Other: Bump linter

internal/config/settings/settings.go

@@ -78,7 +78,7 @@ func (s *Settings) setDefaultValues() {
 	s.setDefault(ReportOutgoingNoEncKey, "false")
 	s.setDefault(LastVersionKey, "")
 	s.setDefault(UpdateChannelKey, "")
-	s.setDefault(RolloutKey, fmt.Sprintf("%v", rand.Float64()))
+	s.setDefault(RolloutKey, fmt.Sprintf("%v", rand.Float64())) //nolint[gosec] G404 It is OK to use weak random number generator here
 	s.setDefault(PreferredKeychainKey, "")
 
 	s.setDefault(APIPortKey, DefaultAPIPort)

internal/config/tls/tls.go

@@ -154,5 +154,6 @@ func (t *TLS) GetConfig() (*tls.Config, error) {
 		ClientAuth:   tls.VerifyClientCertIfGiven,
 		RootCAs:      caCertPool,
 		ClientCAs:    caCertPool,
+		MinVersion:   tls.VersionTLS13, // gosec G402
 	}, nil
 }

internal/frontend/cli-ie/accounts.go

@@ -25,7 +25,7 @@ import (
 
 func (f *frontendCLI) listAccounts(c *ishell.Context) {
 	spacing := "%-2d: %-20s (%-15s, %-15s)\n"
-	f.Printf(bold(strings.Replace(spacing, "d", "s", -1)), "#", "account", "status", "address mode")
+	f.Printf(bold(strings.ReplaceAll(spacing, "d", "s")), "#", "account", "status", "address mode")
 	for idx, user := range f.ie.GetUsers() {
 		connected := "disconnected"
 		if user.IsConnected() {

internal/frontend/cli/accounts.go

@@ -28,7 +28,7 @@ import (
 
 func (f *frontendCLI) listAccounts(c *ishell.Context) {
 	spacing := "%-2d: %-20s (%-15s, %-15s)\n"
-	f.Printf(bold(strings.Replace(spacing, "d", "s", -1)), "#", "account", "status", "address mode")
+	f.Printf(bold(strings.ReplaceAll(spacing, "d", "s")), "#", "account", "status", "address mode")
 	for idx, user := range f.bridge.GetUsers() {
 		connected := "disconnected"
 		if user.IsConnected() {

internal/frontend/cli/system.go

@@ -161,7 +161,7 @@ func (f *frontendCLI) disallowProxy(c *ishell.Context) {
 }
 
 func (f *frontendCLI) isPortFree(port string) bool {
-	port = strings.Replace(port, ":", "", -1)
+	port = strings.ReplaceAll(port, ":", "")
 	if port == "" || port == currentPort {
 		return true
 	}

internal/imap/bridge.go

@@ -61,7 +61,7 @@ func (b *bridgeWrap) GetUser(query string) (bridgeUser, error) {
 	if err != nil {
 		return nil, err
 	}
-	return newBridgeUserWrap(user), nil
+	return newBridgeUserWrap(user), nil //nolint[typecheck] missing methods are inherited
 }
 
 type bridgeUserWrap struct {
@@ -77,5 +77,5 @@ func (u *bridgeUserWrap) GetStore() storeUserProvider {
 	if store == nil {
 		return nil
 	}
-	return newStoreUserWrap(store)
+	return newStoreUserWrap(store) //nolint[typecheck] missing methods are inherited
 }

internal/imap/store.go

@@ -123,7 +123,7 @@ func (s *storeUserWrap) GetAddress(addressID string) (storeAddressProvider, erro
 	if err != nil {
 		return nil, err
 	}
-	return newStoreAddressWrap(address), nil
+	return newStoreAddressWrap(address), nil //nolint[typecheck] missing methods are inherited
 }
 
 type storeAddressWrap struct {
@@ -137,7 +137,7 @@ func newStoreAddressWrap(address *store.Address) *storeAddressWrap {
 func (s *storeAddressWrap) ListMailboxes() []storeMailboxProvider {
 	mailboxes := []storeMailboxProvider{}
 	for _, mailbox := range s.Address.ListMailboxes() {
-		mailboxes = append(mailboxes, newStoreMailboxWrap(mailbox))
+		mailboxes = append(mailboxes, newStoreMailboxWrap(mailbox)) //nolint[typecheck] missing methods are inherited
 	}
 	return mailboxes
 }
@@ -147,7 +147,7 @@ func (s *storeAddressWrap) GetMailbox(name string) (storeMailboxProvider, error)
 	if err != nil {
 		return nil, err
 	}
-	return newStoreMailboxWrap(mailbox), nil
+	return newStoreMailboxWrap(mailbox), nil //nolint[typecheck] missing methods are inherited
 }
 
 type storeMailboxWrap struct {

internal/imap/uidplus/extension.go

@@ -228,7 +228,7 @@ func getStatusResponseCopy(uidValidity uint32, sourceSeq, targetSeq *OrderedSeq)
 
