Ignore G404 everywhere

This is a test program, so alerting about math/rand isn't helpful. Plus these days, Go uses chacha8 for math/rand so it's not so bad. Remove some copy-pasted errcheck exclusions
letsencrypt · Jun 21, 2024 · 39c4732 · 39c4732
1 parent 4aba18e
commit 39c4732
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 6 deletions.
diff --git a/.golangci.yaml b/.golangci.yaml
@@ -15,5 +15,6 @@ linters:
     - unused
     - wastedassign
 linters-settings:
-  errcheck:
-    ignore: fmt:[FS]?[Pp]rint*,io:Write,os:Remove,net/http:Write,net:Write,encoding/binary:Write
+  gosec:
+    excludes:
+      - G404
diff --git a/checker/earlyremoval/check_test.go b/checker/earlyremoval/check_test.go
@@ -68,8 +68,7 @@ func TestSample(t *testing.T) {
 	require.Empty(t, sample([]int{}, 999))
 
 	var data []int
-	// Generate a random array for tests.  Insecure RNG is fine.
-	// #nosec G404
+	// Generate a random array for tests.
 	length := 100 + rand.IntN(300)
 	for i := 0; i < length; i++ {
 		data = append(data, i)

diff --git a/churner/churner.go b/churner/churner.go
@@ -164,7 +164,6 @@ func (c *Churner) Churn(ctx context.Context) error {
 
 // randomKey generates either an ecdsa or rsa private key
 func randomKey() (crypto.Signer, error) {
-	// #nosec G404
 	if mathrand.IntN(2) == 0 {
 		return ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
 	} else {
@@ -175,7 +174,6 @@ func randomKey() (crypto.Signer, error) {
 // randDomains picks the domains to include on the certificate.
 // We put a single domain which includes the current time and a random value.
 func randDomains(baseDomain string) []string {
-	// #nosec G404
 	domain := fmt.Sprintf("r%dZ%x.%s", time.Now().Unix(), mathrand.Uint32(), baseDomain)
 	return []string{domain}
 }