Update Go, deps and linter

.github/workflows/go.yml

@@ -20,12 +20,12 @@ jobs:
 
     - uses: actions/setup-go@v3
       with:
-        go-version: '^1.18'
+        go-version: '^1.19'
 
     - name: Run golangci-lint
       uses: golangci/golangci-lint-action@v3
       with:
-        version: v1.45.1
+        version: v1.49.0
         only-new-issues: true
         args: -c ./.golangci.yml
 
@@ -45,7 +45,7 @@ jobs:
     - name: Setup Go
       uses: actions/setup-go@v3
       with:
-        go-version: '^1.18'
+        go-version: '^1.19'
 
     - name: Get dependencies
       run: go mod download

.golangci.yml

@@ -8,6 +8,7 @@ linters:
     - contextcheck
     - cyclop
     - exhaustivestruct
+    - exhaustruct
     - forbidigo
     - funlen
     - gochecknoglobals
@@ -17,6 +18,7 @@ linters:
     - goerr113 
     - gomnd
     - ifshort
+    - interfacebloat
     - interfacer
     - ireturn
     - lll
@@ -24,6 +26,9 @@ linters:
     - nilnil
     - nlreturn
     - noctx
+    - nolintlint
+    - nonamedreturns
+    - nosnakecase
     - revive
     - tagliatelle
     - testpackage
@@ -31,7 +36,6 @@ linters:
     - whitespace
     - wrapcheck
     - wsl
-    - nolintlint
 
 linters-settings:
   revive:

cmds/portmaster-core/main.go

@@ -1,6 +1,7 @@
+//nolint:gci,nolintlint
 package main
 
-import ( //nolint:gci,nolintlint
+import (
 	"os"
 
 	"github.com/safing/portbase/info"

core/pmtesting/testing.go

@@ -2,18 +2,17 @@
 //
 // Usage:
 //
-// 		package name
+//	package name
 //
-// 		import (
-// 			"testing"
+//	import (
+//		"testing"
 //
-// 			"github.com/safing/portmaster/core/pmtesting"
-// 		)
-//
-// 		func TestMain(m *testing.M) {
-// 			pmtesting.TestMain(m, module)
-// 		}
+//		"github.com/safing/portmaster/core/pmtesting"
+//	)
 //
+//	func TestMain(m *testing.M) {
+//		pmtesting.TestMain(m, module)
+//	}
 package pmtesting
 
 import (

firewall/interception/nfq/packet.go

@@ -71,15 +71,15 @@ func (pkt *packet) LoadPacketData() error {
 }
 
 // TODO(ppacher): revisit the following behavior:
-// 		The legacy implementation of nfqueue (and the interception) module
-// 		always accept a packet but may mark it so that a subsequent rule in
-// 		the C17 chain drops, rejects or modifies it.
 //
-//		For drop/return we could use the actual nfQueue verdicts Drop and Stop.
-//		Re-routing to local NS or SPN can be done by modifying the packet here
-//		and using SetVerdictModPacket and reject can be implemented using a simple
-// 		raw-socket.
+//	The legacy implementation of nfqueue (and the interception) module
+//	always accept a packet but may mark it so that a subsequent rule in
+//	the C17 chain drops, rejects or modifies it.
 //
+//	For drop/return we could use the actual nfQueue verdicts Drop and Stop.
+//	Re-routing to local NS or SPN can be done by modifying the packet here
+//	and using SetVerdictModPacket and reject can be implemented using a simple
+//	raw-socket.
 func (pkt *packet) mark(mark int) (err error) {
 	if pkt.verdictPending.SetToIf(false, true) {
 		defer close(pkt.verdictSet)

firewall/master.go

@@ -8,14 +8,13 @@ import (
 	"strconv"
 	"strings"
 
-	"github.com/safing/portmaster/intel/filterlists"
-
 	"github.com/agext/levenshtein"
 	"golang.org/x/net/publicsuffix"
 
