Fix vuln. source name dereference if source nil (#110)

* Fix vuln. source name dereference if source nil

Signed-off-by: Matt Rutkowski <mrutkows@us.ibm.com>

* Fix complaints using printf from go vet

Signed-off-by: Matt Rutkowski <mrutkows@us.ibm.com>

* Fix complaints using printf from go vet

Signed-off-by: Matt Rutkowski <mrutkows@us.ibm.com>

* Adjust golangci-lint checks for govet

Signed-off-by: Matt Rutkowski <mrutkows@us.ibm.com>

* Update golangci-lint action

Signed-off-by: Matt Rutkowski <mrutkows@us.ibm.com>

* Fix golangci-lint errors in test file due to Errorf() without format string

Signed-off-by: Matt Rutkowski <mrutkows@us.ibm.com>

* Fix golangci-lint errors in test file due to Errorf() without format string

Signed-off-by: Matt Rutkowski <mrutkows@us.ibm.com>

---------

Signed-off-by: Matt Rutkowski <mrutkows@us.ibm.com>

.github/workflows/golangci-lint.yml

@@ -24,7 +24,7 @@ jobs:
           go-version: '1.21'
           #cache: false
       - name: golangci-lint
-        uses: golangci/golangci-lint-action@v5
+        uses: golangci/golangci-lint-action@v6
         with:
           # Optional: golangci-lint command line arguments.
           args: -D errcheck

.golangci.yaml

@@ -5,6 +5,9 @@ run:
 # https://golangci-lint.run/usage/false-positives/
 # https://staticcheck.io/docs/
 linters-settings:
+  govet:
+    disable:
+      - printf
   staticcheck:
     checks:
       - all

.vscode/settings.json

@@ -50,6 +50,7 @@
             "gojsondiff",
             "gojsonschema",
             "gomod",
+            "govet",
             "GTPL",
             "hasher",
             "hashstructure",

