QA fixes: formatting, debug output, and Go version consistency

- Remove debug print statements from scanner.go that corrupted JSON output
- Fix Go version in go.mod (1.23.1 → 1.21) to match documented requirements
- Apply gofmt formatting to all Go files
- Add security note to README recommending latest Go patch version

All tests pass. All CLI features verified working.

Author: thebenignhacker

README.md

@@ -92,7 +92,7 @@ CryptoScan is purpose-built for quantum readiness assessment:
 
 #### Option 1: Build from Source
 
-Requires **Go 1.21+** ([install Go](https://go.dev/dl/))
+Requires **Go 1.21+** ([install Go](https://go.dev/dl/)) — always use the latest patch version for security fixes
 
 Copy and paste this entire block:
 

crypto-samples/crypto_samples.go

@@ -228,8 +228,8 @@ func logCryptoOperation() {
 // setCryptoMetadata sets metadata labels - should be filtered (string labels)
 func setCryptoMetadata() map[string]string {
 	return map[string]string{
-		"auth_method":      "ed25519",
-		"encryption_type":  "aes-256-gcm",
+		"auth_method":       "ed25519",
+		"encryption_type":   "aes-256-gcm",
 		"signing_algorithm": "ecdsa-p256",
 	}
 }

go.mod

@@ -1,6 +1,6 @@
 module github.com/csnp/cryptoscan
 
-go 1.23.1
+go 1.21
 
 require github.com/spf13/cobra v1.10.2
 

pkg/analyzer/analyzer.go

@@ -51,13 +51,13 @@ const (
 
 // FileContext contains analyzed information about a file
 type FileContext struct {
-	Path       string
-	Name       string
-	Extension  string
-	FileType   FileType
-	Language   Language
-	IsTest     bool
-	IsVendor   bool
+	Path        string
+	Name        string
+	Extension   string
+	FileType    FileType
+	Language    Language
+	IsTest      bool
+	IsVendor    bool
 	IsGenerated bool
 }
 

pkg/analyzer/context.go

@@ -158,7 +158,7 @@ func IsURLOrPath(line, match string) bool {
 	}
 	afterMatch := ""
 	if pos+len(match) < len(line) {
-		afterMatch = line[pos+len(match):min(len(line), pos+len(match)+20)]
+		afterMatch = line[pos+len(match) : min(len(line), pos+len(match)+20)]
 	}
 
 	// Path indicators - must have actual path separator
@@ -374,16 +374,16 @@ func determinePurpose(line string, prevLines []string, lang Language) string {
 
 // ContextPatterns contains patterns that indicate specific crypto contexts
 var ContextPatterns = map[string]*regexp.Regexp{
-	"key_generation":  regexp.MustCompile(`(?i)(generate|create|new).*key`),
-	"encryption":      regexp.MustCompile(`(?i)(encrypt|cipher|encode)`),
-	"decryption":      regexp.MustCompile(`(?i)(decrypt|decipher|decode)`),
-	"signing":         regexp.MustCompile(`(?i)(sign|signature)`),
-	"verification":    regexp.MustCompile(`(?i)(verify|validate)`),
-	"hashing":         regexp.MustCompile(`(?i)(hash|digest|checksum)`),
-	"key_exchange":    regexp.MustCompile(`(?i)(exchange|agree|handshake|negotiate)`),
-	"password":        regexp.MustCompile(`(?i)(password|passphrase|secret)`),
-	"certificate":     regexp.MustCompile(`(?i)(cert|x509|pem|der)`),
-	"random":          regexp.MustCompile(`(?i)(random|entropy|seed)`),
+	"key_generation": regexp.MustCompile(`(?i)(generate|create|new).*key`),
+	"encryption":     regexp.MustCompile(`(?i)(encrypt|cipher|encode)`),
+	"decryption":     regexp.MustCompile(`(?i)(decrypt|decipher|decode)`),
+	"signing":        regexp.MustCompile(`(?i)(sign|signature)`),
+	"verification":   regexp.MustCompile(`(?i)(verify|validate)`),
+	"hashing":        regexp.MustCompile(`(?i)(hash|digest|checksum)`),
+	"key_exchange":   regexp.MustCompile(`(?i)(exchange|agree|handshake|negotiate)`),
+	"password":       regexp.MustCompile(`(?i)(password|passphrase|secret)`),
+	"certificate":    regexp.MustCompile(`(?i)(cert|x509|pem|der)`),
+	"random":         regexp.MustCompile(`(?i)(random|entropy|seed)`),
 }
 
