decl ast.Decl) bool {
-//			_, ok := decl.(*ast.FuncDecl)
-//			return ok
-//		})
+//	filters.Declarations(tree.Decls, func(decl ast.Decl) bool {
+//		_, ok := decl.(*ast.FuncDecl)
+//		return ok
+//	})
 //
 // The order of declarations is maintained.
 func Declarations(decls []ast.Decl, predicate func(decl ast.Decl) bool) (filtered []ast.Decl) {

v3/integration/lints/lint/lint.go

@@ -35,7 +35,7 @@ type Lint interface {
 // The message should be succinct and descriptive of the core issue. This message can only be set in the constructor,
 // NewResult. For example...
 //
-//		"Go style guides suggest not using bare returns in complex functions"
+//	"Go style guides suggest not using bare returns in complex functions"
 //
 // Code citations are the locations within the file that did not meet your expectations. Please see AddCodeCitations
 // for information on how to add these to the Result type. Adding a code citation will result in the file, line number
@@ -72,8 +72,6 @@ func NewResult(message string) *Result {
 //	func (l *certPolicyConflictsWithLocality) Initialize() error {
 //		return nil
 //	}
-//
-//
 func (r *Result) AddCodeCitation(start, end token.Pos, file *File) *Result {
 	srcCode := make([]byte, end-start)
 	reader := strings.NewReader(file.Src)
@@ -133,9 +131,9 @@ type File struct {
 // LineOf computes which line a particular position within a file lands on.
 //
 //	This is not the greatest song in the world.
-// 	No, this is just a tribute.
+//	No, this is just a tribute.
 //	Couldn't remember the greatest song in the world.
-// 	No, this is just a tribute!
+//	No, this is just a tribute!
 //
 // The word "remember" begins at position 81 within this text, therefor LineOf(81) should return line 3.
 func (f *File) LineOf(pos token.Pos) int {

v3/integration/package.go

@@ -1,4 +1,4 @@
-// +build integration
+//go:build integration
 
 // the integration package contains zlint integration tests and supporting test data tools.
 package integration

v3/integration/result.go

@@ -1,4 +1,4 @@
-// +build integration
+//go:build integration
 
 package integration
 

v3/lint/base.go

@@ -77,7 +77,7 @@ type Lint struct {
 // AND before (but not on) the Ineffective date. That is, CheckEffective
 // returns true if...
 //
-// 	c.NotBefore in [EffectiveDate, IneffectiveDate)
+//	c.NotBefore in [EffectiveDate, IneffectiveDate)
 //
 // If EffectiveDate is zero, then only IneffectiveDate is checked. Conversely,
 // if IneffectiveDate is zero then only EffectiveDate is checked. If both EffectiveDate

v3/lint/configuration.go

@@ -36,18 +36,22 @@ type Configuration struct {
 // file might look something like the following...
 //
 // ```
+//
 //	[MyLint]
 //	A = 1
 //	B = 2
+//
 // ```
 //
 // Given this, our target struct may look like the following...
 //
 // ```
+//
 //	type MytLint struct {
 //		A int
 //		B uint
 //	}
+//
 // ```
 //
 // So deserializing into this struct would look like...
@@ -121,9 +125,11 @@ func NewEmptyConfig() Configuration {
 // And the following struct definition...
 //
 // ```
-// type SomeOtherLint {
-//		IsWebPKI bool `toml:"is_web_pki"`
-// }
+//
+//	type SomeOtherLint {
+//			IsWebPKI bool `toml:"is_web_pki"`
+//	}
+//
 // ```
 //
 // Then the invocation of this function should be...

v3/lint/configuration_test.go

@@ -1079,6 +1079,7 @@ func TestStripGlobalsFromStructWithPrivates(t *testing.T) {
 		A string
 		B Global
 		C int
+		//nolint:unused
 		d int
 	}
 	test := Test{}

v3/lint/registration.go

@@ -241,7 +241,9 @@ func sourceListToMap(sources SourceList) map[LintSource]bool {
 // criteria included.
 //
 // FilterOptions are applied in the following order of precedence:
-//   ExcludeSources > IncludeSources > NameFilter > ExcludeNames > IncludeNames
+//
+//	ExcludeSources > IncludeSources > NameFilter > ExcludeNames > IncludeNames
+//
 //nolint:cyclop
 func (r *registryImpl) Filter(opts FilterOptions) (Registry, error) {
 	// If there's no filtering to be done, return the existing Registry.
@@ -369,6 +371,7 @@ func (r *registryImpl) defaultConfiguration(globals []GlobalConfiguration) ([]by
 
 // NewRegistry constructs a Registry implementation that can be used to register
 // lints.
+//
 //nolint:revive
 func NewRegistry() *registryImpl {
 	registry := &registryImpl{

v3/lint/result.go

@@ -21,6 +21,7 @@ import (
 )
 