README.md

@@ -1669,7 +1669,7 @@ In this example, the `--from` filter will return the entire JSON components arra
 ]
 ```
 
-**Note**: The command for this example only used the `--from` flag and did not need to supply `--select '*'` as this us the default.
+**Note**: The command for this example only used the `--from` flag and did not need to supply `--select '*'` as this is the default.
 
 ##### Example: Filter result entries with a specified value
 

cmd/component.go

@@ -20,6 +20,7 @@ package cmd
 
 import (
 	"encoding/csv"
+	"errors"
 	"fmt"
 	"io"
 	"sort"
@@ -395,7 +396,7 @@ func DisplayComponentListCSV(bom *schema.BOM, writer io.Writer, flags utils.Comp
 			// unable to emit an error message into output stream
 			return getLogger().Errorf("error writing to output (%v): %s", currentRow, err)
 		}
-		return fmt.Errorf(currentRow[0])
+		return errors.New(MSG_OUTPUT_NO_RESOURCES_FOUND)
 	}
 
 	// Sort Components prior to outputting
@@ -443,7 +444,7 @@ func DisplayComponentListMarkdown(bom *schema.BOM, writer io.Writer, flags utils
 	// Emit no components found warning into output
 	if len(entries) == 0 {
 		fmt.Fprintf(writer, "%s\n", MSG_OUTPUT_NO_COMPONENTS_FOUND)
-		return fmt.Errorf(MSG_OUTPUT_NO_COMPONENTS_FOUND)
+		return errors.New(MSG_OUTPUT_NO_COMPONENTS_FOUND)
 	}
 
 	// Sort Components prior to outputting

cmd/license_policy.go

@@ -20,6 +20,7 @@ package cmd
 
 import (
 	"encoding/csv"
+	"errors"
 	"fmt"
 	"io"
 	"sort"
@@ -262,7 +263,7 @@ func DisplayLicensePoliciesTabbedText(writer io.Writer, filteredPolicyMap *slice
 	// Emit no schemas found warning into output
 	// TODO Use only for Warning messages, do not emit in output table
 	if len(keyNames) == 0 {
-		return fmt.Errorf(MSG_OUTPUT_NO_POLICIES_FOUND)
+		return errors.New(MSG_OUTPUT_NO_POLICIES_FOUND)
 	}
 
 	// Sort entries by family name
@@ -353,7 +354,7 @@ func DisplayLicensePoliciesCSV(writer io.Writer, filteredPolicyMap *slicemultima
 	// TODO Use only for Warning messages, do not emit in output table
 	if len(keyNames) == 0 {
 		fmt.Fprintf(writer, "%s\n", MSG_OUTPUT_NO_POLICIES_FOUND)
-		return fmt.Errorf(MSG_OUTPUT_NO_POLICIES_FOUND)
+		return errors.New(MSG_OUTPUT_NO_POLICIES_FOUND)
 	}
 
 	// Sort entries by family name
@@ -405,7 +406,7 @@ func DisplayLicensePoliciesMarkdown(writer io.Writer, filteredPolicyMap *slicemu
 	// TODO Use only for Warning messages, do not emit in output table
 	if len(keyNames) == 0 {
 		fmt.Fprintf(writer, "%s\n", MSG_OUTPUT_NO_POLICIES_FOUND)
-		return fmt.Errorf(MSG_OUTPUT_NO_POLICIES_FOUND)
+		return errors.New(MSG_OUTPUT_NO_POLICIES_FOUND)
 	}
 
 	// Sort entries by family name

cmd/license_policy_test.go

@@ -145,15 +145,15 @@ func TestLicensePolicyUsageConjunctionsANDCombinations(t *testing.T) {
 	// Set the policy file to the reduced, 3-entry policy file used to test the 3 policy states
 	testPolicyConfig, err := LoadCustomPolicyFile(POLICY_FILE_GOOD_BAD_MAYBE)
 	if err != nil {
-		t.Errorf(err.Error())
+		t.Error(err.Error())
 	}
 
 	// 1. schema.POLICY_DENY AND schema.POLICY_ALLOW
 	EXP := "Bad AND Good"
 	EXPECTED_USAGE_POLICY := schema.POLICY_DENY
 	parsedExpression, err := schema.ParseExpression(testPolicyConfig, EXP)
 	if err != nil {
-		t.Errorf(err.Error())
+		t.Error(err.Error())
 	}
 	resolvedPolicy := parsedExpression.CompoundUsagePolicy
