Merge pull request #518 from ackama:linting/use-stdlib-vars

PiperOrigin-RevId: 733964844

.golangci.yaml

@@ -83,7 +83,7 @@ linters:
     - unconvert
 #    - unparam
 #    - unused
-#    - usestdlibvars
+    - usestdlibvars
     - wastedassign
     - whitespace
     - zerologlint

detector/cve/cve202011978/cve202011978.go

@@ -250,7 +250,7 @@ func CheckForBashTask(airflowIP string, airflowServerPort int) bool {
 	}
 	defer resp.Body.Close()
 
-	BashTaskPresence := resp.StatusCode == 200
+	BashTaskPresence := resp.StatusCode == http.StatusOK
 	if !BashTaskPresence {
 		return false
 	}
@@ -290,7 +290,7 @@ func CheckForPause(airflowIP string, airflowServerPort int) bool {
 		return false
 	}
 	defer resp.Body.Close()
-	return resp.StatusCode == 200
+	return resp.StatusCode == http.StatusOK
 }
 
 // triggerAndWaitForDAG achieves command execution via DAG scheduling using the example bash task from above.
@@ -307,7 +307,7 @@ func triggerAndWaitForDAG(ctx context.Context, airflowIP string, airflowServerPo
 		return false
 	}
 
-	req, err := http.NewRequestWithContext(ctx, "POST", dagURL, bytes.NewBuffer(jsonPayload))
+	req, err := http.NewRequestWithContext(ctx, http.MethodPost, dagURL, bytes.NewBuffer(jsonPayload))
 	if err != nil {
 		return false
 	}
@@ -325,7 +325,7 @@ func triggerAndWaitForDAG(ctx context.Context, airflowIP string, airflowServerPo
 	}
 	defer res.Body.Close()
 
-	if res.StatusCode != 200 {
+	if res.StatusCode != http.StatusOK {
 		return false
 	}
 

detector/cve/cve202016846/cve202016846.go

@@ -225,7 +225,7 @@ func ExploitSalt(ctx context.Context, saltIP string, saltServerPort int) bool {
 	ctx, cancel := context.WithTimeout(ctx, defaultTimeout)
 	defer cancel()
 
-	req, err := http.NewRequestWithContext(ctx, "POST", target, bytes.NewBuffer(jsonData))
+	req, err := http.NewRequestWithContext(ctx, http.MethodPost, target, bytes.NewBuffer(jsonData))
 	if err != nil {
 		log.Infof("Error creating request: %v\n", err)
 		return false

detector/cve/cve202233891/cve202233891.go

@@ -166,7 +166,7 @@ func sparkUIHTTPQuery(ctx context.Context, sparkDomain string, sparkPort int, cm
 	client := &http.Client{Timeout: defaultTimeout}
 
 	targetURL := fmt.Sprintf("http://%s:%d/?doAs=`%s`", sparkDomain, sparkPort, cmdExec)
-	req, _ := http.NewRequestWithContext(ctx, "GET", targetURL, nil)
+	req, _ := http.NewRequestWithContext(ctx, http.MethodGet, targetURL, nil)
 	req.Header.Add("Accept", "*/*")
 	resp, err := client.Do(req)
 

detector/cve/cve20236019/cve20236019.go

@@ -152,7 +152,7 @@ func isVulnerableVersion(version string) bool {
 // Check for "Ray Dashboard" in HTTP response
 func isDashboardPresent(ctx context.Context) bool {
 	// Create a new HTTP request
-	req, err := http.NewRequestWithContext(ctx, "GET", "http://127.0.0.1:8265", nil)
+	req, err := http.NewRequestWithContext(ctx, http.MethodGet, "http://127.0.0.1:8265", nil)
 	if err != nil {
 		log.Errorf("Error creating HTTP request: %v", err)
 		return false
@@ -199,7 +199,7 @@ func rayRequest(ctx context.Context, host string, port int, cmd string) int {
 	url := fmt.Sprintf("http://%s:%d/worker/cpu_profile?pid=3354&ip=127.0.0.1&duration=5&native=0&format=%s", host, port, cmd)
 