 // LintStatus is an enum returned by lints inside of a LintResult.
+//
 //nolint:revive
 type LintStatus int
 

v3/lint/source.go

@@ -22,6 +22,7 @@ import (
 
 // LintSource is a type representing a known lint source that lints cite
 // requirements from.
+//
 //nolint:revive
 type LintSource string
 

v3/lint/source_test.go

@@ -24,6 +24,7 @@ import (
 // TestLintSourceMarshal tests that a LintSource can be correctly marshaled and
 // unmarshalled.
 func TestLintSourceMarshal(t *testing.T) {
+	//nolint:musttag
 	throwAway := struct {
 		Source LintSource
 	}{

v3/lints/apple/time.go

@@ -4,8 +4,9 @@ import "time"
 
 // In the context of a root policy update on trusted certificate lifetimes[0]
 // Apple provided an unambiguous definition for the length of a day:
-//   "398 days is measured with a day being equal to 86,400 seconds. Any time
-//   greater than this indicates an additional day of validity."
+//
+//	"398 days is measured with a day being equal to 86,400 seconds. Any time
+//	greater than this indicates an additional day of validity."
 //
 // We provide that value as a constant here for lints to use.
 //

v3/lints/cabf_br/lint_ext_tor_service_descriptor_hash_invalid.go

@@ -104,15 +104,16 @@ func lintOnionURL(onion string) *lint.LintResult {
 // Execute will lint the provided certificate. An lint.Error lint.LintResult will be
 // returned if:
 //
-//   1) There is no TorServiceDescriptor extension present and it's required
-//   2) There were no TorServiceDescriptors parsed by zcrypto
-//   3) There are TorServiceDescriptorHash entries with an invalid Onion URL.
-//   4) There are TorServiceDescriptorHash entries with an unknown hash
-//      algorithm or incorrect hash bit length.
-//   5) There is a TorServiceDescriptorHash entry that doesn't correspond to
-//      an onion subject in the cert.
-//   6) There is an onion subject in the cert that doesn't correspond to
-//      a TorServiceDescriptorHash, if required.
+//  1. There is no TorServiceDescriptor extension present and it's required
+//  2. There were no TorServiceDescriptors parsed by zcrypto
+//  3. There are TorServiceDescriptorHash entries with an invalid Onion URL.
+//  4. There are TorServiceDescriptorHash entries with an unknown hash
+//     algorithm or incorrect hash bit length.
+//  5. There is a TorServiceDescriptorHash entry that doesn't correspond to
+//     an onion subject in the cert.
+//  6. There is an onion subject in the cert that doesn't correspond to
+//     a TorServiceDescriptorHash, if required.
+//
 //nolint:cyclop
 func (l *torServiceDescHashInvalid) Execute(c *x509.Certificate) *lint.LintResult {
 	// If the certificate is EV, the BRTorServiceDescriptor extension is required.

v3/lints/cabf_br/lint_san_dns_name_onion_invalid.go

@@ -103,9 +103,9 @@ func (l *onionNotValid) CheckApplies(c *x509.Certificate) bool {
 // Execute will lint the provided certificate. A lint.Error lint.LintResult will
 // be returned if:
 //
-//  1) The certificate contains a Tor Rendezvous Spec v2 address and is not an
+//  1. The certificate contains a Tor Rendezvous Spec v2 address and is not an
 //     EV certificate (BRs: Appendix C).
-//  2) The certificate contains a `.onion` subject name/SAN that is neither a
+//  2. The certificate contains a `.onion` subject name/SAN that is neither a
 //     Rendezvous Spec v2 or v3 address.
 func (l *onionNotValid) Execute(c *x509.Certificate) *lint.LintResult {
 	for _, subj := range append(c.DNSNames, c.Subject.CommonName) {

v3/lints/cabf_br/lint_sub_cert_eku_server_auth_client_auth_missing.go

@@ -34,7 +34,7 @@ present.
 func init() {
 	lint.RegisterLint(&lint.Lint{
 		Name:          "e_sub_cert_eku_server_auth_client_auth_missing",
-		Description:   "Subscriber certificates MUST have have either id-kp-serverAuth or id-kp-clientAuth or both present in extKeyUsage",
+		Description:   "Subscriber certificates MUST have either id-kp-serverAuth or id-kp-clientAuth or both present in extKeyUsage",
 		Citation:      "BRs: 7.1.2.3",
 		Source:        lint.CABFBaselineRequirements,
 		EffectiveDate: util.CABEffectiveDate,

v3/lints/cabf_br/lint_subject_contains_reserved_arpa_ip.go

@@ -170,9 +170,9 @@ func reversedLabelsToIPv6(labels []string) net.IP {
 // address under the respective ARPA zone based on the address class. An error
 // is returned if:
 //
-// 1. The IP address labels parse as an IP of the wrong address class for the
-//    arpa suffix the name is using.
-// 2. The IP address is within an IANA reserved range.
+//  1. The IP address labels parse as an IP of the wrong address class for the
+//     arpa suffix the name is using.
+//  2. The IP address is within an IANA reserved range.
 func lintReversedIPAddress(name string, ipv6 bool) error {
 	numRequiredLabels := rdnsIPv4Labels
 	zoneSuffix := rdnsIPv4Suffix

v3/lints/cabf_br/lint_subject_public_key_info_improper_algorithm_object_identifier_encoding.go

@@ -26,7 +26,8 @@ import (
 
 type algorithmObjectIdentifierEncoding struct{}
 
-/************************************************
+/*
+***********************************************
 This lint refers to CAB Baseline Requirements (Version 1.7.4) chapter 7.1.3.1, which defines the
 required encodings of AlgorithmObjectIdentifiers inside a SubjectPublicKeyInfo field.
 