 	"github.com/safing/portbase/log"
 	"github.com/safing/portmaster/detection/dga"
 	"github.com/safing/portmaster/intel/customlists"
+	"github.com/safing/portmaster/intel/filterlists"
 	"github.com/safing/portmaster/netenv"
 	"github.com/safing/portmaster/network"
 	"github.com/safing/portmaster/network/netutils"

go.mod

@@ -1,10 +1,9 @@
 module github.com/safing/portmaster
 
-go 1.18
+go 1.19
 
 require (
 	github.com/agext/levenshtein v1.2.3
-	github.com/cookieo9/resources-go v0.0.0-20150225115733-d27c04069d0d
 	github.com/coreos/go-iptables v0.6.0
 	github.com/florianl/go-nfqueue v1.3.1
 	github.com/ghodss/yaml v1.0.0
@@ -19,13 +18,14 @@ require (
 	github.com/safing/spn v0.4.15
 	github.com/shirou/gopsutil v3.21.11+incompatible
 	github.com/spf13/cobra v1.5.0
+	github.com/spkg/zipfs v0.7.1
 	github.com/stretchr/testify v1.8.0
 	github.com/tannerryan/ring v1.1.2
 	github.com/tevino/abool v1.2.0
 	github.com/umahmood/haversine v0.0.0-20151105152445-808ab04add26
-	golang.org/x/net v0.0.0-20220822230855-b0a4917ee28c
+	golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b
 	golang.org/x/sync v0.0.0-20220819030929-7fc1605a5dde
-	golang.org/x/sys v0.0.0-20220823224334-20c2bfdbfe24
+	golang.org/x/sys v0.0.0-20220829200755-d48e67d00261
 	zombiezen.com/go/sqlite v0.10.1
 )
 
@@ -47,7 +47,6 @@ require (
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/inconshreveable/mousetrap v1.0.1 // indirect
 	github.com/josharian/native v1.0.0 // indirect
-	github.com/kardianos/osext v0.0.0-20190222173326-2bc1f35cddc0 // indirect
 	github.com/mattn/go-isatty v0.0.16 // indirect
 	github.com/mdlayher/netlink v1.6.0 // indirect
 	github.com/mdlayher/socket v0.2.3 // indirect
@@ -76,13 +75,13 @@ require (
 	github.com/x448/float16 v0.8.4 // indirect
 	github.com/yusufpapurcu/wmi v1.2.2 // indirect
 	go.etcd.io/bbolt v1.3.6 // indirect
-	golang.org/x/crypto v0.0.0-20220817201139-bc19a97f63c8 // indirect
+	golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90 // indirect
 	golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect
 	golang.org/x/tools v0.1.12 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	modernc.org/libc v1.17.0 // indirect
+	modernc.org/libc v1.17.1 // indirect
 	modernc.org/mathutil v1.5.0 // indirect
-	modernc.org/memory v1.2.0 // indirect
+	modernc.org/memory v1.2.1 // indirect
 	modernc.org/sqlite v1.18.1 // indirect
 )

