Address linter issues coming from govet

internal/controlplane/handlers_authz.go

@@ -315,7 +315,7 @@ func (s *Server) AssignRole(ctx context.Context, req *minder.AssignRoleRequest)
 	// Parse role (this also validates)
 	authzRole, err := authz.ParseRole(role)
 	if err != nil {
-		return nil, util.UserVisibleError(codes.InvalidArgument, err.Error())
+		return nil, util.UserVisibleError(codes.InvalidArgument, "%s", err.Error())
 	}
 
 	// Ensure the target project exists
@@ -377,7 +377,7 @@ func (s *Server) RemoveRole(ctx context.Context, req *minder.RemoveRoleRequest)
 	// Parse role (this also validates)
 	authzRole, err := authz.ParseRole(role)
 	if err != nil {
-		return nil, util.UserVisibleError(codes.InvalidArgument, err.Error())
+		return nil, util.UserVisibleError(codes.InvalidArgument, "%s", err.Error())
 	}
 
 	// Validate the subject and email - decide if it's about removing an invitation or a role assignment
@@ -433,7 +433,7 @@ func (s *Server) UpdateRole(ctx context.Context, req *minder.UpdateRoleRequest)
 	// Parse role (this also validates)
 	authzRole, err := authz.ParseRole(role)
 	if err != nil {
-		return nil, util.UserVisibleError(codes.InvalidArgument, err.Error())
+		return nil, util.UserVisibleError(codes.InvalidArgument, "%s", err.Error())
 	}
 
 	// Validate the subject and email - decide if it's about updating an invitation or a role assignment

internal/controlplane/handlers_authz_test.go

@@ -256,7 +256,7 @@ func TestProjectAuthorizationInterceptor(t *testing.T) {
 			},
 			rpcErr: util.UserVisibleError(
 				codes.PermissionDenied,
-				fmt.Sprintf("user %q is not authorized to perform this operation on project %q", "subject1", projectID)),
+				"user %q is not authorized to perform this operation on project %q", "subject1", projectID),
 		},
 		{
 			name:     "authorized on project",

internal/controlplane/handlers_oauth.go

@@ -299,7 +299,7 @@ func (s *Server) processOAuthCallback(ctx context.Context, w http.ResponseWriter
 		zerolog.Ctx(ctx).Info().Str("provider", provider).Msg("Provider already exists")
 	} else if errors.As(err, &errConfig) {
 		return newHttpError(http.StatusBadRequest, "Invalid provider config").SetContents(
-			"The provider configuration is invalid: " + errConfig.Details)
+			"The provider configuration is invalid: %s", errConfig.Details)
 	} else if err != nil {
 		return fmt.Errorf("error creating provider: %w", err)
 	}
@@ -376,7 +376,7 @@ func (s *Server) processAppCallback(ctx context.Context, w http.ResponseWriter,
 		if err != nil {
 			if errors.As(err, &confErr) {
 				return newHttpError(http.StatusBadRequest, "Invalid provider config").SetContents(
-					"The provider configuration is invalid: " + confErr.Details)
+					"The provider configuration is invalid: %s", confErr.Details)
 			}
 			if errors.Is(err, service.ErrInvalidTokenIdentity) {
 				return newHttpError(http.StatusForbidden, "User token mismatch").SetContents(

internal/controlplane/handlers_providers.go

@@ -71,7 +71,7 @@ func (s *Server) CreateProvider(
 		return nil, util.UserVisibleError(codes.AlreadyExists, "provider already exists")
 	} else if errors.As(err, &configErr) {
 		zerolog.Ctx(ctx).Error().Err(err).Msg("provider config does not validate")
-		return nil, util.UserVisibleError(codes.InvalidArgument, "invalid provider config: "+configErr.Details)
+		return nil, util.UserVisibleError(codes.InvalidArgument, "invalid provider config: %s", configErr.Details)
 	} else if err != nil {
 		return nil, status.Errorf(codes.Internal, "error creating provider: %v", err)
 	}

