build(deps): bump go 1.26

.github/workflows/golangci.yml

@@ -22,6 +22,6 @@ jobs:
       - name: golangci-lint
         uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20
         with:
-          version: v2.5.0
+          version: v2.9.0
         env:
           GOEXPERIMENT: jsonv2

config/config.go

@@ -32,20 +32,20 @@ type Config struct {
 	ResultsDir string `json:"resultsDir,omitempty"`
 	Pipe       bool   `json:"pipe,omitempty"`
 
-	Default ServerInfo            `json:"default,omitempty"`
+	Default ServerInfo            `json:"default,omitzero"`
 	Servers map[string]ServerInfo `json:"servers,omitempty"`
 
 	ScanOpts
 
 	// report
-	CveDict    GoCveDictConf  `json:"cveDict,omitempty"`
-	OvalDict   GovalDictConf  `json:"ovalDict,omitempty"`
-	Gost       GostConf       `json:"gost,omitempty"`
-	Exploit    ExploitConf    `json:"exploit,omitempty"`
-	Metasploit MetasploitConf `json:"metasploit,omitempty"`
-	KEVuln     KEVulnConf     `json:"kevuln,omitempty"`
-	Cti        CtiConf        `json:"cti,omitempty"`
-	Vuls2      Vuls2Conf      `json:"vuls2,omitempty"`
+	CveDict    GoCveDictConf  `json:"cveDict,omitzero"`
+	OvalDict   GovalDictConf  `json:"ovalDict,omitzero"`
+	Gost       GostConf       `json:"gost,omitzero"`
+	Exploit    ExploitConf    `json:"exploit,omitzero"`
+	Metasploit MetasploitConf `json:"metasploit,omitzero"`
+	KEVuln     KEVulnConf     `json:"kevuln,omitzero"`
+	Cti        CtiConf        `json:"cti,omitzero"`
+	Vuls2      Vuls2Conf      `json:"vuls2,omitzero"`
 
 	Slack      SlackConf      `json:"-"`
 	EMail      SMTPConf       `json:"-"`
@@ -253,7 +253,7 @@ type ServerInfo struct {
 	UUIDs              map[string]string           `toml:"uuids,omitempty" json:"uuids,omitempty"`
 	Memo               string                      `toml:"memo,omitempty" json:"memo,omitempty"`
 	Enablerepo         []string                    `toml:"enablerepo,omitempty" json:"enablerepo,omitempty"` // For CentOS, Alma, Rocky, RHEL, Amazon
-	Optional           map[string]interface{}      `toml:"optional,omitempty" json:"optional,omitempty"`     // Optional key-value set that will be outputted to JSON
+	Optional           map[string]any              `toml:"optional,omitempty" json:"optional,omitempty"`     // Optional key-value set that will be outputted to JSON
 	Lockfiles          []string                    `toml:"lockfiles,omitempty" json:"lockfiles,omitempty"`   // ie) path/to/package-lock.json
 	FindLock           bool                        `toml:"findLock,omitempty" json:"findLock,omitempty"`
 	FindLockDirs       []string                    `toml:"findLockDirs,omitempty" json:"findLockDirs,omitempty"`

config/portscan.go

@@ -3,6 +3,7 @@ package config
 import (
 	"os"
 	"os/exec"
+	"slices"
 	"strconv"
 	"strings"
 
