Merge pull request #2 from git-pkgs/fix-gosec-warnings

Fix gosec warnings

Author: andrew

.github/workflows/ci.yml

@@ -0,0 +1,50 @@
+name: CI
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        go-version: ['1.25']
+
+    steps:
+      - uses: actions/checkout@v6
+
+      - name: Set up Go
+        uses: actions/setup-go@v6
+        with:
+          go-version: ${{ matrix.go-version }}
+
+      - name: Build
+        run: go build -v ./...
+
+      - name: Test
+        run: go test -v -race -coverprofile=coverage.out ./...
+
+      - name: Upload coverage
+        if: matrix.go-version == '1.25'
+        uses: codecov/codecov-action@v5
+        with:
+          files: coverage.out
+          fail_ci_if_error: false
+
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+
+      - name: Set up Go
+        uses: actions/setup-go@v6
+        with:
+          go-version: '1.25'
+
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v9
+        with:
+          version: latest

.golangci.yml

@@ -0,0 +1,4 @@
+version: "2"
+linters:
+  disable:
+    - unused

benchmark_test.go

@@ -61,7 +61,7 @@ func BenchmarkNew(b *testing.B) {
 func BenchmarkFetchPackage_Cargo(b *testing.B) {
 	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		w.Header().Set("Content-Type", "application/json")
-		json.NewEncoder(w).Encode(cargoResponse)
+		_ = json.NewEncoder(w).Encode(cargoResponse)
 	}))
 	defer server.Close()
 
@@ -77,7 +77,7 @@ func BenchmarkFetchPackage_Cargo(b *testing.B) {
 func BenchmarkFetchPackage_npm(b *testing.B) {
 	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		w.Header().Set("Content-Type", "application/json")
-		json.NewEncoder(w).Encode(npmResponse)
+		_ = json.NewEncoder(w).Encode(npmResponse)
 	}))
 	defer server.Close()
 
@@ -93,7 +93,7 @@ func BenchmarkFetchPackage_npm(b *testing.B) {
 func BenchmarkFetchVersions_Cargo(b *testing.B) {
 	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		w.Header().Set("Content-Type", "application/json")
-		json.NewEncoder(w).Encode(cargoResponse)
+		_ = json.NewEncoder(w).Encode(cargoResponse)
 	}))
 	defer server.Close()
 
@@ -173,7 +173,7 @@ func BenchmarkJSONParsing_Large(b *testing.B) {
 func BenchmarkFetchPackage_Parallel(b *testing.B) {
 	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		w.Header().Set("Content-Type", "application/json")
-		json.NewEncoder(w).Encode(cargoResponse)
+		_ = json.NewEncoder(w).Encode(cargoResponse)
 	}))
 	defer server.Close()
 

internal/cargo/cargo_test.go

@@ -42,7 +42,7 @@ func TestFetchPackage(t *testing.T) {
 		}
 
 		w.Header().Set("Content-Type", "application/json")
-		json.NewEncoder(w).Encode(resp)
+		_ = json.NewEncoder(w).Encode(resp)
 	}))
 	defer server.Close()
 
@@ -111,7 +111,7 @@ func TestFetchVersions(t *testing.T) {
 		}
 
 		w.Header().Set("Content-Type", "application/json")
-		json.NewEncoder(w).Encode(resp)
+		_ = json.NewEncoder(w).Encode(resp)
 	}))
 	defer server.Close()
 
@@ -163,7 +163,7 @@ func TestFetchDependencies(t *testing.T) {
 		}
 
 		w.Header().Set("Content-Type", "application/json")
-		json.NewEncoder(w).Encode(resp)
+		_ = json.NewEncoder(w).Encode(resp)
 	}))
 	defer server.Close()
 
@@ -215,7 +215,7 @@ func TestFetchMaintainers(t *testing.T) {
 		}
 
 		w.Header().Set("Content-Type", "application/json")
-		json.NewEncoder(w).Encode(resp)
+		_ = json.NewEncoder(w).Encode(resp)
 	}))
 	defer server.Close()
 

internal/clojars/clojars_test.go

@@ -43,7 +43,7 @@ func TestFetchPackage(t *testing.T) {
 				{Version: "1.11.0", Downloads: 10000},
 			},
 		}
-		json.NewEncoder(w).Encode(resp)
+		_ = json.NewEncoder(w).Encode(resp)
 	})
 
 	mux.HandleFunc("/api/artifacts/ring/ring-core/versions/1.11.0", func(w http.ResponseWriter, r *http.Request) {
@@ -54,7 +54,7 @@ func TestFetchPackage(t *testing.T) {
 				URL: "https://github.com/ring-clojure/ring.git",
 			},
 		}
-		json.NewEncoder(w).Encode(resp)
+		_ = json.NewEncoder(w).Encode(resp)
 	})
 
 	server := httptest.NewServer(mux)
@@ -92,12 +92,12 @@ func TestFetchPackageSingleName(t *testing.T) {
 				{Version: "1.7.0"},
 			},
 		}
-		json.NewEncoder(w).Encode(resp)
+		_ = json.NewEncoder(w).Encode(resp)
 	})
 
 	mux.HandleFunc("/api/artifacts/compojure/compojure/versions/1.7.0", func(w http.ResponseWriter, r *http.Request) {
 		resp := versionDetailResponse{Version: "1.7.0"}
-		json.NewEncoder(w).Encode(resp)
+		_ = json.NewEncoder(w).Encode(resp)
 	})
 
 	server := httptest.NewServer(mux)
@@ -127,7 +127,7 @@ func TestFetchVersions(t *testing.T) {
 				{Version: "1.0.5", Downloads: 50000},
 			},
 		}
-		json.NewEncoder(w).Encode(resp)
+		_ = json.NewEncoder(w).Encode(resp)
 	})
 
 	mux.HandleFunc("/api/artifacts/hiccup/hiccup/versions/2.0.0", func(w http.ResponseWriter, r *http.Request) {
@@ -136,7 +136,7 @@ func TestFetchVersions(t *testing.T) {
 			CreatedEpoch: 1699900000000,
 			Licenses:     []string{"EPL-1.0"},
 		}
-		json.NewEncoder(w).Encode(resp)
+		_ = json.NewEncoder(w).Encode(resp)
 	})
 
 	mux.HandleFunc("/api/artifacts/hiccup/hiccup/versions/1.0.5", func(w http.ResponseWriter, r *http.Request) {
@@ -145,7 +145,7 @@ func TestFetchVersions(t *testing.T) {
 			CreatedEpoch: 1600000000000,
 			Licenses:     []string{"EPL-1.0"},
 		}
-		json.NewEncoder(w).Encode(resp)
+		_ = json.NewEncoder(w).Encode(resp)
 	})
 
 	server := httptest.NewServer(mux)
@@ -187,7 +187,7 @@ func TestFetchDependencies(t *testing.T) {
 				{GroupName: "clj-time", JarName: "clj-time", Version: "0.15.2", Scope: "test"},
 			},
 		}
-		json.NewEncoder(w).Encode(resp)
+		_ = json.NewEncoder(w).Encode(resp)
 	}))
 	defer server.Close()
 

internal/cocoapods/cocoapods_test.go

@@ -38,7 +38,7 @@ func TestFetchPackage(t *testing.T) {
 		}
 
 		w.Header().Set("Content-Type", "application/json")
-		json.NewEncoder(w).Encode(resp)
+		_ = json.NewEncoder(w).Encode(resp)
 	}))
 	defer server.Close()
 
@@ -80,7 +80,7 @@ func TestFetchPackageWithMapLicense(t *testing.T) {
 				},
 			},
 		}
-		json.NewEncoder(w).Encode(resp)
+		_ = json.NewEncoder(w).Encode(resp)
 	}))
 	defer server.Close()
 
@@ -105,7 +105,7 @@ func TestFetchVersions(t *testing.T) {
 				{Name: "5.16.0", CreatedAt: time.Date(2023, 7, 1, 0, 0, 0, 0, time.UTC)},
 			},
 		}
-		json.NewEncoder(w).Encode(resp)
+		_ = json.NewEncoder(w).Encode(resp)
 	}))
 	defer server.Close()
 
@@ -145,7 +145,7 @@ func TestFetchDependencies(t *testing.T) {
 				},
 			},
 		}
-		json.NewEncoder(w).Encode(resp)
+		_ = json.NewEncoder(w).Encode(resp)
 	}))
 	defer server.Close()
 
@@ -181,7 +181,7 @@ func TestFetchMaintainers(t *testing.T) {
 				{Name: "SnapKit", Email: "info@snapkit.io"},
 			},
 		}
-		json.NewEncoder(w).Encode(resp)
+		_ = json.NewEncoder(w).Encode(resp)
 	}))
 	defer server.Close()
 

internal/conda/conda_test.go

@@ -50,7 +50,7 @@ func TestFetchPackage(t *testing.T) {
 		}
 
 		w.Header().Set("Content-Type", "application/json")
-		json.NewEncoder(w).Encode(resp)
+		_ = json.NewEncoder(w).Encode(resp)
 	}))
 	defer server.Close()
 
