chore: add missing pre commits (#1289)

Earthfile

@@ -149,6 +149,9 @@ tests-integration:
 pre-commit: # Generate the final spec and run all the pre-commit hooks
     LOCALLY
     BUILD --pass-args ./releases+sdk-generate
+    FOR component IN $(cd ./libs && ls -d */)
+        BUILD --pass-args ./libs/${component}+pre-commit
+    END
     FOR component IN $(cd ./tools && ls -d */)
         BUILD --pass-args ./tools/${component}+pre-commit
     END

components/ledger/libs/.golangci.yml

@@ -0,0 +1,43 @@
+allow-parallel-runners: true
+run:
+  timeout: 5m
+linters:
+  disable-all: true
+  enable:
+    - gofmt
+    - goimports
+    - unused
+    - gosec
+linters-settings:
+  gosec:
+    # To select a subset of rules to run.
+    # Available rules: https://github.com/securego/gosec#available-rules
+    includes:
+      - G103 # Audit the use of unsafe block
+      - G104 # Audit errors not checked
+      - G106 # Audit the use of ssh.InsecureIgnoreHostKey
+      - G108 # Profiling endpoint automatically exposed on /debug/pprof
+      - G109 # Potential Integer overflow made by strconv.Atoi result conversion to int16/32
+      - G110 # Potential DoS vulnerability via decompression bomb
+      - G111 # Potential directory traversal
+      - G112 # Potential slowloris attack
+#      - G113 # Usage of Rat.SetString in math/big with an overflow (CVE-2022-23772)
+      - G201 # SQL query construction using format string
+      - G202 # SQL query construction using string concatenation
+      - G203 # Use of unescaped data in HTML templates
+      - G204 # Audit use of command execution
+      - G301 # Poor file permissions used when creating a directory
+      - G302 # Poor file permissions used with chmod
+      - G303 # Creating tempfile using a predictable path
+      - G304 # File path provided as taint input
+      - G305 # File traversal when extracting zip/tar archive
+      - G306 # Poor file permissions used when writing to a new file
+      - G307 # Poor file permissions used when creating a file with os.Create
+      - G401 # Detect the usage of DES, RC4, MD5 or SHA1
+      - G403 # Ensure minimum RSA key length of 2048 bits
+      - G501 # Import blocklist: crypto/md5
+      - G502 # Import blocklist: crypto/des
+      - G503 # Import blocklist: crypto/rc4
+      - G504 # Import blocklist: net/http/cgi
+      - G505 # Import blocklist: crypto/sha1
+      - G602 # Slice access out of bounds

components/ledger/libs/Earthfile

@@ -2,6 +2,7 @@ VERSION --arg-scope-and-set --pass-args --use-function-keyword 0.7
 
 ARG core=github.com/formancehq/earthly
 IMPORT $core AS core
+IMPORT ../.. AS stack
 
 FROM core+base-image
 
@@ -15,4 +16,18 @@ tidy:
     COPY (+sources/*) /src
     WORKDIR /src
     DO --pass-args stack+GO_TIDY
-    SAVE ARTIFACT go.* AS LOCAL ./
+    SAVE ARTIFACT go.* AS LOCAL ./
+
+lint:
+    FROM core+builder-image
+    COPY (+sources/*) /src
+    WORKDIR /src
+    COPY --pass-args +tidy/go.* .
+    DO --pass-args stack+GO_LINT
+    SAVE ARTIFACT * AS LOCAL ./
+
+pre-commit:
+    WAIT
+      BUILD --pass-args +tidy
+    END
+    BUILD --pass-args +lint

components/ledger/libs/aws/iam/load.go

@@ -2,6 +2,7 @@ package iam
 
 import (
 	"context"
+
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/config"
 	"github.com/spf13/pflag"

components/ledger/libs/bun/bunconnect/flags.go

@@ -3,14 +3,15 @@ package bunconnect
 import (
 	"context"
 	"database/sql/driver"
+	"time"
+
 	"github.com/aws/aws-sdk-go-v2/config"
 	"github.com/formancehq/stack/libs/go-libs/aws/iam"
 	"github.com/formancehq/stack/libs/go-libs/logging"
 	"github.com/formancehq/stack/libs/go-libs/service"
 	"github.com/lib/pq"
 	"github.com/spf13/pflag"
 	"github.com/spf13/viper"
-	"time"
 )
 
 const (

components/ledger/libs/bun/bunconnect/iam.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"database/sql/driver"
 	"fmt"
+
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/feature/rds/auth"
 	"github.com/formancehq/stack/libs/go-libs/logging"

