run linter

cmd/commands/root.go

@@ -88,7 +88,9 @@ func runAudit(auditable ...kubeaudit.Auditable) func(cmd *cobra.Command, args []
 			if err != nil {
 				log.WithError(err).Fatal("Error generating the SARIF output")
 			}
-			sarifReport.PrettyWrite(os.Stdout)
+			if err := sarifReport.PrettyWrite(os.Stdout); err != nil {
+				log.WithError(err).Fatal("Error executing SARIF PrettyWrite")
+			}
 
 			if report.HasErrors() {
 				os.Exit(rootConfig.exitCode)

config/config.go

@@ -2,7 +2,6 @@ package config
 
 import (
 	"io"
-	"io/ioutil"
 
 	"github.com/Shopify/kubeaudit/auditors/deprecatedapis"
 	"github.com/Shopify/kubeaudit/auditors/mounts"
@@ -14,7 +13,7 @@ import (
 )
 
 func New(configData io.Reader) (KubeauditConfig, error) {
-	configBytes, err := ioutil.ReadAll(configData)
+	configBytes, err := io.ReadAll(configData)
 	if err != nil {
 		return KubeauditConfig{}, err
 	}

fix_test.go

@@ -1,7 +1,6 @@
 package kubeaudit_test
 
 import (
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"testing"
@@ -16,7 +15,7 @@ import (
 
 // Test that fixing all fixtures in auditors/* results in manifests that pass all audits
 func TestFix(t *testing.T) {
-	auditorDirs, err := ioutil.ReadDir("auditors")
+	auditorDirs, err := os.ReadDir("auditors")
 	if !assert.Nil(t, err) {
 		return
 	}
@@ -30,7 +29,7 @@ func TestFix(t *testing.T) {
 		}
 
 		fixturesDirPath := filepath.Join("..", auditorDir.Name(), "fixtures")
-		fixtureFiles, err := ioutil.ReadDir(fixturesDirPath)
+		fixtureFiles, err := os.ReadDir(fixturesDirPath)
 		if os.IsNotExist(err) {
 			continue
 		}

internal/k8sinternal/client.go

@@ -133,40 +133,39 @@ func (kc kubeClient) GetAllResources(options ClientOptions) ([]k8s.Resource, err
 	if err != nil {
 		return nil, err
 	}
-	if lists != nil {
-		for _, list := range lists {
-			if len(list.APIResources) == 0 {
-				continue
-			}
-			gv, err := schema.ParseGroupVersion(list.GroupVersion)
-			if err != nil {
+
+	for _, list := range lists {
+		if list == nil || len(list.APIResources) == 0 {
+			continue
+		}
+		gv, err := schema.ParseGroupVersion(list.GroupVersion)
+		if err != nil {
+			continue
+		}
+		for _, apiresource := range list.APIResources {
+			if len(apiresource.Verbs) == 0 {
 				continue
 			}
-			for _, apiresource := range list.APIResources {
-				if len(apiresource.Verbs) == 0 {
-					continue
-				}
-				gvr := schema.GroupVersionResource{Group: gv.Group, Version: gv.Version, Resource: apiresource.Name}
+			gvr := schema.GroupVersionResource{Group: gv.Group, Version: gv.Version, Resource: apiresource.Name}
 
-				// Namespace has to be included as a resource to audit if it is specified.
-				if apiresource.Name == "namespaces" && options.Namespace != "" {
-					unstructured, err := kc.dynamicClient.Resource(gvr).Get(context.Background(), options.Namespace, metav1.GetOptions{})
+			// Namespace has to be included as a resource to audit if it is specified.
+			if apiresource.Name == "namespaces" && options.Namespace != "" {
+				unstructured, err := kc.dynamicClient.Resource(gvr).Get(context.Background(), options.Namespace, metav1.GetOptions{})
+				if err == nil {
+					r, err := unstructuredToObject(unstructured)
 					if err == nil {
-						r, err := unstructuredToObject(unstructured)
+						resources = append(resources, r)
+					}
+				}
+			} else {
+				unstructuredList, err := kc.dynamicClient.Resource(gvr).Namespace(options.Namespace).List(context.Background(), metav1.ListOptions{})
+				if err == nil {
+					for _, unstructured := range unstructuredList.Items {
+						r, err := unstructuredToObject(&unstructured)
 						if err == nil {
 							resources = append(resources, r)
 						}
 					}
-				} else {
-					unstructuredList, err := kc.dynamicClient.Resource(gvr).Namespace(options.Namespace).List(context.Background(), metav1.ListOptions{})
-					if err == nil {
-						for _, unstructured := range unstructuredList.Items {
-							r, err := unstructuredToObject(&unstructured)
-							if err == nil {
-								resources = append(resources, r)
-							}
-						}
-					}
 				}
 			}
 		}