internal/controlplane/handlers_repositories.go

@@ -84,7 +84,7 @@ func (s *Server) RegisterRepository(
 	newRepo, err := s.repos.CreateRepository(ctx, provider, projectID, githubRepo.GetOwner(), githubRepo.GetName())
 	if err != nil {
 		if errors.Is(err, ghrepo.ErrPrivateRepoForbidden) || errors.Is(err, ghrepo.ErrArchivedRepoForbidden) {
-			return nil, util.UserVisibleError(codes.InvalidArgument, err.Error())
+			return nil, util.UserVisibleError(codes.InvalidArgument, "%s", err.Error())
 		}
 		return nil, util.UserVisibleError(codes.Internal, "unable to register repository: %v", err)
 	}
@@ -115,7 +115,7 @@ func (s *Server) ListRepositories(ctx context.Context,
 
 	reqRepoCursor, err := cursorutil.NewRepoCursor(in.GetCursor())
 	if err != nil {
-		return nil, util.UserVisibleError(codes.InvalidArgument, err.Error())
+		return nil, util.UserVisibleError(codes.InvalidArgument, "%s", err.Error())
 	}
 
 	repoId := sql.NullInt64{}

internal/controlplane/handlers_ruletype.go

@@ -245,7 +245,7 @@ func (s *Server) DeleteRuleType(
 	if err == nil {
 		if len(profiles) > 0 {
 			return nil, util.UserVisibleError(codes.FailedPrecondition,
-				fmt.Sprintf("cannot delete: rule type %s is used by profiles %s", in.GetId(), strings.Join(profiles, ", ")))
+				"cannot delete: rule type %s is used by profiles %s", in.GetId(), strings.Join(profiles, ", "))
 		}
 	} else if !errors.Is(err, sql.ErrNoRows) {
 		// If we failed for another reason, return an error

internal/engine/eval/jq/jq.go

@@ -97,7 +97,7 @@ func (jqe *Evaluator) Eval(ctx context.Context, pol map[string]any, res *engif.R
 				msg = fmt.Sprintf("%s\nassertion: %s", msg, string(marshalledAssertion))
 			}
 
-			return evalerrors.NewErrEvaluationFailed(msg)
+			return evalerrors.NewErrEvaluationFailed("%s", msg)
 		}
 	}
 

internal/engine/eval/rego/result.go

@@ -246,5 +246,5 @@ func (jrb *jsonResultBuilder) formatResults() error {
 		return fmt.Errorf("failed to marshal violations: %w", err)
 	}
 
-	return engerrors.NewErrEvaluationFailed(string(jsonArray))
+	return engerrors.NewErrEvaluationFailed("%s", string(jsonArray))
 }

internal/engine/eval/trusty/trusty.go

@@ -216,7 +216,7 @@ func buildEvalResult(prSummary *summaryPrHandler) error {
 	}
 
 	if failedEvalMsg != "" {
-		return evalerrors.NewErrEvaluationFailed(failedEvalMsg)
+		return evalerrors.NewErrEvaluationFailed("%s", failedEvalMsg)
 	}
 
 	return nil

internal/engine/eval/vulncheck/vulncheck.go

@@ -58,7 +58,7 @@ func (e *Evaluator) Eval(ctx context.Context, pol map[string]any, res *engif.Res
 	}
 
 	if len(vulnerablePackages) > 0 {
-		return evalerrors.NewErrEvaluationFailed(fmt.Sprintf("vulnerable packages: %s", strings.Join(vulnerablePackages, ",")))
+		return evalerrors.NewErrEvaluationFailed("vulnerable packages: %s", strings.Join(vulnerablePackages, ","))
 	}
 
 	return nil

internal/roles/service.go

@@ -130,7 +130,7 @@ func (_ *roleService) UpdateRoleAssignment(ctx context.Context, qtx db.Querier,
 		if a.Subject == identity.String() {
 			roleToDelete, err := authz.ParseRole(a.Role)
 			if err != nil {
-				return nil, util.UserVisibleError(codes.Internal, err.Error())
+				return nil, util.UserVisibleError(codes.Internal, "%s", err.Error())
 			}
 			if err := authzClient.Delete(ctx, identity.String(), roleToDelete, targetProject); err != nil {
 				return nil, status.Errorf(codes.Internal, "error deleting previous role assignment: %v", err)