Remove old codacy linter comments

Signed-off-by: Steffen Vogel <post@steffenvogel.de>

cmd/cunicu/docs.go

@@ -71,7 +71,6 @@ func init() { //nolint:gochecknoinits
 func docsMarkdown(_ *cobra.Command, _ []string, opts *docsOptions) error {
 	dir := filepath.Join(opts.outputDir, "md")
 
-	//#nosec G301 -- Doc directories must be world readable
 	if err := os.MkdirAll(dir, 0o755); err != nil {
 		return fmt.Errorf("failed to create directory: %w", err)
 	}
@@ -123,7 +122,6 @@ func docsMarkdown(_ *cobra.Command, _ []string, opts *docsOptions) error {
 func docsManpage(_ *cobra.Command, _ []string, opts *docsOptions) error {
 	dir := filepath.Join(opts.outputDir, "man")
 
-	//#nosec G301 -- Doc directories must be world readable
 	if err := os.MkdirAll(dir, 0o755); err != nil {
 		return fmt.Errorf("failed to create directory: %w", err)
 	}

pkg/config/provider_wg.go

@@ -62,7 +62,6 @@ func (p *WireGuardProvider) Read() (map[string]interface{}, error) {
 			continue
 		}
 
-		//#nosec G304 -- Filename is only controlled by user
 		cfgData, err := os.ReadFile(cfg)
 		if err != nil {
 			return nil, fmt.Errorf("failed to open config file %s: %w", cfg, err)

pkg/daemon/feature/cfgsync/cfgsync.go

@@ -149,7 +149,6 @@ func (i *Interface) SetDNS(svrs []net.IPAddr, domain []string) error {
 				args = append(args, svr.String())
 			}
 
-			//#nosec G204 -- Filename is only influenced by users PATH variable
 			cmd = exec.Command(resolvectl, args...)
 
 			if err := cmd.Run(); err != nil {
@@ -162,7 +161,6 @@ func (i *Interface) SetDNS(svrs []net.IPAddr, domain []string) error {
 			args := []string{"domain", i.Name()}
 			args = append(args, domain...)
 
-			//#nosec G204 -- Filename is only influenced by users PATH variable
 			cmd = exec.Command(resolvectl, args...)
 
 			if err := cmd.Run(); err != nil {
@@ -171,7 +169,6 @@ func (i *Interface) SetDNS(svrs []net.IPAddr, domain []string) error {
 		}
 	} else if resolveconf, err := exec.LookPath("resolveconf"); err != nil {
 		if len(svrs) > 0 || len(domain) > 0 {
-			//#nosec G204 -- Filename is only influenced by users PATH variable
 			cmd := exec.Command(resolveconf, "-a", i.Name(), "-m", "0", "-x")
 
 			stdin := &bytes.Buffer{}
@@ -200,10 +197,8 @@ func (i *Interface) UnsetDNS() error {
 
 	// Check if SystemD's resolvectl is available
 	if resolvectl, err := exec.LookPath("resolvectl"); err == nil {
-		//#nosec G204 -- Filename is only influenced by users PATH variable
 		cmd = exec.Command(resolvectl, "revert", i.Name())
 	} else if resolveconf, err := exec.LookPath("resolveconf"); err != nil {
-		//#nosec G204 -- Filename is only influenced by users PATH variable
 		cmd = exec.Command(resolveconf, "-d", i.Name())
 	}
 

pkg/daemon/feature/epdisc/nat_linux.go

@@ -92,7 +92,6 @@ func (n *NAT) setupTable(ident string) error {
 	// Ignore any previously existing table
 	n.NFConn.DelTable(&nftables.Table{Name: ident})
 
-	//#nosec G104 -- Errors should be ignored here
 	n.NFConn.Flush()
 
 	n.table = n.NFConn.AddTable(&nftables.Table{

pkg/daemon/feature/hsync/util.go

@@ -23,7 +23,6 @@ func isWritable(fn string) (bool, error) {
 }
 
 func readLines(fn string) ([]string, error) {
-	//#nosec G304 -- Filename is hard coded.
 	f, err := os.OpenFile(fn, os.O_CREATE|os.O_RDONLY, 0o600)
 	if err != nil {
 		return nil, fmt.Errorf("failed to open file: %w", err)
@@ -44,8 +43,6 @@ func readLines(fn string) ([]string, error) {
 }
 
 func writeLines(fn string, lines []string) error {
-	//#nosec G302 -- /etc/hosts must be world readable
-	//#nosec G304 -- Filename is hard coded.
 	f, err := os.OpenFile(fn, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0o755)
 	if err != nil {
 		return fmt.Errorf("failed to open file: %w", err)

pkg/link/link_bsd.go

@@ -204,7 +204,6 @@ func getRouteMTU(ip net.IP) (int, error) {
 }
 
 func run(args ...string) (string, error) {
-	//#nosec G204 -- Command is always hardcoded
 	cmd := exec.Command(args[0], args[1:]...)
 
