Enable staticcheck Go linter. (#23487)

#23486 Linter: https://staticcheck.dev/
2026-04-21 13:37:30 +00:00 · 2024-11-05 11:16:24 -06:00 · 2024-11-05 11:16:24 -06:00 · 3cf99f8039
commit 3cf99f8039
parent 3bfbc5654c
27 changed files with 70 additions and 70 deletions
--- a/.golangci.yml
+++ b/.golangci.yml
@ -15,6 +15,7 @@ linters:
    - unused
    - errcheck
    - gosimple
+    - staticcheck

 linters-settings:
  depguard:
@ -69,6 +70,8 @@ linters-settings:
      - name: superfluous-else
      - name: unreachable-code
      - name: redefines-builtin-id
+  staticcheck:
+    checks: ["all", "-SA9003", "-ST1000", "-ST1003", "-ST1016", "-ST1020", "-ST1021", "-ST1022", "-ST1023", "-SA1019"]

 # Before excluding files from gosec linter - an issue must be created and referenced in a comment.
 issues:
--- a/cmd/fleetctl/convert_test.go
+++ b/cmd/fleetctl/convert_test.go
@ -24,8 +24,8 @@ func TestConvertFileOutput(t *testing.T) {

 	// setup a file for the convert command to write to
 	file, err := os.CreateTemp(t.TempDir(), "convert_output.yml")
-	defer file.Close()
 	require.NoError(t, err)
+	defer file.Close()

 	// get the program name
 	args := os.Args[0:1]
--- a/ee/fleetctl/updates_test.go
+++ b/ee/fleetctl/updates_test.go
@ -452,7 +452,7 @@ func TestRollback(t *testing.T) {
 	assert.True(t, os.IsNotExist(err))

 	// Roots should NOT have changed.
-	repo, err = openRepo(tmpDir)
+	_, err = openRepo(tmpDir)
 	require.NoError(t, err)
 	roots := getRoots(t, tmpDir)
 	assert.Equal(t, initialRoots, roots)
--- a/orbit/pkg/cryptoinfo/info.go
+++ b/orbit/pkg/cryptoinfo/info.go
@ -19,8 +19,8 @@ type kiDataNames string

 const (
 	kiCaCertificate kiDataNames = "certificate"
-	kiCertificate               = "certificate"
-	kiKey                       = "key"
+	kiCertificate   kiDataNames = "certificate"
+	kiKey           kiDataNames = "key"
 )

 // kiType is an internal type to denote what an indentified blob is. It is ultimately presented as a string
@ -28,8 +28,8 @@ type kiType string

 const (
 	kiCACERTIFICATE kiType = "CA-CERTIFICATE" // Not totally sure what the correct string is here
-	kiCERTIFICATE          = "CERTIFICATE"
-	kiKEY                  = "KEY"
+	kiCERTIFICATE   kiType = "CERTIFICATE"
+	kiKEY           kiType = "KEY"
 )

 // kiType is an internal type to denote what encoding was used. It is ultimately presented as a string
@ -37,8 +37,8 @@ type kiEncoding string

 const (
 	kiPEM kiEncoding = "PEM"
-	kiDER            = "DER"
-	kiP12            = "P12"
+	kiDER kiEncoding = "DER"
+	kiP12 kiEncoding = "P12"
 )

 func NewKey(encoding kiEncoding) *KeyInfo {
--- a/orbit/pkg/installer/installer.go
+++ b/orbit/pkg/installer/installer.go
@ -293,7 +293,8 @@ func (r *Runner) runInstallerScript(ctx context.Context, scriptContents string,
 		return "", -1, fmt.Errorf("writing script: %w", err)
 	}

-	ctx, cancel := context.WithTimeout(context.Background(), r.installerExecutionTimeout)
+	var cancel context.CancelFunc
+	ctx, cancel = context.WithTimeout(ctx, r.installerExecutionTimeout)
 	defer cancel()

 	execFn := r.execCmdFn
--- a/pkg/spec/gitops.go
+++ b/pkg/spec/gitops.go
@ -205,7 +205,7 @@ func (g *GitOps) IsNoTeam() bool {
 }

 func isNoTeam(teamName string) bool {
-	return strings.ToLower(teamName) == strings.ToLower(noTeam)
+	return strings.EqualFold(teamName, noTeam)
 }

 const noTeam = "No team"
@ -588,9 +588,7 @@ func parsePolicyRunScript(baseDir string, teamName *string, policy *Policy, scri
 	}