@@ -153,13 +154,7 @@ func (c *PortScanConf) Validate() (errs []error) {
 					parseCapability := strings.Split(strings.TrimSpace(parseOutput[1]), "+")
 					capabilities := strings.Split(parseCapability[0], ",")
 					for _, needCap := range []string{"cap_net_bind_service", "cap_net_admin", "cap_net_raw"} {
-						existCapFlag := false
-						for _, cap := range capabilities {
-							if needCap == cap {
-								existCapFlag = true
-								break
-							}
-						}
+						existCapFlag := slices.Contains(capabilities, needCap)
 
 						if existCapFlag {
 							continue
@@ -187,11 +182,8 @@ func (c *PortScanConf) Validate() (errs []error) {
 	}
 
 	if c.SourcePort != "" {
-		for _, scanTechnique := range scanTechniques {
-			if scanTechnique == TCPConnect {
-				errs = append(errs, xerrors.New("SourcePort Option(-g/--source-port) is incompatible with the default TCPConnect Scan(-sT)."))
-				break
-			}
+		if slices.Contains(scanTechniques, TCPConnect) {
+			errs = append(errs, xerrors.New("SourcePort Option(-g/--source-port) is incompatible with the default TCPConnect Scan(-sT)."))
 		}
 
 		portNumber, err := strconv.Atoi(c.SourcePort)

config/smtpconf.go

@@ -37,7 +37,7 @@ func (c *SMTPConf) Validate() (errs []error) {
 	if !c.Enabled {
 		return
 	}
-	emails := []string{}
+	emails := make([]string, 0, 1+len(c.To)+len(c.Cc))
 	emails = append(emails, c.From)
 	emails = append(emails, c.To...)
 	emails = append(emails, c.Cc...)

config/tomlloader.go

@@ -2,9 +2,11 @@ package config
 
 import (
 	"fmt"
+	"maps"
 	"net"
 	"regexp"
 	"runtime"
+	"slices"
 	"strings"
 
 	"github.com/BurntSushi/toml"
@@ -87,26 +89,14 @@ func (c TOMLLoader) Load(pathToToml string) error {
 		}
 
 		for _, cve := range Conf.Default.IgnoreCves {
-			found := false
-			for _, c := range server.IgnoreCves {
-				if cve == c {
-					found = true
-					break
-				}
-			}
+			found := slices.Contains(server.IgnoreCves, cve)
 			if !found {
 				server.IgnoreCves = append(server.IgnoreCves, cve)
 			}
 		}
 
 		for _, pkg := range Conf.Default.IgnorePkgsRegexp {
-			found := false
-			for _, p := range server.IgnorePkgsRegexp {
-				if pkg == p {
-					found = true
-					break
-				}
-			}
+			found := slices.Contains(server.IgnorePkgsRegexp, pkg)
 			if !found {
 				server.IgnorePkgsRegexp = append(server.IgnorePkgsRegexp, pkg)
 			}
@@ -313,13 +303,9 @@ func setDefaultIfEmpty(server *ServerInfo) error {
 		server.IgnoredJSONKeys = Conf.Default.IgnoredJSONKeys
 	}
 
-	opt := map[string]interface{}{}
-	for k, v := range Conf.Default.Optional {
-		opt[k] = v
-	}
-	for k, v := range server.Optional {
-		opt[k] = v
-	}
+	opt := map[string]any{}
+	maps.Copy(opt, Conf.Default.Optional)
+	maps.Copy(opt, server.Optional)
 	server.Optional = opt
 
 	return nil

config/tomlloader_test.go

@@ -2,7 +2,7 @@ package config
 
 import (
 	"reflect"
-	"sort"
+	"slices"
 	"testing"
 )
 
@@ -83,7 +83,7 @@ func TestHosts(t *testing.T) {
 	}
 	for i, tt := range tests {
 		actual, err := hosts(tt.in, tt.ignore)
-		sort.Slice(actual, func(i, j int) bool { return actual[i] < actual[j] })
+		slices.Sort(actual)
 		if err != nil && !tt.err {
 			t.Errorf("[%d] unexpected error occurred, in: %s act: %s, exp: %s",
 				i, tt.in, actual, tt.expected)

contrib/future-vuls/pkg/cpe/cpe.go

@@ -4,6 +4,7 @@ package cpe
 import (
 	"context"
 	"fmt"
+	"maps"
 	"os"
 	"slices"
 	"time"
@@ -41,15 +42,11 @@ func AddCpe(token, outputFile, proxy string) (err error) {
 	if 0 < len(needAddServers) {
 		addedServers := cpeConfig.AddServerToFvuls(ctx, needAddServers)
 		if 0 < len(addedServers) {
-			for name, server := range addedServers {
-				needAddCpes[name] = server
-			}
+			maps.Copy(needAddCpes, addedServers)
 		}
 