go.sum

@@ -236,7 +236,6 @@ github.com/containerd/fifo v0.0.0-20190226154929-a9fb20d87448/go.mod h1:ODA38xgv
 github.com/containerd/go-runc v0.0.0-20180907222934-5a6d9f37cfa3/go.mod h1:IV7qH3hrUgRmyYrtgEeGWJfWbgcHL9CSRruz2Vqcph0=
 github.com/containerd/ttrpc v0.0.0-20190828154514-0e0f228740de/go.mod h1:PvCDdDGpgqzQIzDW1TphrGLssLDZp2GuS+X5DkEJB8o=
 github.com/containerd/typeurl v0.0.0-20180627222232-a93fcdb778cd/go.mod h1:Cm3kwCdlkCfMSHURc+r6fwoGH6/F1hH3S4sg0rLFWPc=
-github.com/cookieo9/resources-go v0.0.0-20150225115733-d27c04069d0d h1:O+gcIbHv8EocDRI8swPGYI6XPJDbdZ66jeXqfoXifLE=
 github.com/cookieo9/resources-go v0.0.0-20150225115733-d27c04069d0d/go.mod h1:Da90oEbCMTyeoWRBoWQHAmajIlLPjji2U2w7HJGAnuY=
 github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
 github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
@@ -602,7 +601,6 @@ github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1
 github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
 github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
 github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
-github.com/kardianos/osext v0.0.0-20190222173326-2bc1f35cddc0 h1:iQTw/8FWTuc7uiaSepXwyf3o52HaUYcV+Tu66S3F5GA=
 github.com/kardianos/osext v0.0.0-20190222173326-2bc1f35cddc0/go.mod h1:1NbS8ALrpOvjt0rHPNLyCIeMtbizbir8U//inJ+zuB8=
 github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8=
 github.com/kevinburke/ssh_config v0.0.0-20201106050909-4977a11b4351/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
@@ -832,7 +830,6 @@ github.com/safing/portbase v0.14.2/go.mod h1:z9sRR/vqohAGdYSSx2B+o8tND4WVvcxPL6X
 github.com/safing/portbase v0.14.3/go.mod h1:z9sRR/vqohAGdYSSx2B+o8tND4WVvcxPL6XBBtN3bDI=
 github.com/safing/portbase v0.14.4/go.mod h1:z9sRR/vqohAGdYSSx2B+o8tND4WVvcxPL6XBBtN3bDI=
 github.com/safing/portbase v0.14.5/go.mod h1:z9sRR/vqohAGdYSSx2B+o8tND4WVvcxPL6XBBtN3bDI=
-github.com/safing/portbase v0.15.0 h1:WwJpnERbNfzqDkEHt39l1TbBhnvf/oB2ZKj6fkaMSTM=
 github.com/safing/portbase v0.15.0/go.mod h1:BinbSUlbOdsHTBSE8+WkKbR1bXNMlsbhhAW12EBxsUo=
 github.com/safing/portbase v0.15.1 h1:s4AzyMSF26/b0CPmyHvKJSG9nW+u42+eIxlIKyp+J1U=
 github.com/safing/portbase v0.15.1/go.mod h1:5bHi99fz7Hh/wOsZUOI631WF9ePSHk57c4fdlOMS91Y=
@@ -935,6 +932,8 @@ github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DM
 github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg=
 github.com/spf13/viper v1.8.1/go.mod h1:o0Pch8wJ9BVSWGQMbra6iw0oQ5oktSIBaujf1rJH9Ns=
 github.com/spf13/viper v1.10.0/go.mod h1:SoyBPwAtKDzypXNDFKN5kzH7ppppbGZtls1UpIy5AsM=
+github.com/spkg/zipfs v0.7.1 h1:+2X5lvNHTybnDMQZAIHgedRXZK1WXdc+94R/P5v2XWE=
+github.com/spkg/zipfs v0.7.1/go.mod h1:48LW+/Rh1G7aAav1ew1PdlYn52T+LM+ARmSHfDNJvg8=
 github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
@@ -1120,8 +1119,8 @@ golang.org/x/crypto v0.0.0-20220507011949-2cf3adece122/go.mod h1:IxCIyHEi3zRg3s0
 golang.org/x/crypto v0.0.0-20220513210258-46612604a0f9/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.0.0-20220817201139-bc19a97f63c8 h1:GIAS/yBem/gq2MUqgNIzUHW7cJMmx3TGZOrnyYaNQ6c=
