Reuse installed ginkgo and use cleaner binary check

Also:

* Replace golang.org/x/net/context with context
* Ignore G115
    numOfRoutes is never negative anyway
* Ignore gosec G117
    ClientSecret is not exposed to outside.
* Ignore G704
    URI address is not provided by user but by server-side config.
* Ignore G704 SSRF via taint analysis in tests
    There is no user controlled input
* Prefer nolint over nosec everywhere

Author: jorbaum

scripts/subtests/lint

@@ -5,14 +5,10 @@ set -o pipefail
 
 SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
 
-set +e
-golangci_lint_executable=$(which golangci-lint)
-set -e
-if [ -z "${golangci_lint_executable}" ] || [ ! -x "${golangci_lint_executable}" ]; then
+if ! command -v golangci-lint &> /dev/null; then
   go install github.com/golangci/golangci-lint/v2/cmd/golangci-lint@latest
 fi
 
 pushd "${SCRIPT_DIR}/../../src" > /dev/null
   golangci-lint run ./...
-popd > /dev/null
-
+popd > /dev/null

scripts/subtests/spec-test

@@ -5,10 +5,7 @@ set -o pipefail
 
 SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
 
-set +e
-bundler_executable=$(which bundle)
-set -e
-if [ -z "${bundler_executable}" ] || [ ! -x "${bundler_executable}" ]; then
+if ! command -v bundle &> /dev/null; then
   gem install bundler
 fi
 

scripts/subtests/unit-test

@@ -11,6 +11,8 @@ if [ "${CI:-false}" = 'false' ]; then
 fi
 
 pushd "${SCRIPT_DIR}/../../src" > /dev/null
-    go run github.com/onsi/ginkgo/v2/ginkgo $flags
-popd > /dev/null
-
+    if ! command -v ginkgo &> /dev/null; then
+      go install github.com/onsi/ginkgo/v2/ginkgo@latest
+    fi
+    ginkgo $flags 
+popd > /dev/null

src/cmd/cf-auth-proxy/config.go

@@ -15,7 +15,7 @@ type CAPI struct {
 
 type UAA struct {
 	ClientID     string `env:"UAA_CLIENT_ID,"`
-	ClientSecret string `env:"UAA_CLIENT_SECRET,"`
+	ClientSecret string `env:"UAA_CLIENT_SECRET,"` //nolint:gosec
 	Addr         string `env:"UAA_ADDR,          required, report"`
 	CAPath       string `env:"UAA_CA_PATH,                 report"`
 }

src/internal/auth/capi_client.go

@@ -96,7 +96,7 @@ func (c *CAPIClient) IsAuthorized(sourceId string, clientToken string) bool {
 }
 
 func (c *CAPIClient) HasApp(sourceID, authToken string) bool {
-	req, err := http.NewRequest(http.MethodGet, c.addr+"/v3/apps/"+sourceID, nil)
+	req, err := http.NewRequest(http.MethodGet, c.addr+"/v3/apps/"+sourceID, nil) //nolint:gosec
 	if err != nil {
 		c.log.Printf("failed to build authorize log access request: %s", err)
 		return false
@@ -130,7 +130,7 @@ func (c *CAPIClient) GetRelatedSourceIds(appNames []string, authToken string) ma
 		return map[string][]string{}
 	}
 
-	req, err := http.NewRequest(http.MethodGet, c.addr+"/v3/apps", nil)
+	req, err := http.NewRequest(http.MethodGet, c.addr+"/v3/apps", nil) //nolint:gosec
 	if err != nil {
 		c.log.Printf("failed to build app list request: %s", err)
 		return map[string][]string{}

src/internal/cache/log_cache.go

@@ -1,6 +1,7 @@
 package cache
 
 import (
+	"context"
 	"log"
 	"net"
 	"strconv"
@@ -9,7 +10,6 @@ import (
 
 	metrics "code.cloudfoundry.org/go-metric-registry"
 
-	"golang.org/x/net/context"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials/insecure"
 

src/internal/cfauthproxy/cf_auth_proxy_test.go

@@ -287,7 +287,7 @@ func makeTLSReq(addr string) (*http.Response, error) {
 	}
 	client := &http.Client{Transport: tr}
 
-	return client.Do(req)
+	return client.Do(req) //nolint:gosec
 }
 
 func makeReq(addr string) (*http.Response, error) {
@@ -296,5 +296,5 @@ func makeReq(addr string) (*http.Response, error) {
 
 	client := &http.Client{}
 
-	return client.Do(req)
+	return client.Do(req) //nolint:gosec
 }

src/internal/gateway/gateway.go

@@ -1,6 +1,7 @@
 package gateway
 
 import (
+	"context"
 	"fmt"
 	"io"
 	"log"
@@ -10,7 +11,6 @@ import (
 
 	"github.com/grpc-ecosystem/grpc-gateway/v2/runtime"
 	"github.com/shirou/gopsutil/v4/host"
-	"golang.org/x/net/context"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/status"
 	"google.golang.org/protobuf/encoding/protojson"
@@ -187,7 +187,7 @@ func (g *Gateway) handleInfoEndpoint(w http.ResponseWriter, r *http.Request) {
 
 func uptimeInSeconds() int64 {
 	hostStats, _ := host.Info()
-	return int64(hostStats.Uptime) //#nosec G115
+	return int64(hostStats.Uptime) //nolint:gosec
 }
 
 type errorBody struct {

src/internal/gateway/gateway_test.go

@@ -226,7 +226,7 @@ func makeTLSReq(addr string) (*http.Response, error) {
 	}
 	client := &http.Client{Transport: tr}
 
-	return client.Do(req)
+	return client.Do(req) // nolint:gosec
 }
 
 func makeReq(addr string) (*http.Response, error) {
@@ -235,5 +235,5 @@ func makeReq(addr string) (*http.Response, error) {
 
 	client := &http.Client{}
 
-	return client.Do(req)
+	return client.Do(req) // nolint:gosec
 }

src/internal/nozzle/nozzle.go

@@ -1,6 +1,7 @@
 package nozzle
 
 import (
+	"context"
 	"log"
 	"runtime"
 	"time"
@@ -11,7 +12,6 @@ import (
 	diodes "code.cloudfoundry.org/go-diodes"
 	"code.cloudfoundry.org/go-log-cache/v3/rpc/logcache_v1"
 	"code.cloudfoundry.org/go-loggregator/v10/rpc/loggregator_v2"
-	"golang.org/x/net/context"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials/insecure"
 )
@@ -177,7 +177,7 @@ func (n *Nozzle) envelopeWriter(ch chan []*loggregator_v2.Envelope, client logca
 	for {
 		envelopes := <-ch
 
-		ctx, _ := context.WithTimeout(context.Background(), 3*time.Second)
+		ctx, cancel := context.WithTimeout(context.Background(), 3*time.Second)
 		_, err := client.Send(ctx, &logcache_v1.SendRequest{
 			Envelopes: &loggregator_v2.EnvelopeBatch{
 				Batch: envelopes,
@@ -186,10 +186,12 @@ func (n *Nozzle) envelopeWriter(ch chan []*loggregator_v2.Envelope, client logca
 
 		if err != nil {
 			n.errCounter.Add(1)
+			cancel()
 			continue
 		}
 
 		n.egressCounter.Add(float64(len(envelopes)))
+		cancel()
 	}
 }