controlplaneio · 06kellyjac · Nov 12, 2025 · Nov 13, 2025 · Nov 13, 2025 · Nov 13, 2025
diff --git a/cmd/http.go b/cmd/http.go
@@ -66,7 +66,7 @@ var httpCmd = &cobra.Command{
 		stopCh := server.SetupSignalHandler()
 		jsonLogger, err := NewLogger("info", "json")
 		if err != nil {
-			return fmt.Errorf("Unable to create new logger: %w", err)
+			return fmt.Errorf("unable to create new logger: %w", err)
 		}
 
 		ver := os.Getenv("K8S_SCHEMA_VER")

diff --git a/cmd/main.go b/cmd/main.go
@@ -1,10 +1,12 @@
 package cmd
 
 import (
+	"errors"
 	"fmt"
 	"log"
 	"os"
 	"strings"
+	"syscall"
 
 	"github.com/spf13/cobra"
 	"go.uber.org/zap"
@@ -36,8 +38,15 @@ func Execute() {
 	if err != nil {
 		log.Fatalf("can't initialize zap logger: %v", err)
 	}
-
-	defer logger.Sync()
+	defer func() {
+		if err := logger.Sync(); err != nil {
+			// exclude invalid argument error
+			// https://github.com/uber-go/zap/issues/328
+			if !errors.Is(err, syscall.EINVAL) {
+				log.Fatalf("failed to cleanup logger: %+v", err)
+			}
+		}
+	}()
 
 	rootCmd.SetArgs(os.Args[1:])
 	if err := rootCmd.Execute(); err != nil {

diff --git a/cmd/print-rules.go b/cmd/print-rules.go
@@ -36,14 +36,20 @@ func init() {
 
 		printTableFn := func(w io.Writer) error {
 			tw := util.NewTabWriter(w)
-			fmt.Fprintf(tw, "ID\tReason\tPoints\tKinds\n")
+			_, err := fmt.Fprintf(tw, "ID\tReason\tPoints\tKinds\n")
+			if err != nil {
+				logger.Fatalf("could not write to tabwriter: %v", err)
+			}
 			for _, rule := range ruleSet.Rules {
-				fmt.Fprintf(tw, "%s\t%s\t%d\t%s\t\n",
+				_, err = fmt.Fprintf(tw, "%s\t%s\t%d\t%s\t\n",
 					rule.ID,
 					rule.Reason,
 					rule.Points,
 					strings.Join(rule.Kinds, ","),
 				)
+				if err != nil {
+					logger.Fatalf("could not write to tabwriter: %v", err)
+				}
 			}
 			return tw.Flush()
 		}

diff --git a/pkg/report/writer.go b/pkg/report/writer.go
@@ -37,7 +37,7 @@ func WriteReports(format string, output io.Writer, reports reports, outputTempla
 			return err
 		}
 	default:
-		return errors.New("Unrecognized format specified")
+		return errors.New("unrecognized format specified")
 	}
 
 	if err := writer.Write(reports); err != nil {

diff --git a/pkg/rules/automountServiceAccountToken.go b/pkg/rules/automountServiceAccountToken.go
@@ -2,21 +2,21 @@ package rules
 
 import (
 	"bytes"
-	
+
 	"github.com/thedevsaddam/gojsonq/v2"
 )
 
 func AutomountServiceAccountToken(json []byte) int {
 	spec := getSpecSelector(json)
-	
+
 	res := gojsonq.New().Reader(bytes.NewReader(json)).
 		From(spec + ".automountServiceAccountToken").Get()
-	
+
 	if res != nil {
 		if v, ok := res.(bool); ok && !v {
 			return 1
 		}
 	}
-	
+
 	return 0
 }
diff --git a/pkg/rules/automountServiceAccountToken_test.go b/pkg/rules/automountServiceAccountToken_test.go
@@ -2,7 +2,7 @@ package rules
 
 import (
 	"testing"
-	
+
 	"github.com/ghodss/yaml"
 )
 
@@ -67,7 +67,7 @@ spec:
 			want: 0,
 		},
 	}
-	
+
 	for _, testCase := range testCases {
 		tc := testCase
 		t.Run(tc.name, func(t *testing.T) {
@@ -226,7 +226,7 @@ spec:
 			want: 0,
 		},
 	}
-	
+
 	for _, testCase := range testCases {
 		tc := testCase
 		t.Run(tc.name, func(t *testing.T) {
@@ -354,7 +354,7 @@ spec:
 			want: 0,
 		},
 	}
-	
+
 	for _, testCase := range testCases {
 		tc := testCase
 		t.Run(tc.name, func(t *testing.T) {
@@ -486,7 +486,7 @@ spec:
 			want: 0,
 		},
 	}
-	
+
 	for _, testCase := range testCases {
 		tc := testCase
 		t.Run(tc.name, func(t *testing.T) {

diff --git a/pkg/rules/dockerSock.go b/pkg/rules/dockerSock.go
@@ -3,20 +3,24 @@ package rules
 import (
 	"bytes"
 	"fmt"
-	"github.com/thedevsaddam/gojsonq/v2"
 	"strings"
+
+	"github.com/thedevsaddam/gojsonq/v2"
 )
 
 func DockerSock(json []byte) int {
 	spec := getSpecSelector(json)
 	found := 0
 
-	paths := gojsonq.New().Reader(bytes.NewReader(json)).
+	data := gojsonq.New().Reader(bytes.NewReader(json)).
 		From(spec + ".volumes").
 		Only("hostPath.path")
 
