Skip to content

Commit

Permalink
chore(pkg/driver): drop some nolints.
Browse files Browse the repository at this point in the history
Signed-off-by: Federico Di Pierro <[email protected]>

Co-authored-by: Aldo Lacuku <[email protected]>
  • Loading branch information
FedeDP and alacuku committed Nov 21, 2023
1 parent e0cf86f commit c45fcb7
Show file tree
Hide file tree
Showing 8 changed files with 47 additions and 32 deletions.
5 changes: 3 additions & 2 deletions internal/utils/file.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,20 +18,21 @@ package utils
import (
"log"
"os"
"path/filepath"
"strings"
)

// ReplaceLineInFile searches for occurrences of searchFor in the file pointed by filePath,
// and substitutes the matching line with the provided one.
// At most n substitations are made.
// At most n substitutions are made.
// If n < 0, there is no limit on the number of replacements.
func ReplaceLineInFile(filePath, searchFor, newLine string, n int) error {
stat, err := os.Stat(filePath)
if err != nil {
return err
}

input, err := os.ReadFile(filePath) //nolint:gosec // false positive
input, err := os.ReadFile(filepath.Clean(filePath))
if err != nil {
log.Fatalln(err)
}
Expand Down
6 changes: 4 additions & 2 deletions pkg/driver/distro/cos.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ import (

"github.com/blang/semver"
"github.com/falcosecurity/driverkit/pkg/kernelrelease"
"golang.org/x/net/context"
"gopkg.in/ini.v1"

"github.com/falcosecurity/falcoctl/internal/utils"
Expand Down Expand Up @@ -53,7 +54,8 @@ func (c *cos) init(kr kernelrelease.KernelRelease, _ string, cfg *ini.File) erro
}

//nolint:gocritic // the method shall not be able to modify kr
func (c *cos) customizeBuild(printer *output.Printer,
func (c *cos) customizeBuild(ctx context.Context,
printer *output.Printer,
driverType drivertype.DriverType,
kr kernelrelease.KernelRelease,
hostRoot string,
Expand All @@ -68,7 +70,7 @@ func (c *cos) customizeBuild(printer *output.Printer,
printer.Logger.Info("COS detected, using COS kernel headers.", printer.Logger.Args("build ID", c.buildID))
bpfKernelSrcURL := fmt.Sprintf("https://storage.googleapis.com/cos-tools/%s/kernel-headers.tgz", c.buildID)
kr.Extraversion = "+"
env, err := downloadKernelSrc(printer, &kr, bpfKernelSrcURL, hostRoot, 0)
env, err := downloadKernelSrc(ctx, printer, &kr, bpfKernelSrcURL, hostRoot, 0)
if err != nil {
return nil, err
}
Expand Down
20 changes: 13 additions & 7 deletions pkg/driver/distro/distro.go
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,8 @@ var ErrUnsupported = fmt.Errorf("failed to determine distro")
type Distro interface {
init(kr kernelrelease.KernelRelease, id string, cfg *ini.File) error // private
FixupKernel(kr kernelrelease.KernelRelease) kernelrelease.KernelRelease // private
customizeBuild(printer *output.Printer, driverType drivertype.DriverType, kr kernelrelease.KernelRelease, hostRoot string) (map[string]string, error)
customizeBuild(ctx context.Context, printer *output.Printer, driverType drivertype.DriverType,
kr kernelrelease.KernelRelease, hostRoot string) (map[string]string, error)
PreferredDriver(kr kernelrelease.KernelRelease) drivertype.DriverType
fmt.Stringer
}
Expand Down Expand Up @@ -136,7 +137,7 @@ func copyDataToLocalPath(destination string, src io.Reader) error {
if err != nil {
return err
}
out, err := os.Create(destination) //nolint:gosec // false positive
out, err := os.Create(filepath.Clean(destination))
if err == nil {
defer out.Close()
_, err = io.Copy(out, src)
Expand All @@ -156,7 +157,7 @@ func Build(ctx context.Context,
driverVer string,
hostRoot string,
) (string, error) {
env, err := d.customizeBuild(printer, driverType, kr, hostRoot)
env, err := d.customizeBuild(ctx, printer, driverType, kr, hostRoot)
if err != nil {
return "", err
}
Expand All @@ -170,7 +171,7 @@ func Build(ctx context.Context,
driverFileName := toFilename(d, &kr, driverName, driverType)
filePath := toLocalPath(driverVer, driverFileName, kr.Architecture.ToNonDeb())
printer.Logger.Info("Copying built driver to its destination.", printer.Logger.Args("src", path, "dst", filePath))
f, err := os.Open(path) //nolint:gosec // false positive
f, err := os.Open(filepath.Clean(path))
if err != nil {
return "", err
}
Expand Down Expand Up @@ -261,7 +262,8 @@ func getKernelConfig(printer *output.Printer, kr *kernelrelease.KernelRelease, h
return "", fmt.Errorf("cannot find kernel config")
}