 // DetectCryptoContext detects what cryptographic operation is happening

pkg/analyzer/dependencies.go

@@ -14,25 +14,25 @@ import (
 
 // CryptoLibrary represents a known cryptographic library
 type CryptoLibrary struct {
-	Name         string
-	Package      string            // Package identifier (npm, pypi, maven, etc.)
-	Language     Language
-	Algorithms   []string          // Known algorithms provided
-	QuantumSafe  bool              // Whether it provides PQC algorithms
-	Description  string
-	Migration    string            // Migration guidance
-	Docs         string            // Documentation URL
+	Name        string
+	Package     string // Package identifier (npm, pypi, maven, etc.)
+	Language    Language
+	Algorithms  []string // Known algorithms provided
+	QuantumSafe bool     // Whether it provides PQC algorithms
+	Description string
+	Migration   string // Migration guidance
+	Docs        string // Documentation URL
 }
 
 // DependencyFinding represents a crypto library found in dependencies
 type DependencyFinding struct {
-	Library      CryptoLibrary
-	Version      string
-	File         string
-	Severity     types.Severity
-	Quantum      types.QuantumRisk
-	Description  string
-	Remediation  string
+	Library     CryptoLibrary
+	Version     string
+	File        string
+	Severity    types.Severity
+	Quantum     types.QuantumRisk
+	Description string
+	Remediation string
 }
 
 // KnownCryptoLibraries contains well-known cryptographic libraries
@@ -41,7 +41,7 @@ var KnownCryptoLibraries = []CryptoLibrary{
 	{Name: "cryptography", Package: "cryptography", Language: LangPython,
 		Algorithms: []string{"RSA", "ECC", "AES", "ChaCha20"}, QuantumSafe: false,
 		Description: "Python cryptographic recipes and primitives",
-		Migration: "Add liboqs-python for PQC support alongside cryptography"},
+		Migration:   "Add liboqs-python for PQC support alongside cryptography"},
 	{Name: "PyCryptodome", Package: "pycryptodome", Language: LangPython,
 		Algorithms: []string{"RSA", "ECC", "AES", "DES", "3DES"}, QuantumSafe: false,
 		Description: "Self-contained Python crypto library"},
@@ -56,7 +56,7 @@ var KnownCryptoLibraries = []CryptoLibrary{
 	{Name: "crypto-js", Package: "crypto-js", Language: LangJavaScript,
 		Algorithms: []string{"AES", "DES", "3DES", "SHA", "MD5"}, QuantumSafe: false,
 		Description: "JavaScript library of crypto standards",
-		Migration: "Consider using Web Crypto API or node:crypto for better security"},
+		Migration:   "Consider using Web Crypto API or node:crypto for better security"},
 	{Name: "node-forge", Package: "node-forge", Language: LangJavaScript,
 		Algorithms: []string{"RSA", "AES", "DES", "SHA", "MD5"}, QuantumSafe: false,
 		Description: "JavaScript implementation of TLS and crypto"},
@@ -85,7 +85,7 @@ var KnownCryptoLibraries = []CryptoLibrary{
 	{Name: "Bouncy Castle", Package: "org.bouncycastle", Language: LangJava,
 		Algorithms: []string{"RSA", "ECC", "AES", "ML-KEM", "ML-DSA"}, QuantumSafe: true,
 		Description: "Java crypto provider with PQC support in recent versions",
-		Migration: "Upgrade to BC 1.78+ for ML-KEM and ML-DSA support"},
+		Migration:   "Upgrade to BC 1.78+ for ML-KEM and ML-DSA support"},
 	{Name: "Google Tink", Package: "com.google.crypto.tink", Language: LangJava,
 		Algorithms: []string{"AES-GCM", "ECDSA", "Ed25519"}, QuantumSafe: false,
 		Description: "Multi-language, cross-platform crypto library"},

pkg/analyzer/scoring.go

@@ -365,7 +365,7 @@ func GetSecurityLevel(algorithm string, keySize int) *types.SecurityLevel {
 		}
 
 	case strings.Contains(algo, "SHA-256"), strings.Contains(algo, "SHA256"):
-		level.ClassicalBits = 128 // Collision resistance
+		level.ClassicalBits = 128      // Collision resistance
 		level.QuantumSecurityBits = 85 // Grover for collision
 
 	case strings.Contains(algo, "SHA-384"), strings.Contains(algo, "SHA384"):