 	out, err := cmd.CombinedOutput()

pkg/net/listen.go

@@ -26,7 +26,6 @@ func FindRandomPortToListen(network string, min, max int) (int, error) {
 	}
 
 	for attempts := 100; attempts > 0; attempts-- {
-		//#nosec G404 -- Port numbers do not require to be cryptographically random
 		port := min + rand.Intn(max-min+1)
 		if canListenOnPort(network, port) {
 			return port, nil

pkg/os/sysctl_linux.go

@@ -14,7 +14,6 @@ func SetSysctl(name string, value any) error {
 	parts := strings.ReplaceAll(name, ".", string(filepath.Separator))
 	path := filepath.Join("/proc/sys", parts)
 
-	//#nosec G304 -- Filename is always under /proc/sys
 	f, err := os.OpenFile(path, os.O_WRONLY, 0o600)
 	if err != nil {
 		return err

pkg/selfupdate/selfupdate.go

@@ -181,13 +181,11 @@ func extractToFile(buf []byte, filename, target string) (int64, error) {
 		return -1, fmt.Errorf("failed to remove target file: %w", err)
 	}
 
-	//#nosec G304 -- No file inclusion possible as we are writing only.
 	dest, err := os.OpenFile(target, os.O_CREATE|os.O_EXCL|os.O_WRONLY, mode)
 	if err != nil {
 		return -1, err
 	}
 
-	//#nosec G110 -- We only download from safe locations (GitHub releases)
 	n, err := io.Copy(dest, rd)
 	if err != nil {
 		_ = dest.Close()

pkg/signaling/grpc/grpc.go

@@ -60,7 +60,6 @@ func ParseURL(urlStr string) (string, []grpc.DialOption, error) {
 		if fn := os.Getenv("SSLKEYLOGFILE"); fn != "" {
 			var err error
 
-			//#nosec G304 -- Filename is only controlled by env var
 			if cfg.KeyLogWriter, err = os.OpenFile(fn, os.O_CREATE|os.O_TRUNC|os.O_WRONLY, 0o600); err != nil {
 				return "", nil, fmt.Errorf("failed to open SSL keylog file: %w", err)
 			}

pkg/signaling/grpc/server.go

@@ -55,7 +55,6 @@ func NewServer(opts ...grpc.ServerOption) (*grpc.Server, error) {
 	)
 
 	if fn := os.Getenv("SSLKEYLOGFILE"); fn != "" {
-		//#nosec G304 -- Filename is only controlled via env var
 		wr, err := os.OpenFile(fn, os.O_CREATE|os.O_TRUNC|os.O_WRONLY, 0o600)
 		if err != nil {
 			return nil, fmt.Errorf("failed to open SSL keylog file: %w", err)

test/e2e/nodes/agent.go

@@ -91,8 +91,6 @@ func (a *Agent) Start(_, dir string, extraArgs ...any) error {
 		return fmt.Errorf("failed to build: %w", err)
 	}
 
-	//#nosec G304 -- Test code is not controllable by attackers
-	//#nosec G302 -- Log file should be readable by user
 	a.logFile, err = os.OpenFile(logPath, os.O_CREATE|os.O_APPEND|os.O_WRONLY, 0o644)
 	if err != nil {
 		return fmt.Errorf("failed to open log file: %w", err)

test/e2e/nodes/signaling_grpc.go

@@ -50,8 +50,6 @@ func (s *GrpcSignalingNode) Start(_, dir string, extraArgs ...any) error {
 		return fmt.Errorf("failed to build: %w", err)
 	}
 
-	//#nosec G304 -- Test code is not controllable by attackers
-	//#nosec G302 -- Log file should be readable by user
 	s.logFile, err = os.OpenFile(logPath, os.O_CREATE|os.O_APPEND|os.O_WRONLY, 0o644)
 	if err != nil {
 		return fmt.Errorf("failed to open log file: %w", err)

test/e2e/nodes/wg_interface.go

@@ -99,7 +99,6 @@ func (i *WireGuardInterface) WriteConfig() error {
 
 	fn := filepath.Join(wgcpath, fmt.Sprintf("%s.conf", i.Name))
 
-	//#nosec G304 -- Test code is not controllable by attackers
 	f, err := os.OpenFile(fn, os.O_CREATE|os.O_TRUNC|os.O_RDWR, 0o600)
 	if err != nil {
 		return fmt.Errorf("failed to open config file: %w", err)

test/log.go

@@ -57,8 +57,6 @@ func SetupLoggingWithFile(fn string, truncate bool) *zap.Logger {
 			fl |= os.O_TRUNC
 		}
 
-		//#nosec G304 -- Test code is not controllable by attackers
-		//#nosec G302 -- Log file should be readable by users
 		f, err := os.OpenFile(fn, fl, 0o644)
 		if err != nil {
 			panic(fmt.Errorf("failed to open log file '%s': %w", fn, err))