func downloadKernelSrc(printer *output.Printer,
func downloadKernelSrc(ctx context.Context,
printer *output.Printer,
kr *kernelrelease.KernelRelease,
url string, hostRoot string,
stripComponents int,
Expand All @@ -279,7 +281,11 @@ func downloadKernelSrc(printer *output.Printer,
}

// Download the url
resp, err := http.Get(url) //nolint:gosec,noctx // false positive
req, err := http.NewRequestWithContext(ctx, http.MethodGet, url, http.NoBody)
if err != nil {
return env, err
}
resp, err := http.DefaultClient.Do(req)
if err != nil {
return env, err
}
Expand Down Expand Up @@ -311,7 +317,7 @@ func downloadKernelSrc(printer *output.Printer,
if err != nil {
return nil, err
}
f, err := os.Open(kernelConfigPath) //nolint:gosec // false positive
f, err := os.Open(filepath.Clean(kernelConfigPath))
if err != nil {
return nil, err
}
Expand Down
6 changes: 4 additions & 2 deletions pkg/driver/distro/flatcar.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ import (

"github.com/blang/semver"
"github.com/falcosecurity/driverkit/pkg/kernelrelease"
"golang.org/x/net/context"
"gopkg.in/ini.v1"

drivertype "github.com/falcosecurity/falcoctl/pkg/driver/type"
Expand Down Expand Up @@ -80,7 +81,8 @@ func (f *flatcar) FixupKernel(kr kernelrelease.KernelRelease) kernelrelease.Kern
}

//nolint:gocritic // the method shall not be able to modify kr
func (f *flatcar) customizeBuild(printer *output.Printer,
func (f *flatcar) customizeBuild(ctx context.Context,
printer *output.Printer,
driverType drivertype.DriverType,
_ kernelrelease.KernelRelease,
_ string,
Expand All @@ -93,6 +95,6 @@ func (f *flatcar) customizeBuild(printer *output.Printer,
return nil, nil
}
printer.Logger.Info("Flatcar detected; relocating kernel tools.", printer.Logger.Args("version", f.versionID))
_, err := exec.Command("/bin/bash", "-c", flatcarRelocateScript).Output()
_, err := exec.CommandContext(ctx, "/bin/bash", "-c", flatcarRelocateScript).Output()
return nil, err
}
8 changes: 7 additions & 1 deletion pkg/driver/distro/generic.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ package driverdistro
import (
"github.com/blang/semver"
"github.com/falcosecurity/driverkit/pkg/kernelrelease"
"golang.org/x/net/context"
"gopkg.in/ini.v1"

drivertype "github.com/falcosecurity/falcoctl/pkg/driver/type"
Expand All @@ -44,7 +45,12 @@ func (g *generic) FixupKernel(kr kernelrelease.KernelRelease) kernelrelease.Kern
}

//nolint:gocritic // the method shall not be able to modify kr
func (g *generic) customizeBuild(_ *output.Printer, _ drivertype.DriverType, _ kernelrelease.KernelRelease, _ string) (map[string]string, error) {
func (g *generic) customizeBuild(_ context.Context,
_ *output.Printer,
_ drivertype.DriverType,
_ kernelrelease.KernelRelease,
_ string,
) (map[string]string, error) {
return nil, nil
}

