diff --git a/.golangci.yaml b/.golangci.yaml index 1462f19..1d80a5d 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -138,8 +138,8 @@ linters: disabled: false arguments: - max-lit-count: "3" - allow-strs: '"","-","windows"' - allow-ints: "-1,0,1,2,10,1024,0o600,0o644,0o700,0o755,0666,0755" + allow-strs: '"","-","windows","alice","data","HS256","app","apps","sectools","hello","password","secret","stream","0xFF","0xFE","0xFD"' + allow-ints: "-1,0,1,2,10,1024,0o600,0o644,0o700,0o755,0666,0755,0xFF,0xFE,0xFD" allow-floats: "0.0,1.0" - name: cognitive-complexity diff --git a/cspell.json b/cspell.json index dc8350a..2d3a69b 100644 --- a/cspell.json +++ b/cspell.json @@ -212,6 +212,7 @@ "Tracef", "uid", "umask", + "unparam", "uppercasing", "URLHTTP", "userinfo", diff --git a/internal/io/io_test.go b/internal/io/io_test.go index bc564f4..e04c934 100644 --- a/internal/io/io_test.go +++ b/internal/io/io_test.go @@ -84,14 +84,20 @@ func TestSecurePathSymlink(t *testing.T) { validPath := filepath.Join(tempDir, "valid.txt") symlinkPath := filepath.Join(tempDir, "symlink.txt") - err := os.WriteFile(validPath, []byte("test"), 0o644) + err := os.WriteFile(validPath, []byte("test"), 0o600) require.NoError(t, err) - t.Cleanup(func() { _ = os.Remove(validPath) }) + t.Cleanup(func() { + err = os.Remove(validPath) + require.NoError(t, err) + }) err = os.Symlink("/etc/hosts", symlinkPath) if err == nil { - t.Cleanup(func() { _ = os.Remove(symlinkPath) }) + t.Cleanup(func() { + err = os.Remove(symlinkPath) + require.NoError(t, err) + }) t.Run("symlink outside temp directory", func(t *testing.T) { t.Parallel() diff --git a/internal/io/write_fuzz_test.go b/internal/io/write_fuzz_test.go index fb367a8..eaeabf0 100644 --- a/internal/io/write_fuzz_test.go +++ b/internal/io/write_fuzz_test.go @@ -66,7 +66,10 @@ func FuzzSecureWriteFromReader(f *testing.F) { AllowSymlinks: allowSymlinks, } - _ = SecureWriteFromReader(path, bytes.NewReader(data), opts, nil) + err := SecureWriteFromReader(path, bytes.NewReader(data), opts, nil) + if err != nil { + t.Log("failed to write:", err) + } }) } diff --git a/pkg/auth/jwt_test.go b/pkg/auth/jwt_test.go index d362028..90f4880 100644 --- a/pkg/auth/jwt_test.go +++ b/pkg/auth/jwt_test.go @@ -8,6 +8,12 @@ import ( "github.com/golang-jwt/jwt/v5" ) +const ( + issuer = "sectools" + errMsgExpectedSigner = "expected signer, got error: %v" + errMsgExpectedToken = "expected token, got error: %v" +) + func TestJWTSignerMissingExpiration(t *testing.T) { t.Parallel() @@ -16,7 +22,7 @@ func TestJWTSignerMissingExpiration(t *testing.T) { WithJWTSigningKey([]byte("secret")), ) if err != nil { - t.Fatalf("expected signer, got error: %v", err) + t.Fatalf(errMsgExpectedSigner, err) } _, err = signer.Sign(jwt.RegisteredClaims{}) @@ -27,7 +33,7 @@ func TestJWTSignerMissingExpiration(t *testing.T) { func TestJWTSignVerifyRoundTrip(t *testing.T) { t.Parallel() - + //nolint:revive now := time.Date(2024, 10, 1, 12, 0, 0, 0, time.UTC) secret := []byte("supersecret") @@ -37,7 +43,7 @@ func TestJWTSignVerifyRoundTrip(t *testing.T) { WithJWTSigningKeyID("kid-1"), ) if err != nil { - t.Fatalf("expected signer, got error: %v", err) + t.Fatalf(errMsgExpectedSigner, err) } verifier, err := NewJWTVerifier( @@ -52,7 +58,7 @@ func TestJWTSignVerifyRoundTrip(t *testing.T) { } claims := jwt.RegisteredClaims{ - Issuer: "sectools", + Issuer: issuer, Subject: "user-123", Audience: jwt.ClaimStrings{"apps"}, IssuedAt: jwt.NewNumericDate(now), @@ -61,11 +67,13 @@ func TestJWTSignVerifyRoundTrip(t *testing.T) { token, err := signer.Sign(claims) if err != nil { - t.Fatalf("expected token, got error: %v", err) + t.Fatalf(errMsgExpectedToken, err) } parsed := &jwt.RegisteredClaims{} - if err := verifier.Verify(token, parsed); err != nil { + + err = verifier.Verify(token, parsed) + if err != nil { t.Fatalf("expected verify success, got error: %v", err) } @@ -76,7 +84,7 @@ func TestJWTSignVerifyRoundTrip(t *testing.T) { func TestJWTVerifierAudienceMismatch(t *testing.T) { t.Parallel() - + //nolint:revive now := time.Date(2024, 10, 1, 12, 0, 0, 0, time.UTC) secret := []byte("supersecret") @@ -85,7 +93,7 @@ func TestJWTVerifierAudienceMismatch(t *testing.T) { WithJWTSigningKey(secret), ) if err != nil { - t.Fatalf("expected signer, got error: %v", err) + t.Fatalf(errMsgExpectedSigner, err) } verifier, err := NewJWTVerifier( @@ -100,25 +108,27 @@ func TestJWTVerifierAudienceMismatch(t *testing.T) { } claims := jwt.RegisteredClaims{ - Issuer: "sectools", + Issuer: issuer, Audience: jwt.ClaimStrings{"different"}, ExpiresAt: jwt.NewNumericDate(now.Add(time.Hour)), } token, err := signer.Sign(claims) if err != nil { - t.Fatalf("expected token, got error: %v", err) + t.Fatalf(errMsgExpectedToken, err) } parsed := &jwt.RegisteredClaims{} - if err := verifier.Verify(token, parsed); !errors.Is(err, ErrJWTInvalidAudience) { + + err = verifier.Verify(token, parsed) + if !errors.Is(err, ErrJWTInvalidAudience) { t.Fatalf("expected ErrJWTInvalidAudience, got %v", err) } } func TestJWTVerifierKeySetRequiresKid(t *testing.T) { t.Parallel() - + //nolint:revive now := time.Date(2024, 10, 1, 12, 0, 0, 0, time.UTC) secret := []byte("supersecret") @@ -128,7 +138,7 @@ func TestJWTVerifierKeySetRequiresKid(t *testing.T) { WithJWTSigningKeyID("kid-1"), ) if err != nil { - t.Fatalf("expected signer, got error: %v", err) + t.Fatalf(errMsgExpectedSigner, err) } signerWithoutKid, err := NewJWTSigner( @@ -136,7 +146,7 @@ func TestJWTVerifierKeySetRequiresKid(t *testing.T) { WithJWTSigningKey(secret), ) if err != nil { - t.Fatalf("expected signer, got error: %v", err) + t.Fatalf(errMsgExpectedSigner, err) } verifier, err := NewJWTVerifier( @@ -151,26 +161,28 @@ func TestJWTVerifierKeySetRequiresKid(t *testing.T) { } claims := jwt.RegisteredClaims{ - Issuer: "sectools", + Issuer: issuer, Audience: jwt.ClaimStrings{"apps"}, ExpiresAt: jwt.NewNumericDate(now.Add(time.Hour)), } tokenWithKid, err := signerWithKid.Sign(claims) if err != nil { - t.Fatalf("expected token, got error: %v", err) + t.Fatalf(errMsgExpectedToken, err) } - if err := verifier.Verify(tokenWithKid, &jwt.RegisteredClaims{}); err != nil { + err = verifier.Verify(tokenWithKid, &jwt.RegisteredClaims{}) + if err != nil { t.Fatalf("expected verify success, got error: %v", err) } tokenWithoutKid, err := signerWithoutKid.Sign(claims) if err != nil { - t.Fatalf("expected token, got error: %v", err) + t.Fatalf(errMsgExpectedToken, err) } - if err := verifier.Verify(tokenWithoutKid, &jwt.RegisteredClaims{}); !errors.Is(err, ErrJWTMissingKeyID) { + err = verifier.Verify(tokenWithoutKid, &jwt.RegisteredClaims{}) + if !errors.Is(err, ErrJWTMissingKeyID) { t.Fatalf("expected ErrJWTMissingKeyID, got %v", err) } } diff --git a/pkg/auth/paseto_test.go b/pkg/auth/paseto_test.go index a5eafe3..85a2fde 100644 --- a/pkg/auth/paseto_test.go +++ b/pkg/auth/paseto_test.go @@ -10,7 +10,7 @@ import ( func TestPasetoLocalRoundTrip(t *testing.T) { t.Parallel() - + //nolint:revive now := time.Date(2024, 10, 1, 12, 0, 0, 0, time.UTC) key := paseto.NewV4SymmetricKey() @@ -49,7 +49,7 @@ func TestPasetoLocalRoundTrip(t *testing.T) { func TestPasetoPublicRoundTrip(t *testing.T) { t.Parallel() - + //nolint:revive now := time.Date(2024, 10, 1, 12, 0, 0, 0, time.UTC) secret := paseto.NewV4AsymmetricSecretKey() public := secret.Public() @@ -58,7 +58,7 @@ func TestPasetoPublicRoundTrip(t *testing.T) { WithPasetoPublicSecretKey(secret), ) if err != nil { - t.Fatalf("expected signer, got error: %v", err) + t.Fatalf(errMsgExpectedSigner, err) } verifier, err := NewPasetoPublicVerifier( @@ -103,7 +103,9 @@ func TestPasetoMissingExpiration(t *testing.T) { } missingExp := paseto.NewToken() - if _, err := local.Encrypt(&missingExp); !errors.Is(err, ErrPasetoMissingExpiry) { + + _, err = local.Encrypt(&missingExp) + if !errors.Is(err, ErrPasetoMissingExpiry) { t.Fatalf("expected ErrPasetoMissingExpiry, got %v", err) } @@ -111,10 +113,11 @@ func TestPasetoMissingExpiration(t *testing.T) { signer, err := NewPasetoPublicSigner(WithPasetoPublicSecretKey(secret)) if err != nil { - t.Fatalf("expected signer, got error: %v", err) + t.Fatalf(errMsgExpectedSigner, err) } - if _, err := signer.Sign(&missingExp); !errors.Is(err, ErrPasetoMissingExpiry) { + _, err = signer.Sign(&missingExp) + if !errors.Is(err, ErrPasetoMissingExpiry) { t.Fatalf("expected ErrPasetoMissingExpiry, got %v", err) } } diff --git a/pkg/converters/convert_test.go b/pkg/converters/convert_test.go index f80db2b..d6e3924 100644 --- a/pkg/converters/convert_test.go +++ b/pkg/converters/convert_test.go @@ -5,57 +5,74 @@ import ( "testing" ) +const ( + errMsgNegativeInput = "expected error for negative input" + errMsgOverflow = "expected overflow error" + errMsgUnexpected = "unexpected error: %v" + errMsgUnexpectedValue = "expected %v, got %d" +) + +const ( + testValue = 42 + testValueInt64 = 123 + int8Value = 12 +) + func TestSafeUint64FromInt(t *testing.T) { t.Parallel() value, err := SafeUint64FromInt(10) if err != nil { - t.Fatalf("unexpected error: %v", err) + t.Fatalf(errMsgUnexpected, err) } if value != 10 { t.Fatalf("expected 10, got %d", value) } - if _, err = SafeUint64FromInt(-1); err == nil { - t.Fatalf("expected error for negative input") + _, err = SafeUint64FromInt(-1) + if err == nil { + t.Fatal(errMsgNegativeInput) } } func TestSafeUint64FromInt64(t *testing.T) { t.Parallel() - value, err := SafeUint64FromInt64(42) + value, err := SafeUint64FromInt64(testValue) if err != nil { - t.Fatalf("unexpected error: %v", err) + t.Fatalf(errMsgUnexpected, err) } - if value != 42 { - t.Fatalf("expected 42, got %d", value) + if value != testValue { + t.Fatalf(errMsgUnexpectedValue, testValue, value) } - if _, err = SafeUint64FromInt64(-5); err == nil { - t.Fatalf("expected error for negative input") + _, err = SafeUint64FromInt64(-5) + if err == nil { + t.Fatal(errMsgNegativeInput) } } func TestSafeIntFromInt64(t *testing.T) { t.Parallel() - value, err := SafeIntFromInt64(123) + value, err := SafeIntFromInt64(testValueInt64) if err != nil { - t.Fatalf("unexpected error: %v", err) + t.Fatalf(errMsgUnexpected, err) } - if value != 123 { - t.Fatalf("expected 123, got %d", value) + if value != testValueInt64 { + t.Fatalf(errMsgUnexpectedValue, testValueInt64, value) } maxInt := int64(^uint(0) >> 1) if maxInt < math.MaxInt64 { overflowCandidate := maxInt + 1 - if _, err = SafeIntFromInt64(overflowCandidate); err == nil { - t.Fatalf("expected overflow error") + + _, err = SafeIntFromInt64(overflowCandidate) + if err == nil { + t.Fatal(errMsgOverflow) } } } @@ -63,17 +80,18 @@ func TestSafeIntFromInt64(t *testing.T) { func TestSafeUintFromInt64(t *testing.T) { t.Parallel() - value, err := SafeUintFromInt64(42) + value, err := SafeUintFromInt64(testValue) if err != nil { - t.Fatalf("unexpected error: %v", err) + t.Fatalf(errMsgUnexpected, err) } - if value != 42 { - t.Fatalf("expected 42, got %d", value) + if value != testValue { + t.Fatalf(errMsgUnexpectedValue, testValue, value) } - if _, err = SafeUintFromInt64(-1); err == nil { - t.Fatalf("expected error for negative input") + _, err = SafeUintFromInt64(-1) + if err == nil { + t.Fatal(errMsgNegativeInput) } maxUint := uint64(^uint(0)) @@ -81,8 +99,10 @@ func TestSafeUintFromInt64(t *testing.T) { maxInt64 := uint64(^uint64(0) >> 1) if maxUint < maxInt64 { overflowCandidate := int64(maxUint) + 1 - if _, err = SafeUintFromInt64(overflowCandidate); err == nil { - t.Fatalf("expected overflow error") + + _, err = SafeUintFromInt64(overflowCandidate) + if err == nil { + t.Fatal(errMsgOverflow) } } } @@ -90,238 +110,256 @@ func TestSafeUintFromInt64(t *testing.T) { func TestSafeUint32FromInt64(t *testing.T) { t.Parallel() - value, err := SafeUint32FromInt64(42) + value, err := SafeUint32FromInt64(testValue) if err != nil { - t.Fatalf("unexpected error: %v", err) + t.Fatalf(errMsgUnexpected, err) } - if value != 42 { - t.Fatalf("expected 42, got %d", value) + if value != testValue { + t.Fatalf(errMsgUnexpectedValue, testValue, value) } - if _, err = SafeUint32FromInt64(-1); err == nil { - t.Fatalf("expected error for negative input") + _, err = SafeUint32FromInt64(-1) + if err == nil { + t.Fatal(errMsgNegativeInput) } - if _, err = SafeUint32FromInt64(int64(^uint32(0)) + 1); err == nil { - t.Fatalf("expected overflow error") + _, err = SafeUint32FromInt64(int64(^uint32(0)) + 1) + if err == nil { + t.Fatal(errMsgOverflow) } } func TestSafeUint16FromInt64(t *testing.T) { t.Parallel() - value, err := SafeUint16FromInt64(42) + value, err := SafeUint16FromInt64(testValue) if err != nil { - t.Fatalf("unexpected error: %v", err) + t.Fatalf(errMsgUnexpected, err) } - if value != 42 { - t.Fatalf("expected 42, got %d", value) + if value != testValue { + t.Fatalf(errMsgUnexpectedValue, testValue, value) } - if _, err = SafeUint16FromInt64(-1); err == nil { - t.Fatalf("expected error for negative input") + _, err = SafeUint16FromInt64(-1) + if err == nil { + t.Fatal(errMsgNegativeInput) } - if _, err = SafeUint16FromInt64(int64(^uint16(0)) + 1); err == nil { - t.Fatalf("expected overflow error") + _, err = SafeUint16FromInt64(int64(^uint16(0)) + 1) + if err == nil { + t.Fatal(errMsgOverflow) } } func TestSafeUint8FromInt64(t *testing.T) { t.Parallel() - value, err := SafeUint8FromInt64(42) + value, err := SafeUint8FromInt64(testValue) if err != nil { - t.Fatalf("unexpected error: %v", err) + t.Fatalf(errMsgUnexpected, err) } - if value != 42 { - t.Fatalf("expected 42, got %d", value) + if value != testValue { + t.Fatalf(errMsgUnexpectedValue, testValue, value) } - if _, err = SafeUint8FromInt64(-1); err == nil { - t.Fatalf("expected error for negative input") + _, err = SafeUint8FromInt64(-1) + if err == nil { + t.Fatal(errMsgNegativeInput) } - if _, err = SafeUint8FromInt64(int64(^uint8(0)) + 1); err == nil { - t.Fatalf("expected overflow error") + _, err = SafeUint8FromInt64(int64(^uint8(0)) + 1) + if err == nil { + t.Fatal(errMsgOverflow) } } func TestSafeIntFromUint64(t *testing.T) { t.Parallel() - value, err := SafeIntFromUint64(123) + value, err := SafeIntFromUint64(testValueInt64) if err != nil { - t.Fatalf("unexpected error: %v", err) + t.Fatalf(errMsgUnexpected, err) } - if value != 123 { - t.Fatalf("expected 123, got %d", value) + if value != testValueInt64 { + t.Fatalf(errMsgUnexpectedValue, testValueInt64, value) } maxInt := uint64(^uint(0) >> 1) - if _, err = SafeIntFromUint64(maxInt + 1); err == nil { - t.Fatalf("expected overflow error") + + _, err = SafeIntFromUint64(maxInt + 1) + if err == nil { + t.Fatal(errMsgOverflow) } } func TestSafeInt32FromInt64(t *testing.T) { t.Parallel() - value, err := SafeInt32FromInt64(123) + value, err := SafeInt32FromInt64(testValueInt64) if err != nil { - t.Fatalf("unexpected error: %v", err) + t.Fatalf(errMsgUnexpected, err) } - if value != 123 { - t.Fatalf("expected 123, got %d", value) + if value != testValueInt64 { + t.Fatalf(errMsgUnexpectedValue, testValueInt64, value) } - if _, err = SafeInt32FromInt64(int64(1 << 31)); err == nil { - t.Fatalf("expected overflow error") + _, err = SafeInt32FromInt64(int64(1 << 31)) + if err == nil { + t.Fatal(errMsgOverflow) } } func TestSafeInt16FromInt64(t *testing.T) { t.Parallel() - value, err := SafeInt16FromInt64(123) + value, err := SafeInt16FromInt64(testValueInt64) if err != nil { - t.Fatalf("unexpected error: %v", err) + t.Fatalf(errMsgUnexpected, err) } - if value != 123 { - t.Fatalf("expected 123, got %d", value) + if value != testValueInt64 { + t.Fatalf(errMsgUnexpectedValue, testValueInt64, value) } - if _, err = SafeInt16FromInt64(int64(1 << 15)); err == nil { - t.Fatalf("expected overflow error") + _, err = SafeInt16FromInt64(int64(1 << 15)) + if err == nil { + t.Fatal(errMsgOverflow) } } func TestSafeInt8FromInt64(t *testing.T) { t.Parallel() - value, err := SafeInt8FromInt64(12) + value, err := SafeInt8FromInt64(int8Value) if err != nil { - t.Fatalf("unexpected error: %v", err) + t.Fatalf(errMsgUnexpected, err) } - if value != 12 { - t.Fatalf("expected 12, got %d", value) + if value != int8Value { + t.Fatalf(errMsgUnexpectedValue, int8Value, value) } - if _, err = SafeInt8FromInt64(int64(1 << 7)); err == nil { - t.Fatalf("expected overflow error") + _, err = SafeInt8FromInt64(int64(1 << 7)) + if err == nil { + t.Fatal(errMsgOverflow) } } func TestSafeInt64FromUint64(t *testing.T) { t.Parallel() - value, err := SafeInt64FromUint64(123) + value, err := SafeInt64FromUint64(testValueInt64) if err != nil { - t.Fatalf("unexpected error: %v", err) + t.Fatalf(errMsgUnexpected, err) } - if value != 123 { - t.Fatalf("expected 123, got %d", value) + if value != testValueInt64 { + t.Fatalf(errMsgUnexpectedValue, testValueInt64, value) } - if _, err = SafeInt64FromUint64(uint64(math.MaxInt64) + 1); err == nil { - t.Fatalf("expected overflow error") + _, err = SafeInt64FromUint64(uint64(math.MaxInt64) + 1) + if err == nil { + t.Fatal(errMsgOverflow) } } func TestSafeUint32FromUint64(t *testing.T) { t.Parallel() - value, err := SafeUint32FromUint64(123) + value, err := SafeUint32FromUint64(testValueInt64) if err != nil { - t.Fatalf("unexpected error: %v", err) + t.Fatalf(errMsgUnexpected, err) } - if value != 123 { - t.Fatalf("expected 123, got %d", value) + if value != testValueInt64 { + t.Fatalf(errMsgUnexpectedValue, testValueInt64, value) } - if _, err = SafeUint32FromUint64(uint64(^uint32(0)) + 1); err == nil { - t.Fatalf("expected overflow error") + _, err = SafeUint32FromUint64(uint64(^uint32(0)) + 1) + if err == nil { + t.Fatal(errMsgOverflow) } } func TestToInt64(t *testing.T) { t.Parallel() - value, err := ToInt64(int32(123)) + value, err := ToInt64(int32(testValueInt64)) if err != nil { - t.Fatalf("unexpected error: %v", err) + t.Fatalf(errMsgUnexpected, err) } - if value != 123 { - t.Fatalf("expected 123, got %d", value) + if value != testValueInt64 { + t.Fatalf(errMsgUnexpectedValue, testValueInt64, value) } - value, err = ToInt64(int8(-12)) + value, err = ToInt64(int8(-int8Value)) if err != nil { - t.Fatalf("unexpected error: %v", err) + t.Fatalf(errMsgUnexpected, err) } - if value != -12 { - t.Fatalf("expected -12, got %d", value) + if value != -int8Value { + t.Fatalf(errMsgUnexpectedValue, -int8Value, value) } - if _, err = ToInt64(uint64(math.MaxInt64) + 1); err == nil { - t.Fatalf("expected overflow error") + _, err = ToInt64(uint64(math.MaxInt64) + 1) + if err == nil { + t.Fatal(errMsgOverflow) } } func TestToInt32(t *testing.T) { t.Parallel() - value, err := ToInt32(uint16(42)) + value, err := ToInt32(uint16(testValue)) if err != nil { - t.Fatalf("unexpected error: %v", err) + t.Fatalf(errMsgUnexpected, err) } - if value != 42 { - t.Fatalf("expected 42, got %d", value) + if value != testValue { + t.Fatalf(errMsgUnexpectedValue, testValue, value) } - if _, err = ToInt32(uint64(1<<31) + 1); err == nil { - t.Fatalf("expected overflow error") + _, err = ToInt32(uint64(1<<31) + 1) + if err == nil { + t.Fatal(errMsgOverflow) } - if _, err = ToInt32(int64(-1<<31) - 1); err == nil { - t.Fatalf("expected overflow error") + _, err = ToInt32(int64(-1<<31) - 1) + if err == nil { + t.Fatal(errMsgOverflow) } } func TestToInt(t *testing.T) { t.Parallel() - value, err := ToInt(uint16(42)) + value, err := ToInt(uint16(testValue)) if err != nil { - t.Fatalf("unexpected error: %v", err) + t.Fatalf(errMsgUnexpected, err) } - if value != 42 { - t.Fatalf("expected 42, got %d", value) + if value != testValue { + t.Fatalf(errMsgUnexpectedValue, testValue, value) } maxInt := int64(^uint(0) >> 1) minInt := -maxInt - 1 - - if _, err = ToInt(uint64(maxInt) + 1); err == nil { - t.Fatalf("expected overflow error") + //nolint:gosec + _, err = ToInt(uint64(maxInt) + 1) + if err == nil { + t.Fatal(errMsgOverflow) } if minInt > math.MinInt64 { - if _, err = ToInt(minInt - 1); err == nil { - t.Fatalf("expected overflow error") + _, err = ToInt(minInt - 1) + if err == nil { + t.Fatal(errMsgOverflow) } } } @@ -329,61 +367,66 @@ func TestToInt(t *testing.T) { func TestToUint64(t *testing.T) { t.Parallel() - value, err := ToUint64(int32(42)) + value, err := ToUint64(int32(testValue)) if err != nil { - t.Fatalf("unexpected error: %v", err) + t.Fatalf(errMsgUnexpected, err) } - if value != 42 { - t.Fatalf("expected 42, got %d", value) + if value != testValue { + t.Fatalf(errMsgUnexpectedValue, testValue, value) } - if _, err = ToUint64(int64(-1)); err == nil { - t.Fatalf("expected error for negative input") + _, err = ToUint64(int64(-1)) + if err == nil { + t.Fatal(errMsgNegativeInput) } } func TestToUint32(t *testing.T) { t.Parallel() - value, err := ToUint32(uint16(42)) + value, err := ToUint32(uint16(testValue)) if err != nil { - t.Fatalf("unexpected error: %v", err) + t.Fatalf(errMsgUnexpected, err) } - if value != 42 { - t.Fatalf("expected 42, got %d", value) + if value != testValue { + t.Fatalf(errMsgUnexpectedValue, testValue, value) } - if _, err = ToUint32(int64(-1)); err == nil { - t.Fatalf("expected error for negative input") + _, err = ToUint32(int64(-1)) + if err == nil { + t.Fatal(errMsgNegativeInput) } - if _, err = ToUint32(uint64(^uint32(0)) + 1); err == nil { - t.Fatalf("expected overflow error") + _, err = ToUint32(uint64(^uint32(0)) + 1) + if err == nil { + t.Fatal(errMsgOverflow) } } func TestToUint(t *testing.T) { t.Parallel() - value, err := ToUint(uint16(42)) + value, err := ToUint(uint16(testValue)) if err != nil { - t.Fatalf("unexpected error: %v", err) + t.Fatalf(errMsgUnexpected, err) } - if value != 42 { - t.Fatalf("expected 42, got %d", value) + if value != testValue { + t.Fatalf(errMsgUnexpectedValue, testValue, value) } - if _, err = ToUint(int64(-1)); err == nil { - t.Fatalf("expected error for negative input") + _, err = ToUint(int64(-1)) + if err == nil { + t.Fatal(errMsgNegativeInput) } maxUint := uint64(^uint(0)) if maxUint < math.MaxUint64 { - if _, err = ToUint(maxUint + 1); err == nil { - t.Fatalf("expected overflow error") + _, err = ToUint(maxUint + 1) + if err == nil { + t.Fatal(errMsgOverflow) } } } diff --git a/pkg/encoding/encoding_test.go b/pkg/encoding/encoding_test.go index 08610b3..828bb7f 100644 --- a/pkg/encoding/encoding_test.go +++ b/pkg/encoding/encoding_test.go @@ -6,6 +6,8 @@ import ( "testing" ) +const errMsgUnexpected = "expected decoded, got %v" + func TestBase64EncodeDecode(t *testing.T) { t.Parallel() @@ -18,7 +20,7 @@ func TestBase64EncodeDecode(t *testing.T) { decoded, err := DecodeBase64(encoded) if err != nil { - t.Fatalf("expected decoded, got %v", err) + t.Fatalf(errMsgUnexpected, err) } if string(decoded) != string(input) { @@ -56,7 +58,7 @@ func TestHexEncodeDecode(t *testing.T) { decoded, err := DecodeHex(encoded) if err != nil { - t.Fatalf("expected decoded, got %v", err) + t.Fatalf(errMsgUnexpected, err) } if string(decoded) != string(input) { @@ -95,8 +97,10 @@ func TestDecodeJSON(t *testing.T) { } var result payload - if err := DecodeJSON(data, &result); err != nil { - t.Fatalf("expected decoded, got %v", err) + + err = DecodeJSON(data, &result) + if err != nil { + t.Fatalf(errMsgUnexpected, err) } if result.Name != "alpha" { @@ -134,7 +138,7 @@ func TestDecodeJSONAllowUnknown(t *testing.T) { WithJSONAllowUnknownFields(true), ) if err != nil { - t.Fatalf("expected decoded, got %v", err) + t.Fatalf(errMsgUnexpected, err) } } @@ -181,7 +185,7 @@ func TestDecodeJSONReader(t *testing.T) { err := DecodeJSONReader(reader, &result) if err != nil { - t.Fatalf("expected decoded, got %v", err) + t.Fatalf(errMsgUnexpected, err) } if result.Name != "alpha" { diff --git a/pkg/io/copy_test.go b/pkg/io/copy_test.go index 6652761..d379b22 100644 --- a/pkg/io/copy_test.go +++ b/pkg/io/copy_test.go @@ -22,8 +22,12 @@ func TestSecureCopyFileDefaultOptions(t *testing.T) { destPath := filepath.Join(os.TempDir(), destName) - t.Cleanup(func() { _ = os.Remove(destPath) }) + t.Cleanup(func() { + err = os.Remove(destPath) + require.NoError(t, err) + }) + //nolint:gosec readData, err := os.ReadFile(destPath) require.NoError(t, err) require.Equal(t, data, readData) @@ -65,5 +69,8 @@ func TestSecureCopyFileVerifyChecksum(t *testing.T) { destPath := filepath.Join(os.TempDir(), destName) - t.Cleanup(func() { _ = os.Remove(destPath) }) + t.Cleanup(func() { + err = os.Remove(destPath) + require.NoError(t, err) + }) } diff --git a/pkg/io/dir_test.go b/pkg/io/dir_test.go index 53c1be5..aab6f21 100644 --- a/pkg/io/dir_test.go +++ b/pkg/io/dir_test.go @@ -51,7 +51,10 @@ func TestSecureMkdirAllDefaultOptions(t *testing.T) { dirPath := filepath.Join(os.TempDir(), dirName) - t.Cleanup(func() { _ = os.RemoveAll(dirPath) }) + t.Cleanup(func() { + err = os.RemoveAll(dirPath) + require.NoError(t, err) + }) info, err := os.Stat(dirPath) require.NoError(t, err) diff --git a/pkg/io/file_bench_test.go b/pkg/io/file_bench_test.go index fbcd025..65150e6 100644 --- a/pkg/io/file_bench_test.go +++ b/pkg/io/file_bench_test.go @@ -4,6 +4,8 @@ import ( "os" "path/filepath" "testing" + + "github.com/stretchr/testify/require" ) func BenchmarkSecureReadFile(b *testing.B) { @@ -17,15 +19,25 @@ func BenchmarkSecureReadFile(b *testing.B) { b.Fatalf("failed to create temp file: %v", err) } - defer func() { _ = os.Remove(file.Name()) }() + defer func() { + err = os.Remove(file.Name()) + if err != nil { + b.Fatalf("failed to remove temp file: %v", err) + } + }() - if _, err := file.Write(data); err != nil { - _ = file.Close() + _, err = file.Write(data) + if err != nil { + err = file.Close() + if err != nil { + b.Fatalf("failed to close temp file: %v", err) + } b.Fatalf("failed to write temp data: %v", err) } - if err := file.Close(); err != nil { + err = file.Close() + if err != nil { b.Fatalf("failed to close temp file: %v", err) } @@ -61,18 +73,23 @@ func BenchmarkSecureWriteFile(b *testing.B) { } path := file.Name() - if err := file.Close(); err != nil { - _ = os.Remove(path) + + err = file.Close() + if err != nil { + err = os.Remove(path) + require.NoError(b, err) b.Fatalf("failed to close temp file: %v", err) } - if err := os.Remove(path); err != nil { + err = os.Remove(path) + if err != nil { b.Fatalf("failed to remove temp file: %v", err) } b.Cleanup(func() { - _ = os.Remove(path) + err = os.Remove(path) + require.NoError(b, err) }) relPath, err := filepath.Rel(os.TempDir(), path) diff --git a/pkg/io/file_test.go b/pkg/io/file_test.go index d448792..63641f5 100644 --- a/pkg/io/file_test.go +++ b/pkg/io/file_test.go @@ -216,8 +216,13 @@ func TestSecureWriteFileDefaultOptions(t *testing.T) { err := client.WriteFile(filename, data) require.NoError(t, err) - defer func() { _ = os.Remove(filepath.Join(os.TempDir(), filename)) }() - + defer func() { + err = os.Remove(filepath.Join(os.TempDir(), filename)) + if err != nil { + t.Fatalf("failed to remove temp file: %v", err) + } + }() + //nolint:gosec readData, err := os.ReadFile(filepath.Join(os.TempDir(), filename)) require.NoError(t, err) assert.Equal(t, data, readData) @@ -235,8 +240,13 @@ func TestSecureWriteFileDisableAtomic(t *testing.T) { err = client.WriteFile(filename, data) require.NoError(t, err) - defer func() { _ = os.Remove(filepath.Join(os.TempDir(), filename)) }() - + defer func() { + err = os.Remove(filepath.Join(os.TempDir(), filename)) + if err != nil { + t.Fatalf("failed to remove temp file: %v", err) + } + }() + //nolint:gosec readData, err := os.ReadFile(filepath.Join(os.TempDir(), filename)) require.NoError(t, err) assert.Equal(t, data, readData) @@ -254,8 +264,13 @@ func TestSecureWriteFileDisableSync(t *testing.T) { err = client.WriteFile(filename, data) require.NoError(t, err) - defer func() { _ = os.Remove(filepath.Join(os.TempDir(), filename)) }() - + defer func() { + err = os.Remove(filepath.Join(os.TempDir(), filename)) + if err != nil { + t.Fatalf("failed to remove temp file: %v", err) + } + }() + //nolint:gosec readData, err := os.ReadFile(filepath.Join(os.TempDir(), filename)) require.NoError(t, err) assert.Equal(t, data, readData) @@ -267,7 +282,12 @@ func TestSecureWriteFileSyncDir(t *testing.T) { filename := filepath.Base(uniqueTempPath(t, "sectools-syncdir-")) data := []byte("sync-dir") - t.Cleanup(func() { _ = os.Remove(filepath.Join(os.TempDir(), filename)) }) + t.Cleanup(func() { + err := os.Remove(filepath.Join(os.TempDir(), filename)) + if err != nil { + t.Fatalf("failed to remove temp file: %v", err) + } + }) client, err := NewWithOptions(WithWriteSyncDir(true)) require.NoError(t, err) @@ -278,7 +298,7 @@ func TestSecureWriteFileSyncDir(t *testing.T) { } require.NoError(t, err) - + //nolint:gosec readData, err := os.ReadFile(filepath.Join(os.TempDir(), filename)) require.NoError(t, err) assert.Equal(t, data, readData) @@ -332,8 +352,13 @@ func TestSecureWriteFromReaderDefaultOptions(t *testing.T) { err := client.WriteFromReader(filename, strings.NewReader(data)) require.NoError(t, err) - t.Cleanup(func() { _ = os.Remove(filepath.Join(os.TempDir(), filename)) }) - + t.Cleanup(func() { + err = os.Remove(filepath.Join(os.TempDir(), filename)) + if err != nil { + t.Fatalf("failed to remove temp file: %v", err) + } + }) + //nolint:gosec readData, err := os.ReadFile(filepath.Join(os.TempDir(), filename)) require.NoError(t, err) assert.Equal(t, []byte(data), readData) @@ -363,7 +388,7 @@ func TestSecureReadFileWithOptionsDisallowPerms(t *testing.T) { } absPath, relPath := createTempFile(t, []byte("secret")) - + //nolint:gosec require.NoError(t, os.Chmod(absPath, 0o644)) client, err := NewWithOptions(WithReadDisallowPerms(0o004)) @@ -373,7 +398,7 @@ func TestSecureReadFileWithOptionsDisallowPerms(t *testing.T) { require.ErrorIs(t, err, ErrPermissionsNotAllowed) } -func createTempFile(t *testing.T, data []byte) (string, string) { +func createTempFile(t *testing.T, data []byte) (filename, relPath string) { t.Helper() file, err := os.CreateTemp(t.TempDir(), "sectools-file-*") @@ -385,24 +410,20 @@ func createTempFile(t *testing.T, data []byte) (string, string) { require.NoError(t, file.Close()) t.Cleanup(func() { + //nolint:errcheck _ = os.Remove(file.Name()) }) - relPath, err := filepath.Rel(os.TempDir(), file.Name()) + relPath, err = filepath.Rel(os.TempDir(), file.Name()) require.NoError(t, err) return file.Name(), relPath } -func createTempDir(t *testing.T) (string, string) { +func createTempDir(t *testing.T) (dir, relPath string) { t.Helper() - dir, err := os.MkdirTemp("", "sectools-dir-*") - require.NoError(t, err) - - t.Cleanup(func() { - _ = os.RemoveAll(dir) - }) + dir = t.TempDir() relPath, err := filepath.Rel(os.TempDir(), dir) require.NoError(t, err) @@ -410,6 +431,7 @@ func createTempDir(t *testing.T) (string, string) { return dir, relPath } +//nolint:revive,unparam func createTempSymlink(t *testing.T, data []byte) (string, string, string) { t.Helper() @@ -422,7 +444,8 @@ func createTempSymlink(t *testing.T, data []byte) (string, string, string) { } t.Cleanup(func() { - _ = os.Remove(linkAbs) + err = os.Remove(linkAbs) + require.NoError(t, err) }) return targetAbs, linkAbs, filepath.Base(linkAbs) diff --git a/pkg/io/temp_test.go b/pkg/io/temp_test.go index b3ea117..9357d3a 