fix lint issues

Signed-off-by: Markus Blaschke <mblaschke82@gmail.com>

Author: mblaschke

auditor/auditor.keyvaultaccesspolicies.go

@@ -89,41 +89,33 @@ func (auditor *AzureAuditor) fetchKeyvaultAccessPolicies(ctx context.Context, lo
 }
 
 func keyvaultCertificatePermissionsToStringList(val []*armkeyvault.CertificatePermissions) (list []string) {
-	if val != nil {
-		for _, row := range val {
-			val := strings.ToLower(string(*row))
-			list = append(list, val)
-		}
+	for _, row := range val {
+		val := strings.ToLower(string(*row))
+		list = append(list, val)
 	}
 	return
 }
 
 func keyvaultSecretPermissionsToStringList(val []*armkeyvault.SecretPermissions) (list []string) {
-	if val != nil {
-		for _, row := range val {
-			val := strings.ToLower(string(*row))
-			list = append(list, val)
-		}
+	for _, row := range val {
+		val := strings.ToLower(string(*row))
+		list = append(list, val)
 	}
 	return
 }
 
 func keyvaultKeyPermissionsToStringList(val []*armkeyvault.KeyPermissions) (list []string) {
-	if val != nil {
-		for _, row := range val {
-			val := strings.ToLower(string(*row))
-			list = append(list, val)
-		}
+	for _, row := range val {
+		val := strings.ToLower(string(*row))
+		list = append(list, val)
 	}
 	return
 }
 
 func keyvaultStoragePermissionsToStringList(val []*armkeyvault.StoragePermissions) (list []string) {
-	if val != nil {
-		for _, row := range val {
-			val := strings.ToLower(string(*row))
-			list = append(list, val)
-		}
+	for _, row := range val {
+		val := strings.ToLower(string(*row))
+		list = append(list, val)
 	}
 	return
 }

auditor/auditor.loganalytics.go

@@ -153,6 +153,7 @@ func (auditor *AzureAuditor) queryLogAnalytics(ctx context.Context, logger *log.
 			workspaceLogger.Error(err)
 			return
 		}
+		defer response.Body.Close()
 
 		responseBody, err := io.ReadAll(response.Body)
 		if err != nil {

auditor/config.go

@@ -1,7 +1,7 @@
 package auditor
 
 import (
-	"io/ioutil"
+	"os"
 
 	log "github.com/sirupsen/logrus"
 	"gopkg.in/yaml.v3"
@@ -39,7 +39,7 @@ func (auditor *AzureAuditor) ParseConfig(configPaths ...string) {
 	for _, path := range configPaths {
 		auditor.logger.Infof("reading configuration from file %v", path)
 		/* #nosec */
-		if data, err := ioutil.ReadFile(path); err == nil {
+		if data, err := os.ReadFile(path); err == nil {
 			configRaw = data
 		} else {
 			auditor.logger.Panic(err)

auditor/validator/validation.rule.go

@@ -58,7 +58,7 @@ func (matcher *AuditConfigValidationRule) UnmarshalYAML(unmarshal func(interface
 				if funcCall, err := vm.Compile("", funcString); err == nil {
 					matcher.customFunction = funcCall
 				} else {
-					return fmt.Errorf("unable to parse func: %v\n\n%v", err.Error(), funcString)
+					return fmt.Errorf("unable to parse func: %w\n\n%v", err, funcString)
 				}
 			default:
 				switch v := val.(type) {

config/opts.go

@@ -47,8 +47,14 @@ type (
 		DryRun bool     `long:"dry-run"  env:"DRYRUN"                 description:"Dry Run (report only)"`
 
 		// general options
-		ServerBind       string `long:"bind" env:"SERVER_BIND"   description:"Server address" env-delim:":" default:":8080"`
-		ServerPathReport string `long:"server.path.report" env:"SERVER_PATH_REPORT"   description:"Server path for report"     default:"/report"`
+		Server struct {
+			// general options
+			Bind         string        `long:"server.bind"              env:"SERVER_BIND"           description:"Server address"        default:":8080"`
+			ReadTimeout  time.Duration `long:"server.timeout.read"      env:"SERVER_TIMEOUT_READ"   description:"Server read timeout"   default:"5s"`
+			WriteTimeout time.Duration `long:"server.timeout.write"     env:"SERVER_TIMEOUT_WRITE"  description:"Server write timeout"  default:"10s"`
+
+			PathReport string `long:"server.path.report" env:"SERVER_PATH_REPORT"   description:"Server path for report"     default:"/report"`
+		}
 	}
 )
 

main.go

@@ -3,6 +3,7 @@ package main
 import (
 	"encoding/base64"
 	"encoding/json"
+	"errors"
 	"fmt"
 	"html/template"
 	"net/http"
@@ -56,17 +57,18 @@ func main() {
 	azureAuditor.ParseConfig(opts.Config...)
 	azureAuditor.Run()
 
