Fix gosec, govet, and errorlint linter errors
Co-authored-by: Junie <junie@jetbrains.com>
This commit is contained in:
@@ -50,18 +50,15 @@ var (
|
||||
|
||||
// Manager manages the seal/unseal lifecycle.
|
||||
type Manager struct {
|
||||
db *sql.DB
|
||||
barrier *barrier.AESGCMBarrier
|
||||
logger *slog.Logger
|
||||
|
||||
mu sync.RWMutex
|
||||
state ServiceState
|
||||
mek []byte // nil when sealed
|
||||
|
||||
// Rate limiting for unseal attempts.
|
||||
unsealAttempts int
|
||||
lastAttempt time.Time
|
||||
lockoutUntil time.Time
|
||||
db *sql.DB
|
||||
barrier *barrier.AESGCMBarrier
|
||||
logger *slog.Logger
|
||||
mek []byte
|
||||
state ServiceState
|
||||
unsealAttempts int
|
||||
mu sync.RWMutex
|
||||
}
|
||||
|
||||
// NewManager creates a new seal manager.
|
||||
@@ -205,10 +202,10 @@ func (m *Manager) Unseal(password []byte) error {
|
||||
|
||||
// Read seal config.
|
||||
var (
|
||||
encryptedMEK []byte
|
||||
salt []byte
|
||||
argTime, argMem uint32
|
||||
argThreads uint8
|
||||
encryptedMEK []byte
|
||||
salt []byte
|
||||
argTime, argMem uint32
|
||||
argThreads uint8
|
||||
)
|
||||
err := m.db.QueryRow(`
|
||||
SELECT encrypted_mek, kdf_salt, argon2_time, argon2_memory, argon2_threads
|
||||
@@ -256,7 +253,7 @@ func (m *Manager) Seal() error {
|
||||
crypto.Zeroize(m.mek)
|
||||
m.mek = nil
|
||||
}
|
||||
m.barrier.Seal()
|
||||
_ = m.barrier.Seal()
|
||||
m.state = StateSealed
|
||||
m.logger.Debug("service sealed")
|
||||
return nil
|
||||
|
||||
@@ -2,6 +2,7 @@ package seal
|
||||
|
||||
import (
|
||||
"context"
|
||||
"errors"
|
||||
"log/slog"
|
||||
"path/filepath"
|
||||
"testing"
|
||||
@@ -75,7 +76,7 @@ func TestSealWrongPassword(t *testing.T) {
|
||||
mgr.Seal()
|
||||
|
||||
err := mgr.Unseal([]byte("wrong"))
|
||||
if err != ErrInvalidPassword {
|
||||
if !errors.Is(err, ErrInvalidPassword) {
|
||||
t.Fatalf("expected ErrInvalidPassword, got: %v", err)
|
||||
}
|
||||
}
|
||||
@@ -89,7 +90,7 @@ func TestSealDoubleInitialize(t *testing.T) {
|
||||
mgr.Initialize(context.Background(), []byte("password"), params)
|
||||
|
||||
err := mgr.Initialize(context.Background(), []byte("password"), params)
|
||||
if err != ErrAlreadyInitialized {
|
||||
if !errors.Is(err, ErrAlreadyInitialized) {
|
||||
t.Fatalf("expected ErrAlreadyInitialized, got: %v", err)
|
||||
}
|
||||
}
|
||||
@@ -121,13 +122,13 @@ func TestSealCheckInitializedPersists(t *testing.T) {
|
||||
|
||||
func TestSealStateString(t *testing.T) {
|
||||
tests := []struct {
|
||||
state ServiceState
|
||||
want string
|
||||
state ServiceState
|
||||
}{
|
||||
{StateUninitialized, "uninitialized"},
|
||||
{StateSealed, "sealed"},
|
||||
{StateInitializing, "initializing"},
|
||||
{StateUnsealed, "unsealed"},
|
||||
{want: "uninitialized", state: StateUninitialized},
|
||||
{want: "sealed", state: StateSealed},
|
||||
{want: "initializing", state: StateInitializing},
|
||||
{want: "unsealed", state: StateUnsealed},
|
||||
}
|
||||
for _, tt := range tests {
|
||||
if got := tt.state.String(); got != tt.want {
|
||||
|
||||
Reference in New Issue
Block a user