 	scriptOnTeamFound := false
-	var foundScriptPaths []string
 	for _, script := range scripts {
-		foundScriptPaths = append(foundScriptPaths, *script.Path)
 		if scriptPath == *script.Path {
 			scriptOnTeamFound = true
 			break
--- a/server/datastore/cached_mysql/cached_mysql.go
+++ b/server/datastore/cached_mysql/cached_mysql.go
@ -414,7 +414,6 @@ func (ds *cachedMysql) GetAllMDMConfigAssetsByName(ctx context.Context, assetNam

 	cachedAssets := make(map[fleet.MDMAssetName]fleet.MDMConfigAsset)
 	var missingAssets []fleet.MDMAssetName
-	var missingKeys []string

 	for _, name := range assetNames {
 		key := fmt.Sprintf(mdmConfigAssetKey, name, latestHashes[name])
@ -428,7 +427,6 @@ func (ds *cachedMysql) GetAllMDMConfigAssetsByName(ctx context.Context, assetNam
 		}

 		missingAssets = append(missingAssets, name)
-		missingKeys = append(missingKeys, key)
 	}

 	if len(missingAssets) == 0 {
--- a/server/datastore/mysql/apple_mdm_test.go
+++ b/server/datastore/mysql/apple_mdm_test.go
@ -1112,7 +1112,7 @@ func expectAppleDeclarations(
 		// if an expected uploaded_at timestamp is provided for this declaration, keep
 		// its value, otherwise clear it as we don't care about asserting its
 		// value.
-		if wantD == nil || wantD.UploadedAt.IsZero() {
+		if wantD.UploadedAt.IsZero() {
 			gotD.UploadedAt = time.Time{}
 		}

--- a/server/datastore/mysql/calendar_events.go
+++ b/server/datastore/mysql/calendar_events.go
@ -83,7 +83,7 @@ func (ds *Datastore) CreateOrUpdateCalendarEvent(
 				webhook_status = VALUES(webhook_status),
 				calendar_event_id = VALUES(calendar_event_id);
 		`
-		result, err = tx.ExecContext(
+		_, err = tx.ExecContext(
 			ctx,
 			hostCalendarEventsQuery,
 			hostID,
--- a/server/datastore/mysql/hosts_test.go
+++ b/server/datastore/mysql/hosts_test.go
@ -1242,7 +1242,7 @@ func testHostsUnenrollFromMDM(t *testing.T, ds *Datastore) {
 	require.NoError(t, err)

 	// host_mdm entry should not exist anymore.
-	hmdm, err = ds.GetHostMDM(ctx, h2.ID)
+	_, err = ds.GetHostMDM(ctx, h2.ID)
 	require.NoError(t, err)

 	// host_mdm entry should still exist with empty values.
@ -3528,7 +3528,7 @@ func testHostsListFailingPolicies(t *testing.T, ds *Datastore) {
 	require.NoError(t, ds.RecordPolicyQueryExecutions(context.Background(), h1, map[uint]*bool{p.ID: ptr.Bool(false)}, time.Now(), false))
 	checkHostIssues(t, ds, hosts, filter, h1.ID, 1)

-	checkHostIssuesWithOpts(t, ds, hosts, filter, h1.ID, fleet.HostListOptions{DisableIssues: true}, 0)
+	checkHostIssuesWithOpts(t, ds, filter, h1.ID, fleet.HostListOptions{DisableIssues: true}, 0)
 }

 // This doesn't work when running the whole test suite, but helps inspect individual tests
@ -3619,13 +3619,13 @@ func testHostsReadsLessRows(t *testing.T, ds *Datastore) {
 }

 func checkHostIssues(t *testing.T, ds *Datastore, hosts []*fleet.Host, filter fleet.TeamFilter, hid uint, expected uint64) {
-	checkHostIssuesWithOpts(t, ds, hosts, filter, hid, fleet.HostListOptions{}, expected)
+	checkHostIssuesWithOpts(t, ds, filter, hid, fleet.HostListOptions{}, expected)
 }