-	log.Infof("Starting http server on %s", opts.ServerBind)
+	log.Infof("Starting http server on %s", opts.Server.Bind)
 	startHttpServer()
 }
 
 func initArgparser() {
 	argparser = flags.NewParser(&opts, flags.Default)
 	_, err := argparser.Parse()
 
-	// check if there is an parse error
+	// check if there is a parse error
 	if err != nil {
-		if flagsErr, ok := err.(*flags.Error); ok && flagsErr.Type == flags.ErrHelp {
+		var flagsErr *flags.Error
+		if ok := errors.As(err, &flagsErr); ok && flagsErr.Type == flags.ErrHelp {
 			os.Exit(0)
 		} else {
 			fmt.Println()
@@ -112,16 +114,17 @@ func initLogger() {
 // start and handle prometheus handler
 func startHttpServer() {
 	var err error
+	mux := http.NewServeMux()
 
 	// healthz
-	http.HandleFunc("/healthz", func(w http.ResponseWriter, r *http.Request) {
+	mux.HandleFunc("/healthz", func(w http.ResponseWriter, r *http.Request) {
 		if _, err := fmt.Fprint(w, "Ok"); err != nil {
 			log.Error(err)
 		}
 	})
 
 	// readyz
-	http.HandleFunc("/readyz", func(w http.ResponseWriter, r *http.Request) {
+	mux.HandleFunc("/readyz", func(w http.ResponseWriter, r *http.Request) {
 		if _, err := fmt.Fprint(w, "Ok"); err != nil {
 			log.Error(err)
 		}
@@ -172,7 +175,7 @@ func startHttpServer() {
 		log.Panic(err)
 	}
 
-	http.HandleFunc(opts.ServerPathReport, func(w http.ResponseWriter, r *http.Request) {
+	mux.HandleFunc(opts.Server.PathReport, func(w http.ResponseWriter, r *http.Request) {
 		cspNonce := base64.StdEncoding.EncodeToString([]byte(uuid.New().String()))
 
 		w.Header().Add("Content-Type", "text/html")
@@ -202,7 +205,7 @@ func startHttpServer() {
 			ReportTitle:      opts.Report.Title,
 			ReportConfig:     nil,
 			Reports:          azureAuditor.GetReport(),
-			ServerPathReport: opts.ServerPathReport,
+			ServerPathReport: opts.Server.PathReport,
 			RequestReport:    "",
 		}
 
@@ -244,7 +247,7 @@ func startHttpServer() {
 		}
 	})
 
-	http.HandleFunc(opts.ServerPathReport+"/data", func(w http.ResponseWriter, r *http.Request) {
+	mux.HandleFunc(opts.Server.PathReport+"/data", func(w http.ResponseWriter, r *http.Request) {
 		var reportGroupBy *string
 		var reportFields *[]string
 		var reportStatus *bool
@@ -363,7 +366,7 @@ func startHttpServer() {
 	})
 
 	// config
-	http.HandleFunc("/config", func(w http.ResponseWriter, r *http.Request) {
+	mux.HandleFunc("/config", func(w http.ResponseWriter, r *http.Request) {
 		w.Header().Add("Content-Type", "text/plain")
 
 		content, err := yaml.Marshal(azureAuditor.GetConfig())
@@ -380,13 +383,19 @@ func startHttpServer() {
 		}
 	})
 
-	http.Handle("/metrics", http.HandlerFunc(
+	mux.Handle("/metrics", http.HandlerFunc(
 		func(w http.ResponseWriter, r *http.Request) {
 			azureAuditor.MetricsLock().RLock()
 			defer azureAuditor.MetricsLock().RUnlock()
 			azuretracing.RegisterAzureMetricAutoClean(promhttp.Handler()).ServeHTTP(w, r)
 		},
 	))
 
-	log.Error(http.ListenAndServe(opts.ServerBind, nil))
+	srv := &http.Server{
+		Addr:         opts.Server.Bind,
+		Handler:      mux,
+		ReadTimeout:  opts.Server.ReadTimeout,
+		WriteTimeout: opts.Server.WriteTimeout,
+	}
+	log.Fatal(srv.ListenAndServe())
 }