Add

.golangci.yml

@@ -0,0 +1,21 @@
+version: "2"
+run:
+  timeout: 5m
+  tests: false
+  build-tags:
+    - integration
+
+linters:
+  enable:
+    - errcheck
+    - errname
+    - govet
+    - staticcheck
+    - gosec
+
+formatters:
+  enable:
+    - gofmt
+    - goimports
+
+

cmd/banforge/main.go

@@ -2,8 +2,9 @@ package main
 
 import (
 	"fmt"
-	"github.com/spf13/cobra"
 	"os"
+
+	"github.com/spf13/cobra"
 )
 
 var rootCmd = &cobra.Command{
@@ -19,8 +20,16 @@ var initCmd = &cobra.Command{
 	Short: "Initialize BanForge",
 	Run: func(cmd *cobra.Command, args []string) {
 		fmt.Println("Initializing BanForge...")
-		os.Mkdir("/var/log/banforge", 0755)
-		os.Mkdir("/etc/banforge", 0755)
+		err := os.Mkdir("/var/log/banforge", 0750)
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+		err = os.Mkdir("/etc/banforge", 0750)
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
 	},
 }
 

internal/blocker/ufw.go

@@ -1,8 +1,9 @@
 package blocker
 
 import (
-	"github.com/d3m0k1d/BanForge/internal/logger"
 	"os/exec"
+
+	"github.com/d3m0k1d/BanForge/internal/logger"
 )
 
 type Ufw struct {
@@ -16,7 +17,10 @@ func NewUfw(logger *logger.Logger) *Ufw {
 }
 
 func (ufw *Ufw) Ban(ip string) error {
-	validateIP(ip)
+	err := validateIP(ip)
+	if err != nil {
+		return err
+	}
 	cmd := exec.Command("sudo", "ufw", "--force", "deny", "from", ip)
 	output, err := cmd.CombinedOutput()
 	if err != nil {
@@ -28,7 +32,10 @@ func (ufw *Ufw) Ban(ip string) error {
 }
 
 func (ufw *Ufw) Unban(ip string) error {
-	validateIP(ip)
+	err := validateIP(ip)
+	if err != nil {
+		return err
+	}
 	cmd := exec.Command("sudo", "ufw", "--force", "delete", "deny", "from", ip)
 	output, err := cmd.CombinedOutput()
 	if err != nil {

internal/config/sysconf.go

@@ -19,10 +19,6 @@ func CreateConf() error {
 		return fmt.Errorf("you must be root to run this command, use sudo/doas")
 	}
 
-	if err := os.MkdirAll(ConfigDir, 0755); err != nil {
-		return fmt.Errorf("failed to create config directory: %w", err)
-	}
-
 	configPath := filepath.Join(ConfigDir, ConfigFile)
 
 	if _, err := os.Stat(configPath); err == nil {
@@ -30,13 +26,17 @@ func CreateConf() error {
 		return nil
 	}
 
-	file, err := os.Create(configPath)
+	file, err := os.Create("/etc/banforge/config.toml")
 	if err != nil {
 		return fmt.Errorf("failed to create config file: %w", err)
 	}
-	defer file.Close()
-
-	if err := os.Chmod(configPath, 0644); err != nil {
+	defer func() {
+		err = file.Close()
+		if err != nil {
+			fmt.Println(err)
+		}
+	}()
+	if err := os.Chmod(configPath, 0600); err != nil {
 		return fmt.Errorf("failed to set permissions: %w", err)
 	}
 

internal/config/types.go

@@ -1,8 +1,8 @@
 package config
 
 type Firewall struct {
-	Name     string `toml:"name"`
-	Ban_time int    `toml:ban_time`
+	Name    string `toml:"name"`
+	BanTime int    `toml:"ban_time"`
 }
 
 type Service struct {

internal/logger/logger.go

@@ -24,4 +24,3 @@ func New(debug bool) *Logger {
 		Logger: slog.New(handler),
 	}
 }
-

internal/parser/parser.go

@@ -22,7 +22,7 @@ type Scanner struct {
 }
 
 func NewScanner(path string) (*Scanner, error) {
-	file, err := os.Open(path)
+	file, err := os.Open(path) // #nosec G304 -- admin tool, runs as root, path controlled by operator
 	if err != nil {
 		return nil, err
 	}
@@ -67,7 +67,10 @@ func (s *Scanner) Start() {
 func (s *Scanner) Stop() {
 	close(s.stopCh)
 	time.Sleep(150 * time.Millisecond)
-	s.file.Close()
+	err := s.file.Close()
+	if err != nil {
+		s.logger.Error("Failed to close file")
+	}
 	close(s.ch)
 }