@@ -90,7 +90,7 @@ func TestFetchPackageWithChannel(t *testing.T) {
 			Summary: "Tools for manipulating next-gen sequencing data",
 			Owner:   "bioconda",
 		}
-		json.NewEncoder(w).Encode(resp)
+		_ = json.NewEncoder(w).Encode(resp)
 	}))
 	defer server.Close()
 
@@ -119,7 +119,7 @@ func TestFetchVersions(t *testing.T) {
 				{Version: "1.5.3", UploadTime: 1678300000, MD5: "ghi789"},
 			},
 		}
-		json.NewEncoder(w).Encode(resp)
+		_ = json.NewEncoder(w).Encode(resp)
 	}))
 	defer server.Close()
 
@@ -167,7 +167,7 @@ func TestFetchDependencies(t *testing.T) {
 				},
 			},
 		}
-		json.NewEncoder(w).Encode(resp)
+		_ = json.NewEncoder(w).Encode(resp)
 	}))
 	defer server.Close()
 
@@ -200,7 +200,7 @@ func TestFetchMaintainers(t *testing.T) {
 			Name:  "scipy",
 			Owner: "conda-forge",
 		}
-		json.NewEncoder(w).Encode(resp)
+		_ = json.NewEncoder(w).Encode(resp)
 	}))
 	defer server.Close()
 

internal/core/benchmark_test.go

@@ -21,7 +21,7 @@ func BenchmarkClient_GetJSON(b *testing.B) {
 
 	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		w.Header().Set("Content-Type", "application/json")
-		json.NewEncoder(w).Encode(response)
+		_ = json.NewEncoder(w).Encode(response)
 	}))
 	defer server.Close()
 
@@ -44,7 +44,7 @@ Depends: R (>= 4.0)
 `
 
 	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		w.Write([]byte(body))
+		_, _ = w.Write([]byte(body))
 	}))
 	defer server.Close()
 

internal/core/client.go

@@ -101,7 +101,7 @@ func (c *Client) doRequest(ctx context.Context, url string) ([]byte, error) {
 	if err != nil {
 		return nil, err
 	}
-	defer resp.Body.Close()
+	defer func() { _ = resp.Body.Close() }()
 
 	body, err := io.ReadAll(resp.Body)
 	if err != nil {
@@ -157,7 +157,7 @@ func (c *Client) Head(ctx context.Context, url string) (int, error) {
 	if err != nil {
 		return 0, err
 	}
-	resp.Body.Close()
+	_ = resp.Body.Close()
 
 	return resp.StatusCode, nil
 }

internal/cpan/cpan_test.go

@@ -47,7 +47,7 @@ func TestFetchPackage(t *testing.T) {
 		}
 
 		w.Header().Set("Content-Type", "application/json")
-		json.NewEncoder(w).Encode(resp)
+		_ = json.NewEncoder(w).Encode(resp)
 	}))
 	defer server.Close()
 
@@ -87,7 +87,7 @@ func TestFetchVersions(t *testing.T) {
 				},
 			},
 		}
-		json.NewEncoder(w).Encode(resp)
+		_ = json.NewEncoder(w).Encode(resp)
 	}))
 	defer server.Close()
 
@@ -134,7 +134,7 @@ func TestFetchDependencies(t *testing.T) {
 				{Module: "Test::Fatal", Version: "0.001", Phase: "test", Relationship: "recommends"},
 			},
 		}
-		json.NewEncoder(w).Encode(resp)
+		_ = json.NewEncoder(w).Encode(resp)
 	}))
 	defer server.Close()
 
@@ -178,7 +178,7 @@ func TestFetchMaintainers(t *testing.T) {
 			Name:   "Moose",
 			Author: "ETHER",
 		}
-		json.NewEncoder(w).Encode(resp)
+		_ = json.NewEncoder(w).Encode(resp)
 	})
 
 	mux.HandleFunc("/v1/author/ETHER", func(w http.ResponseWriter, r *http.Request) {
@@ -188,7 +188,7 @@ func TestFetchMaintainers(t *testing.T) {
 			Email:   []string{"ether@cpan.org"},
 			Website: []string{"https://metacpan.org/author/ETHER"},
 		}
-		json.NewEncoder(w).Encode(resp)
+		_ = json.NewEncoder(w).Encode(resp)
 	})
 
 	server := httptest.NewServer(mux)