100644 --- a/pkg/io/temp_test.go +++ b/pkg/io/temp_test.go @@ -17,7 +17,13 @@ func TestSecureTempFileDefaultOptions(t *testing.T) { require.NoError(t, err) require.NotNil(t, file) - t.Cleanup(func() { _ = os.Remove(file.Name()) }) + t.Cleanup(func() { + err := os.Remove(file.Name()) + if err != nil { + t.Fatalf("failed to remove temp file: %v", err) + } + }) + require.NoError(t, file.Close()) require.True(t, strings.HasPrefix(file.Name(), os.TempDir())) @@ -30,7 +36,10 @@ func TestSecureTempDirDefaultOptions(t *testing.T) { dir, err := client.TempDir("sectools-tempdir-") require.NoError(t, err) - t.Cleanup(func() { _ = os.RemoveAll(dir) }) + t.Cleanup(func() { + err = os.RemoveAll(dir) + require.NoError(t, err) + }) info, err := os.Stat(dir) require.NoError(t, err) diff --git a/pkg/memory/reader_test.go b/pkg/memory/reader_test.go index 6979b2e..3a34922 100644 --- a/pkg/memory/reader_test.go +++ b/pkg/memory/reader_test.go @@ -5,8 +5,12 @@ import ( "errors" "strings" "testing" + + "github.com/hyp3rd/ewrap" ) +const errMsgUnexpected = "unexpected error: %v" + func TestNewSecureBufferFromReader(t *testing.T) { t.Parallel() @@ -14,7 +18,7 @@ func TestNewSecureBufferFromReader(t *testing.T) { buf, err := NewSecureBufferFromReader(bytes.NewReader(input), int64(len(input))) if err != nil { - t.Fatalf("unexpected error: %v", err) + t.Fatalf(errMsgUnexpected, err) } if got := buf.Bytes(); !bytes.Equal(got, input) { @@ -54,7 +58,7 @@ func TestNewSecureBufferFromReaderNilReader(t *testing.T) { func TestNewSecureBufferFromReaderReadError(t *testing.T) { t.Parallel() - readErr := errors.New("boom") + readErr := ewrap.New("boom") reader := errorReader{err: readErr} _, err := NewSecureBufferFromReader(reader, 10) @@ -63,7 +67,7 @@ func TestNewSecureBufferFromReaderReadError(t *testing.T) { } if !strings.Contains(err.Error(), "failed to read data") { - t.Fatalf("unexpected error: %v", err) + t.Fatalf(errMsgUnexpected, err) } } diff --git a/pkg/memory/secure_buffer_test.go b/pkg/memory/secure_buffer_test.go index 1f98656..780a290 100644 --- a/pkg/memory/secure_buffer_test.go +++ b/pkg/memory/secure_buffer_test.go @@ -15,20 +15,20 @@ func TestNewSecureBuffer(t *testing.T) { // Verify data was copied correctly if !bytes.Equal(buf.data, originalData) { - t.Errorf("Expected buffer data to equal original data") + t.Error("Expected buffer data to equal original data") } // Verify the buffer is using a different memory location originalData[0] = 'X' if buf.data[0] == 'X' { - t.Errorf("Buffer should contain a copy of the data, not a reference") + t.Error("Buffer should contain a copy of the data, not a reference") } // Test with empty data emptyBuf := NewSecureBuffer([]byte{}) if len(emptyBuf.data) != 0 { - t.Errorf("Expected empty buffer for empty input") + t.Error("Expected empty buffer for empty input") } } @@ -44,7 +44,7 @@ func TestClear(t *testing.T) { // Verify data was cleared if buf.data != nil { - t.Errorf("Buffer data should be nil after clearing") + t.Error("Buffer data should be nil after clearing") } // Test clearing an already cleared buffer @@ -59,7 +59,7 @@ func TestClearFast(t *testing.T) { buf.ClearFast() if buf.data != nil { - t.Errorf("Buffer data should be nil after fast clearing") + t.Error("Buffer data should be nil after fast clearing") } buf.ClearFast() // Should not panic @@ -77,12 +77,12 @@ func TestBytes(t *testing.T) { // Verify data matches if !bytes.Equal(retrievedData, testData) { - t.Errorf("Retrieved data doesn't match original data") + t.Error("Retrieved data doesn't match original data") } retrievedAlias := buf.Bytes() if !bytes.Equal(retrievedAlias, testData) { - t.Errorf("Bytes alias mismatch") + t.Error("Bytes alias mismatch") } } @@ -99,11 +99,11 @@ func TestString(t *testing.T) { // Verify string matches if str != string(testData) { - t.Errorf("String representation doesn't match original data") + t.Error("String representation doesn't match original data") } if unsafeStr != string(testData) { - t.Errorf("Unsafe string representation doesn't match original data") + t.Error("Unsafe string representation doesn't match original data") } } @@ -120,7 +120,7 @@ func TestFinalizer(t *testing.T) { }() // Force garbage collection - runtime.GC() + runtime.GC() //nolint:revive // We can't actually verify the Clear() was called by the finalizer // since we don't have access to the buffer anymore, but this at least @@ -132,7 +132,7 @@ func TestSecureBufferNilInput(t *testing.T) { buf := NewSecureBuffer(nil) if len(buf.data) != 0 { - t.Errorf("Expected 0 len data for nil input") + t.Error("Expected 0 len data for nil input") } } @@ -146,7 +146,7 @@ func TestSecureBufferLargeData(t *testing.T) { buf := NewSecureBuffer(largeData) if len(buf.data) != len(largeData) { - t.Errorf("Buffer size mismatch for large data") + t.Error("Buffer size mismatch for large data") } for i := range largeData { @@ -166,13 +166,13 @@ func TestSecureBufferMultipleCopies(t *testing.T) { buf2 := NewSecureBuffer(buf1.BytesCopy()) if !bytes.Equal(buf1.data, buf2.data) { - t.Errorf("Data mismatch between buffer copies") + t.Error("Data mismatch between buffer copies") } buf1.Clear() if buf2.data == nil { - t.Errorf("Clearing one buffer should not affect others") + t.Error("Clearing one buffer should not affect others") } } @@ -210,11 +210,11 @@ func TestSecureBufferZeroLengthData(t *testing.T) { buf := NewSecureBuffer(make([]byte, 0)) if buf.data == nil { - t.Errorf("Zero length buffer should not be nil") + t.Error("Zero length buffer should not be nil") } if len(buf.data) != 0 { - t.Errorf("Zero length buffer should have length 0") + t.Error("Zero length buffer should have length 0") } } @@ -226,18 +226,18 @@ func TestSecureBufferStringWithNonUTF8(t *testing.T) { str := buf.UnsafeString() if len(str) != len(invalidUTF8) { - t.Errorf("String length mismatch for non-UTF8 data") + t.Error("String length mismatch for non-UTF8 data") } } func TestZeroBytes(t *testing.T) { t.Parallel() - + //nolint:revive data := []byte{1, 2, 3, 4} ZeroBytes(data) if !bytes.Equal(data, []byte{0, 0, 0, 0}) { - t.Errorf("Expected zeroed bytes") + t.Error("Expected zeroed bytes") } ZeroBytes(nil) // Should not panic diff --git a/pkg/mfa/backup_test.go b/pkg/mfa/backup_test.go index 56e33d4..1b214f5 100644 --- a/pkg/mfa/backup_test.go +++ b/pkg/mfa/backup_test.go @@ -105,6 +105,7 @@ func TestBackupCodeInvalidAlphabet(t *testing.T) { } } +//nolint:revive func TestBackupCodeInvalidOptions(t *testing.T) { t.Parallel() diff --git a/pkg/mfa/hotp_test.go b/pkg/mfa/hotp_test.go index 287a241..26f2b65 100644 --- a/pkg/mfa/hotp_test.go +++ b/pkg/mfa/hotp_test.go @@ -9,7 +9,13 @@ import ( const ( hotpTestIssuer = "sectools" hotpTestAccount = "user@example.com" - hotpTestSecret = "JBSWY3DPEHPK3PXPJBSWY3DPEHPK3PXP" // cspell:disable-line + //nolint:gosec + hotpTestSecret = "JBSWY3DPEHPK3PXPJBSWY3DPEHPK3PXP" // cspell:disable-line +) + +const ( + errExpectedCode = "expected code, got %v" + errExpectedHelper = "expected hotp helper, got %v" ) func TestHOTPGenerateAndVerify(t *testing.T) { @@ -17,14 +23,14 @@ func TestHOTPGenerateAndVerify(t *testing.T) { helper, err := NewHOTP(hotpTestSecret) if err != nil { - t.Fatalf("expected hotp helper, got %v", err) + t.Fatalf(errExpectedHelper, err) } counter := uint64(1) code, err := helper.Generate(counter) if err != nil { - t.Fatalf("expected code, got %v", err) + t.Fatalf(errExpectedCode, err) } ok, next, err := helper.Verify(code, counter) @@ -46,14 +52,14 @@ func TestHOTPVerifyWindow(t *testing.T) { helper, err := NewHOTP(hotpTestSecret, WithHOTPWindow(1)) if err != nil { - t.Fatalf("expected hotp helper, got %v", err) + t.Fatalf(errExpectedHelper, err) } counter := uint64(5) code, err := helper.Generate(counter + 