refactor: fix golangci-lint suggestions

app/app.go

@@ -49,7 +49,7 @@ func (a *App) Startup(ctx context.Context) {
 	a.eventsHandler = newEventsHandler(a.ctx)
 }
 
-func (a *App) Shutdown(ctx context.Context) {
+func (a *App) Shutdown(context.Context) {
 	a.proxyMu.Lock()
 	defer a.proxyMu.Unlock()
 
@@ -77,26 +77,34 @@ func (a *App) StartProxy() error {
 
 	filter, err := filter.NewFilter(a.config, ruleMatcher, exceptionRuleMatcher, a.eventsHandler)
 	if err != nil {
-		log.Fatalf("failed to create filter: %v", err)
+		err = fmt.Errorf("failed to create filter: %v", err)
+		log.Println(err)
+		return err
 	}
 
 	certGenerator, err := certgen.NewCertGenerator(a.certStore)
 	if err != nil {
-		log.Fatalf("failed to create cert manager: %v", err)
+		err = fmt.Errorf("failed to create cert manager: %v", err)
+		log.Println(err)
+		return err
 	}
 
 	a.proxy, err = proxy.NewProxy(filter, certGenerator, a.config.GetPort())
 	if err != nil {
-		log.Fatalf("failed to create proxy: %v", err)
+		err = fmt.Errorf("failed to create proxy: %v", err)
+		log.Println(err)
+		return err
 	}
 
 	if err := a.certStore.Init(); err != nil {
-		log.Printf("failed to initialize cert store: %v", err)
+		err = fmt.Errorf("failed to initialize cert store: %v", err)
+		log.Println(err)
 		return err
 	}
 
 	if err := a.proxy.Start(); err != nil {
-		log.Printf("failed to start proxy: %v", err)
+		err = fmt.Errorf("failed to start proxy: %v", err)
+		log.Println(err)
 		return err
 	}
 

certstore/diskcertstore.go

@@ -5,7 +5,7 @@ import (
 	"crypto"
 	"crypto/rand"
 	"crypto/rsa"
-	"crypto/sha1"
+	"crypto/sha1" // #nosec G505 -- SHA-1 is used for certificate fingerprinting, not for hashing passwords or data.
 	"crypto/x509"
 	"crypto/x509/pkix"
 	"encoding/asn1"
@@ -157,7 +157,7 @@ func (cs *DiskCertStore) newCA() error {
 		return fmt.Errorf("unmarshal public key: %v", err)
 	}
 
-	skid := sha1.Sum(spki.SubjectPublicKey.Bytes)
+	skid := sha1.Sum(spki.SubjectPublicKey.Bytes) // #nosec G401
 
 	serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
 	serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)

certstore/truststore_darwin.go

@@ -92,7 +92,7 @@ func (cs *DiskCertStore) installCATrust() error {
 	}
 	defer os.Remove(plistFile.Name())
 
-	cmd = exec.Command("security", "trust-settings-export", "-d", plistFile.Name())
+	cmd = exec.Command("security", "trust-settings-export", "-d", plistFile.Name()) // #nosec G204
 	out, err = cmd.CombinedOutput()
 	if err != nil {
 		return fmt.Errorf("trust-settings-export: %w\n%s", err, out)
@@ -135,7 +135,7 @@ func (cs *DiskCertStore) installCATrust() error {
 	if err != nil {
 		return fmt.Errorf("write plist file: %w", err)
 	}
-	cmd = exec.Command("security", "trust-settings-import", "-d", plistFile.Name())
+	cmd = exec.Command("security", "trust-settings-import", "-d", plistFile.Name()) // #nosec G204
 	out, err = cmd.CombinedOutput()
 	if err != nil {
 		return fmt.Errorf("trust-settings-import: %w\n%s", err, out)

