Skip to content

errortypeassertion (new 38th linter) + execcommandwithoutcontext enforce-readiness: zero production violations, add both to the [Content truncated due to length] #42416

Description

@github-actions

Summary

Two type-resolved context/error-family linters are fully ready for the blocking CI gate but are not listed in cgo.yml's LINTER_FLAGS. Both currently flag zero production sites across the gate's full scope (./cmd/... ./pkg/...), so promoting them is a regression guard with no cleanup cost.

Evidence

Registry delta (37 → 38): grep -c 'Analyzer' cmd/linters/main.go = 38 (was 37 last run). The new entry is errortypeassertion.Analyzer (main.go:65).

errortypeassertion is type-resolved and parity-complete (pkg/linters/errortypeassertion/errortypeassertion.go):

  • Gates on types.Identical(TypeOf(X), builtinError) (:71-74, :101-103) — no syntactic identifier matching, so no shadow/alias FP/FN class.
  • Excludes interface targets (:80-82, :121-123) and named interfaces embedding error (documented :67-70).
  • Handles both *ast.TypeAssertExpr and *ast.TypeSwitchStmt (:43-50), incl. comma-ok and switch err.(type) init forms (typeSwitchX :135-148).
  • Wires nolint.BuildLineIndex/HasDirective (:33, :63, :113) + filecheck.IsTestFile (:63, :113).

Zero production violations:

  • errortypeassertion: every .(*T) assertion in pkg/ and cmd/ non-test code targets *ast.* / *types.* values typed as ast.Node/types.Type (not the built-in error); the only custom-interface assertion (pkg/parser/json_path_locator.go:111 info.ErrorKind.(*kind.AdditionalProperties)) is not on built-in error. No matches in cmd/.
  • execcommandwithoutcontext: every prod exec.Command( site sits in a function that does not receive context.Context (e.g. pkg/parser/remote_fetch.go downloadFileViaGitClone/resolveRefToSHAViaGit, pkg/workflow/pip_validation.go validate*WithPip, dependabot.go:339). The two ctx-receiving funcs (downloadFileViaGit :600, downloadFileViaRawURL :647) contain no exec.Command. No matches in cmd/.

Impact

Without enforcement, future code can reintroduce err.(*T) (bypassing errors.As/wrapped-error traversal) or exec.Command in ctx-aware functions (dropping cancellation propagation) and pass CI. The advisory make golint-custom (no flags) used by lint-monster runs all 38 analyzers but is not a hard gate; only the 14 linters in cgo.yml:1208 block merges.

Recommendation — single-line change

In .github/workflows/cgo.yml:1208, append both to LINTER_FLAGS:

# before
LINTER_FLAGS="-errstringmatch ... -httpnoctx -timeafterleak -test=false"
# after
LINTER_FLAGS="-errstringmatch ... -httpnoctx -timeafterleak -errortypeassertion -execcommandwithoutcontext -test=false"

Both already honor -test=false semantics via internal filecheck.IsTestFile, and both support //nolint:<name> for any future intentional exception.

Validation checklist

Effort

Small — one CI flag edit + a verification run. No source changes.

References: §28421420974

Generated by 🤖 Sergo - Serena Go Expert · 294.5 AIC · ⌖ 13.4 AIC · ⊞ 5.9K ·

  • expires on Jul 6, 2026, 9:13 PM UTC-08:00

Metadata

Metadata

Labels

cookieIssue Monster Loves Cookies!sergo

Type

No type
No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions