From edcc6a26cfe5bc50ce366175abb2e3d73ccf91bd Mon Sep 17 00:00:00 2001 From: rabbitstack Date: Fri, 11 Jul 2025 17:49:43 +0200 Subject: [PATCH 1/4] chore(deps): Bump Go to 1.24.5 --- .github/workflows/master.yml | 2 +- .github/workflows/pr.yml | 2 +- .github/workflows/release.yml | 2 +- go.mod | 4 +--- 4 files changed, 4 insertions(+), 6 deletions(-) diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml index 95ce6d833..fed24e2a3 100644 --- a/.github/workflows/master.yml +++ b/.github/workflows/master.yml @@ -10,7 +10,7 @@ on: - "docs/**" env: - GO_VERSION: 1.23.x + GO_VERSION: 1.24.x WIX_VERSION: 5.0.0 PYTHON_VERSION: 3.7.9 diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index 1f08d0888..14ecac72a 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -8,7 +8,7 @@ on: - "docs/**" env: - GO_VERSION: 1.23.x + GO_VERSION: 1.24.x WIX_VERSION: 5.0.0 PYTHON_VERSION: 3.7.9 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index df7a782eb..606e59141 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -6,7 +6,7 @@ on: - 'v*' env: - GO_VERSION: 1.23.x + GO_VERSION: 1.24.x WIX_VERSION: 5.0.0 PYTHON_VERSION: 3.7.9 diff --git a/go.mod b/go.mod index ae98f599a..99cd017b4 100644 --- a/go.mod +++ b/go.mod @@ -94,6 +94,4 @@ require ( gopkg.in/yaml.v2 v2.3.0 // indirect ) -go 1.23.0 - -toolchain go1.23.1 +go 1.24.5 From 3100c1a5b5b1193d3fa3cfd53a528dea3ad71242 Mon Sep 17 00:00:00 2001 From: rabbitstack Date: Fri, 11 Jul 2025 18:17:36 +0200 Subject: [PATCH 2/4] chore: Bump golang-ci-lint to 2.2.2 --- .github/workflows/master.yml | 2 +- .github/workflows/pr.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml index fed24e2a3..21970a42d 100644 --- a/.github/workflows/master.yml +++ b/.github/workflows/master.yml @@ -228,7 +228,7 @@ jobs: run: | curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin $GOLANGCI_LINT_VER env: - GOLANGCI_LINT_VER: v1.61.0 + GOLANGCI_LINT_VER: v2.2.2 - name: Lint shell: bash run: | diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index 14ecac72a..f4698bd18 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -210,7 +210,7 @@ jobs: run: | curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin $GOLANGCI_LINT_VER env: - GOLANGCI_LINT_VER: v1.61.0 + GOLANGCI_LINT_VER: v2.2.2 - name: Lint shell: bash run: | From 0e563e1fdc9bc7fd7f81b57afa61e1b3fc730bf3 Mon Sep 17 00:00:00 2001 From: rabbitstack Date: Fri, 18 Jul 2025 22:23:35 +0200 Subject: [PATCH 3/4] refactor: Migrate golang-ci-lint to 2.2.2 Along the way, address/ignore staticcheck linter issues. --- .golangci.yml | 54 ++++++++++++++++------------ cmd/fibratus/app/rules/create.go | 4 +-- pkg/alertsender/eventlog/eventlog.go | 4 +-- pkg/event/marshaller.go | 6 ++-- pkg/event/param.go | 4 +-- pkg/filter/ql/functions/replace.go | 4 +-- pkg/filter/ql/lexer.go | 22 ++++++------ pkg/sys/device.go | 2 +- pkg/util/key/key.go | 2 +- 9 files changed, 57 insertions(+), 45 deletions(-) diff --git a/.golangci.yml b/.golangci.yml index 5cded955a..07e469cd0 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -1,46 +1,54 @@ +version: "2" run: build-tags: - cap - filament - deadline: 10m linters: - disable-all: true + default: none enable: - bodyclose - errcheck - goconst - goprintffuncname - - gosimple - govet - - gofmt - ineffassign - nakedret - noctx - nolintlint - rowserrcheck - staticcheck - - stylecheck - - typecheck - unconvert - unparam - unused - whitespace + exclusions: + generated: lax + presets: + - comments + - common-false-positives + - legacy + - std-error-handling + rules: + - linters: + - errcheck + - nolintlint + - staticcheck + path: _test\.go + paths: + - third_party$ + - builtin$ + - examples$ -linters-settings: - gofmt: - simplify: false - -issues: - # List of regexps of issue texts to exclude. - # - # But independently of this option we use default exclude patterns, - # it can be disabled by `exclude-use-default: false`. - # To list all excluded by default patterns execute `golangci-lint run --help` - # - exclude-rules: - # Exclude some linters from running on tests files. - - path: _test\.go - linters: - - errcheck - - nolintlint +formatters: + enable: + - gofmt + settings: + gofmt: + simplify: false + exclusions: + generated: lax + paths: + - third_party$ + - builtin$ + - examples$ diff --git a/cmd/fibratus/app/rules/create.go b/cmd/fibratus/app/rules/create.go index 0a8fb41f8..c21dc3bbc 100644 --- a/cmd/fibratus/app/rules/create.go +++ b/cmd/fibratus/app/rules/create.go @@ -87,9 +87,9 @@ func createRule(name string) error { return err } - n := fmt.Sprintf("%s.yml", strings.Replace(strings.ToLower(name), " ", "_", -1)) + n := fmt.Sprintf("%s.yml", strings.ReplaceAll(strings.ToLower(name), " ", "_")) if tacticID != "" { - n = strings.Replace(strings.ToLower(tactics[tacticID]), " ", "_", -1) + "_" + n + n = strings.ReplaceAll(strings.ToLower(tactics[tacticID]), " ", "_") + "_" + n } f, err := os.Create(n) if err != nil { diff --git a/pkg/alertsender/eventlog/eventlog.go b/pkg/alertsender/eventlog/eventlog.go index 3b83a1444..9608d86ba 100644 --- a/pkg/alertsender/eventlog/eventlog.go +++ b/pkg/alertsender/eventlog/eventlog.go @@ -77,7 +77,7 @@ func (s *eventlog) Send(alert alertsender.Alert) error { // assume alert ID has the UUID format // where we build the short version by // taking the first 12 characters - id := strings.Replace(alert.ID, "-", "", -1) + id := strings.ReplaceAll(alert.ID, "-", "") h := crc32.ChecksumIEEE([]byte(id[:minIDChars])) // take the lower 16 bits of the CRC32 hash code = uint16(h & 0xFFFF) @@ -86,7 +86,7 @@ func (s *eventlog) Send(alert alertsender.Alert) error { msg := alert.String(s.config.Verbose) // trim null characters to avoid // UTF16PtrFromString complaints - msg = strings.Replace(msg, "\x00", "", -1) + msg = strings.ReplaceAll(msg, "\x00", "") m, err := windows.UTF16PtrFromString(msg) if err != nil { diff --git a/pkg/event/marshaller.go b/pkg/event/marshaller.go index bcaec4aae..01008265f 100644 --- a/pkg/event/marshaller.go +++ b/pkg/event/marshaller.go @@ -124,6 +124,7 @@ func (js *jsonStream) writeMore() *jsonStream { } func (js *jsonStream) shouldWriteMore(i, l int) bool { + //nolint:staticcheck return !(i == l-1) } @@ -295,9 +296,10 @@ func writeStringSlowPath(stream *jsonStream, i int, s string, valLen int) { func writeFirstBuf(space []byte, v uint32) []byte { start := v >> 24 - if start == 0 { + switch start { + case 0: space = append(space, byte(v>>16), byte(v>>8)) - } else if start == 1 { + case 1: space = append(space, byte(v>>8)) } space = append(space, byte(v)) diff --git a/pkg/event/param.go b/pkg/event/param.go index 62e5209c2..894bf27c8 100644 --- a/pkg/event/param.go +++ b/pkg/event/param.go @@ -706,9 +706,9 @@ func (pars Params) String() string { case SnakeCase: sb.WriteString(par.Name + ParamKVDelimiter + par.String()) case DotCase: - sb.WriteString(strings.Replace(par.Name, "_", ".", -1) + ParamKVDelimiter + par.String()) + sb.WriteString(strings.ReplaceAll(par.Name, "_", ".") + ParamKVDelimiter + par.String()) case PascalCase: - sb.WriteString(strings.Replace(caser.String(strings.Replace(par.Name, "_", " ", -1)), " ", "", -1) + ParamKVDelimiter + par.String()) + sb.WriteString(strings.ReplaceAll(caser.String(strings.ReplaceAll(par.Name, "_", " ")), " ", "") + ParamKVDelimiter + par.String()) case CamelCase: } if i != len(pars)-1 { diff --git a/pkg/filter/ql/functions/replace.go