 	if resolvedPolicy != EXPECTED_USAGE_POLICY {
@@ -165,7 +165,7 @@ func TestLicensePolicyUsageConjunctionsANDCombinations(t *testing.T) {
 	EXPECTED_USAGE_POLICY = schema.POLICY_DENY
 	parsedExpression, err = schema.ParseExpression(testPolicyConfig, EXP)
 	if err != nil {
-		t.Errorf(err.Error())
+		t.Error(err.Error())
 	}
 	resolvedPolicy = parsedExpression.CompoundUsagePolicy
 	if resolvedPolicy != EXPECTED_USAGE_POLICY {
@@ -177,7 +177,7 @@ func TestLicensePolicyUsageConjunctionsANDCombinations(t *testing.T) {
 	EXPECTED_USAGE_POLICY = schema.POLICY_DENY
 	parsedExpression, err = schema.ParseExpression(testPolicyConfig, EXP)
 	if err != nil {
-		t.Errorf(err.Error())
+		t.Error(err.Error())
 	}
 	resolvedPolicy = parsedExpression.CompoundUsagePolicy
 	if resolvedPolicy != EXPECTED_USAGE_POLICY {
@@ -189,7 +189,7 @@ func TestLicensePolicyUsageConjunctionsANDCombinations(t *testing.T) {
 	EXPECTED_USAGE_POLICY = schema.POLICY_NEEDS_REVIEW
 	parsedExpression, err = schema.ParseExpression(testPolicyConfig, EXP)
 	if err != nil {
-		t.Errorf(err.Error())
+		t.Error(err.Error())
 	}
 	resolvedPolicy = parsedExpression.CompoundUsagePolicy
 	if resolvedPolicy != EXPECTED_USAGE_POLICY {
@@ -201,7 +201,7 @@ func TestLicensePolicyUsageConjunctionsANDCombinations(t *testing.T) {
 	EXPECTED_USAGE_POLICY = schema.POLICY_NEEDS_REVIEW
 	parsedExpression, err = schema.ParseExpression(testPolicyConfig, EXP)
 	if err != nil {
-		t.Errorf(err.Error())
+		t.Error(err.Error())
 	}
 	resolvedPolicy = parsedExpression.CompoundUsagePolicy
 	if resolvedPolicy != EXPECTED_USAGE_POLICY {
@@ -213,7 +213,7 @@ func TestLicensePolicyUsageConjunctionsANDCombinations(t *testing.T) {
 	EXPECTED_USAGE_POLICY = schema.POLICY_ALLOW
 	parsedExpression, err = schema.ParseExpression(testPolicyConfig, EXP)
 	if err != nil {
-		t.Errorf(err.Error())
+		t.Error(err.Error())
 	}
 	resolvedPolicy = parsedExpression.CompoundUsagePolicy
 	if resolvedPolicy != EXPECTED_USAGE_POLICY {
@@ -235,15 +235,15 @@ func TestLicensePolicyUsageConjunctionsORCombinations(t *testing.T) {
 	// Set the policy file to the reduced, 3-entry policy file used to test the 3 policy states
 	testPolicyConfig, err := LoadCustomPolicyFile(POLICY_FILE_GOOD_BAD_MAYBE)
 	if err != nil {
-		t.Errorf(err.Error())
+		t.Error(err.Error())
 	}
 
 	// 1. schema.POLICY_ALLOW OR schema.POLICY_DENY
 	EXP := "Good OR Bad"
 	EXPECTED_USAGE_POLICY := schema.POLICY_ALLOW
 	parsedExpression, err := schema.ParseExpression(testPolicyConfig, EXP)
 	if err != nil {
-		t.Errorf(err.Error())
+		t.Error(err.Error())
 	}
 	resolvedPolicy := parsedExpression.CompoundUsagePolicy
 	if resolvedPolicy != EXPECTED_USAGE_POLICY {
@@ -255,7 +255,7 @@ func TestLicensePolicyUsageConjunctionsORCombinations(t *testing.T) {
 	EXPECTED_USAGE_POLICY = schema.POLICY_ALLOW
 	parsedExpression, err = schema.ParseExpression(testPolicyConfig, EXP)
 	if err != nil {
-		t.Errorf(err.Error())
+		t.Error(err.Error())
 	}
 	resolvedPolicy = parsedExpression.CompoundUsagePolicy
 	if resolvedPolicy != EXPECTED_USAGE_POLICY {
@@ -267,7 +267,7 @@ func TestLicensePolicyUsageConjunctionsORCombinations(t *testing.T) {
 	EXPECTED_USAGE_POLICY = schema.POLICY_ALLOW
 	parsedExpression, err = schema.ParseExpression(testPolicyConfig, EXP)
 	if err != nil {