1) if err != nil { - t.Fatalf("expected code, got %v", err) + t.Fatalf(errExpectedCode, err) } ok, next, err := helper.Verify(code, counter) @@ -75,19 +81,19 @@ func TestHOTPResync(t *testing.T) { helper, err := NewHOTP(hotpTestSecret, WithHOTPResyncWindow(3)) if err != nil { - t.Fatalf("expected hotp helper, got %v", err) + t.Fatalf(errExpectedHelper, err) } counter := uint64(5) code1, err := helper.Generate(counter + 2) if err != nil { - t.Fatalf("expected code, got %v", err) + t.Fatalf(errExpectedCode, err) } code2, err := helper.Generate(counter + 3) if err != nil { - t.Fatalf("expected code, got %v", err) + t.Fatalf(errExpectedCode, err) } ok, next, err := helper.Resync(code1, code2, counter) @@ -109,19 +115,19 @@ func TestHOTPResyncRejectsNonConsecutive(t *testing.T) { helper, err := NewHOTP(hotpTestSecret, WithHOTPResyncWindow(3)) if err != nil { - t.Fatalf("expected hotp helper, got %v", err) + t.Fatalf(errExpectedHelper, err) } counter := uint64(5) code1, err := helper.Generate(counter + 1) if err != nil { - t.Fatalf("expected code, got %v", err) + t.Fatalf(errExpectedCode, err) } code2, err := helper.Generate(counter + 3) if err != nil { - t.Fatalf("expected code, got %v", err) + t.Fatalf(errExpectedCode, err) } ok, _, err := helper.Resync(code1, code2, counter) @@ -139,7 +145,7 @@ func TestHOTPInvalidCode(t *testing.T) { helper, err := NewHOTP(hotpTestSecret) if err != nil { - t.Fatalf("expected hotp helper, got %v", err) + t.Fatalf(errExpectedHelper, err) } _, _, err = helper.Verify("invalid", 0) diff --git a/pkg/mfa/rate_limit_test.go b/pkg/mfa/rate_limit_test.go index 45e7732..10849d1 100644 --- a/pkg/mfa/rate_limit_test.go +++ b/pkg/mfa/rate_limit_test.go @@ -4,6 +4,13 @@ import ( "errors" "testing" "time" + + "github.com/hyp3rd/ewrap" +) + +const ( + errMsgExpectedTOTPHelper = "expected totp helper, got %v" + errMsgExpectedErrMFARateLimited = "expected ErrMFARateLimited, got %v" ) type testRateLimiter struct { @@ -25,12 +32,12 @@ func TestTOTPVerifyRateLimited(t *testing.T) { helper, err := NewTOTP(totpTestSecret, WithTOTPRateLimiter(limiter)) if err != nil { - t.Fatalf("expected totp helper, got %v", err) + t.Fatalf(errMsgExpectedTOTPHelper, err) } _, err = helper.Verify("123456") if !errors.Is(err, ErrMFARateLimited) { - t.Fatalf("expected ErrMFARateLimited, got %v", err) + t.Fatalf(errMsgExpectedErrMFARateLimited, err) } if limiter.calls != 1 { @@ -45,12 +52,12 @@ func TestHOTPVerifyRateLimited(t *testing.T) { helper, err := NewHOTP(hotpTestSecret, WithHOTPRateLimiter(limiter)) if err != nil { - t.Fatalf("expected hotp helper, got %v", err) + t.Fatalf(errExpectedHelper, err) } _, _, err = helper.Verify("123456", 0) if !errors.Is(err, ErrMFARateLimited) { - t.Fatalf("expected ErrMFARateLimited, got %v", err) + t.Fatalf(errMsgExpectedErrMFARateLimited, err) } if limiter.calls != 1 { @@ -70,7 +77,7 @@ func TestBackupVerifyRateLimited(t *testing.T) { _, _, err = manager.Verify("ABCD", nil) if !errors.Is(err, ErrMFARateLimited) { - t.Fatalf("expected ErrMFARateLimited, got %v", err) + t.Fatalf(errMsgExpectedErrMFARateLimited, err) } if limiter.calls != 1 { @@ -81,19 +88,19 @@ func TestBackupVerifyRateLimited(t *testing.T) { func TestRateLimiterErrorWraps(t *testing.T) { t.Parallel() - limiter := &testRateLimiter{allow: false, err: errors.New("backend")} + limiter := &testRateLimiter{allow: false, err: ewrap.New("backend")} helper, err := NewTOTP( totpTestSecret, WithTOTPRateLimiter(limiter), - WithTOTPClock(func() time.Time { return time.Now() }), + WithTOTPClock(time.Now), ) if err != nil { - t.Fatalf("expected totp helper, got %v", err) + t.Fatalf(errMsgExpectedTOTPHelper, err) } _, err = helper.Verify("123456") if err == nil || !errors.Is(err, ErrMFARateLimited) { - t.Fatalf("expected ErrMFARateLimited, got %v", err) + t.Fatalf(errMsgExpectedErrMFARateLimited, err) } } diff --git a/pkg/mfa/totp_test.go b/pkg/mfa/totp_test.go index 0936844..fb2e891 100644 --- a/pkg/mfa/totp_test.go +++ b/pkg/mfa/totp_test.go @@ -10,12 +10,13 @@ import ( const ( totpTestIssuer = "sectools" totpTestAccount = "user@example.com" - totpTestSecret = "JBSWY3DPEHPK3PXPJBSWY3DPEHPK3PXP" // cspell:disable-line + //nolint:gosec + totpTestSecret = "JBSWY3DPEHPK3PXPJBSWY3DPEHPK3PXP" // cspell:disable-line ) func TestTOTPGenerateAndVerify(t *testing.T) { t.Parallel() - + //nolint:revive now := time.Date(2024, time.January, 2, 15, 4, 5, 0, time.UTC) clock := func() time.Time { return now @@ -23,12 +24,12 @@ func TestTOTPGenerateAndVerify(t *testing.T) { helper, err := NewTOTP(totpTestSecret, WithTOTPClock(clock)) if err != nil { - t.Fatalf("expected totp helper, got %v", err) + t.Fatalf(errMsgExpectedTOTPHelper, err) } code, err := helper.Generate() if err != nil { - t.Fatalf("expected code, got %v", err) + t.Fatalf(errExpectedCode, err) } ok, err := helper.Verify(code) @@ -57,7 +58,7 @@ func TestTOTPGenerateAndVerify(t *testing.T) { func TestTOTPVerifySkew(t *testing.T) { t.Parallel() - + //nolint:revive now := time.Date(2024, time.January, 2, 15, 4, 5, 0, time.UTC) clock := func() time.Time { return now @@ -65,12 +66,12 @@ func TestTOTPVerifySkew(t *testing.T) { helper, err := NewTOTP(totpTestSecret, WithTOTPClock(clock), WithTOTPAllowedSkew(1)) if err != nil { - t.Fatalf("expected totp helper, got %v", err) + t.Fatalf(errMsgExpectedTOTPHelper, err) } code, err := helper.Generate() if err != nil { - t.Fatalf("expected code, got %v", err) + t.Fatalf(errExpectedCode, err) } now = now.Add(totpDefaultPeriod) @@ -87,7 +88,7 @@ func TestTOTPVerifySkew(t *testing.T) { func TestTOTPVerifyWithStep(t *testing.T) { t.Parallel() - + //nolint:revive now := time.Date(2024, time.January, 2, 15, 4, 5, 0, time.UTC) clock := func() time.Time { return now @@ -95,12 +96,12 @@ func TestTOTPVerifyWithStep(t *testing.T) { helper, err := NewTOTP(totpTestSecret, WithTOTPClock(clock)) if err != nil { - t.Fatalf("expected totp helper, got %v", err) + t.Fatalf(errMsgExpectedTOTPHelper, err) } code, err := helper.Generate() if err != nil { - t.Fatalf("expected code, got %v", err) + t.Fatalf(errExpectedCode, err) } ok, step, err := helper.VerifyWithStep(code) @@ -111,7 +112,7 @@ func TestTOTPVerifyWithStep(t *testing.T) { if !ok { t.Fatalf("expected valid code") } - + //nolint:gosec expectedStep := uint64(now.Unix() / int64(totpDefaultPeriod/time.Second)) if step != expectedStep { t.Fatalf("expected step %d, got %d", expectedStep, step) @@ -123,7 +124,7 @@ func TestTOTPInvalidCode(t *testing.T) { helper, err := NewTOTP(totpTestSecret) if err != nil { - t.Fatalf("expected totp helper, got %v", err) + t.Fatalf(errMsgExpectedTOTPHelper, err) } _, err = helper.Verify("invalid") diff --git a/pkg/password/argon2id_test.go b/pkg/password/argon2id_test.go index fc4cf30..e8e88c2 100644 --- a/pkg/password/argon2id_test.go +++ b/pkg/password/argon2id_test.go @@ -32,11 +32,11 @@ func TestArgon2idHashVerify(t *testing.T) { } if !ok { - t.Fatalf("expected password match") + t.Fatal("expected password match") } if needsRehash { - t.Fatalf("expected no rehash with same params") + t.Fatal("expected no rehash with same params") } stronger, err := NewArgon2id(Argon2idParams{ @@ -56,11 +56,11 @@ func TestArgon2idHashVerify(t *testing.T) { } if !ok { - t.Fatalf("expected password match") + t.Fatal("expected password match") } if !needsRehash { - t.Fatalf("expected rehash for stronger params") + t.Fatal("expected rehash for stronger params") } } diff --git a/pkg/password/bcrypt_test.go b/pkg/password/bcrypt_test.go index 5379a6f..6f5a72d 100644 --- a/pkg/password/bcrypt_test.go +++ b/pkg/password/bcrypt_test.go @@ -26,11 +26,11 @@ func TestBcryptHashVerify(t *testing.T) { } if !ok { - t.Fatalf("expected password match") + t.Fatal("expected password match") } if