fix(lint): fix lll violations and additional gosec/prealloc findings

Co-authored-by: ivuorinen <11024+ivuorinen@users.noreply.github.com>

cmd/helpers.go

@@ -28,7 +28,8 @@ func createTimeoutContext(base context.Context, config *Config) (context.Context
 	if config != nil && config.CommandTimeout > 0 {
 		timeout = config.CommandTimeout
 	}
-	return context.WithTimeout(base, timeout) // #nosec G118 -- cancel is returned to callers who are responsible for calling it
+	// #nosec G118 -- cancel is returned to callers who are responsible for calling it
+	return context.WithTimeout(base, timeout)
 }
 
 // IsCI detects if we're running in a CI environment

fail2ban/fail2ban_log_performance_benchmark_test.go

@@ -58,6 +58,7 @@ func setupBenchmarkLogEnvironment(b *testing.B, source string) func() {
 
 	tempDir := b.TempDir()
 	dest := filepath.Join(tempDir, "fail2ban.log")
+	// #nosec G703 -- dest is constructed from b.TempDir() and a literal string, not user input
 	if err := os.WriteFile(dest, data, 0o600); err != nil {
 		b.Fatalf("failed to create benchmark log file: %v", err)
 	}

fail2ban/fail2ban_logs_integration_test.go

@@ -418,6 +418,7 @@ func BenchmarkLogParsing(b *testing.B) {
 	if err != nil {
 		b.Fatalf("Failed to read test file: %v", err)
 	}
+	// #nosec G703 -- mainLog is constructed from b.TempDir() and a literal string, not user input
 	if err := os.WriteFile(mainLog, data, 0600); err != nil {
 		b.Fatalf("Failed to create test log: %v", err)
 	}

fail2ban/security_utils.go

@@ -57,14 +57,6 @@ func ContainsPathTraversal(input string) bool {
 // The returned patterns include both production patterns (real attack signatures)
 // and test sentinels (used exclusively in test fixtures for validation).
 func GetDangerousCommandPatterns() []string {
-	// Production patterns: Real command injection and SQL injection signatures
-	productionPatterns := []string{
-		"rm -rf",                     // Destructive file operations
-		"drop table",                 // SQL injection attempts
-		"'; cat",                     // Command injection with file reads
-		"/etc/passwd", "/etc/shadow", // Specific sensitive file access
-	}
-
 	// Test sentinels: Markers used exclusively in test fixtures
 	// These help verify pattern detection logic in tests
 	testSentinels := []string{
@@ -84,6 +76,16 @@ func GetDangerousCommandPatterns() []string {
 		"DANGEROUS_EVAL_FUNCTION",
 	}
 
+	// Production patterns: Real command injection and SQL injection signatures
+	// Preallocate with combined capacity to avoid reallocation when appending testSentinels
+	productionPatterns := make([]string, 0, 5+len(testSentinels))
+	productionPatterns = append(productionPatterns,
+		"rm -rf",                     // Destructive file operations
+		"drop table",                 // SQL injection attempts
+		"'; cat",                     // Command injection with file reads
+		"/etc/passwd", "/etc/shadow", // Specific sensitive file access
+	)
+
 	// Combine both lists for backward compatibility
 	return append(productionPatterns, testSentinels...)
 }

fail2ban/test_helpers.go

@@ -45,7 +45,8 @@ func setupTestLogEnvironment(t *testing.T, testDataFile string) (cleanup func())
 	if err != nil {
 		t.Fatalf("Failed to read test file: %v", err)
 	}
-	if err := os.WriteFile(mainLog, data, shared.DefaultFilePermissions); err != nil { // #nosec G703 -- path is constructed from t.TempDir() and a literal string, not user input
+	// #nosec G703 -- path is constructed from t.TempDir() and a literal string, not user input
+	if err := os.WriteFile(mainLog, data, shared.DefaultFilePermissions); err != nil {
 		t.Fatalf("Failed to create test log: %v", err)
 	}