-		t.Errorf(err.Error())
+		t.Error(err.Error())
 	}
 	resolvedPolicy = parsedExpression.CompoundUsagePolicy
 	if resolvedPolicy != EXPECTED_USAGE_POLICY {
@@ -279,7 +279,7 @@ func TestLicensePolicyUsageConjunctionsORCombinations(t *testing.T) {
 	EXPECTED_USAGE_POLICY = schema.POLICY_NEEDS_REVIEW
 	parsedExpression, err = schema.ParseExpression(testPolicyConfig, EXP)
 	if err != nil {
-		t.Errorf(err.Error())
+		t.Error(err.Error())
 	}
 	resolvedPolicy = parsedExpression.CompoundUsagePolicy
 	if resolvedPolicy != EXPECTED_USAGE_POLICY {
@@ -291,7 +291,7 @@ func TestLicensePolicyUsageConjunctionsORCombinations(t *testing.T) {
 	EXPECTED_USAGE_POLICY = schema.POLICY_NEEDS_REVIEW
 	parsedExpression, err = schema.ParseExpression(testPolicyConfig, EXP)
 	if err != nil {
-		t.Errorf(err.Error())
+		t.Error(err.Error())
 	}
 	resolvedPolicy = parsedExpression.CompoundUsagePolicy
 	if resolvedPolicy != EXPECTED_USAGE_POLICY {
@@ -303,7 +303,7 @@ func TestLicensePolicyUsageConjunctionsORCombinations(t *testing.T) {
 	EXPECTED_USAGE_POLICY = schema.POLICY_DENY
 	parsedExpression, err = schema.ParseExpression(testPolicyConfig, EXP)
 	if err != nil {
-		t.Errorf(err.Error())
+		t.Error(err.Error())
 	}
 	resolvedPolicy = parsedExpression.CompoundUsagePolicy
 	if resolvedPolicy != EXPECTED_USAGE_POLICY {
@@ -323,7 +323,7 @@ func TestLicensePolicyFamilyUsagePolicyConflict(t *testing.T) {
 
 	// Note: the conflict is only encountered on the "hash"; load only loads what policies are defined in the config.
 	if err != nil {
-		t.Errorf(err.Error())
+		t.Error(err.Error())
 	}
 }
 
@@ -334,7 +334,7 @@ func TestLicensePolicyCustomListGoodBadMaybe(t *testing.T) {
 	outputBuffer, err := innerTestLicensePolicyList(t, lti)
 
 	if err != nil {
-		t.Errorf(err.Error())
+		t.Error(err.Error())
 		return
 	}
 
@@ -695,7 +695,7 @@ func TestLicensePolicyMatchByExpFailureInvalidRightExp(t *testing.T) {
 	expressionTree, err := schema.ParseExpression(LicensePolicyConfig, EXP)
 
 	if err != nil {
-		t.Errorf(err.Error())
+		t.Error(err.Error())
 	}
 
 	getLogger().Tracef("Parsed expression:\n%v", expressionTree)
@@ -716,7 +716,7 @@ func TestLicensePolicyMatchByExpFailureInvalidLeftExp(t *testing.T) {
 	expressionTree, err := schema.ParseExpression(LicensePolicyConfig, EXP)
 
 	if err != nil {
-		t.Errorf(err.Error())
+		t.Error(err.Error())
 	}
 
 	getLogger().Tracef("Parsed expression:\n%v", expressionTree)
@@ -737,7 +737,7 @@ func TestLicensePolicyExpressionBSD3OrMIT(t *testing.T) {
 	expressionTree, err := schema.ParseExpression(LicensePolicyConfig, EXP)
 
 	if err != nil {
-		t.Errorf(err.Error())
+		t.Error(err.Error())
 	}
 
 	getLogger().Tracef("Parsed expression:\n%v", expressionTree)
@@ -759,7 +759,7 @@ func TestLicensePolicyExpressionMultipleConjunctions(t *testing.T) {
 	expressionTree, err := schema.ParseExpression(LicensePolicyConfig, EXP)
 
 	if err != nil {
-		t.Errorf(err.Error())
+		t.Error(err.Error())
 	}
 
 	getLogger().Tracef("Parsed expression:\n%v", expressionTree)
@@ -777,7 +777,7 @@ func TestLicensePolicyExpressionMultipleConjunctions(t *testing.T) {
 	expressionTree, err = schema.ParseExpression(LicensePolicyConfig, EXP)
 
 	if err != nil {
-		t.Errorf(err.Error())
+		t.Error(err.Error())
 	}
 
 	getLogger().Tracef("Parsed expression:\n%v", expressionTree)