 	// Create a new HTTP request
-	req, err := http.NewRequestWithContext(ctx, "GET", url, nil)
+	req, err := http.NewRequestWithContext(ctx, http.MethodGet, url, nil)
 	if err != nil {
 		log.Errorf("Error creating HTTP request: %v", err)
 		return 500 // Return an error code

detector/cve/cve20242912/cve20242912.go

@@ -108,7 +108,7 @@ func findBentomlVersions(ix *inventoryindex.InventoryIndex) (string, *extractor.
 func CheckAccessibility(ctx context.Context, ip string, port int) bool {
 	target := fmt.Sprintf("http://%s:%d/summarize", ip, port)
 
-	req, err := http.NewRequestWithContext(ctx, "GET", target, nil)
+	req, err := http.NewRequestWithContext(ctx, http.MethodGet, target, nil)
 	if err != nil {
 		log.Infof("Error creating request: %v", err)
 		return false
@@ -137,7 +137,7 @@ func ExploitBentoml(ctx context.Context, ip string, port int) bool {
 	ctx, cancel := context.WithTimeout(ctx, defaultTimeout)
 	defer cancel()
 
-	req, err := http.NewRequestWithContext(ctx, "POST", target, bytes.NewBuffer(payload))
+	req, err := http.NewRequestWithContext(ctx, http.MethodPost, target, bytes.NewBuffer(payload))
 	if err != nil {
 		log.Infof("Error creating request: %v", err)
 		return false
@@ -153,7 +153,7 @@ func ExploitBentoml(ctx context.Context, ip string, port int) bool {
 	defer resp.Body.Close()
 
 	// The payload is expected to trigger a 400 Bad Request status code
-	if resp.StatusCode != 400 {
+	if resp.StatusCode != http.StatusBadRequest {
 		log.Infof("Unexpected status code: %d\n", resp.StatusCode)
 		return false
 	}

detector/weakcredentials/filebrowser/filebrowser.go

@@ -127,7 +127,7 @@ func checkAccessibility(ctx context.Context, fileBrowserIP string, fileBrowserPo
 	client := &http.Client{Timeout: requestTimeout}
 	targetURL := fmt.Sprintf("http://%s:%d/", fileBrowserIP, fileBrowserPort)
 
-	req, err := http.NewRequestWithContext(ctx, "GET", targetURL, nil)
+	req, err := http.NewRequestWithContext(ctx, http.MethodGet, targetURL, nil)
 	if err != nil {
 		log.Infof("Error while constructing request %s to the server: %v", targetURL, err)
 		return false
@@ -144,7 +144,7 @@ func checkAccessibility(ctx context.Context, fileBrowserIP string, fileBrowserPo
 	}
 	defer resp.Body.Close()
 
-	if resp.StatusCode != 200 {
+	if resp.StatusCode != http.StatusOK {
 		return false
 	}
 
@@ -180,7 +180,7 @@ func checkLogin(ctx context.Context, fileBrowserIP string, fileBrowserPort int)
 		"recaptcha": "",
 	})
 
-	req, err := http.NewRequestWithContext(ctx, "POST", targetURL, io.NopCloser(bytes.NewBuffer(requestBody)))
+	req, err := http.NewRequestWithContext(ctx, http.MethodPost, targetURL, io.NopCloser(bytes.NewBuffer(requestBody)))
 	if err != nil {
 		log.Infof("Error while constructing request %s to the server: %v", targetURL, err)
 		return false
@@ -198,5 +198,5 @@ func checkLogin(ctx context.Context, fileBrowserIP string, fileBrowserPort int)
 	}
 	defer resp.Body.Close()
 
-	return resp.StatusCode == 200
+	return resp.StatusCode == http.StatusOK
 }