@@ -38,7 +39,8 @@ byte‐for‐byte identical with the following hex‐encoded bytes:
 For P‐256 keys: 301306072a8648ce3d020106082a8648ce3d030107
 For P‐384 keys: 301006072a8648ce3d020106052b81040022
 For P‐521 keys: 301006072a8648ce3d020106052b81040023
-************************************************/
+***********************************************
+*/
 func init() {
 	lint.RegisterLint(&lint.Lint{
 		Name: "e_algorithm_identifier_improper_encoding",

v3/lints/cabf_ev/lint_ev_not_wildcard_test.go

@@ -28,11 +28,13 @@ func TestSmoke(t *testing.T) {
 		"evSubscriberWildcardOnion.pem": lint.Pass,
 	}
 	for file, want := range tests {
-		t.Run(file, func(t *testing.T) {
+		f := file
+		w := want
+		t.Run(f, func(t *testing.T) {
 			t.Parallel()
-			got := test.TestLint("e_ev_not_wildcard", file).Status
-			if got != want {
-				t.Errorf("want %s, got %s", want, got)
+			got := test.TestLint("e_ev_not_wildcard", f).Status
+			if got != w {
+				t.Errorf("want %s, got %s", w, got)
 			}
 		})
 	}

v3/lints/cabf_ev/lint_ev_organization_id_missing_test.go

@@ -30,11 +30,13 @@ func TestOrganizationIDMissing(t *testing.T) {
 		"evOrgIdExtMissing_Valid.pem":                                     lint.Pass,
 	}
 	for file, want := range tests {
-		t.Run(file, func(t *testing.T) {
+		f := file
+		w := want
+		t.Run(f, func(t *testing.T) {
 			t.Parallel()
-			got := test.TestLint("e_ev_organization_id_missing", file).Status
-			if got != want {
-				t.Errorf("want %s, got %s", want, got)
+			got := test.TestLint("e_ev_organization_id_missing", f).Status
+			if got != w {
+				t.Errorf("want %s, got %s", w, got)
 			}
 		})
 	}

v3/lints/community/lint_subject_multiple_rdn.go

@@ -27,7 +27,7 @@ type SubjectRDNHasMultipleAttribute struct{}
 func init() {
 	lint.RegisterLint(&lint.Lint{
 		Name:          "n_multiple_subject_rdn",
-		Description:   "Certificates typically do not have have multiple attributes in a single RDN (subject). This may be an error.",
+		Description:   "Certificates typically do not have multiple attributes in a single RDN (subject). This may be an error.",
 		Citation:      "lint.AWSLabs certlint",
 		Source:        lint.Community,
 		EffectiveDate: util.ZeroDate,

v3/lints/etsi/lint_qcstatem_qctype_web.go

@@ -28,7 +28,7 @@ type qcStatemQctypeWeb struct{}
 func init() {
 	lint.RegisterLint(&lint.Lint{
 		Name:          "w_qcstatem_qctype_web",
-		Description:   "Checks that a QC Statement of the type Id-etsi-qcs-QcType features features at least the type IdEtsiQcsQctWeb",
+		Description:   "Checks that a QC Statement of the type Id-etsi-qcs-QcType features at least the type IdEtsiQcsQctWeb",
 		Citation:      "ETSI EN 319 412 - 5 V2.2.1 (2017 - 11) / Section 4.2.3",
 		Source:        lint.EtsiEsi,
 		EffectiveDate: util.EtsiEn319_412_5_V2_2_1_Date,

v3/lints/rfc/lint_ecdsa_allowed_ku.go

@@ -26,15 +26,19 @@ import (
 
 type ecdsaAllowedKU struct{}
 
-/************************************************
+/*
+***********************************************
 RFC 8813: 3.  Updates to Section 3
 If the keyUsage extension is present in a certificate that indicates
-   id-ecPublicKey in SubjectPublicKeyInfo, then the following values
-   MUST NOT be present:
 
-      keyEncipherment; and
-      dataEncipherment.
-************************************************/
+	id-ecPublicKey in SubjectPublicKeyInfo, then the following values
+	MUST NOT be present:
+
+	   keyEncipherment; and
+	   dataEncipherment.
+
+***********************************************
+*/
 func init() {
 	lint.RegisterLint(&lint.Lint{
 		Name:          "e_ecdsa_allowed_ku",