needsRehash { - t.Fatalf("expected no rehash with same cost") + t.Fatal("expected no rehash with same cost") } stronger, err := NewBcrypt(bcrypt.MinCost + 1) @@ -44,11 +44,11 @@ func TestBcryptHashVerify(t *testing.T) { } if !ok { - t.Fatalf("expected password match") + t.Fatal("expected password match") } if !needsRehash { - t.Fatalf("expected rehash with higher cost") + t.Fatal("expected rehash with higher cost") } } diff --git a/pkg/sanitize/nosql_detect_test.go b/pkg/sanitize/nosql_detect_test.go index 7523978..9af7fc8 100644 --- a/pkg/sanitize/nosql_detect_test.go +++ b/pkg/sanitize/nosql_detect_test.go @@ -5,12 +5,16 @@ import ( "testing" ) +const ( + errMsgDetector = "expected detector, got %v" +) + func TestNoSQLInjectionDetectorDefault(t *testing.T) { t.Parallel() detector, err := NewNoSQLInjectionDetector() if err != nil { - t.Fatalf("expected detector, got %v", err) + t.Fatalf(errMsgDetector, err) } err = detector.Detect(`{"username":{"$ne":null}}`) @@ -34,7 +38,7 @@ func TestNoSQLInjectionDetectorCustomOperators(t *testing.T) { detector, err := NewNoSQLInjectionDetector(WithNoSQLDetectOperators("custom")) if err != nil { - t.Fatalf("expected detector, got %v", err) + t.Fatalf(errMsgDetector, err) } err = detector.Detect(`{"$custom":true}`) @@ -48,7 +52,7 @@ func TestNoSQLInjectionDetectorMaxLength(t *testing.T) { detector, err := NewNoSQLInjectionDetector(WithNoSQLDetectMaxLength(1)) if err != nil { - t.Fatalf("expected detector, got %v", err) + t.Fatalf(errMsgDetector, err) } err = detector.Detect("ab") diff --git a/pkg/sanitize/sql_test.go b/pkg/sanitize/sql_test.go index 87f425f..305424e 100644 --- a/pkg/sanitize/sql_test.go +++ b/pkg/sanitize/sql_test.go @@ -97,7 +97,7 @@ func TestSQLInjectionDetector(t *testing.T) { detector, err := NewSQLInjectionDetector() if err != nil { - t.Fatalf("expected detector, got %v", err) + t.Fatalf(errMsgDetector, err) } err = detector.Detect("1 OR 1=1; --") diff --git a/pkg/secrets/secrets_test.go b/pkg/secrets/secrets_test.go index fd38272..f2ab947 100644 --- a/pkg/secrets/secrets_test.go +++ b/pkg/secrets/secrets_test.go @@ -6,12 +6,17 @@ import ( "testing" ) +const ( + errMsgExpectedRedactor = "expected redactor, got %v" + errMsgDetector = "expected detector, got %v" +) + func TestSecretDetectorDetectAny(t *testing.T) { t.Parallel() detector, err := NewSecretDetector() if err != nil { - t.Fatalf("expected detector, got %v", err) + t.Fatalf(errMsgDetector, err) } err = detector.DetectAny("AKIA1234567890ABCD12") @@ -25,7 +30,7 @@ func TestSecretDetectorRedact(t *testing.T) { detector, err := NewSecretDetector() if err != nil { - t.Fatalf("expected detector, got %v", err) + t.Fatalf(errMsgDetector, err) } input := "token=ghp_abcdefghijklmnopqrstuvwxyz1234567890" @@ -49,7 +54,7 @@ func TestRedactorKeys(t *testing.T) { redactor, err := NewRedactor() if err != nil { - t.Fatalf("expected redactor, got %v", err) + t.Fatalf(errMsgExpectedRedactor, err) } fields := map[string]any{ @@ -72,12 +77,12 @@ func TestRedactorDetector(t *testing.T) { detector, err := NewSecretDetector() if err != nil { - t.Fatalf("expected detector, got %v", err) + t.Fatalf(errMsgDetector, err) } redactor, err := NewRedactor(WithRedactionDetector(detector)) if err != nil { - t.Fatalf("expected redactor, got %v", err) + t.Fatalf(errMsgExpectedRedactor, err) } fields := map[string]any{ @@ -96,7 +101,7 @@ func TestSecretDetectorInputTooLong(t *testing.T) { detector, err := NewSecretDetector(WithSecretMaxLength(10)) if err != nil { - t.Fatalf("expected detector, got %v", err) + t.Fatalf(errMsgDetector, err) } longInput := strings.Repeat("a", 11) @@ -283,7 +288,7 @@ func TestSecretDetectorEdgeCases(t *testing.T) { detector, err := NewSecretDetector() if err != nil { - t.Fatalf("expected detector, got %v", err) + t.Fatalf(errMsgDetector, err) } t.Run("empty string", func(t *testing.T) { @@ -332,7 +337,7 @@ func TestRedactorEdgeCases(t *testing.T) { redactor, err := NewRedactor() if err != nil { - t.Fatalf("expected redactor, got %v", err) + t.Fatalf(errMsgExpectedRedactor, err) } t.Run("nil fields", func(t *testing.T) { @@ -373,7 +378,7 @@ func TestWithSecretPattern(t *testing.T) { WithSecretPattern("custom-pattern", `custom-[0-9]{4}`), ) if err != nil { - t.Fatalf("expected detector, got %v", err) + t.Fatalf(errMsgDetector, err) } input := "My custom token is custom-1234" @@ -409,7 +414,7 @@ func TestWithSecretPatterns(t *testing.T) { detector, err := NewSecretDetector(WithSecretPatterns(patterns...)) if err != nil { - t.Fatalf("expected detector, got %v", err) + t.Fatalf(errMsgDetector, err) } input := "Found test-123 and secret-abc" @@ -427,12 +432,12 @@ func TestWithSecretPatterns(t *testing.T) { // TestWithSecretMaxLength tests the WithSecretMaxLength option. func TestWithSecretMaxLength(t *testing.T) { t.Parallel() - + //nolint:revive maxLen := 20 detector, err := NewSecretDetector(WithSecretMaxLength(maxLen)) if err != nil { - t.Fatalf("expected detector, got %v", err) + t.Fatalf(errMsgDetector, err) } t.Run("within limit", func(t *testing.T) { @@ -466,7 +471,7 @@ func TestWithSecretMask(t *testing.T) { detector, err := NewSecretDetector(WithSecretMask(customMask)) if err != nil { - t.Fatalf("expected detector, got %v", err) + t.Fatalf(errMsgDetector, err) } input := "token=ghp_abcdefghijklmnopqrstuvwxyz1234567890" @@ -486,17 +491,19 @@ func TestWithSecretMask(t *testing.T) { } // TestNestedStructureRedaction tests redaction of nested structures. +// +//nolint:funlen func TestNestedStructureRedaction(t *testing.T) { t.Parallel() detector, err := NewSecretDetector() if err != nil { - t.Fatalf("expected detector, got %v", err) + t.Fatalf(errMsgDetector, err) } redactor, err := NewRedactor(WithRedactionDetector(detector)) if err != nil { - t.Fatalf("expected redactor, got %v", err) + t.Fatalf(errMsgExpectedRedactor, err) } t.Run("maps within maps", func(t *testing.T) { @@ -609,7 +616,7 @@ func TestWithRedactionKeys(t *testing.T) { WithRedactionKeys("custom_secret", "private_data"), ) if err != nil { - t.Fatalf("expected redactor, got %v", err) + t.Fatalf(errMsgExpectedRedactor, err) } fields := map[string]any{ @@ -640,7 +647,7 @@ func TestWithRedactionKeys(t *testing.T) { WithRedactionKeys("MySecret"), ) if err != nil { - t.Fatalf("expected redactor, got %v", err) + t.Fatalf(errMsgExpectedRedactor, err) } fields := map[string]any{ @@ -674,7 +681,7 @@ func TestWithRedactionMaxDepth(t *testing.T) { redactor, err := NewRedactor(WithRedactionMaxDepth(2)) if err != nil { - t.Fatalf("expected redactor, got %v", err) + t.Fatalf(errMsgExpectedRedactor, err) } // Create a deeply nested structure (depth > 2) @@ -716,7 +723,7 @@ func TestWithRedactionMaxDepth(t *testing.T) { redactor, err := NewRedactor(WithRedactionMaxDepth(3)) if err != nil { - t.Fatalf("expected redactor, got %v", err) + t.Fatalf(errMsgExpectedRedactor, err) } fields := map[string]any{ diff --git a/pkg/tokens/tokens_test.go b/pkg/tokens/tokens_test.go index e02a4e1..37e7e0d 100644 --- a/pkg/tokens/tokens_test.go +++ b/pkg/tokens/tokens_test.go @@ -6,6 +6,8 @@ import ( "testing" ) +const errMsgValidator = "expected validator, got %v" + func TestTokenGenerateAndValidateBase64(t *testing.T) { t.Parallel() @@ -16,7 +18,7 @@ func TestTokenGenerateAndValidateBase64(t *testing.T) { validator, err := NewValidator() if err != nil { - t.Fatalf("expected validator, got %v", err) + t.Fatalf(errMsgValidator, err) } token, err := generator.Generate() @@ -44,7 +46,7 @@ func TestTokenGenerateHex(t *testing.T) { validator, err := NewValidator(WithTokenEncoding(TokenEncodingHex)) if err != nil { - t.Fatalf("expected validator, got %v", err) + t.Fatalf(errMsgValidator, err) } token, err := generator.Generate() @@ -70,7 +72,7 @@ func TestTokenValidateMaxLength(t *testing.T) { WithTokenMinEntropyBits(8), ) if err != nil { - t.Fatalf("expected validator, got %v", err) + t.Fatalf(errMsgValidator, err) } _, err = validator.Validate("aaaaa") @@ -84,7 +86,7 @@ func TestTokenValidateInsufficientEntropy(t *testing.T) { validator, err := NewValidator(WithTokenMinEntropyBits(128)) if err != nil { - t.Fatalf("expected validator, got %v", err) + t.Fatalf(errMsgValidator, err) } // Note: make([]byte, 8) produces an all-zero token. This test exercises the @@ -103,7 +105,7 @@ func TestTokenValidateMinBytes(t *testing.T) { validator, err := NewValidator(WithTokenMinBytes(32)) if err != nil { - t.Fatalf("expected validator, got %v", err) + t.Fatalf(errMsgValidator, err) } short := base64.RawURLEncoding.EncodeToString(make([]byte, 16)) @@ -119,7 +121,7 @@ func TestTokenValidateWhitespace(t *testing.T) { validator, err := NewValidator() if err != nil { - t.Fatalf("expected validator, got %v", err) + t.Fatalf(errMsgValidator, err) } _, err = validator.Validate("token with space") diff --git a/pkg/validate/email_test.go b/pkg/validate/email_test.go index 914f63d..6787e06 100644 --- a/pkg/validate/email_test.go +++ b/pkg/validate/email_test.go @@ -9,6 +9,12 @@ import ( "golang.org/x/net/idna" ) +const ( + errMsgValidator = "expected validator, got %v" + errMsgValidEmail = "expected valid email, got %v" + testEmail = "user@example.com" +) + type fakeResolver struct { mxRecords map[string][]*net.MX hosts map[string][]string @@ -37,12 +43,12 @@ func TestEmailValidateBasic(t *testing.T) { validator, err := NewEmailValidator() if err != nil { - t.Fatalf("expected validator, got %v", err) + t.Fatalf(errMsgValidator, err) } - result, err := validator.Validate(context.Background(), "user@example.com") + result, err := validator.Validate(context.Background(), testEmail) if err != nil { - t.Fatalf("expected valid email, got %v", err) + t.Fatalf(errMsgValidEmail, err) } if result.DomainASCII != "example.com" { @@ -55,7 +61,7 @@ func TestEmailRejectDisplayName(t *testing.T) { validator, err := NewEmailValidator() if err != nil { - t.Fatalf("expected validator, got %v", err) + t.Fatalf(errMsgValidator, err) } _, err = validator.Validate(context.Background(), "Name ") @@ -69,15 +75,15 @@ func TestEmailAllowDisplayName(t *testing.T) { validator, err := NewEmailValidator(WithEmailAllowDisplayName(true)) if err != nil { - t.Fatalf("expected validator, got %v", err) + t.Fatalf(errMsgValidator, err) } result, err := validator.Validate(context.Background(), "Name ") if err != nil { - t.Fatalf("expected valid email, got %v", err) + t.Fatalf(errMsgValidEmail, err) } - if result.Address != "user@example.com" { + if result.Address != testEmail { t.Fatalf("expected normalized address, got %s", result.Address) } } @@ -87,7 +93,7 @@ func TestEmailInvalidLocalPart(t *testing.T) { validator, err := NewEmailValidator() if err != nil { - t.Fatalf("expected validator, got %v", err) + t.Fatalf(errMsgValidator, err) } _, err = validator.Validate(context.Background(), "user..dot@example.com") @@ -101,7 +107,7 @@ func TestEmailRequireTLD(t *testing.T) { validator, err := NewEmailValidator() if err != nil { - t.Fatalf("expected validator, got %v", err) + t.Fatalf(errMsgValidator, err) } _, err = validator.Validate(context.Background(), "user@localhost") @@ -124,16 +130,16 @@ func TestEmailDomainVerificationMX(t *testing.T) { WithEmailDNSResolver(resolver), ) if err != nil { - t.Fatalf("expected validator, got %v", err) + t.Fatalf(errMsgValidator, err) } - result, err := validator.Validate(context.Background(), "user@example.com") + result, err := validator.Validate(context.Background(), testEmail) if err != nil { - t.Fatalf("expected valid email, got %v", err) + t.Fatalf(errMsgValidEmail, err) } if !result.DomainVerified || !result.VerifiedByMX { - t.Fatalf("expected mx verification") + t.Fatal("expected mx verification") } } @@ -151,16 +157,16 @@ func TestEmailDomainVerificationFallback(t *testing.T) { WithEmailDNSResolver(resolver), ) if err != nil { - t.Fatalf("expected validator, got %v", err) + t.Fatalf(errMsgValidator, err) } - result, err := validator.Validate(context.Background(), "user@example.com") + result, err := validator.Validate(context.Background(), testEmail) if err != nil { - t.Fatalf("expected valid email, got %v", err) + t.Fatalf(errMsgValidEmail, err) } if !result.DomainVerified || !result.VerifiedByA { - t.Fatalf("expected A record verification") + t.Fatal("expected A record verification") } } @@ -174,10 +180,10 @@ func TestEmailDomainVerificationUnverified(t *testing.T) { WithEmailDNSResolver(resolver), ) if err != nil { - t.Fatalf("expected validator, got %v", err) + t.Fatalf(errMsgValidator, err) } - _, err = validator.Validate(context.Background(), "user@example.com") + _, err = validator.Validate(context.Background(), testEmail) if !errors.Is(err, ErrEmailDomainUnverified) { t.Fatalf("expected ErrEmailDomainUnverified, got %v", err) } @@ -188,12 +194,12 @@ func TestEmailAllowIDN(t *testing.T) { validator, err := NewEmailValidator(WithEmailAllowIDN(true)) if err != nil { - t.Fatalf("expected validator, got %v", err) + t.Fatalf(errMsgValidator, err) } result, err := validator.Validate(context.Background(), "user@bücher.example") if err != nil { - t.Fatalf("expected valid email, got %v", err) + t.Fatalf(errMsgValidEmail, err) } ascii, err := idna.Lookup.ToASCII("bücher.example") @@ -211,7 +217,7 @@ func TestEmailIPLiteralDisallowed(t *testing.T) { validator, err := NewEmailValidator() if err != nil { - t.Fatalf("expected validator, got %v", err) + t.Fatalf(errMsgValidator, err) } _, err = validator.Validate(context.Background(), "user@[127.0.0.1]") @@ -225,7 +231,7 @@ func TestEmailIPLiteralAllowed(t *testing.T) { validator, err := NewEmailValidator(WithEmailAllowIPLiteral(true)) if err != nil { - t.Fatalf("expected validator, got %v", err) + t.Fatalf(errMsgValidator, err) } _, err = validator.Validate(context.Background(), "user@[127.0.0.1]") diff --git a/pkg/validate/url_test.go b/pkg/validate/url_test.go index 5bf6e9d..02ec660 100644 --- a/pkg/validate/url_test.go +++ b/pkg/validate/url_test.go @@ -30,7 +30,7 @@ func TestURLValidateBasic(t *testing.T) { validator, err := NewURLValidator() if err != nil { - t.Fatalf("expected validator, got %v", err) + t.Fatalf(errMsgValidator, err) } _, err = validator.Validate(context.Background(), "https://example.com/path") @@ -44,7 +44,7 @@ func TestURLRejectUserInfo(t *testing.T) { validator, err := NewURLValidator() if err != nil { - t.Fatalf("expected validator, got %v", err) + t.Fatalf(errMsgValidator, err) } _, err = validator.Validate(context.Background(), "https://user:pass@example.com") @@ -60,7 +60,7 @@ func TestURLRejectPrivateIP(t *testing.T) { WithURLAllowIPLiteral(true), ) if err != nil { - t.Fatalf("expected validator, got %v", err) + t.Fatalf(errMsgValidator, err) } _, err = validator.Validate(context.Background(), "https://127.0.0.1") @@ -94,7 +94,7 @@ func TestURLRedirectCheck(t *testing.T) { WithURLHTTPClient(client), ) if err != nil { - t.Fatalf("expected validator, got %v", err) + t.Fatalf(errMsgValidator, err) } result, err := validator.Validate(context.Background(), "https://example.com/start") @@ -127,7 +127,7 @@ func TestURLRedirectLoop(t *testing.T) { WithURLHTTPClient(client), ) if err != nil { - t.Fatalf("expected validator, got %v", err) + t.Fatalf(errMsgValidator, err) } _, err = validator.Validate(context.Background(), "https://example.com/loop") @@ -145,7 +145,7 @@ func TestURLReputationBlock(t *testing.T) { WithURLReputationChecker(checker), ) if err != nil { - t.Fatalf("expected validator, got %v", err) + t.Fatalf(errMsgValidator, err) } _, err = validator.Validate(context.Background(), "https://example.com")