 		// update discover toml
-		for name, server := range needAddCpes {
-			cpeConfig.OriginalDiscoverToml[name] = server
-		}
+		maps.Copy(cpeConfig.OriginalDiscoverToml, needAddCpes)
 		if err = cpeConfig.WriteDiscoverToml(); err != nil {
 			return err
 		}
@@ -60,9 +57,7 @@ func AddCpe(token, outputFile, proxy string) (err error) {
 		if addedCpes, err = cpeConfig.AddCpeToFvuls(ctx, needAddCpes); err != nil {
 			return err
 		}
-		for name, server := range addedCpes {
-			cpeConfig.OriginalDiscoverToml[name] = server
-		}
+		maps.Copy(cpeConfig.OriginalDiscoverToml, addedCpes)
 		if err = cpeConfig.WriteDiscoverToml(); err != nil {
 			return err
 		}

contrib/future-vuls/pkg/fvuls/fvuls.go

@@ -55,7 +55,7 @@ func (f Client) UploadToFvuls(serverUUID string, groupID int64, tags []string, s
 	scanResult.ServerUUID = serverUUID
 	if 0 < len(tags) {
 		if scanResult.Optional == nil {
-			scanResult.Optional = map[string]interface{}{}
+			scanResult.Optional = map[string]any{}
 		}
 		scanResult.Optional["VULS_TAGS"] = tags
 	}

contrib/owasp-dependency-check/parser/parser.go

@@ -4,6 +4,7 @@ import (
 	"encoding/xml"
 	"io"
 	"os"
+	"slices"
 	"strings"
 
 	"github.com/knqyf263/go-cpe/naming"
@@ -24,10 +25,8 @@ type vulnerabilityID struct {
 }
 
 func appendIfMissing(slice []string, str string) []string {
-	for _, s := range slice {
-		if s == str {
-			return slice
-		}
+	if slices.Contains(slice, str) {
+		return slice
 	}
 	return append(slice, str)
 }