components/ledger/libs/bun/bunconnect/module.go

@@ -2,6 +2,7 @@ package bunconnect
 
 import (
 	"context"
+
 	"github.com/formancehq/stack/libs/go-libs/logging"
 	"github.com/uptrace/bun"
 	"go.uber.org/fx"

components/ledger/libs/bun/bunmigrate/command.go

@@ -4,6 +4,7 @@ import (
 	"github.com/formancehq/stack/libs/go-libs/bun/bunconnect"
 	"github.com/spf13/cobra"
 	"github.com/uptrace/bun"
+
 	// Import the postgres driver.
 	_ "github.com/lib/pq"
 )

components/ledger/libs/bun/bunmigrate/run.go

@@ -4,6 +4,8 @@ import (
 	"context"
 	"database/sql"
 	"fmt"
+	"io"
+
 	"github.com/formancehq/stack/libs/go-libs/bun/bunconnect"
 	sharedlogging "github.com/formancehq/stack/libs/go-libs/logging"
 	"github.com/formancehq/stack/libs/go-libs/pointer"
@@ -14,7 +16,6 @@ import (
 	"github.com/uptrace/bun"
 	"github.com/uptrace/bun/extra/bundebug"
 	"github.com/xo/dburl"
-	"io"
 )
 
 func isDatabaseExists(ctx context.Context, db *bun.DB, name string) (bool, error) {

components/ledger/libs/bun/bunmigrate/run_test.go

@@ -1,13 +1,14 @@
 package bunmigrate
 
 import (
+	"os"
+	"testing"
+
 	"github.com/formancehq/stack/libs/go-libs/bun/bunconnect"
 	"github.com/formancehq/stack/libs/go-libs/logging"
 	"github.com/formancehq/stack/libs/go-libs/pgtesting"
 	"github.com/stretchr/testify/require"
 	"github.com/uptrace/bun"
-	"os"
-	"testing"
 )
 
 func TestRunMigrate(t *testing.T) {
@@ -19,7 +20,6 @@ func TestRunMigrate(t *testing.T) {
 	connectionOptions := &bunconnect.ConnectionOptions{
 		DatabaseSourceName: pgtesting.Server().GetDatabaseDSN("testing"),
 		Debug:              testing.Verbose(),
-		Writer:             os.Stdout,
 	}
 	executor := func(args []string, db *bun.DB) error {
 		return nil

components/ledger/libs/bun/bunpaginate/pagination_column_test.go

@@ -2,11 +2,12 @@ package bunpaginate_test
 
 import (
 	"context"
+	"math/big"
+	"testing"
+
 	"github.com/formancehq/stack/libs/go-libs/bun/bunconnect"
 	bunpaginate2 "github.com/formancehq/stack/libs/go-libs/bun/bunpaginate"
 	"github.com/formancehq/stack/libs/go-libs/logging"
-	"math/big"
-	"testing"
 
 	"github.com/formancehq/stack/libs/go-libs/pgtesting"
 	"github.com/stretchr/testify/require"

components/ledger/libs/bun/bunpaginate/pagination_offset_test.go

@@ -2,10 +2,11 @@ package bunpaginate_test
 
 import (
 	"context"
+	"testing"
+
 	"github.com/formancehq/stack/libs/go-libs/bun/bunconnect"
 	bunpaginate2 "github.com/formancehq/stack/libs/go-libs/bun/bunpaginate"
 	"github.com/formancehq/stack/libs/go-libs/logging"
-	"testing"
 
 	"github.com/formancehq/stack/libs/go-libs/pgtesting"
 	"github.com/stretchr/testify/require"

components/ledger/libs/httpserver/serverport.go

@@ -6,6 +6,7 @@ import (
 	"net"
 	"net/http"
 	"strconv"
+	"time"
 
 	"github.com/formancehq/stack/libs/go-libs/logging"
 
@@ -80,7 +81,8 @@ func (s *server) StartServer(ctx context.Context, handler http.Handler, options
 	StartedServer(ctx, s.listener)
 
 	srv := &http.Server{
-		Handler: handler,
+		Handler:           handler,
+		ReadHeaderTimeout: 10 * time.Second,
 	}
 	for _, option := range options {
 		option(srv)

components/ledger/libs/migrations/migrator.go

@@ -4,9 +4,10 @@ import (
 	"context"
 	"database/sql"
 	"fmt"
-	"github.com/lib/pq"
 	"time"
 