-	if paths != nil && strings.Contains(fmt.Sprintf("%v", paths), "/var/run/docker.sock") {
-		found++
+	paths, ok := data.([]interface{})
+	if ok && paths != nil {
+		if strings.Contains(fmt.Sprintf("%v", paths), "/var/run/docker.sock") {
+			found++
+		}
 	}
 
 	return found

diff --git a/pkg/rules/limitsCPU.go b/pkg/rules/limitsCPU.go
@@ -10,12 +10,13 @@ func LimitsCPU(json []byte) int {
 	spec := getSpecSelector(json)
 	found := 0
 
-	paths := gojsonq.New().Reader(bytes.NewReader(json)).
+	data := gojsonq.New().Reader(bytes.NewReader(json)).
 		From(spec + ".containers").
 		Only("resources.limits.cpu")
 
-	if paths != nil {
-		found += len(paths.([]interface{}))
+	paths, ok := data.([]interface{})
+	if ok && paths != nil {
+		found += len(paths)
 	}
 
 	return found

diff --git a/pkg/rules/limitsMemory.go b/pkg/rules/limitsMemory.go
@@ -2,19 +2,21 @@ package rules
 
 import (
 	"bytes"
+
 	"github.com/thedevsaddam/gojsonq/v2"
 )
 
 func LimitsMemory(json []byte) int {
 	spec := getSpecSelector(json)
 	found := 0
 
-	paths := gojsonq.New().Reader(bytes.NewReader(json)).
+	data := gojsonq.New().Reader(bytes.NewReader(json)).
 		From(spec + ".containers").
 		Only("resources.limits.memory")
 
-	if paths != nil {
-		found += len(paths.([]interface{}))
+	paths, ok := data.([]interface{})
+	if ok && paths != nil {
+		found += len(paths)
 	}
 
 	return found

diff --git a/pkg/rules/procMount.go b/pkg/rules/procMount.go
@@ -12,12 +12,15 @@ func ProcMount(json []byte) int {
 	spec := getSpecSelector(json)
 	found := 0
 
-	paths := gojsonq.New().Reader(bytes.NewReader(json)).
+	data := gojsonq.New().Reader(bytes.NewReader(json)).
 		From(spec + ".volumes").
 		Only("hostPath.path")
 
-	if paths != nil && strings.Contains(fmt.Sprintf("%v", paths), "/proc") {
-		found++
+	paths, ok := data.([]interface{})
+	if ok && paths != nil {
+		if strings.Contains(fmt.Sprintf("%v", paths), "/proc") {
+			found++
+		}
 	}
 
 	return found

diff --git a/pkg/rules/requestsCPU.go b/pkg/rules/requestsCPU.go
@@ -2,19 +2,21 @@ package rules
 
 import (
 	"bytes"
+
 	"github.com/thedevsaddam/gojsonq/v2"
 )
 
 func RequestsCPU(json []byte) int {
 	spec := getSpecSelector(json)
 	found := 0
 
-	paths := gojsonq.New().Reader(bytes.NewReader(json)).
+	data := gojsonq.New().Reader(bytes.NewReader(json)).
 		From(spec + ".containers").
 		Only("resources.requests.cpu")
 
-	if paths != nil {
-		found += len(paths.([]interface{}))
+	paths, ok := data.([]interface{})
+	if ok && paths != nil {
+		found += len(paths)
 	}
 
 	return found

diff --git a/pkg/rules/requestsMemory.go b/pkg/rules/requestsMemory.go
@@ -2,19 +2,21 @@ package rules
 
 import (
 	"bytes"
+
 	"github.com/thedevsaddam/gojsonq/v2"
 )
 
 func RequestsMemory(json []byte) int {
 	spec := getSpecSelector(json)
 	found := 0
 
-	paths := gojsonq.New().Reader(bytes.NewReader(json)).
+	data := gojsonq.New().Reader(bytes.NewReader(json)).
 		From(spec + ".containers").
 		Only("resources.requests.memory")
 
-	if paths != nil {
-		found += len(paths.([]interface{}))
+	paths, ok := data.([]interface{})
+	if ok && paths != nil {
+		found += len(paths)
 	}
 
 	return found

diff --git a/pkg/rules/volumeClaimAccessModeReadWriteOnce.go b/pkg/rules/volumeClaimAccessModeReadWriteOnce.go
@@ -25,12 +25,15 @@ func VolumeClaimAccessModeReadWriteOnce(json []byte) int {
 
 	found := 0
 
-	paths := gojsonq.New().Reader(bytes.NewReader(json)).
+	data := gojsonq.New().Reader(bytes.NewReader(json)).
 		From("spec.volumeClaimTemplates").
 		Only("spec.accessModes")
 
-	if paths != nil && strings.Contains(fmt.Sprintf("%v", paths), "accessModes:[ReadWriteOnce]") {
-		found++
+	paths, ok := data.([]interface{})
+	if ok && paths != nil {
+		if strings.Contains(fmt.Sprintf("%v", paths), "accessModes:[ReadWriteOnce]") {
+			found++
+		}
 	}
 
 	return found