 func checkHostIssuesWithOpts(
-	t *testing.T, ds *Datastore, hosts []*fleet.Host, filter fleet.TeamFilter, hid uint, opts fleet.HostListOptions, expected uint64,
+	t *testing.T, ds *Datastore, filter fleet.TeamFilter, hid uint, opts fleet.HostListOptions, expected uint64,
 ) {
-	hosts = listHostsCheckCount(t, ds, filter, opts, 10)
+	hosts := listHostsCheckCount(t, ds, filter, opts, 10)
 	foundH2 := false
 	var foundHost *fleet.Host
 	for _, host := range hosts {
@ -7786,7 +7786,7 @@ func testHostsLoadHostByOrbitNodeKey(t *testing.T, ds *Datastore) {
 	// simulate the device being assigned to Fleet in ABM
 	err = ds.UpsertMDMAppleHostDEPAssignments(ctx, []fleet.Host{*hFleet}, abmToken.ID)
 	require.NoError(t, err)
-	loadFleet, err = ds.LoadHostByOrbitNodeKey(ctx, *hFleet.OrbitNodeKey)
+	_, err = ds.LoadHostByOrbitNodeKey(ctx, *hFleet.OrbitNodeKey)
 	require.NoError(t, err)

 	// simulate a failed JSON profile assignment
@ -7795,7 +7795,7 @@ func testHostsLoadHostByOrbitNodeKey(t *testing.T, ds *Datastore) {
 		"foo", []string{hFleet.HardwareSerial}, string(fleet.DEPAssignProfileResponseFailed), &abmToken.ID,
 	)
 	require.NoError(t, err)
-	loadFleet, err = ds.LoadHostByOrbitNodeKey(ctx, *hFleet.OrbitNodeKey)
+	_, err = ds.LoadHostByOrbitNodeKey(ctx, *hFleet.OrbitNodeKey)
 	require.NoError(t, err)
 }

--- a/server/datastore/mysql/labels_test.go
+++ b/server/datastore/mysql/labels_test.go
@ -1057,7 +1057,7 @@ func testListHostsInLabelIssues(t *testing.T, ds *Datastore) {
 	require.NoError(t, ds.RecordPolicyQueryExecutions(context.Background(), h1, map[uint]*bool{p.ID: ptr.Bool(true)}, time.Now(), false))

 	require.NoError(t, ds.RecordPolicyQueryExecutions(context.Background(), h2, map[uint]*bool{p.ID: ptr.Bool(false), p2.ID: ptr.Bool(false)}, time.Now(), false))
-	checkLabelHostIssues(t, ds, hosts, l1.ID, filter, h2.ID, fleet.HostListOptions{}, 2, 0)
+	checkLabelHostIssues(t, ds, l1.ID, filter, h2.ID, fleet.HostListOptions{}, 2, 0)

 	// Add a critical vulnerability
 	// seed software
@ -1124,26 +1124,26 @@ func testListHostsInLabelIssues(t *testing.T, ds *Datastore) {
 	// Populate critical vulnerabilities, which can be done with premium license.
 	ctx = license.NewContext(ctx, &fleet.LicenseInfo{Tier: fleet.TierPremium})
 	assert.NoError(t, ds.UpdateHostIssuesVulnerabilities(ctx))
-	checkLabelHostIssues(t, ds, hosts, l1.ID, filter, hosts[6].ID, fleet.HostListOptions{}, 0, 4)
+	checkLabelHostIssues(t, ds, l1.ID, filter, hosts[6].ID, fleet.HostListOptions{}, 0, 4)

 	require.NoError(t, ds.RecordPolicyQueryExecutions(context.Background(), h2, map[uint]*bool{p.ID: ptr.Bool(true), p2.ID: ptr.Bool(false)}, time.Now(), false))
-	checkLabelHostIssues(t, ds, hosts, l1.ID, filter, h2.ID, fleet.HostListOptions{}, 1, 1)
+	checkLabelHostIssues(t, ds, l1.ID, filter, h2.ID, fleet.HostListOptions{}, 1, 1)

 	require.NoError(t, ds.RecordPolicyQueryExecutions(context.Background(), h2, map[uint]*bool{p.ID: ptr.Bool(true), p2.ID: ptr.Bool(true)}, time.Now(), false))
-	checkLabelHostIssues(t, ds, hosts, l1.ID, filter, h2.ID, fleet.HostListOptions{}, 0, 1)
+	checkLabelHostIssues(t, ds, l1.ID, filter, h2.ID, fleet.HostListOptions{}, 0, 1)

 	require.NoError(t, ds.RecordPolicyQueryExecutions(context.Background(), h1, map[uint]*bool{p.ID: ptr.Bool(false)}, time.Now(), false))
-	checkLabelHostIssues(t, ds, hosts, l1.ID, filter, h1.ID, fleet.HostListOptions{}, 1, 1)
+	checkLabelHostIssues(t, ds, l1.ID, filter, h1.ID, fleet.HostListOptions{}, 1, 1)

