From b891fae0d03733a4feb097058f4e023582ee040c Mon Sep 17 00:00:00 2001 From: Aline Shulzhenko Date: Tue, 12 Mar 2024 06:47:33 -0400 Subject: [PATCH] run linter --- cmd/commands/root.go | 4 +- config/config.go | 3 +- fix_test.go | 5 +- internal/k8sinternal/client.go | 51 ++++++++++---------- internal/k8sinternal/runtime_test.go | 8 ++-- internal/test/test.go | 3 +- kubeaudit.go | 72 ++++++++++++++-------------- 7 files changed, 70 insertions(+), 76 deletions(-) diff --git a/cmd/commands/root.go b/cmd/commands/root.go index bd5f6c75..f8277954 100644 --- a/cmd/commands/root.go +++ b/cmd/commands/root.go @@ -88,7 +88,9 @@ func runAudit(auditable ...kubeaudit.Auditable) func(cmd *cobra.Command, args [] if err != nil { log.WithError(err).Fatal("Error generating the SARIF output") } - sarifReport.PrettyWrite(os.Stdout) + if err := sarifReport.PrettyWrite(os.Stdout); err != nil { + log.WithError(err).Fatal("Error executing SARIF PrettyWrite") + } if report.HasErrors() { os.Exit(rootConfig.exitCode) diff --git a/config/config.go b/config/config.go index 4a5e8b3d..53552177 100644 --- a/config/config.go +++ b/config/config.go @@ -2,7 +2,6 @@ package config import ( "io" - "io/ioutil" "github.com/Shopify/kubeaudit/auditors/deprecatedapis" "github.com/Shopify/kubeaudit/auditors/mounts" @@ -14,7 +13,7 @@ import ( ) func New(configData io.Reader) (KubeauditConfig, error) { - configBytes, err := ioutil.ReadAll(configData) + configBytes, err := io.ReadAll(configData) if err != nil { return KubeauditConfig{}, err } diff --git a/fix_test.go b/fix_test.go index d60b3cf1..da9f2aba 100644 --- a/fix_test.go +++ b/fix_test.go @@ -1,7 +1,6 @@ package kubeaudit_test import ( - "io/ioutil" "os" "path/filepath" "testing" @@ -16,7 +15,7 @@ import ( // Test that fixing all fixtures in auditors/* results in manifests that pass all audits func TestFix(t *testing.T) { - auditorDirs, err := ioutil.ReadDir("auditors") + auditorDirs, err := os.ReadDir("auditors") if !assert.Nil(t, err) { return } @@ -30,7 +29,7 @@ func TestFix(t *testing.T) { } fixturesDirPath := filepath.Join("..", auditorDir.Name(), "fixtures") - fixtureFiles, err := ioutil.ReadDir(fixturesDirPath) + fixtureFiles, err := os.ReadDir(fixturesDirPath) if os.IsNotExist(err) { continue } diff --git a/internal/k8sinternal/client.go b/internal/k8sinternal/client.go index c8821f2a..66f46bb7 100644 --- a/internal/k8sinternal/client.go +++ b/internal/k8sinternal/client.go @@ -133,40 +133,39 @@ func (kc kubeClient) GetAllResources(options ClientOptions) ([]k8s.Resource, err if err != nil { return nil, err } - if lists != nil { - for _, list := range lists { - if len(list.APIResources) == 0 { - continue - } - gv, err := schema.ParseGroupVersion(list.GroupVersion) - if err != nil { + + for _, list := range lists { + if list == nil || len(list.APIResources) == 0 { + continue + } + gv, err := schema.ParseGroupVersion(list.GroupVersion) + if err != nil { + continue + } + for _, apiresource := range list.APIResources { + if len(apiresource.Verbs) == 0 { continue } - for _, apiresource := range list.APIResources { - if len(apiresource.Verbs) == 0 { - continue - } - gvr := schema.GroupVersionResource{Group: gv.Group, Version: gv.Version, Resource: apiresource.Name} + gvr := schema.GroupVersionResource{Group: gv.Group, Version: gv.Version, Resource: apiresource.Name} - // Namespace has to be included as a resource to audit if it is specified. - if apiresource.Name == "namespaces" && options.Namespace != "" { - unstructured, err := kc.dynamicClient.Resource(gvr).Get(context.Background(), options.Namespace, metav1.GetOptions{}) + // Namespace has to be included as a resource to audit if it is specified. + if apiresource.Name == "namespaces" && options.Namespace != "" { + unstructured, err := kc.dynamicClient.Resource(gvr).Get(context.Background(), options.Namespace, metav1.GetOptions{}) + if err == nil { + r, err := unstructuredToObject(unstructured) if err == nil { - r, err := unstructuredToObject(unstructured) + resources = append(resources, r) + } + } + } else { + unstructuredList, err := kc.dynamicClient.Resource(gvr).Namespace(options.Namespace).List(context.Background(), metav1.ListOptions{}) + if err == nil { + for _, unstructured := range unstructuredList.Items { + r, err := unstructuredToObject(&unstructured) if err == nil { resources = append(resources, r) } } - } else { - unstructuredList, err := kc.dynamicClient.Resource(gvr).Namespace(options.Namespace).List(context.Background(), metav1.ListOptions{}) - if err == nil { - for _, unstructured := range unstructuredList.Items { - r, err := unstructuredToObject(&unstructured) - if err == nil { - resources = append(resources, r) - } - } - } } } } diff --git a/internal/k8sinternal/runtime_test.go b/internal/k8sinternal/runtime_test.go index 33c66045..f895d7b4 100644 --- a/internal/k8sinternal/runtime_test.go +++ b/internal/k8sinternal/runtime_test.go @@ -2,7 +2,7 @@ package k8sinternal_test import ( "bytes" - "io/ioutil" + "os" "path" "testing" @@ -13,8 +13,6 @@ import ( "github.com/stretchr/testify/require" ) -const fixtureDir = "../test/fixtures" - func TestNewTrue(t *testing.T) { assert.True(t, *k8s.NewTrue()) } @@ -31,7 +29,7 @@ func TestEncodeDecode(t *testing.T) { deployment.ObjectMeta = k8s.ObjectMetaV1{Namespace: "foo"} deployment.Spec.Template.Spec.Containers = []k8s.ContainerV1{{Name: "bar"}} - expectedManifest, err := ioutil.ReadFile("fixtures/test-encode-decode.yml") + expectedManifest, err := os.ReadFile("fixtures/test-encode-decode.yml") require.NoError(err) encoded, err := k8sinternal.EncodeResource(deployment) @@ -121,7 +119,7 @@ func getAllResources(t *testing.T) (resources []k8s.Resource) { func getResourcesFromManifest(t *testing.T, manifest string) (resources []k8s.Resource) { assert := assert.New(t) - data, err := ioutil.ReadFile(manifest) + data, err := os.ReadFile(manifest) require.NoError(t, err) bufSlice := bytes.Split(data, []byte("---")) diff --git a/internal/test/test.go b/internal/test/test.go index 0f97d715..781a5423 100644 --- a/internal/test/test.go +++ b/internal/test/test.go @@ -3,7 +3,6 @@ package test import ( "bytes" "fmt" - "io/ioutil" "os" "os/exec" "path/filepath" @@ -125,7 +124,7 @@ func GetReport(t *testing.T, fixtureDir, fixture string, auditables []kubeaudit. // It can be used to retrieve all of the resource manifests from the test/fixtures/all_resources directory // This directory is not hardcoded because the working directory for tests is relative to the test func GetAllFileNames(t *testing.T, directory string) []string { - files, err := ioutil.ReadDir(directory) + files, err := os.ReadDir(directory) require.Nil(t, err) fileNames := make([]string, 0, len(files)) diff --git a/kubeaudit.go b/kubeaudit.go index 4072bdda..f2981908 100644 --- a/kubeaudit.go +++ b/kubeaudit.go @@ -1,6 +1,6 @@ // Package kubeaudit provides methods to find and fix security issues in Kubernetes resources. // -// Modes +// # Modes // // Kubeaudit supports three different modes. The mode used depends on the audit method used. // @@ -14,100 +14,98 @@ // // Follow the instructions below to use kubeaudit: // -// First initialize the security auditors +// # First initialize the security auditors // // The auditors determine which security issues kubeaudit will look for. Each auditor is responsible for a different // security issue. For an explanation of what each auditor checks for, see https://github.com/Shopify/kubeaudit#auditors. // // To initialize all available auditors: // -// import "github.com/Shopify/kubeaudit/auditors/all" +// import "github.com/Shopify/kubeaudit/auditors/all" // -// auditors, err := all.Auditors(config.KubeauditConfig{}) +// auditors, err := all.Auditors(config.KubeauditConfig{}) // // Or, to initialize specific auditors, import each one: // -// import ( -// "github.com/Shopify/kubeaudit/auditors/apparmor" -// "github.com/Shopify/kubeaudit/auditors/image" -// ) +// import ( +// "github.com/Shopify/kubeaudit/auditors/apparmor" +// "github.com/Shopify/kubeaudit/auditors/image" +// ) // -// auditors := []kubeaudit.Auditable{ -// apparmor.New(), -// image.New(image.Config{Image: "myimage:mytag"}), -// } +// auditors := []kubeaudit.Auditable{ +// apparmor.New(), +// image.New(image.Config{Image: "myimage:mytag"}), +// } // -// Initialize Kubeaudit +// # Initialize Kubeaudit // // Create a new instance of kubeaudit: // -// kubeAuditor, err := kubeaudit.New(auditors) +// kubeAuditor, err := kubeaudit.New(auditors) // -// Run the audit +// # Run the audit // // To run the audit in manifest mode: // -// import "os" +// import "os" // -// manifest, err := os.Open("/path/to/manifest.yaml") -// if err != nil { -// ... -// } +// manifest, err := os.Open("/path/to/manifest.yaml") +// if err != nil { +// ... +// } // -// report, err := kubeAuditor.AuditManifest(manifest) +// report, err := kubeAuditor.AuditManifest(manifest) // // Or, to run the audit in local mode: // -// report, err := kubeAuditor.AuditLocal("/path/to/kubeconfig.yml", kubeaudit.AuditOptions{}) +// report, err := kubeAuditor.AuditLocal("/path/to/kubeconfig.yml", kubeaudit.AuditOptions{}) // // Or, to run the audit in cluster mode (pass it a namespace name as a string to only audit resources in that namespace, or an empty string to audit resources in all namespaces): // -// report, err := auditor.AuditCluster(kubeaudit.AuditOptions{}) +// report, err := auditor.AuditCluster(kubeaudit.AuditOptions{}) // -// Get the results +// # Get the results // // To print the results in a human readable way: // -// report.PrintResults() +// report.PrintResults() // // Results are printed to standard out by default. To print to a string instead: // -// var buf bytes.Buffer -// report.PrintResults(kubeaudit.WithWriter(&buf), kubeaudit.WithColor(false)) -// resultsString := buf.String() +// var buf bytes.Buffer +// report.PrintResults(kubeaudit.WithWriter(&buf), kubeaudit.WithColor(false)) +// resultsString := buf.String() // // Or, to get the result objects: // -// results := report.Results() +// results := report.Results() // -// Autofix +// # Autofix // // Note that autofixing is only supported in manifest mode. // // To print the plan (what will be fixed): // -// report.PrintPlan(os.Stdout) +// report.PrintPlan(os.Stdout) // // To automatically fix the security issues and print the fixed manifest: // -// err = report.Fix(os.Stdout) +// err = report.Fix(os.Stdout) // -// Override Errors +// # Override Errors // // Overrides can be used to ignore specific auditors for specific containers or pods. // See the documentation for the specific auditor you wish to override at https://github.com/Shopify/kubeaudit#auditors. // -// Custom Auditors +// # Custom Auditors // // Kubeaudit supports custom auditors. See the Custom Auditor example. -// package kubeaudit import ( "errors" "fmt" "io" - "io/ioutil" "path/filepath" "strings" @@ -141,7 +139,7 @@ func New(auditors []Auditable, opts ...Option) (*Kubeaudit, error) { // AuditManifest audits the Kubernetes resources in the provided manifest func (a *Kubeaudit) AuditManifest(manifestPath string, manifest io.Reader) (*Report, error) { - manifestBytes, err := ioutil.ReadAll(manifest) + manifestBytes, err := io.ReadAll(manifest) if err != nil { return nil, err }