-golang.org/x/crypto v0.0.0-20220817201139-bc19a97f63c8/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90 h1:Y/gsMcFOcR+6S6f3YeMKl5g+dZMEWqcz5Czj/GWYbkM=
+golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -1246,8 +1245,8 @@ golang.org/x/net v0.0.0-20220513224357-95641704303c/go.mod h1:CfG3xpIq0wQ8r1q4Su
 golang.org/x/net v0.0.0-20220708220712-1185a9018129/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.0.0-20220728211354-c7608f3a8462/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
-golang.org/x/net v0.0.0-20220822230855-b0a4917ee28c h1:JVAXQ10yGGVbSyoer5VILysz6YKjdNT2bsvlayjqhes=
-golang.org/x/net v0.0.0-20220822230855-b0a4917ee28c/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
+golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b h1:ZmngSVLe/wycRns9MKikG9OWIEjGcGAkacif7oYQaUY=
+golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -1415,8 +1414,8 @@ golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220731174439-a90be440212d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220823224334-20c2bfdbfe24 h1:TyKJRhyo17yWxOMCTHKWrc5rddHORMlnZ/j57umaUd8=
-golang.org/x/sys v0.0.0-20220823224334-20c2bfdbfe24/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220829200755-d48e67d00261 h1:v6hYoSR9T5oet+pMXwUWkbiVqx/63mlHjefrHmxwfeY=
+golang.org/x/sys v0.0.0-20220829200755-d48e67d00261/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
@@ -1750,15 +1749,15 @@ modernc.org/libc v1.16.1/go.mod h1:JjJE0eu4yeK7tab2n4S1w8tlWd9MxXLRzheaRnAKymU=
 modernc.org/libc v1.16.7/go.mod h1:hYIV5VZczAmGZAnG15Vdngn5HSF5cSkbvfz2B7GRuVU=
 modernc.org/libc v1.16.17/go.mod h1:hYIV5VZczAmGZAnG15Vdngn5HSF5cSkbvfz2B7GRuVU=
 modernc.org/libc v1.16.19/go.mod h1:p7Mg4+koNjc8jkqwcoFBJx7tXkpj00G77X7A72jXPXA=
-modernc.org/libc v1.17.0 h1:nbL2Lv0I323wLc1GmTh/AqVtI9JeBVc7Nhapdg9EONs=
-modernc.org/libc v1.17.0/go.mod h1:XsgLldpP4aWlPlsjqKRdHPqCxCjISdHfM/yeWC5GyW0=
+modernc.org/libc v1.17.1 h1:Q8/Cpi36V/QBfuQaFVeisEBs3WqoGAJprZzmf7TfEYI=
+modernc.org/libc v1.17.1/go.mod h1:FZ23b+8LjxZs7XtFMbSzL/EhPxNbfZbErxEHc7cbD9s=
 modernc.org/mathutil v1.2.2/go.mod h1:mZW8CKdRPY1v87qxC/wUdX5O1qDzXMP5TH3wjfpga6E=
 modernc.org/mathutil v1.4.1/go.mod h1:mZW8CKdRPY1v87qxC/wUdX5O1qDzXMP5TH3wjfpga6E=
 modernc.org/mathutil v1.5.0 h1:rV0Ko/6SfM+8G+yKiyI830l3Wuz1zRutdslNoQ0kfiQ=
 modernc.org/mathutil v1.5.0/go.mod h1:mZW8CKdRPY1v87qxC/wUdX5O1qDzXMP5TH3wjfpga6E=
 modernc.org/memory v1.1.1/go.mod h1:/0wo5ibyrQiaoUoH7f9D8dnglAmILJ5/cxZlRECf+Nw=
-modernc.org/memory v1.2.0 h1:zXehBrt9n+Pjn+4RoRCZ0KqRA/0ePFqcecxZ/hXCIVw=
-modernc.org/memory v1.2.0/go.mod h1:/0wo5ibyrQiaoUoH7f9D8dnglAmILJ5/cxZlRECf+Nw=
+modernc.org/memory v1.2.1 h1:dkRh86wgmq/bJu2cAS2oqBCz/KsMZU7TUM4CibQ7eBs=
+modernc.org/memory v1.2.1/go.mod h1:PkUhL0Mugw21sHPeskwZW4D6VscE/GQJOnIpCnW6pSU=
 modernc.org/opt v0.1.1/go.mod h1:WdSiB5evDcignE70guQKxYUl14mgWtbClRi5wmkkTX0=
 modernc.org/sqlite v1.17.3/go.mod h1:10hPVYar9C0kfXuTWGz8s0XtB8uAGymUy51ZzStYe3k=
 modernc.org/sqlite v1.18.0/go.mod h1:B9fRWZacNxJBHoCJZQr1R54zhVn3fjfl0aszflrTSxY=