-	checkLabelHostIssues(t, ds, hosts, l1.ID, filter, h1.ID, fleet.HostListOptions{DisableIssues: true}, 0, 0)
-	checkLabelHostIssues(t, ds, hosts, l1.ID, filter, hosts[6].ID, fleet.HostListOptions{DisableIssues: true}, 0, 0)
+	checkLabelHostIssues(t, ds, l1.ID, filter, h1.ID, fleet.HostListOptions{DisableIssues: true}, 0, 0)
+	checkLabelHostIssues(t, ds, l1.ID, filter, hosts[6].ID, fleet.HostListOptions{DisableIssues: true}, 0, 0)
 }

 func checkLabelHostIssues(
-	t *testing.T, ds *Datastore, hosts []*fleet.Host, lid uint, filter fleet.TeamFilter, hid uint, opts fleet.HostListOptions,
+	t *testing.T, ds *Datastore, lid uint, filter fleet.TeamFilter, hid uint, opts fleet.HostListOptions,
 	failingPoliciesExpected uint64, criticalVulnerabilitiesExpected uint64,
 ) {
-	hosts = listHostsInLabelCheckCount(t, ds, filter, lid, opts, 10)
+	hosts := listHostsInLabelCheckCount(t, ds, filter, lid, opts, 10)
 	foundH2 := false
 	var foundHost *fleet.Host
 	for _, host := range hosts {
--- a/server/datastore/mysql/packs_test.go
+++ b/server/datastore/mysql/packs_test.go
@ -54,7 +54,7 @@ func testPacksDelete(t *testing.T, ds *Datastore) {
 	assert.Nil(t, err)

 	assert.NotEqual(t, uint(0), pack.ID)
-	pack, err = ds.Pack(context.Background(), pack.ID)
+	_, err = ds.Pack(context.Background(), pack.ID)
 	assert.NotNil(t, err)
 }

--- a/server/datastore/mysql/queries_test.go
+++ b/server/datastore/mysql/queries_test.go
@ -243,7 +243,7 @@ func testQueriesGetByName(t *testing.T, ds *Datastore) {
 	require.Equal(t, "q1", actual.Name)
 	require.Equal(t, "select * from time", actual.Query)

-	actual, err = ds.QueryByName(context.Background(), nil, "xxx")
+	_, err = ds.QueryByName(context.Background(), nil, "xxx")
 	require.Error(t, err)
 	require.True(t, fleet.IsNotFound(err))

@ -262,7 +262,7 @@ func testQueriesGetByName(t *testing.T, ds *Datastore) {
 	require.Equal(t, teamRocket.ID, *actual.TeamID)
 	require.Equal(t, "select * from time", actual.Query)

-	actual, err = ds.QueryByName(context.Background(), &teamRocket.ID, "xxx")
+	_, err = ds.QueryByName(context.Background(), &teamRocket.ID, "xxx")
 	require.Error(t, err)
 	require.True(t, fleet.IsNotFound(err))
 }
--- a/server/datastore/mysql/sessions_test.go
+++ b/server/datastore/mysql/sessions_test.go
@ -86,7 +86,7 @@ func testSessionsGetters(t *testing.T, ds *Datastore) {
 	assert.Equal(t, newSession.ID, gotByKey.ID)
 	require.Nil(t, gotByKey.APIOnly)

-	gotByID, err = ds.SessionByID(context.Background(), newSession.ID)
+	_, err = ds.SessionByID(context.Background(), newSession.ID)
 	require.NoError(t, err)
 	assert.Equal(t, newSession.ID, gotByKey.ID)
 	require.Nil(t, gotByKey.APIOnly)
@ -108,7 +108,7 @@ func testSessionsGetters(t *testing.T, ds *Datastore) {
 	require.NotNil(t, gotByKey.APIOnly)
 	assert.True(t, *gotByKey.APIOnly)

-	gotByID, err = ds.SessionByID(context.Background(), apiSession.ID)
+	_, err = ds.SessionByID(context.Background(), apiSession.ID)
 	require.NoError(t, err)
 	assert.Equal(t, apiSession.ID, gotByKey.ID)
 	require.NotNil(t, gotByKey.APIOnly)
--- a/server/datastore/mysql/teams_test.go
+++ b/server/datastore/mysql/teams_test.go
@ -217,13 +217,13 @@ func testTeamsList(t *testing.T, ds *Datastore) {
 		{User: user1, Role: "maintainer"},
 		{User: user2, Role: "observer"},
 	}
-	team1, err = ds.SaveTeam(context.Background(), team1)
+	_, err = ds.SaveTeam(context.Background(), team1)
 	require.NoError(t, err)

 	team2.Users = []fleet.TeamUser{
 		{User: user1, Role: "maintainer"},
 	}
-	team1, err = ds.SaveTeam(context.Background(), team2)
+	_, err = ds.SaveTeam(context.Background(), team2)
 	require.NoError(t, err)

 	teams, err = ds.ListTeams(context.Background(), fleet.TeamFilter{User: &user1}, fleet.ListOptions{})
--- a/server/datastore/mysql/vpp.go
+++ b/server/datastore/mysql/vpp.go
@ -1087,7 +1087,7 @@ func (ds *Datastore) GetVPPTokenByTeamID(ctx context.Context, teamID *uint) (*fl
 		err = sqlx.GetContext(ctx, ds.reader(ctx), &tokEnc, stmtNullTeam, fleet.NullTeamNoTeam)
 	}
 	if err != nil {
-		if errors.Is(sql.ErrNoRows, err) {
+		if errors.Is(err, sql.ErrNoRows) {
 			if err := sqlx.GetContext(ctx, ds.reader(ctx), &tokEnc, stmtNullTeam, fleet.NullTeamAllTeams); err != nil {
 				if errors.Is(err, sql.ErrNoRows) {
 					return nil, ctxerr.Wrap(ctx, notFound("VPPToken"), "retrieving vpp token by team")
--- a/server/datastore/mysql/vpp_test.go
+++ b/server/datastore/mysql/vpp_test.go
@ -667,7 +667,7 @@ func testGetVPPAppByTeamAndTitleID(t *testing.T, ds *Datastore) {
 	require.Equal(t, "foo", gotVPPApp.AdamID)
 	require.Equal(t, fooTitleID, gotVPPApp.TitleID)
 	// title that doesn't exist
-	gotVPPApp, err = ds.GetVPPAppByTeamAndTitleID(ctx, &team.ID, 999)
+	_, err = ds.GetVPPAppByTeamAndTitleID(ctx, &team.ID, 999)
 	require.ErrorAs(t, err, &nfe)

 	// create an entry for the global team
@ -676,7 +676,7 @@ func testGetVPPAppByTeamAndTitleID(t *testing.T, ds *Datastore) {
 	require.NoError(t, err)
 	barTitleID := barApp.TitleID
 	// not found providing the team id
-	gotVPPApp, err = ds.GetVPPAppByTeamAndTitleID(ctx, &team.ID, barTitleID)
+	_, err = ds.GetVPPAppByTeamAndTitleID(ctx, &team.ID, barTitleID)
 	require.ErrorAs(t, err, &nfe)
 	// found for the global team
 	gotVPPApp, err = ds.GetVPPAppByTeamAndTitleID(ctx, nil, barTitleID)
@ -852,7 +852,7 @@ func testVPPTokensCRUD(t *testing.T, ds *Datastore) {
 	assert.Equal(t, uint(0), teamTok.Teams[0].ID)
 	assert.Equal(t, fleet.TeamNameNoTeam, teamTok.Teams[0].Name)

-	teamTok, err = ds.GetVPPTokenByTeamID(ctx, &team.ID)
+	_, err = ds.GetVPPTokenByTeamID(ctx, &team.ID)
 	assert.Error(t, err)
 	assert.True(t, fleet.IsNotFound(err))

@ -876,7 +876,7 @@ func testVPPTokensCRUD(t *testing.T, ds *Datastore) {
 	assert.Equal(t, team.ID, toks[0].Teams[0].ID)
 	assert.Equal(t, team.Name, toks[0].Teams[0].Name)

-	teamTok, err = ds.GetVPPTokenByTeamID(ctx, nil)
+	_, err = ds.GetVPPTokenByTeamID(ctx, nil)
 	assert.Error(t, err)
 	assert.True(t, fleet.IsNotFound(err))

@ -926,11 +926,11 @@ func testVPPTokensCRUD(t *testing.T, ds *Datastore) {
 	assert.NoError(t, err)
 	assert.Len(t, toks, 1)

-	teamTok, err = ds.GetVPPTokenByTeamID(ctx, &team.ID)
+	_, err = ds.GetVPPTokenByTeamID(ctx, &team.ID)
 	assert.Error(t, err)
 	assert.True(t, fleet.IsNotFound(err))

