refactor: fix many linter warnings

2024-07-19 21:49:22 +02:00 · 2024-07-19 21:49:22 +02:00 · 68b88bc766
commit 68b88bc766
parent 43e4f2a6f0
7 changed files with 191 additions and 163 deletions
--- a/cmd/sslcert/main.go
+++ b/cmd/sslcert/main.go
@ -4,19 +4,19 @@ import (
 	"bufio"
 	"crypto/tls"
 	"crypto/x509"
-	"errors"
 	"fmt"
 	"net"
 	"net/textproto"
 	"os"
+	"strconv"
 	"strings"
 	"time"

+	"github.com/karrick/golf"
+
 	"nocternity.net/gomonop/pkg/perfdata"
 	"nocternity.net/gomonop/pkg/plugin"
 	"nocternity.net/gomonop/pkg/program"
-
-	"github.com/karrick/golf"
 )

 //--------------------------------------------------------------------------------------------------------
@ -26,7 +26,7 @@ type certGetter interface {
 	getCertificate(tlsConfig *tls.Config, address string) (*x509.Certificate, error)
 }

-// Full TLS certificate fetcher
+// Full TLS certificate fetcher.
 type fullTLSGetter struct{}

 func (f fullTLSGetter) getCertificate(tlsConfig *tls.Config, address string) (*x509.Certificate, error) {
@ -41,17 +41,18 @@ func (f fullTLSGetter) getCertificate(tlsConfig *tls.Config, address string) (*x
 	return conn.ConnectionState().PeerCertificates[0], nil
 }

-// SMTP+STARTTLS certificate getter
+// SMTP+STARTTLS certificate getter.
 type smtpGetter struct{}

-func (f smtpGetter) cmd(tcon *textproto.Conn, expectCode int, text string) (int, string, error) {
+func (f smtpGetter) cmd(tcon *textproto.Conn, expectCode int, text string) error {
 	id, err := tcon.Cmd("%s", text)
 	if err != nil {
-		return 0, "", err
+		return err
 	}
 	tcon.StartResponse(id)
 	defer tcon.EndResponse(id)
-	return tcon.ReadResponse(expectCode)
+	_, _, err = tcon.ReadResponse(expectCode)
+	return err
 }

 func (f smtpGetter) getCertificate(tlsConfig *tls.Config, address string) (*x509.Certificate, error) {
@ -64,10 +65,10 @@ func (f smtpGetter) getCertificate(tlsConfig *tls.Config, address string) (*x509
 	if _, _, err := text.ReadResponse(220); err != nil {
 		return nil, err
 	}
-	if _, _, err := f.cmd(text, 250, "HELO localhost"); err != nil {
+	if err := f.cmd(text, 250, "HELO localhost"); err != nil {
 		return nil, err
 	}
-	if _, _, err := f.cmd(text, 220, "STARTTLS"); err != nil {
+	if err := f.cmd(text, 220, "STARTTLS"); err != nil {
 		return nil, err
 	}
 	t := tls.Client(conn, tlsConfig)
@ -77,9 +78,17 @@ func (f smtpGetter) getCertificate(tlsConfig *tls.Config, address string) (*x509
 	return t.ConnectionState().PeerCertificates[0], nil
 }

-// ManageSieve STARTTLS certificate getter
+// ManageSieve STARTTLS certificate getter.
 type sieveGetter struct{}

+type sieveError struct {
+	msg string
+}
+
+func (e sieveError) Error() string {
+	return "Sieve error: " + e.msg
+}
+
 func (f sieveGetter) waitOK(conn net.Conn) error {
 	scanner := bufio.NewScanner(conn)
 	for scanner.Scan() {
@ -88,10 +97,10 @@ func (f sieveGetter) waitOK(conn net.Conn) error {
 			return nil
 		}
 		if strings.HasPrefix(line, "NO ") {
-			return errors.New(line[3:])
+			return sieveError{msg: line[3:]}
 		}
 		if strings.HasPrefix(line, "BYE ") {
-			return errors.New(line[4:])
+			return sieveError{msg: line[4:]}
 		}
 	}
 	return scanner.Err()
@ -123,23 +132,23 @@ func (f sieveGetter) getCertificate(tlsConfig *tls.Config, address string) (*x50
 	return t.ConnectionState().PeerCertificates[0], nil
 }

-// Supported StartTLS protocols
-var certGetters map[string]certGetter = map[string]certGetter{
+// Supported StartTLS protocols.
+var certGetters = map[string]certGetter{
 	"":      fullTLSGetter{},
 	"smtp":  &smtpGetter{},
 	"sieve": &sieveGetter{},
 }