netenv/online-status.go

@@ -468,7 +468,7 @@ func checkOnlineStatus(ctx context.Context) {
 	}
 
 	request := (&http.Request{
-		Method: "GET",
+		Method: http.MethodGet,
 		URL:    parsedPortalTestURL,
 		Close:  true,
 	}).WithContext(ctx)
@@ -495,7 +495,7 @@ func checkOnlineStatus(ctx context.Context) {
 		}
 
 		// direct response
-		if response.StatusCode == 200 {
+		if response.StatusCode == http.StatusOK {
 			updateOnlineStatus(StatusPortal, &url.URL{
 				Scheme: "http",
 				Host:   SpecialCaptivePortalDomain,

netquery/database.go

@@ -10,10 +10,10 @@ import (
 	"sync"
 	"time"
 
+	"github.com/jackc/puddle/v2"
 	"zombiezen.com/go/sqlite"
 	"zombiezen.com/go/sqlite/sqlitex"
 
-	"github.com/jackc/puddle/v2"
 	"github.com/safing/portbase/log"
 	"github.com/safing/portmaster/netquery/orm"
 	"github.com/safing/portmaster/network"
@@ -108,7 +108,6 @@ type (
 // (see Execute). To perform database writes use either Save() or ExecuteWrite().
 // Note that write connections are serialized by the Database object before being
 // handed over to SQLite.
-//
 func New(path string) (*Database, error) {
 	constructor := func(ctx context.Context) (*sqlite.Conn, error) {
 		c, err := sqlite.OpenConn(
@@ -331,7 +330,7 @@ func (db *Database) Save(ctx context.Context, conn Conn) error {
 	for key := range connMap {
 		keys = append(keys, key)
 	}
-	sort.Sort(sort.StringSlice(keys))
+	sort.Strings(keys)
 
 	for _, key := range keys {
 		value := connMap[key]

netquery/orm/decoder.go

@@ -63,7 +63,6 @@ type (
 // Decoding hooks configured in cfg are executed before trying to decode basic types and may
 // be specified to provide support for special types.
 // See DatetimeDecoder() for an example of a DecodeHook that handles graceful time.Time conversion.
-//
 func DecodeStmt(ctx context.Context, schema *TableSchema, stmt Stmt, result interface{}, cfg DecodeConfig) error {
 	// make sure we got something to decode into ...
 	if result == nil {

netquery/orm/query_runner.go

@@ -94,13 +94,12 @@ func WithDecodeConfig(cfg DecodeConfig) QueryOption {
 //
 // Example:
 //
-//		var result []struct{
-//			Count int `sqlite:"rowCount"`
-//		}
-//
-//		err := RunQuery(ctx, conn, "SELECT COUNT(*) AS rowCount FROM table", WithResult(&result))
-//		fmt.Println(result[0].Count)
+//	var result []struct{
+//		Count int `sqlite:"rowCount"`
+//	}
 //
+//	err := RunQuery(ctx, conn, "SELECT COUNT(*) AS rowCount FROM table", WithResult(&result))
+//	fmt.Println(result[0].Count)
 func RunQuery(ctx context.Context, conn *sqlite.Conn, sql string, modifiers ...QueryOption) error {
 	args := queryOpts{
 		DecodeConfig: DefaultDecodeConfig,

netquery/query.go

@@ -17,6 +17,7 @@ import (
 // Collection of Query and Matcher types.
 // NOTE: whenever adding support for new operators make sure
 // to update UnmarshalJSON as well.
+//
 //nolint:golint
 type (
 	Query map[string][]Matcher

network/packet/packet.go

@@ -125,10 +125,12 @@ func (pkt *Base) createConnectionID() {
 // MatchesAddress checks if a the packet matches a given endpoint (remote or local) in protocol, network and port.
 //
 // Comparison matrix:
-//         IN   OUT
+//
+// ======  IN   OUT
+//
 // Local   Dst  Src
 // Remote  Src  Dst
-//.
+// .
 func (pkt *Base) MatchesAddress(remote bool, protocol IPProtocol, network *net.IPNet, port uint16) bool {
 	if pkt.info.Protocol != protocol {
 		return false
@@ -154,10 +156,12 @@ func (pkt *Base) MatchesAddress(remote bool, protocol IPProtocol, network *net.I
 // MatchesIP checks if a the packet matches a given endpoint (remote or local) IP.
 //
 // Comparison matrix:
-//         IN   OUT
+//
+// ======  IN   OUT
+//
 // Local   Dst  Src
 // Remote  Src  Dst
-//.
+// .
 func (pkt *Base) MatchesIP(endpoint bool, network *net.IPNet) bool {
 	if pkt.info.Inbound != endpoint {
 		if network.Contains(pkt.info.Src) {

process/doc.go

@@ -1,7 +1,3 @@
-/*
-
-Package process fetches process and socket information from the operating system.
-It can find the process owning a network connection.
-
-*/
+// Package process fetches process and socket information from the operating system.
+// It can find the process owning a network connection.
 package process

resolver/doc.go

@@ -1,22 +1,22 @@
 /*
 Package resolver is responsible for querying DNS.
 
-DNS Servers
+# DNS Servers
 
 Internal lists of resolvers to use are built on start and rebuilt on every config or network change.
 Configured DNS servers are prioritized over servers assigned by dhcp. Domain and search options (here referred to as "search scopes") are being considered.
 
-Security
+# Security
 
 Usage of DNS Servers can be regulated using the configuration:
 
-  DoNotUseAssignedDNS        // Do not use DNS servers assigned by DHCP
-  DoNotUseMDNS               // Do not use mDNS
-  DoNotForwardSpecialDomains // Do not forward special domains to local resolvers, except if they have a search scope for it
+	DoNotUseAssignedDNS        // Do not use DNS servers assigned by DHCP
+	DoNotUseMDNS               // Do not use mDNS
+	DoNotForwardSpecialDomains // Do not forward special domains to local resolvers, except if they have a search scope for it
 
 Note: The DHCP options "domain" and "search" are ignored for servers assigned by DHCP that do not reside within local address space.
 