-	teamTok, err = ds.GetVPPTokenByTeamID(ctx, nil)
+	_, err = ds.GetVPPTokenByTeamID(ctx, nil)
 	assert.Error(t, err)
 	assert.True(t, fleet.IsNotFound(err))

@ -1059,7 +1059,7 @@ func testVPPTokensCRUD(t *testing.T, ds *Datastore) {
 	assert.NoError(t, err)
 	assert.Equal(t, tokTeams.ID, tokNil.ID)

-	tokTeam1, err = ds.GetVPPTokenByTeamID(ctx, &team.ID)
+	_, err = ds.GetVPPTokenByTeamID(ctx, &team.ID)
 	assert.Error(t, err)

 	tokTeam2, err = ds.GetVPPTokenByTeamID(ctx, &team2.ID)
@ -1070,15 +1070,15 @@ func testVPPTokensCRUD(t *testing.T, ds *Datastore) {
 	err = ds.DeleteVPPToken(ctx, tokTeams.ID)
 	assert.NoError(t, err)

-	tokNil, err = ds.GetVPPTokenByTeamID(ctx, nil)
+	_, err = ds.GetVPPTokenByTeamID(ctx, nil)
 	assert.Error(t, err)
 	assert.True(t, fleet.IsNotFound(err))

-	tokTeam1, err = ds.GetVPPTokenByTeamID(ctx, &team.ID)
+	_, err = ds.GetVPPTokenByTeamID(ctx, &team.ID)
 	assert.Error(t, err)
 	assert.True(t, fleet.IsNotFound(err))

-	tokTeam2, err = ds.GetVPPTokenByTeamID(ctx, &team2.ID)
+	_, err = ds.GetVPPTokenByTeamID(ctx, &team2.ID)
 	assert.Error(t, err)
 	assert.True(t, fleet.IsNotFound(err))

--- a/server/mail/users.go
+++ b/server/mail/users.go
@ -41,7 +41,7 @@ type PasswordResetMailer struct {
 }

 func (r PasswordResetMailer) Message() ([]byte, error) {
-	r.CurrentYear = time.Now().Year()
+	r.CurrentYear = time.Now().Year() // nolint:staticcheck // SA4005 false positive for Go templates
 	t, err := server.GetTemplate("server/mail/templates/password_reset.html", "email_template")
 	if err != nil {
 		return nil, err
--- a/server/mdm/nanomdm/http/http_test.go
+++ b/server/mdm/nanomdm/http/http_test.go
@ -49,6 +49,5 @@ func (s slowReader) Read(p []byte) (n int, err error) {

 	time.Sleep(200 * time.Millisecond)
 	n = copy(p, s.b[:len(s.b)/2])
-	s.b = s.b[n:]
 	return n, nil
 }
--- a/server/mdm/nanomdm/storage/file/certauth.go
+++ b/server/mdm/nanomdm/storage/file/certauth.go
@ -50,7 +50,7 @@ func (s *FileStorage) IsCertHashAssociated(r *mdm.Request, hash string) (bool, e
 		}
 		return false, err
 	}
-	return strings.ToLower(string(b)) == strings.ToLower(hash), nil
+	return strings.EqualFold(string(b), hash), nil
 }

 func (s *FileStorage) AssociateCertHash(r *mdm.Request, hash string, _ time.Time) error {
--- a/server/service/client.go
+++ b/server/service/client.go
@ -1733,11 +1733,9 @@ func (c *Client) doGitOpsNoTeamSoftware(
 	}

 	var appsPayload []fleet.VPPBatchPayload
-	vppApps := make([]fleet.TeamSpecAppStoreApp, 0, len(config.Software.AppStoreApps))
 	appsByAppID := make(map[string]fleet.TeamSpecAppStoreApp, len(config.Software.AppStoreApps))
 	for _, vppApp := range config.Software.AppStoreApps {
 		if vppApp != nil {
-			vppApps = append(vppApps, *vppApp)
 			// can be referenced by macos_setup.software
 			appsByAppID[vppApp.AppStoreID] = *vppApp