+	"github.com/lib/pq"
+
 	"github.com/pkg/errors"
 	"github.com/uptrace/bun"
 )

components/ledger/libs/pgtesting/postgres.go

@@ -4,13 +4,14 @@ import (
 	"context"
 	"database/sql"
 	"fmt"
-	"github.com/formancehq/stack/libs/go-libs/bun/bunconnect"
 	"os"
 	"strconv"
 	"sync"
 	"testing"
 	"time"
 
+	"github.com/formancehq/stack/libs/go-libs/bun/bunconnect"
+
 	"github.com/google/uuid"
 	_ "github.com/lib/pq"
 	"github.com/ory/dockertest/v3"

components/ledger/libs/publish/messages.go

@@ -3,10 +3,11 @@ package publish
 import (
 	"context"
 	"encoding/json"
+	"time"
+
 	"go.opentelemetry.io/otel"
 	"go.opentelemetry.io/otel/propagation"
 	"go.opentelemetry.io/otel/trace"
-	"time"
 
 	"github.com/ThreeDotsLabs/watermill/message"
 	"github.com/google/uuid"

components/ledger/libs/publish/module.go

@@ -2,6 +2,7 @@ package publish
 
 import (
 	"context"
+
 	"github.com/ThreeDotsLabs/watermill"
 	"github.com/ThreeDotsLabs/watermill/message"
 	"github.com/ThreeDotsLabs/watermill/pubsub/gochannel"

components/ledger/libs/publish/module_test.go

@@ -3,15 +3,16 @@ package publish
 import (
 	"context"
 	"fmt"
-	"go.opentelemetry.io/otel"
-	"go.opentelemetry.io/otel/propagation"
-	tracesdk "go.opentelemetry.io/otel/sdk/trace"
-	"go.opentelemetry.io/otel/trace"
 	"io"
 	"os"
 	"testing"
 	"time"
 
+	"go.opentelemetry.io/otel"
+	"go.opentelemetry.io/otel/propagation"
+	tracesdk "go.opentelemetry.io/otel/sdk/trace"
+	"go.opentelemetry.io/otel/trace"
+
 	"github.com/IBM/sarama"
 	"github.com/ThreeDotsLabs/watermill/message"
 	"github.com/formancehq/stack/libs/go-libs/logging"

components/ledger/libs/service/app.go

@@ -2,12 +2,13 @@ package service
 
 import (
 	"context"
+	"io"
+	"os"
+
 	"github.com/formancehq/stack/libs/go-libs/logging"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
 	"go.uber.org/fx"
-	"io"
-	"os"
 )
 
 const DebugFlag = "debug"

libs/events/.golangci.yml

@@ -0,0 +1,43 @@
+allow-parallel-runners: true
+run:
+  timeout: 5m
+linters:
+  disable-all: true
+  enable:
+    - gofmt
+    - goimports
+    - unused
+    - gosec
+linters-settings:
+  gosec:
+    # To select a subset of rules to run.
+    # Available rules: https://github.com/securego/gosec#available-rules
+    includes:
+      - G103 # Audit the use of unsafe block
+      - G104 # Audit errors not checked
+      - G106 # Audit the use of ssh.InsecureIgnoreHostKey
+      - G108 # Profiling endpoint automatically exposed on /debug/pprof
+      - G109 # Potential Integer overflow made by strconv.Atoi result conversion to int16/32
+      - G110 # Potential DoS vulnerability via decompression bomb
+      - G111 # Potential directory traversal
+      - G112 # Potential slowloris attack
+#      - G113 # Usage of Rat.SetString in math/big with an overflow (CVE-2022-23772)
+      - G201 # SQL query construction using format string
+      - G202 # SQL query construction using string concatenation
+      - G203 # Use of unescaped data in HTML templates
+      - G204 # Audit use of command execution
+      - G301 # Poor file permissions used when creating a directory
+      - G302 # Poor file permissions used with chmod
+      - G303 # Creating tempfile using a predictable path
+      - G304 # File path provided as taint input
+      - G305 # File traversal when extracting zip/tar archive
+      - G306 # Poor file permissions used when writing to a new file
+      - G307 # Poor file permissions used when creating a file with os.Create
+      - G401 # Detect the usage of DES, RC4, MD5 or SHA1
+      - G403 # Ensure minimum RSA key length of 2048 bits
+      - G501 # Import blocklist: crypto/md5
+      - G502 # Import blocklist: crypto/des
+      - G503 # Import blocklist: crypto/rc4
+      - G504 # Import blocklist: net/http/cgi
+      - G505 # Import blocklist: crypto/sha1
+      - G602 # Slice access out of bounds