cfg/selfupdate.go

@@ -64,7 +64,7 @@ func SelfUpdate(ctx context.Context) {
 		log.Printf("error occurred while showing restart dialog: %v", err)
 	}
 	if action == "Yes" {
-		cmd := exec.Command(os.Args[0], os.Args[1:]...)
+		cmd := exec.Command(os.Args[0], os.Args[1:]...) // #nosec G204
 		if err := cmd.Start(); err != nil {
 			log.Printf("error occurred while restarting: %v", err)
 			return

filter/filter.go

@@ -154,7 +154,7 @@ func (f *Filter) HandleRequest(req *http.Request) *http.Response {
 	for _, r := range matchingRules {
 		if r.ShouldBlock(req) {
 			f.eventsEmitter.OnFilterBlock(req.Method, initialURL, req.Header.Get("Referer"), []rule.Rule{r})
-			return f.createBlockResponse(req, r)
+			return f.createBlockResponse(req)
 		}
 		if r.Modify(req) {
 			appliedRules = append(appliedRules, r)

filter/response.go

@@ -2,12 +2,10 @@ package filter
 
 import (
 	"net/http"
-
-	"github.com/anfragment/zen/rule"
 )
 
 // createBlockResponse creates a response for a blocked request.
-func (f *Filter) createBlockResponse(req *http.Request, rule rule.Rule) *http.Response {
+func (f *Filter) createBlockResponse(req *http.Request) *http.Response {
 	return &http.Response{
 		StatusCode: http.StatusForbidden,
 		ProtoMajor: req.ProtoMajor,

proxy/proxy.go

@@ -65,7 +65,7 @@ func NewProxy(filter filter, certGenerator certGenerator, port int) (*Proxy, err
 		Timeout:   60 * time.Second,
 		Transport: p.requestTransport,
 		// Let the client handle any redirects.
-		CheckRedirect: func(req *http.Request, via []*http.Request) error {
+		CheckRedirect: func(*http.Request, []*http.Request) error {
 			return http.ErrUseLastResponse
 		},
 	}
@@ -282,7 +282,7 @@ func (p *Proxy) proxyConnect(w http.ResponseWriter, r *http.Request) {
 		req.URL.Host = r.Host
 
 		if isWS(req) {
-			p.proxyWebsocketTLS(w, req, tlsConfig, tlsConn)
+			p.proxyWebsocketTLS(req, tlsConfig, tlsConn)
 			break
 		}
 

proxy/websocket.go

@@ -9,7 +9,7 @@ import (
 	"strings"
 )
 
-func (p *Proxy) proxyWebsocketTLS(w http.ResponseWriter, req *http.Request, tlsConfig *tls.Config, clientConn *tls.Conn) {
+func (p *Proxy) proxyWebsocketTLS(req *http.Request, tlsConfig *tls.Config, clientConn *tls.Conn) {
 	dialer := &tls.Dialer{NetDialer: p.netDialer, Config: tlsConfig}
 	targetConn, err := dialer.Dial("tcp", req.URL.Host)
 	if err != nil {

rule/rule.go

@@ -106,7 +106,7 @@ func (rm *Rule) ShouldMatch(req *http.Request) bool {
 }
 
 // ShouldBlock returns true if the request should be blocked.
-func (rm *Rule) ShouldBlock(req *http.Request) bool {
+func (rm *Rule) ShouldBlock(*http.Request) bool {
 	return len(rm.modifyingModifiers) == 0
 }
 

ruletree/ruletree.go

@@ -160,7 +160,7 @@ func (rt *RuleTree) FindMatchingRules(req *http.Request) (rules []rule.Rule) {
 	}
 
 	// address root
-	rules = append(rules, rt.root.FindChild(nodeKey{kind: nodeKindAddressRoot}).TraverseFindMatchingRules(req, tokens, func(n *node, t []string) bool {
+	rules = append(rules, rt.root.FindChild(nodeKey{kind: nodeKindAddressRoot}).TraverseFindMatchingRules(req, tokens, func(_ *node, t []string) bool {
 		// address root rules have to match the entire URL
 		return len(t) == 0
 	})...)