--- a/server/service/integration_core_test.go
+++ b/server/service/integration_core_test.go
@ -11531,7 +11531,7 @@ func (s *integrationTestSuite) TestHostPastActivities() {
 	require.Equal(t, user.Email, *listResp.Activities[0].ActorEmail)
 	require.Equal(t, user.Name, *listResp.Activities[0].ActorFullName)
 	require.Equal(t, user.GravatarURL, *listResp.Activities[0].ActorGravatar)
-	require.Equal(t, "ran_script", *&listResp.Activities[0].Type)
+	require.Equal(t, "ran_script", listResp.Activities[0].Type)
 	d := getDetails(listResp.Activities[0])
 	require.Equal(t, execID1, d.ScriptExecutionID)
 	require.Equal(t, savedScript.Name, d.ScriptName)
--- a/server/service/integration_enterprise_test.go
+++ b/server/service/integration_enterprise_test.go
@ -9465,7 +9465,7 @@ func (s *integrationEnterpriseTestSuite) TestCalendarEvents() {
 		Enable:     true,
 		WebhookURL: team2WebhookServer.URL,
 	}
-	team2, err = s.ds.SaveTeam(ctx, team2)
+	_, err = s.ds.SaveTeam(ctx, team2)
 	require.NoError(t, err)

 	//
@ -10464,7 +10464,7 @@ func (s *integrationEnterpriseTestSuite) TestSoftwareInstallerUploadDownloadAndD
 			},
 		}, http.StatusNoContent)

-		r = s.Do("POST", "/api/fleet/orbit/software_install/package?alt=media", orbitDownloadSoftwareInstallerRequest{
+		_ = s.Do("POST", "/api/fleet/orbit/software_install/package?alt=media", orbitDownloadSoftwareInstallerRequest{
 			InstallerID:  installerID,
 			OrbitNodeKey: *hostInTeam.OrbitNodeKey,
 		}, http.StatusForbidden)
@ -10556,7 +10556,7 @@ func (s *integrationEnterpriseTestSuite) TestSoftwareInstallerUploadDownloadAndD
 			},
 		}, http.StatusNoContent)

-		r = s.Do("POST", "/api/fleet/orbit/software_install/package?alt=media", orbitDownloadSoftwareInstallerRequest{
+		_ = s.Do("POST", "/api/fleet/orbit/software_install/package?alt=media", orbitDownloadSoftwareInstallerRequest{
 			InstallerID:  installerID,
 			OrbitNodeKey: *hostInTeam.OrbitNodeKey,
 		}, http.StatusForbidden)
@ -12424,7 +12424,8 @@ func triggerAndWait(ctx context.Context, t *testing.T, ds fleet.Datastore, s *sc
 		}
 		select {
 		case <-timeoutCh:
-			t.Fatalf("timeout waiting for schedule %s to complete", s.Name())
+			t.Logf("timeout waiting for schedule %s to complete", s.Name())
+			t.Fail()
 		case <-time.After(250 * time.Millisecond):
 		}
 	}
@ -13999,7 +14000,7 @@ func (s *integrationEnterpriseTestSuite) TestPolicyAutomationsSoftwareInstallers
 	require.NoError(t, err)
 	require.NotNil(t, policy1Team1.SoftwareInstallerID)
 	require.Equal(t, dummyInstallerPkgInstallerID, *policy1Team1.SoftwareInstallerID)
-	require.Equal(t, "policy1Team1_Renamed", *&policy1Team1.Name)
+	require.Equal(t, "policy1Team1_Renamed", policy1Team1.Name)
 	// Explicit set to 0 to disable.
 	mtplr = modifyTeamPolicyResponse{}
 	s.DoJSON("PATCH", fmt.Sprintf("/api/latest/fleet/teams/%d/policies/%d", team1.ID, policy1Team1.ID), modifyTeamPolicyRequest{
@ -14548,7 +14549,7 @@ func (s *integrationEnterpriseTestSuite) TestPolicyAutomationsScripts() {
 	require.NoError(t, err)
 	require.NotNil(t, policy1Team1.ScriptID)
 	require.Equal(t, script.ID, *policy1Team1.ScriptID)
-	require.Equal(t, "policy1Team1_Renamed", *&policy1Team1.Name)
+	require.Equal(t, "policy1Team1_Renamed", policy1Team1.Name)
 	// Explicit set to 0 to disable.
 	mtplr = modifyTeamPolicyResponse{}
 	s.DoJSON("PATCH", fmt.Sprintf("/api/latest/fleet/teams/%d/policies/%d", team1.ID, policy1Team1.ID), modifyTeamPolicyRequest{
--- a/server/service/integration_mdm_profiles_test.go
+++ b/server/service/integration_mdm_profiles_test.go
@ -3554,7 +3554,8 @@ func (s *integrationMDMTestSuite) TestWindowsProfileManagement() {
 	}, nil)