contrib/snmp2cpe/pkg/cpe/cpe.go

@@ -21,7 +21,7 @@ func Convert(result snmp.Result) []string {
 	case "Cisco":
 		var p, v string
 		lhs, _, _ := strings.Cut(result.SysDescr0, " RELEASE SOFTWARE")
-		for _, s := range strings.Split(lhs, ",") {
+		for s := range strings.SplitSeq(lhs, ",") {
 			s = strings.TrimSpace(s)
 			switch {
 			case strings.Contains(s, "Cisco NX-OS"):
@@ -50,7 +50,7 @@ func Convert(result snmp.Result) []string {
 		}
 	case "Juniper Networks":
 		if strings.HasPrefix(result.SysDescr0, "Juniper Networks, Inc.") {
-			for _, s := range strings.Split(strings.TrimPrefix(result.SysDescr0, "Juniper Networks, Inc. "), ",") {
+			for s := range strings.SplitSeq(strings.TrimPrefix(result.SysDescr0, "Juniper Networks, Inc. "), ",") {
 				s = strings.TrimSpace(s)
 				switch {
 				case strings.HasPrefix(s, "qfx"), strings.HasPrefix(s, "ex"), strings.HasPrefix(s, "mx"), strings.HasPrefix(s, "ptx"), strings.HasPrefix(s, "acx"), strings.HasPrefix(s, "bti"), strings.HasPrefix(s, "srx"):
@@ -77,8 +77,8 @@ func Convert(result snmp.Result) []string {
 	case "Arista Networks":
 		v, h, ok := strings.Cut(result.SysDescr0, " running on an ")
 		if ok {
-			if strings.HasPrefix(v, "Arista Networks EOS version ") {
-				cpes = append(cpes, fmt.Sprintf("cpe:2.3:o:arista:eos:%s:*:*:*:*:*:*:*", strings.ToLower(strings.TrimPrefix(v, "Arista Networks EOS version "))))
+			if after, ok0 := strings.CutPrefix(v, "Arista Networks EOS version "); ok0 {
+				cpes = append(cpes, fmt.Sprintf("cpe:2.3:o:arista:eos:%s:*:*:*:*:*:*:*", strings.ToLower(after)))
 			}
 			cpes = append(cpes, fmt.Sprintf("cpe:2.3:h:arista:%s:-:*:*:*:*:*:*:*", strings.ToLower(strings.TrimPrefix(h, "Arista Networks "))))
 		}
@@ -167,7 +167,7 @@ func Convert(result snmp.Result) []string {
 			case strings.HasPrefix(t.EntPhysicalName, "FWM_"):
 				cpes = append(cpes, fmt.Sprintf("cpe:2.3:h:fortinet:fortiwlm-%s:-:*:*:*:*:*:*:*", strings.ToLower(strings.TrimPrefix(t.EntPhysicalName, "FWM_"))))
 			}
-			for _, s := range strings.Fields(t.EntPhysicalSoftwareRev) {
+			for s := range strings.FieldsSeq(t.EntPhysicalSoftwareRev) {
 				switch {
 				case strings.HasPrefix(s, "FortiADC-"), strings.HasPrefix(s, "FortiAI-"), strings.HasPrefix(s, "FortiAnalyzer-"), strings.HasPrefix(s, "FortiAP-"),
 					strings.HasPrefix(s, "FortiAuthenticator-"), strings.HasPrefix(s, "FortiBalancer-"), strings.HasPrefix(s, "FortiBridge-"), strings.HasPrefix(s, "FortiCache-"),
@@ -378,7 +378,7 @@ func Convert(result snmp.Result) []string {
 		}
 	case "YAMAHA":
 		var h, v string
-		for _, s := range strings.Fields(result.SysDescr0) {
+		for s := range strings.FieldsSeq(result.SysDescr0) {
 			switch {
 			case strings.HasPrefix(s, "RTX"), strings.HasPrefix(s, "NVR"), strings.HasPrefix(s, "RTV"), strings.HasPrefix(s, "RT"),
 				strings.HasPrefix(s, "SRT"), strings.HasPrefix(s, "FWX"), strings.HasPrefix(s, "YSL-V810"):
@@ -397,7 +397,7 @@ func Convert(result snmp.Result) []string {
 		}
 	case "NEC":
 		var h, v string
-		for _, s := range strings.Split(result.SysDescr0, ",") {
+		for s := range strings.SplitSeq(result.SysDescr0, ",") {
 			s = strings.TrimSpace(s)
 			switch {
 			case strings.HasPrefix(s, "IX Series "):

contrib/trivy/parser/v2/parser_test.go

@@ -330,7 +330,7 @@ var redisSR = &models.ScanResult{
 			BinaryNames: []string{"bsdutils", "pkgA"},
 		},
 	},
-	Optional: map[string]interface{}{
+	Optional: map[string]any{
 		"TRIVY_IMAGE_NAME": "redis",
 		"TRIVY_IMAGE_TAG":  "latest",
 	},
@@ -1129,7 +1129,7 @@ var osAndLibSR = &models.ScanResult{
 			BinaryNames: []string{"libgnutls30"},
 		},
 	},
-	Optional: map[string]interface{}{
+	Optional: map[string]any{
 		"TRIVY_IMAGE_NAME": "quay.io/fluentd_elasticsearch/fluentd",
 		"TRIVY_IMAGE_TAG":  "v2.9.0",
 	},
@@ -1619,7 +1619,7 @@ var osAndLib2SR = &models.ScanResult{
 			BinaryNames: []string{"libgnutls30"},
 		},
 	},
-	Optional: map[string]interface{}{
+	Optional: map[string]any{
 		"TRIVY_IMAGE_NAME": "quay.io/fluentd_elasticsearch/fluentd",
 		"TRIVY_IMAGE_TAG":  "v2.9.0",
 	},
@@ -2923,7 +2923,7 @@ var oneCVEtoNVulnerabilitySR = &models.ScanResult{
 		},
 	},
 	SrcPackages: models.SrcPackages{},
-	Optional: map[string]interface{}{
+	Optional: map[string]any{
 		"TRIVY_IMAGE_NAME": "test-cve-2013-1629-cve-2023-26154",
 		"TRIVY_IMAGE_TAG":  "latest",
 	},