internal/k8sinternal/runtime_test.go

@@ -2,7 +2,7 @@ package k8sinternal_test
 
 import (
 	"bytes"
-	"io/ioutil"
+	"os"
 	"path"
 	"testing"
 
@@ -13,8 +13,6 @@ import (
 	"github.com/stretchr/testify/require"
 )
 
-const fixtureDir = "../test/fixtures"
-
 func TestNewTrue(t *testing.T) {
 	assert.True(t, *k8s.NewTrue())
 }
@@ -31,7 +29,7 @@ func TestEncodeDecode(t *testing.T) {
 	deployment.ObjectMeta = k8s.ObjectMetaV1{Namespace: "foo"}
 	deployment.Spec.Template.Spec.Containers = []k8s.ContainerV1{{Name: "bar"}}
 
-	expectedManifest, err := ioutil.ReadFile("fixtures/test-encode-decode.yml")
+	expectedManifest, err := os.ReadFile("fixtures/test-encode-decode.yml")
 	require.NoError(err)
 
 	encoded, err := k8sinternal.EncodeResource(deployment)
@@ -121,7 +119,7 @@ func getAllResources(t *testing.T) (resources []k8s.Resource) {
 func getResourcesFromManifest(t *testing.T, manifest string) (resources []k8s.Resource) {
 	assert := assert.New(t)
 
-	data, err := ioutil.ReadFile(manifest)
+	data, err := os.ReadFile(manifest)
 	require.NoError(t, err)
 
 	bufSlice := bytes.Split(data, []byte("---"))

internal/test/test.go

@@ -3,7 +3,6 @@ package test
 import (
 	"bytes"
 	"fmt"
-	"io/ioutil"
 	"os"
 	"os/exec"
 	"path/filepath"
@@ -125,7 +124,7 @@ func GetReport(t *testing.T, fixtureDir, fixture string, auditables []kubeaudit.
 // It can be used to retrieve all of the resource manifests from the test/fixtures/all_resources directory
 // This directory is not hardcoded because the working directory for tests is relative to the test
 func GetAllFileNames(t *testing.T, directory string) []string {
-	files, err := ioutil.ReadDir(directory)
+	files, err := os.ReadDir(directory)
 	require.Nil(t, err)
 
 	fileNames := make([]string, 0, len(files))