 	// can resend a profile after it has failed
-	res = s.DoRaw("POST", fmt.Sprintf("/api/latest/fleet/hosts/%d/configuration_profiles/resend/%s", host.ID, globalProfiles[0]), nil, http.StatusAccepted)
+	_ = s.DoRaw("POST", fmt.Sprintf("/api/latest/fleet/hosts/%d/configuration_profiles/resend/%s", host.ID, globalProfiles[0]), nil,
+		http.StatusAccepted)
 	verifyProfiles(mdmDevice, 1, false)                                                 // trigger a profile sync, device gets the profile resent
 	checkHostProfileStatus(t, host.UUID, globalProfiles[0], fleet.MDMDeliveryVerifying) // profile was resent, so it back to verifying

@ -3664,7 +3665,8 @@ func (s *integrationMDMTestSuite) TestWindowsProfileManagement() {
 	}, nil)

 	// can resend a profile after it has failed
-	res = s.DoRaw("POST", fmt.Sprintf("/api/latest/fleet/hosts/%d/configuration_profiles/resend/%s", host.ID, teamProfiles[0]), nil, http.StatusAccepted)
+	_ = s.DoRaw("POST", fmt.Sprintf("/api/latest/fleet/hosts/%d/configuration_profiles/resend/%s", host.ID, teamProfiles[0]), nil,
+		http.StatusAccepted)
 	verifyProfiles(mdmDevice, 1, false)                                               // trigger a profile sync, device gets the profile resent
 	checkHostProfileStatus(t, host.UUID, teamProfiles[0], fleet.MDMDeliveryVerifying) // profile was resent, so back to verifying
 	s.lastActivityMatches(
--- a/server/service/integration_mdm_test.go
+++ b/server/service/integration_mdm_test.go
@ -10336,7 +10336,7 @@ func (s *integrationMDMTestSuite) TestRefetchIOSIPadOS() {
 		[]fleet.Software{expectedSoftware[0].Software})
 	require.NoError(t, err)
 	require.Equal(t, "DeviceInformation", cmd.Command.RequestType)
-	cmd, err = mdmClient.AcknowledgeDeviceInformation(mdmClient.UUID, cmd.CommandUUID, deviceName, "iPhone SE")
+	_, err = mdmClient.AcknowledgeDeviceInformation(mdmClient.UUID, cmd.CommandUUID, deviceName, "iPhone SE")
 	require.NoError(t, err)

 	commands, err = s.ds.GetHostMDMCommands(context.Background(), host.ID)
@ -11133,7 +11133,7 @@ func (s *integrationMDMTestSuite) TestVPPApps() {
 	s.DoJSON("GET", fmt.Sprintf("/api/latest/fleet/hosts/%d/software", mdmHost.ID), nil, http.StatusOK, &getHostSw)
 	gotSW = getHostSw.Software
 	require.Len(t, gotSW, 2) // App 1 and App 2
-	got1, got2 = gotSW[0], gotSW[1]
+	got1 = gotSW[0]
 	require.Equal(t, got1.Name, "App 1")
 	require.NotNil(t, got1.AppStoreApp)
 	require.Equal(t, got1.AppStoreApp.AppStoreID, addedApp.AdamID)
--- a/server/vulnerabilities/nvd/sync_test.go
+++ b/server/vulnerabilities/nvd/sync_test.go
@ -67,7 +67,7 @@ func TestLoadCVEMeta(t *testing.T) {
 	require.Equal(
 		t,
 		"CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/lists/zhuan.",
-		*&meta.Description,
+		meta.Description,
 	)

 	meta = metaMap["CVE-2022-22587"]
@ -77,7 +77,7 @@ func TestLoadCVEMeta(t *testing.T) {
 	require.Equal(
 		t,
 		"A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, macOS Big Sur 11.6.3, macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..",
-		*&meta.Description,
+		meta.Description,
 	)
 }

--- a/server/vulnerabilities/oval/parsed/object_state_string.go
+++ b/server/vulnerabilities/oval/parsed/object_state_string.go
@ -29,9 +29,9 @@ func (sta ObjectStateString) Eval(other string) (bool, error) {
 	case NotEqual:
 		return val != other, nil
 	case CaseInsensitiveEquals:
-		return strings.ToLower(val) == strings.ToLower(other), nil
+		return strings.EqualFold(val, other), nil
 	case CaseInsensitiveNotEqual:
-		return strings.ToLower(val) != strings.ToLower(other), nil
+		return !strings.EqualFold(val, other), nil
 	case PatternMatch:
 		r, err := regexp.Compile(val)
 		if err != nil {