contrib/trivy/pkg/converter.go

@@ -91,7 +91,7 @@ func Convert(results types.Results, artifactType ftypes.ArtifactType, artifactNa
 				severities := []string{trivydbTypes.SeverityNames[severity]}
 				if cs, ok := vulnInfo.CveContents[models.CveContentType(fmt.Sprintf("%s:%s", models.Trivy, source))]; ok {
 					for _, c := range cs {
-						for _, s := range strings.Split(c.Cvss3Severity, "|") {
+						for s := range strings.SplitSeq(c.Cvss3Severity, "|") {
 							if s != "" && !slices.Contains(severities, s) {
 								severities = append(severities, s)
 							}
@@ -234,7 +234,7 @@ func Convert(results types.Results, artifactType ftypes.ArtifactType, artifactNa
 			uniqueLibrary[lib.Name+lib.Version] = lib
 		}
 
-		var libraries []models.Library
+		libraries := make([]models.Library, 0, len(uniqueLibrary))
 		for _, library := range uniqueLibrary {
 			libraries = append(libraries, library)
 		}

detector/cti.go

@@ -130,7 +130,7 @@ func getCTIsViaHTTP(cveIDs []string, urlPrefix string) (responses []ctiResponse,
 
 	concurrency := 10
 	tasks := util.GenWorkers(concurrency)
-	for i := 0; i < nReq; i++ {
+	for range nReq {
 		tasks <- func() {
 			req := <-reqChan
 			url, err := util.URLPathJoin(
@@ -151,7 +151,7 @@ func getCTIsViaHTTP(cveIDs []string, urlPrefix string) (responses []ctiResponse,
 		timeout = time.After(time.Duration(config.Conf.Cti.TimeoutSec) * time.Second)
 	}
 	var errs []error
-	for i := 0; i < nReq; i++ {
+	for range nReq {
 		select {
 		case res := <-resChan:
 			responses = append(responses, res)

detector/detector.go

@@ -444,7 +444,7 @@ func DetectWordPressCves(r *models.ScanResult, wpCnf config.WpScanConf) error {
 
 // FillCvesWithGoCVEDictionary fills CVE detail with NVD, VulnCheck, JVN, EUVD, Fortinet, MITRE, Paloalto, Cisco
 func FillCvesWithGoCVEDictionary(r *models.ScanResult, cnf config.GoCveDictConf, logOpts logging.LogOpts) (err error) {
-	cveIDs := []string{}
+	cveIDs := make([]string, 0, len(r.ScannedCves))
 	for _, v := range r.ScannedCves {
 		cveIDs = append(cveIDs, v.CveID)
 	}
@@ -812,8 +812,8 @@ func FillCweDict(r *models.ScanResult) {
 		for _, conts := range vinfo.CveContents {
 			for _, cont := range conts {
 				for _, id := range cont.CweIDs {
-					if strings.HasPrefix(id, "CWE-") {
-						id = strings.TrimPrefix(id, "CWE-")
+					if after, ok := strings.CutPrefix(id, "CWE-"); ok {
+						id = after
 						uniqCweIDMap[id] = true
 					}
 				}