b/pkg/filter/ql/functions/replace.go index f547826b0..f34610d9c 100644 --- a/pkg/filter/ql/functions/replace.go +++ b/pkg/filter/ql/functions/replace.go @@ -36,7 +36,7 @@ func (f Replace) Call(args []interface{}) (interface{}, bool) { if len(args) == 3 { o := parseString(1, args) n := parseString(2, args) - return strings.Replace(s, o, n, -1), true + return strings.ReplaceAll(s, o, n), true } // apply multiple replacements repl := s @@ -49,7 +49,7 @@ func (f Replace) Call(args []interface{}) (interface{}, bool) { if !ok { break } - repl = strings.Replace(repl, o, n, -1) + repl = strings.ReplaceAll(repl, o, n) } return repl, true } diff --git a/pkg/filter/ql/lexer.go b/pkg/filter/ql/lexer.go index e6b69d650..4733285e4 100644 --- a/pkg/filter/ql/lexer.go +++ b/pkg/filter/ql/lexer.go @@ -326,15 +326,16 @@ func (s *scanner) scanString() (tok token, pos int, lit string) { s.r.unread() _, pos = s.r.curr() - var err error - lit, err = ScanString(s.r) - if err == errBadString { + lit, err := ScanString(s.r) + switch err { + case errBadString: return Badstr, pos, lit - } else if err == errBadEscape { + case errBadEscape: _, pos = s.r.curr() return Badstr, pos, lit + default: + return Str, pos, lit } - return Str, pos, lit } var errBadString = errors.New("bad string") @@ -358,15 +359,16 @@ func ScanString(r io.RuneScanner) (string, error) { // If the next character is an escape then write the escaped char. // If it's not a valid escape then return an error. ch1, _, _ := r.ReadRune() - if ch1 == 'n' { + switch ch1 { + case 'n': _, _ = buf.WriteRune('\n') - } else if ch1 == '\\' { + case '\\': _, _ = buf.WriteRune('\\') - } else if ch1 == '"' { + case '"': _, _ = buf.WriteRune('"') - } else if ch1 == '\'' { + case '\'': _, _ = buf.WriteRune('\'') - } else { + default: return string(ch0) + string(ch1), errBadEscape } } else { diff --git a/pkg/sys/device.go b/pkg/sys/device.go index 43ea7f6f5..c12f8b92b 100644 --- a/pkg/sys/device.go +++ b/pkg/sys/device.go @@ -74,7 +74,7 @@ func EnumDevices() []Driver { continue } dev := syscall.UTF16ToString(filename) - drv.Filename = strings.Replace(dev, "\\SystemRoot", os.Getenv("SYSTEMROOT"), -1) + drv.Filename = strings.Replace(dev, "\\SystemRoot", os.Getenv("SYSTEMROOT"), 1) drivers[i] = drv } return drivers diff --git a/pkg/util/key/key.go b/pkg/util/key/key.go index f1325600e..cf59affc1 100644 --- a/pkg/util/key/key.go +++ b/pkg/util/key/key.go @@ -188,7 +188,7 @@ func Format(key string) (Key, string) { if strings.HasSuffix(sid, "_Classes") { return CurrentUser, "Software\\Classes\\" + path[n+1:] } - return CurrentUser, strings.Replace(path[n+1:], "_Classes", "Software\\Classes", -1) + return CurrentUser, strings.Replace(path[n+1:], "_Classes", "Software\\Classes", 1) case sid == loggedSID: if len(path) == len(loggedSID) { return CurrentUser, "" From 499f36c6973e6a11c114f5860d31519120e9191f Mon Sep 17 00:00:00 2001 From: rabbitstack Date: Mon, 21 Jul 2025 20:24:08 +0200 Subject: [PATCH 4/4] fix(tests,ps): Ensure session ID is greater than zero --- pkg/ps/snapshotter_windows_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/ps/snapshotter_windows_test.go b/pkg/ps/snapshotter_windows_test.go index 0a767fd7e..c5acbfad2 100644 --- a/pkg/ps/snapshotter_windows_test.go +++ b/pkg/ps/snapshotter_windows_test.go @@ -739,7 +739,7 @@ func TestFindQueryOS(t *testing.T) { assert.Equal(t, filepath.Join(os.Getenv("windir"), "notepad.exe"), proc.Cmdline) assert.True(t, len(proc.Envs) > 0) assert.Contains(t, proc.Cwd, "fibratus\\pkg\\ps") - assert.Equal(t, uint32(1), proc.SessionID) + assert.True(t, proc.SessionID > 0) assert.Equal(t, "HIGH", proc.TokenIntegrityLevel) wts, err := sys.LookupActiveWTS()