-// Get a string that represents supported StartTLS protocols
+// Get a string that represents supported StartTLS protocols.
 func listSupportedGetters() string {
-	sb := strings.Builder{}
+	strBuilder := strings.Builder{}
 	for key := range certGetters {
-		if sb.Len() != 0 {
-			sb.WriteString(", ")
+		if strBuilder.Len() != 0 {
+			strBuilder.WriteString(", ")
 		}
-		sb.WriteString(key)
+		strBuilder.WriteString(key)
 	}
-	return sb.String()
+	return strBuilder.String()
 }

 //--------------------------------------------------------------------------------------------------------
@ -227,7 +236,7 @@ func (program *checkProgram) CheckArguments() bool {
 		return false
 	}
 	if _, ok := certGetters[program.startTLS]; !ok {
-		errstr := fmt.Sprintf("unsupported StartTLS protocol %s", program.startTLS)
+		errstr := "unsupported StartTLS protocol " + program.startTLS
 		program.plugin.SetState(plugin.UNKNOWN, errstr)
 		return false
 	}
@ -239,6 +248,7 @@ func (program *checkProgram) CheckArguments() bool {
 // if connecting or performing the TLS handshake fail.
 func (program *checkProgram) getCertificate() error {
 	tlsConfig := &tls.Config{
+		//nolint:gosec // The whole point is to read the certificate.
 		InsecureSkipVerify: true,
 		MinVersion:         tls.VersionTLS10,
 	}
@ -273,7 +283,7 @@ func (program *checkProgram) checkHostName(name string) bool {
 			return true
 		}
 	}
-	program.plugin.AddLine(fmt.Sprintf("missing DNS name %s in certificate", name))
+	program.plugin.AddLine("missing DNS name " + name + " in certificate")
 	return false
 }

@ -283,35 +293,41 @@ func (program *checkProgram) checkNames() bool {
 	if len(program.certificate.DNSNames) == 0 {
 		return program.checkSANlessCertificate()
 	}
-	ok := program.checkHostName(program.hostname)
+	certificateIsOk := program.checkHostName(program.hostname)
 	for _, name := range program.extraNames {
-		ok = program.checkHostName(name) && ok
+		certificateIsOk = program.checkHostName(name) && certificateIsOk
 	}
-	if !ok {
+	if !certificateIsOk {
 		program.plugin.SetState(plugin.CRITICAL, "names missing from SAN domain names")
 	}
-	return ok
+	return certificateIsOk
 }

-// Check a certificate's time to expiry agains the warning and critical
+// Check a certificate's time to expiry against the warning and critical
 // thresholds, returning a status code and description based on these
 // values.
 func (program *checkProgram) checkCertificateExpiry(tlDays int) (plugin.Status, string) {
 	if tlDays <= 0 {
 		return plugin.CRITICAL, "certificate expired"
 	}
+
 	var limitStr string
 	var state plugin.Status
-	if program.crit > 0 && tlDays <= program.crit {
+
+	switch {
+	case program.crit > 0 && tlDays <= program.crit:
 		limitStr = fmt.Sprintf(" (<= %d)", program.crit)
 		state = plugin.CRITICAL
-	} else if program.warn > 0 && tlDays <= program.warn {
+
+	case program.warn > 0 && tlDays <= program.warn:
 		limitStr = fmt.Sprintf(" (<= %d)", program.warn)
 		state = plugin.WARNING
-	} else {
+
+	default:
 		limitStr = ""
 		state = plugin.OK
 	}
+
 	statusString := fmt.Sprintf("certificate will expire in %d days%s",
 		tlDays, limitStr)
 	return state, statusString
@ -320,12 +336,12 @@ func (program *checkProgram) checkCertificateExpiry(tlDays int) (plugin.Status,
 // Set the plugin's performance data based on the time left before the
 // certificate expires and the thresholds.
 func (program *checkProgram) setPerfData(tlDays int) {
-	pdat := perfdata.New("validity", perfdata.UOM_NONE, fmt.Sprintf("%d", tlDays))
+	pdat := perfdata.New("validity", perfdata.UomNone, strconv.Itoa(tlDays))
 	if program.crit > 0 {
-		pdat.SetCrit(perfdata.PDRMax(fmt.Sprint(program.crit)))
+		pdat.SetCrit(perfdata.PDRMax(strconv.Itoa(program.crit)))
 	}
 	if program.warn > 0 {
-		pdat.SetWarn(perfdata.PDRMax(fmt.Sprint(program.warn)))
+		pdat.SetWarn(perfdata.PDRMax(strconv.Itoa(program.warn)))
 	}
 	program.plugin.AddPerfData(pdat)
 }