Expand Down
11 changes: 6 additions & 5 deletions pkg/driver/distro/minikube.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,9 +19,11 @@ import (
"fmt"
"io"
"os"
"path/filepath"
"regexp"

"github.com/falcosecurity/driverkit/pkg/kernelrelease"
"golang.org/x/net/context"

drivertype "github.com/falcosecurity/falcoctl/pkg/driver/type"
"github.com/falcosecurity/falcoctl/pkg/output"
Expand All @@ -40,10 +42,8 @@ var minikubeVersionRegex = regexp.MustCompile(`(\\d+(\\.\\d+){2})`)

// check() will also load minikube version, because minikube has a different
// code path from other "checker" distros.
//
//nolint:gosec // false positive
func (m *minikube) check(hostRoot string) bool {
file, err := os.Open(hostRoot + "/etc/VERSION")
file, err := os.Open(filepath.Clean(hostRoot + "/etc/VERSION"))
if err == nil {
defer func() {
_ = file.Close()
Expand Down Expand Up @@ -73,7 +73,8 @@ func (m *minikube) FixupKernel(kr kernelrelease.KernelRelease) kernelrelease.Ker
}

//nolint:gocritic // the method shall not be able to modify kr
func (m *minikube) customizeBuild(printer *output.Printer,
func (m *minikube) customizeBuild(ctx context.Context,
printer *output.Printer,
driverType drivertype.DriverType,
kr kernelrelease.KernelRelease,
hostRoot string,
Expand All @@ -93,7 +94,7 @@ func (m *minikube) customizeBuild(printer *output.Printer,
kernelVersionStr += fmt.Sprintf(".%d", kr.Patch)
}
bpfKernelSrcURL := fmt.Sprintf("http://mirrors.edge.kernel.org/pub/linux/kernel/v%d.x/linux-%s.tar.gz", kr.Major, kernelVersionStr)
env, err := downloadKernelSrc(printer, &kr, bpfKernelSrcURL, hostRoot, 1)
env, err := downloadKernelSrc(ctx, printer, &kr, bpfKernelSrcURL, hostRoot, 1)
if err != nil {
return nil, err
}
Expand Down
3 changes: 2 additions & 1 deletion pkg/driver/type/bpf.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ package drivertype
import (
"fmt"
"os/exec"
"path/filepath"

"github.com/falcosecurity/driverkit/pkg/kernelrelease"
"golang.org/x/net/context"
Expand Down Expand Up @@ -72,7 +73,7 @@ func (b *bpf) Build(ctx context.Context,

srcPath := fmt.Sprintf("/usr/src/%s-%s/bpf", driverName, driverVersion)

makeCmdArgs := fmt.Sprintf(`make -C %q`, srcPath)
makeCmdArgs := fmt.Sprintf(`make -C %q`, filepath.Clean(srcPath))
makeCmd := exec.CommandContext(ctx, "bash", "-c", makeCmdArgs) //nolint:gosec // false positive
// Append requested env variables to the command env
for key, val := range env {
Expand Down
20 changes: 8 additions & 12 deletions pkg/driver/type/kmod.go
Original file line number Diff line number Diff line change
Expand Up @@ -56,12 +56,10 @@ func (k *kmod) String() string {
return TypeKmod
}

// Prepare for kmod does a cleanup of existing kernel modules.
// Cleanup does a cleanup of existing kernel modules.
// First thing, it tries to rmmod the loaded kmod, if present.
// Then, using dkms, it tries to fetch all
// dkms-installed versions of the module to clean them up.
//
//nolint:gosec // false positive
func (k *kmod) Cleanup(printer *output.Printer, driverName string) error {
_, err := exec.Command("bash", "-c", "hash lsmod").Output()
if err != nil {
Expand All @@ -75,14 +73,14 @@ func (k *kmod) Cleanup(printer *output.Printer, driverName string) error {
kmodName := strings.ReplaceAll(driverName, "-", "_")
printer.Logger.Info("Check if kernel module is still loaded.")
lsmodCmdArgs := fmt.Sprintf(`lsmod | cut -d' ' -f1 | grep -qx %q`, kmodName)
_, err = exec.Command("bash", "-c", lsmodCmdArgs).Output()
_, err = exec.Command("bash", "-c", lsmodCmdArgs).Output() //nolint:gosec // false positive
if err == nil {
unloaded := false
// Module is still loaded, try to remove it
for i := 0; i < maxRmmodWait; i++ {
printer.Logger.Info("Kernel module is still loaded.")
printer.Logger.Info("Trying to unload it with 'rmmod'.")
if _, err = exec.Command("rmmod", kmodName).Output(); err == nil {
if _, err = exec.Command("rmmod", kmodName).Output(); err == nil { //nolint:gosec // false positive
printer.Logger.Info("OK! Unloading module succeeded.")
unloaded = true
break
Expand All @@ -107,7 +105,7 @@ func (k *kmod) Cleanup(printer *output.Printer, driverName string) error {

