mirror of
https://github.com/shankar0123/certctl.git
synced 2026-06-07 13:51:36 +00:00
shankar0123
8aeeec93c0
Five golangci-lint v2 findings surfaced when running the v2.1.0 release gate (auth-bundle-2 → master pre-flight). Each is mechanical: 1. govet/printf-style misuse — internal/auth/oidc/service_test.go used integer literal 501 in http.Error; switched to http.StatusNotImplemented. 2. staticcheck SA1019 — internal/auth/breakglass/reflect_helper_test.go referenced reflect.Ptr; the canonical name since Go 1.18 is reflect.Pointer. 3. staticcheck ST1020 — internal/repository/postgres/auth.go ActorRoleRepository.Revoke had a doc comment that did not begin with the method name. Prepended 'Revoke drops actor_roles rows.' to the comment so it now starts with the method name. 4. staticcheck ST1022 — internal/api/handler/auth_session_oidc.go DefaultBCLVerifierMaxAge docstring was attached to the DefaultBCLVerifier type docstring. Moved the const docstring directly above the const declaration, separated by a blank line. 5. unused — internal/auth/session/bench_test.go declared benchSessionMinSamples and never referenced it; the bench loop relies on Go's default b.N scaling. Replaced the const block with a comment describing the rationale. Lint clean (golangci-lint v2.12.2 with the .golangci.yml config) on the five edited packages.
32 lines
823 B
Go
32 lines
823 B
Go
package breakglass
|
|
|
|
import (
|
|
"encoding/json"
|
|
"reflect"
|
|
)
|
|
|
|
// reflectJSONTag returns the `json` struct tag for the named field on
|
|
// v. Pins that BreakglassCredential.PasswordHash carries `json:"-"`
|
|
// so a misconfigured handler that marshals the row directly cannot
|
|
// wire-leak the Argon2id hash. Test-only.
|
|
func reflectJSONTag(v interface{}, fieldName string) string {
|
|
rv := reflect.ValueOf(v)
|
|
if rv.Kind() == reflect.Pointer {
|
|
rv = rv.Elem()
|
|
}
|
|
if rv.Kind() != reflect.Struct {
|
|
return ""
|
|
}
|
|
field, ok := rv.Type().FieldByName(fieldName)
|
|
if !ok {
|
|
return ""
|
|
}
|
|
return field.Tag.Get("json")
|
|
}
|
|
|
|
// jsonMarshalImpl is the test-only json.Marshal wrapper used by the
|
|
// PasswordHash JSON-tag belt-and-braces test in service_test.go.
|
|
func jsonMarshalImpl(v interface{}) ([]byte, error) {
|
|
return json.Marshal(v)
|
|
}
|