kubeaudit.go

@@ -1,6 +1,6 @@
 // Package kubeaudit provides methods to find and fix security issues in Kubernetes resources.
 //
-// Modes
+// # Modes
 //
 // Kubeaudit supports three different modes. The mode used depends on the audit method used.
 //
@@ -14,100 +14,98 @@
 //
 // Follow the instructions below to use kubeaudit:
 //
-// First initialize the security auditors
+// # First initialize the security auditors
 //
 // The auditors determine which security issues kubeaudit will look for. Each auditor is responsible for a different
 // security issue. For an explanation of what each auditor checks for, see https://github.com/Shopify/kubeaudit#auditors.
 //
 // To initialize all available auditors:
 //
-//   import "github.com/Shopify/kubeaudit/auditors/all"
+//	import "github.com/Shopify/kubeaudit/auditors/all"
 //
-//   auditors, err := all.Auditors(config.KubeauditConfig{})
+//	auditors, err := all.Auditors(config.KubeauditConfig{})
 //
 // Or, to initialize specific auditors, import each one:
 //
-//   import (
-//     "github.com/Shopify/kubeaudit/auditors/apparmor"
-//     "github.com/Shopify/kubeaudit/auditors/image"
-//   )
+//	import (
+//	  "github.com/Shopify/kubeaudit/auditors/apparmor"
+//	  "github.com/Shopify/kubeaudit/auditors/image"
+//	)
 //
-//   auditors := []kubeaudit.Auditable{
-//     apparmor.New(),
-//     image.New(image.Config{Image: "myimage:mytag"}),
-//   }
+//	auditors := []kubeaudit.Auditable{
+//	  apparmor.New(),
+//	  image.New(image.Config{Image: "myimage:mytag"}),
+//	}
 //
-// Initialize Kubeaudit
+// # Initialize Kubeaudit
 //
 // Create a new instance of kubeaudit:
 //
-//   kubeAuditor, err := kubeaudit.New(auditors)
+//	kubeAuditor, err := kubeaudit.New(auditors)
 //
-// Run the audit
+// # Run the audit
 //
 // To run the audit in manifest mode:
 //
-//   import "os"
+//	import "os"
 //
-//   manifest, err := os.Open("/path/to/manifest.yaml")
-//   if err != nil {
-//     ...
-//   }
+//	manifest, err := os.Open("/path/to/manifest.yaml")
+//	if err != nil {
+//	  ...
+//	}
 //
-//   report, err := kubeAuditor.AuditManifest(manifest)
+//	report, err := kubeAuditor.AuditManifest(manifest)
 //
 // Or, to run the audit in local mode:
 //
-//   report, err := kubeAuditor.AuditLocal("/path/to/kubeconfig.yml", kubeaudit.AuditOptions{})
+//	report, err := kubeAuditor.AuditLocal("/path/to/kubeconfig.yml", kubeaudit.AuditOptions{})
 //
 // Or, to run the audit in cluster mode (pass it a namespace name as a string to only audit resources in that namespace, or an empty string to audit resources in all namespaces):
 //
-//   report, err := auditor.AuditCluster(kubeaudit.AuditOptions{})
+//	report, err := auditor.AuditCluster(kubeaudit.AuditOptions{})
 //
-// Get the results
+// # Get the results
 //
 // To print the results in a human readable way:
 //
-//   report.PrintResults()
+//	report.PrintResults()
 //
 // Results are printed to standard out by default. To print to a string instead:
 //
-//   var buf bytes.Buffer
-//   report.PrintResults(kubeaudit.WithWriter(&buf), kubeaudit.WithColor(false))
-//   resultsString := buf.String()
+//	var buf bytes.Buffer
+//	report.PrintResults(kubeaudit.WithWriter(&buf), kubeaudit.WithColor(false))
+//	resultsString := buf.String()
 //
 // Or, to get the result objects:
 //
-//   results := report.Results()
+//	results := report.Results()
 //
-// Autofix
+// # Autofix
 //
 // Note that autofixing is only supported in manifest mode.
 //
 // To print the plan (what will be fixed):
 //
-//  report.PrintPlan(os.Stdout)
+//	report.PrintPlan(os.Stdout)
 //
 // To automatically fix the security issues and print the fixed manifest:
 //
-//   err = report.Fix(os.Stdout)
+//	err = report.Fix(os.Stdout)
 //
-// Override Errors
+// # Override Errors
 //
 // Overrides can be used to ignore specific auditors for specific containers or pods.
 // See the documentation for the specific auditor you wish to override at https://github.com/Shopify/kubeaudit#auditors.
 //
-// Custom Auditors
+// # Custom Auditors
 //
 // Kubeaudit supports custom auditors. See the Custom Auditor example.
-//
 package kubeaudit
 
 import (
 	"errors"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"path/filepath"
 	"strings"
 
@@ -141,7 +139,7 @@ func New(auditors []Auditable, opts ...Option) (*Kubeaudit, error) {
 
 // AuditManifest audits the Kubernetes resources in the provided manifest
 func (a *Kubeaudit) AuditManifest(manifestPath string, manifest io.Reader) (*Report, error) {
-	manifestBytes, err := ioutil.ReadAll(manifest)
+	manifestBytes, err := io.ReadAll(manifest)
 	if err != nil {
 		return nil, err
 	}