printer.Logger.Info("Check all versions of kernel module in dkms.")
dkmsLsCmdArgs := fmt.Sprintf(`dkms status -m %q | tr -d "," | tr -d ":" | tr "/" " " | cut -d' ' -f2`, kmodName)
out, err := exec.Command("bash", "-c", dkmsLsCmdArgs).Output()
out, err := exec.Command("bash", "-c", dkmsLsCmdArgs).Output() //nolint:gosec // false positive
if err != nil {
printer.Logger.Warn("Listing kernel module versions failed.", printer.Logger.Args("reason", err))
return nil
Expand All @@ -121,7 +119,7 @@ func (k *kmod) Cleanup(printer *output.Printer, driverName string) error {
for scanner.Scan() {
dVer := scanner.Text()
dkmsRmCmdArgs := fmt.Sprintf(`dkms remove -m %s -v %q --all`, kmodName, dVer)
_, err = exec.Command("bash", "-c", dkmsRmCmdArgs).Output()
_, err = exec.Command("bash", "-c", dkmsRmCmdArgs).Output() //nolint:gosec // false positive
if err == nil {
printer.Logger.Info("OK! Removing succeeded.", printer.Logger.Args("version", dVer))
} else {
Expand All @@ -132,7 +130,6 @@ func (k *kmod) Cleanup(printer *output.Printer, driverName string) error {
return nil
}

//nolint:gosec // false positive
func (k *kmod) Load(printer *output.Printer, driverName string, fallback bool) error {
if fallback {
// Try to modprobe any existent version of the kmod; this is a fallback
Expand All @@ -150,7 +147,7 @@ func (k *kmod) Load(printer *output.Printer, driverName string, fallback bool) e
chconCmdArgs := fmt.Sprintf(`chcon -t modules_object_t %q`, driverName)
// We don't want to catch any error from this call
// chcon(1): change file SELinux security context
_, _ = exec.Command("bash", "-c", chconCmdArgs).Output()
_, _ = exec.Command("bash", "-c", chconCmdArgs).Output() //nolint:gosec // false positive
_, err := exec.Command("insmod", driverName).Output()
if err == nil {
printer.Logger.Info("Success: module found and loaded in dkms.", printer.Logger.Args("driver", driverName))
Expand All @@ -168,9 +165,8 @@ func (k *kmod) HasArtifacts() bool {
return true
}

//nolint:gosec // we need the file to be executable
func createDKMSMakeFile(gcc string) error {
file, err := os.OpenFile("/tmp/falco-dkms-make", os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0o777)
file, err := os.OpenFile("/tmp/falco-dkms-make", os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0o777) //nolint:gosec // we need the file to be executable
if err != nil {
return err
}
Expand Down Expand Up @@ -243,7 +239,7 @@ func (k *kmod) Build(ctx context.Context,
return koFile, nil
}
dkmsLogFile := fmt.Sprintf("/var/lib/dkms/$%s/%s/build/make.log", driverName, driverVersion)
logs, err := os.ReadFile(dkmsLogFile) //nolint:gosec // false positive
logs, err := os.ReadFile(filepath.Clean(dkmsLogFile))
if err != nil {
printer.Logger.Warn("Running dkms build failed, couldn't find dkms log", printer.Logger.Args("file", dkmsLogFile))
} else {
Expand Down

0 comments on commit c45fcb7

Please sign in to comment.