Skip to content

chore: resolve lint exclusions added in #98#100

Open
vmfunc wants to merge 1 commit intomainfrom
cleanup/lint-exclusions-post-98
Open

chore: resolve lint exclusions added in #98#100
vmfunc wants to merge 1 commit intomainfrom
cleanup/lint-exclusions-post-98

Conversation

@vmfunc
Copy link
Copy Markdown
Owner

@vmfunc vmfunc commented May 8, 2026

Summary

Removes all targeted lint exclusions added in #98 (Go 1.25 / golangci-lint v2 migration) by fixing the underlying code issues they were hiding.

Exclusions removed and corresponding fixes

noctx — internal/scan/(ports|shodan|subdomaintakeover).go

  • ports.go: replaced net.DialTimeout("tcp", ...) with (&net.Dialer{Timeout: timeout}).DialContext(ctx, "tcp", addr); added ctx context.Context parameter to Ports() and updated the call site in sif.go to pass context.Background().
  • shodan.go: replaced net.LookupIP(hostname) with net.DefaultResolver.LookupIPAddr(ctx, hostname) and updated the []net.IPAddr handling.
  • subdomaintakeover.go: replaced net.LookupCNAME(subdomain) with net.DefaultResolver.LookupCNAME(ctx, subdomain).

errcheck Close — three narrow text:-based rules

  • internal/nuclei/templates/templates.go tarball.Close: wrapped in defer func() that logs via the passed *log.Logger if close fails.
  • internal/scan/ports.go tcp.Close: changed to _ = tcp.Close() (connection is done, error is non-actionable).
  • sif.go logger.Close: wrapped in defer func() that logs the error via log.Errorf.

gosec G301/G302 — removed from gosec.excludes

  • internal/logger/logger.go: directory creation 07550750; file creation 06660600.
  • internal/nuclei/templates/templates.go: directory creation 07550750.

gocritic importShadow + rangeValCopy — removed from gocritic.disabled-checks

  • internal/nuclei/format/format.go: renamed the output import alias to nucleiout and renamed the local output variable to line to eliminate the import shadow.
  • internal/scan/builtin/nuclei_module.go: rewrote for _, event := range nucleiResults as for i := range nucleiResults { event := &nucleiResults[i]; ... } to avoid copying the 656-byte ResultEvent struct on each iteration.

Checks left excluded (with reasoning)

Check Reason
staticcheck -QF1003 Quickfix suggestion (if/else → switch). Left excluded per prior parity with golangci-lint v1.
staticcheck -QF1012 Quickfix suggestion (WriteString(Sprintf)Fprintf). Left excluded per prior parity.
staticcheck -ST1000 Package doc comments missing across many packages. Stylistic; not previously enforced.
staticcheck -ST1003 Url/Id/ApiMode naming. These are exported fields on JSON-serialized structs — renaming risks breaking serialization or external API contracts without a coordinated migration.
gosec G104 Covered by errcheck linter; duplicate noise.
gosec G107 Variable URLs are intentional — sif is a pentesting tool.
gosec G110 Nuclei template decompression; acceptable in this context.
gosec G304 User-supplied wordlist paths are the whole point of the tool.

Validation

  • golangci-lint run (v2.11.4): 0 issues
  • go build ./...: pass
  • go test ./...: pass (all existing tests)
  • go vet ./...: pass

Generated by Claude Code

@claude
chore: clean up lint exclusions deferred in #98
9ba23db 
Address pre-existing code issues that were suppressed in #98 to keep that
PR scoped to the Go 1.25 / golangci-lint v2 toolchain bump.

https://claude.ai/code/session_01S433Zq3Xzm3ZethsqkyaZF
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@vmfunc @claude