-Resolving DNS
+# Resolving DNS
 
 Various different queries require the resolver to behave in different manner:
 
@@ -24,6 +24,5 @@ Queries for "localhost." are immediately responded with 127.0.0.1 and ::1, for A
 Reverse lookups on local address ranges (10/8, 172.16/12, 192.168/16, fe80::/7) will be tried against every local resolver and finally mDNS until a successful, non-NXDomain answer is received.
 Special domains ("example.", "example.com.", "example.net.", "example.org.", "invalid.", "test.", "onion.") are resolved using search scopes and local resolvers.
 All other domains are resolved using search scopes and all available resolvers.
-
 */
 package resolver

resolver/resolver-https.go

@@ -90,7 +90,9 @@ func (hr *HTTPSResolver) Query(ctx context.Context, q *Query) (*RRCache, error)
 	if err != nil {
 		return nil, err
 	}
-	defer resp.Body.Close()
+	defer func() {
+		_ = resp.Body.Close()
+	}()
 
 	// Try to read the result
 	body, err := ioutil.ReadAll(resp.Body)

resolver/resolver.go

@@ -30,7 +30,7 @@ const (
 	ServerSourceEnv             = "env"
 )
 
-// DNS Resolver alias
+// DNS resolver scheme aliases.
 const (
 	HTTPSProtocol = "https"
 	TLSProtocol   = "tls"
@@ -117,14 +117,14 @@ func (info *ResolverInfo) ID() string {
 		case ServerTypeEnv:
 			info.id = ServerTypeEnv
 		case ServerTypeDoH:
-			info.id = fmt.Sprintf(
+			info.id = fmt.Sprintf( //nolint:nosprintfhostport // Not used as URL.
 				"https://%s:%d#%s",
 				info.Domain,
 				info.Port,
 				info.Source,
 			)
 		case ServerTypeDoT:
-			info.id = fmt.Sprintf(
+			info.id = fmt.Sprintf( //nolint:nosprintfhostport // Not used as URL.
 				"dot://%s:%d#%s",
 				info.Domain,
 				info.Port,

resolver/resolvers.go

@@ -10,9 +10,9 @@ import (
 	"strings"
 	"sync"
 
+	"github.com/miekg/dns"
 	"golang.org/x/net/publicsuffix"
 
-	"github.com/miekg/dns"
 	"github.com/safing/portbase/log"
 	"github.com/safing/portbase/utils"
 	"github.com/safing/portmaster/netenv"

resolver/rrcache.go

@@ -16,7 +16,8 @@ import (
 // RRCache is a single-use structure to hold a DNS response.
 // Persistence is handled through NameRecords because of a limitation of the
 // underlying dns library.
-//nolint:maligned // TODO
+//
+//nolint:maligned
 type RRCache struct {
 	// Respnse Header
 	Domain   string

status/threat.go

@@ -37,14 +37,13 @@ type ThreatPayload struct {
 //
 // Example:
 //
-//      threat := NewThreat("portscan", "Someone is scanning you").
-//      	SetData(portscanResult).
-//      	SetMitigationLevel(SecurityLevelExtreme).
-//      	Publish()
-//
-//      // Once you're done, delete the threat
-//      threat.Delete().Publish()
+//	threat := NewThreat("portscan", "Someone is scanning you").
+//		SetData(portscanResult).
+//		SetMitigationLevel(SecurityLevelExtreme).
+//		Publish()
 //
+//	Once you're done, delete the threat
+//	threat.Delete().Publish()
 func NewThreat(id, title, msg string) *Threat {
 	t := &Threat{
 		Notification: &notifications.Notification{

updates/upgrader.go

@@ -35,8 +35,7 @@ var (
 	pmCtrlUpdate *updater.File
 	pmCoreUpdate *updater.File
 
-	spnHubUpdate      *updater.File
-	hubUpgradeStarted bool
+	spnHubUpdate *updater.File
 
 	rawVersionRegex = regexp.MustCompile(`^[0-9]+\.[0-9]+\.[0-9]+b?\*?$`)
 )