Refactor golangci-lint configuration and improve error handling

- Updated .golangci.yml to enable default linters and refine suppression rules, enhancing code quality visibility.
- Improved error handling in cmd/root.go by explicitly discarding low-value error messages during fatal exits for consistency with errcheck posture.
- Added best-effort error handling in various locations across the codebase, ensuring that non-critical errors are logged without affecting overall functionality.
- Introduced a new writeMetricsText function to streamline metrics output, improving code clarity and maintainability.
This commit is contained in:
2026-05-27 18:51:33 -05:00
parent feda55e225
commit 843772e9f7
6 changed files with 129 additions and 105 deletions
+13 -11
View File
@@ -108,7 +108,8 @@ func New(root string, capacity int64, evict func(vfs.VFS, uint) uint) (*DiskFS,
}
// Create root directory if it doesn't exist. Propagate error (ctor now returns err for hygiene).
if err := os.MkdirAll(root, 0755); err != nil {
// 0700 (not 0755): cache contents are user data from untrusted CDN responses; least-privilege for LAN appliance.
if err := os.MkdirAll(root, 0700); err != nil {
return nil, fmt.Errorf("failed to create root directory %s: %w", root, err)
}
@@ -225,7 +226,7 @@ func (d *DiskFS) calculateSizeAndPopulateIndex() {
overCapacity := d.size > d.capacity
needed := uint(0)
if overCapacity {
needed = uint(d.size - d.capacity)
needed = uint(d.size - d.capacity) // #nosec G115 -- diff guaranteed >0 by overCapacity check; eviction API takes uint (bytes); fits in practice for cache sizes
}
d.mu.RUnlock()
if overCapacity && d.startupEvict != nil {
@@ -382,11 +383,12 @@ func (d *DiskFS) Create(key string, size int64) (io.WriteCloser, error) {
d.mu.Unlock()
dir := filepath.Dir(path)
if err := os.MkdirAll(dir, 0755); err != nil {
// 0700 (not 0755): per-shard cache dirs hold untrusted CDN content; restrict to owner only (G301 addressed).
if err := os.MkdirAll(dir, 0700); err != nil {
return nil, err
}
file, err := os.Create(path)
file, err := os.Create(path) // #nosec G304 -- path built by pathForKey from sanitized (Clean, no ..) hash-derived key under trusted disk.root; no untrusted file inclusion
if err != nil {
return nil, err
}
@@ -425,7 +427,7 @@ func (dwc *diskWriteCloser) Close() error {
// Get the actual file size
stat, err := dwc.file.Stat()
if err != nil {
dwc.file.Close()
_ = dwc.file.Close() // best-effort close on stat error path; primary error is returned
return err
}
@@ -482,7 +484,7 @@ func (d *DiskFS) Open(key string) (io.ReadCloser, error) {
path := d.pathForKey(key)
file, err := os.Open(path)
file, err := os.Open(path) // #nosec G304 -- path built by pathForKey from sanitized (Clean, no ..) hash-derived key under trusted disk.root; no untrusted file inclusion
if err != nil {
return nil, err
}
@@ -491,7 +493,7 @@ func (d *DiskFS) Open(key string) (io.ReadCloser, error) {
const mmapThreshold = 1024 * 1024 // 1MB
if fi.Size > mmapThreshold {
// Close the regular file handle
file.Close()
_ = file.Close() // best-effort; mmap path takes over or falls back
// Try memory mapping
mmapFile, err := os.Open(path)
@@ -501,8 +503,8 @@ func (d *DiskFS) Open(key string) (io.ReadCloser, error) {
mapped, err := mmap.Map(mmapFile, mmap.RDONLY, 0)
if err != nil {
mmapFile.Close()
// Fallback to regular file reading
_ = mmapFile.Close() // best-effort close before fallback open
// Fallback to regular file reading (intentional 3rd open of same path after mmap failure; pre-existing pattern, no leak)
return os.Open(path)
}
@@ -534,7 +536,7 @@ func (m *mmapReadCloser) Read(p []byte) (n int, err error) {
}
func (m *mmapReadCloser) Close() error {
m.data.Unmap()
_ = m.data.Unmap() // best-effort; unmap failure non-fatal for read-only mapping
return m.file.Close()
}
@@ -653,7 +655,7 @@ func (d *DiskFS) EvictLRU(bytesNeeded uint) uint {
d.LRU.Remove(key)
delete(d.info, key)
path := d.pathForKey(key)
_ = os.Remove(path) // best effort; performed under WLock (reverted from post-unlock) to guarantee on-disk deletion is coordinated with metadata removal. This eliminates resurrection via lazy Stat/Open discovery and prevents late unlinks from deleting content of same-key recreates (critical for in-memory metadata safety model + user's explicit non-race requirement on hot eviction path).
_ = os.Remove(path) // #nosec G304 -- path from sanitized key; best-effort eviction delete under lock. Best effort; performed under WLock to guarantee on-disk deletion is coordinated with metadata removal. This eliminates resurrection via lazy Stat/Open discovery and prevents late unlinks from deleting content of same-key recreates (critical for in-memory metadata safety model + user's explicit non-race requirement on hot eviction path).
d.size -= fi.Size
evicted += uint(fi.Size)
shardIndex := locks.GetShardIndex(key)