 // CopyResponse prepares OK response with extended UID information about copied message.
 func CopyResponse(uidValidity uint32, sourceSeq, targetSeq *OrderedSeq) error {
-	return server.ErrStatusResp(getStatusResponseCopy(uidValidity, sourceSeq, targetSeq))
+	return imap.ErrStatusResp{getStatusResponseCopy(uidValidity, sourceSeq, targetSeq)}
 }
 
 func getStatusResponseAppend(uidValidity uint32, targetSeq *OrderedSeq) *imap.StatusResp {
@@ -250,5 +250,5 @@ func getStatusResponseAppend(uidValidity uint32, targetSeq *OrderedSeq) *imap.St
 
 // AppendResponse prepares OK response with extended UID information about appended message.
 func AppendResponse(uidValidity uint32, targetSeq *OrderedSeq) error {
-	return server.ErrStatusResp(getStatusResponseAppend(uidValidity, targetSeq))
+	return imap.ErrStatusResp{getStatusResponseAppend(uidValidity, targetSeq)}
 }

internal/logging/crash.go

@@ -34,7 +34,7 @@ func DumpStackTrace(logsPath string) crash.RecoveryAction {
 	return func(r interface{}) error {
 		file := filepath.Join(logsPath, getStackTraceName(constants.Version, constants.Revision))
 
-		f, err := os.OpenFile(file, os.O_WRONLY|os.O_APPEND|os.O_CREATE, 0600)
+		f, err := os.OpenFile(filepath.Clean(file), os.O_WRONLY|os.O_APPEND|os.O_CREATE, 0600)
 		if err != nil {
 			return err
 		}

internal/smtp/bridge.go

@@ -51,7 +51,7 @@ func (b *bridgeWrap) GetUser(query string) (bridgeUser, error) {
 	if err != nil {
 		return nil, err
 	}
-	return newBridgeUserWrap(user), nil
+	return newBridgeUserWrap(user), nil //nolint[typecheck] missing methods are inherited
 }
 
 type bridgeUserWrap struct {

internal/transfer/provider_imap_utils.go

@@ -62,10 +62,10 @@ func imapClientDial(addr string) (IMAPClientProvider, error) {
 		client.ErrorLog = &imapErrorLogger{logrus.WithField("pkg", "imap-client")}
 		// Logrus `WriterLevel` fails for big messages because of bufio.MaxScanTokenSize limit.
 		// Also, this spams a lot, uncomment once needed during development.
-		//client.SetDebug(imap.NewDebugWriter(
+		// client.SetDebug(imap.NewDebugWriter(
 		//	logrus.WithField("pkg", "imap/client").WriterLevel(logrus.TraceLevel),
 		//	logrus.WithField("pkg", "imap/server").WriterLevel(logrus.TraceLevel),
-		//))
+		// ))
 	}
 	return client, err
 }
@@ -84,7 +84,7 @@ func imapClientDialHelper(addr string) (*imapClient.Client, error) {
 	var tlsConf *tls.Config
 	if strings.Contains(strings.ToLower(host), "yahoo") {
 		log.Warning("Yahoo server detected: limiting maximal TLS version to 1.2.")
-		tlsConf = &tls.Config{MaxVersion: tls.VersionTLS12}
+		tlsConf = &tls.Config{MaxVersion: tls.VersionTLS12} //nolint[gosec] G402
 	}
 	return imapClient.DialTLS(addr, tlsConf)
 }

internal/transfer/provider_mbox_target.go

@@ -63,7 +63,7 @@ func (p *MBOXProvider) writeMessage(msg Message) error {
 		}
 
 		mboxPath := filepath.Join(p.root, mboxName)
-		mboxFile, err := os.OpenFile(mboxPath, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0600)
+		mboxFile, err := os.OpenFile(filepath.Clean(mboxPath), os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0600)
 		if err != nil {
 			multiErr = multierror.Append(multiErr, err)
 			continue

internal/updater/sync.go

@@ -125,7 +125,7 @@ func mkdirAllClear(path string) error {
 
 // checksum assumes the file is a regular file and that it exists.
 func checksum(path string) (hash string) {
-	file, err := os.Open(path) //nolint[gosec]
+	file, err := os.Open(filepath.Clean(path))
 	if err != nil {
 		return
 	}
@@ -224,7 +224,7 @@ func copyRecursively(srcDir, dstDir string) error { // nolint[funlen]
 		}
 
 		// Create/overwrite regular file.
-		srcReader, err := os.Open(srcPath) //nolint[gosec]
+		srcReader, err := os.Open(filepath.Clean(srcPath))
 		if err != nil {
 			return err
 		}
@@ -244,7 +244,7 @@ func copyToTmpFileRename(srcReader io.Reader, dstPath string, dstMode os.FileMod
 
 func copyToFileTruncate(srcReader io.Reader, dstPath string, dstMode os.FileMode) error {
 	logrus.Debug("Copy and truncate ", dstPath)
-	dstWriter, err := os.OpenFile(dstPath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, dstMode)
+	dstWriter, err := os.OpenFile(filepath.Clean(dstPath), os.O_WRONLY|os.O_CREATE|os.O_TRUNC, dstMode) //nolint[gosec] Cannot guess the safe part of path
 	if err != nil {
 		return err
 	}