pkg/patterns/matcher_test.go

@@ -184,9 +184,9 @@ func TestMatchHashFunctions(t *testing.T) {
 func TestMatchCryptoImports(t *testing.T) {
 	m := NewMatcher()
 	tests := []struct {
-		name     string
-		content  string
-		file     string
+		name    string
+		content string
+		file    string
 	}{
 		{"Go crypto", `import "crypto/tls"`, "test.go"},
 		{"Python cryptography", "from cryptography.fernet import Fernet", "test.py"},
@@ -314,13 +314,13 @@ func TestMatchWithContext(t *testing.T) {
 	m := NewMatcher()
 
 	tests := []struct {
-		name           string
-		line           string
-		file           string
-		fileCtx        *analyzer.FileContext
-		lineCtx        *analyzer.LineContext
-		expectMatch    bool
-		expectLowConf  bool
+		name          string
+		line          string
+		file          string
+		fileCtx       *analyzer.FileContext
+		lineCtx       *analyzer.LineContext
+		expectMatch   bool
+		expectLowConf bool
 	}{
 		{
 			name:        "RSA in code file",

pkg/reporter/cbom.go

@@ -29,19 +29,19 @@ func NewCBOMReporter() *CBOMReporter {
 
 // CBOM structures following CycloneDX CBOM format
 type cbomReport struct {
-	BOMFormat    string            `json:"bomFormat"`
-	SpecVersion  string            `json:"specVersion"`
-	SerialNumber string            `json:"serialNumber"`
-	Version      int               `json:"version"`
-	Metadata     cbomMetadata      `json:"metadata"`
-	Components   []cbomComponent   `json:"components"`
-	Services     []cbomService     `json:"services,omitempty"`
-	Dependencies []cbomDependency  `json:"dependencies,omitempty"`
+	BOMFormat    string           `json:"bomFormat"`
+	SpecVersion  string           `json:"specVersion"`
+	SerialNumber string           `json:"serialNumber"`
+	Version      int              `json:"version"`
+	Metadata     cbomMetadata     `json:"metadata"`
+	Components   []cbomComponent  `json:"components"`
+	Services     []cbomService    `json:"services,omitempty"`
+	Dependencies []cbomDependency `json:"dependencies,omitempty"`
 }
 
 type cbomMetadata struct {
-	Timestamp string       `json:"timestamp"`
-	Tools     []cbomTool   `json:"tools"`
+	Timestamp string         `json:"timestamp"`
+	Tools     []cbomTool     `json:"tools"`
 	Component *cbomComponent `json:"component,omitempty"`
 }
 
@@ -52,21 +52,21 @@ type cbomTool struct {
 }
 
 type cbomComponent struct {
-	Type               string                `json:"type"`
-	BOMRef             string                `json:"bom-ref,omitempty"`
-	Name               string                `json:"name"`
-	Version            string                `json:"version,omitempty"`
-	Description        string                `json:"description,omitempty"`
-	CryptoProperties   *cbomCryptoProperties `json:"cryptoProperties,omitempty"`
-	Evidence           *cbomEvidence         `json:"evidence,omitempty"`
+	Type             string                `json:"type"`
+	BOMRef           string                `json:"bom-ref,omitempty"`
+	Name             string                `json:"name"`
+	Version          string                `json:"version,omitempty"`
+	Description      string                `json:"description,omitempty"`
+	CryptoProperties *cbomCryptoProperties `json:"cryptoProperties,omitempty"`
+	Evidence         *cbomEvidence         `json:"evidence,omitempty"`
 }
 
 type cbomCryptoProperties struct {
-	AssetType               string            `json:"assetType"`
-	AlgorithmProperties     *cbomAlgorithm    `json:"algorithmProperties,omitempty"`
-	CertificateProperties   *cbomCertificate  `json:"certificateProperties,omitempty"`
-	ProtocolProperties      *cbomProtocol     `json:"protocolProperties,omitempty"`
-	OID                     string            `json:"oid,omitempty"`
+	AssetType             string           `json:"assetType"`
+	AlgorithmProperties   *cbomAlgorithm   `json:"algorithmProperties,omitempty"`
+	CertificateProperties *cbomCertificate `json:"certificateProperties,omitempty"`
+	ProtocolProperties    *cbomProtocol    `json:"protocolProperties,omitempty"`
+	OID                   string           `json:"oid,omitempty"`
 }
 
 type cbomAlgorithm struct {
@@ -83,17 +83,17 @@ type cbomAlgorithm struct {
 }
 
 type cbomCertificate struct {
-	SubjectName   string `json:"subjectName,omitempty"`
-	IssuerName    string `json:"issuerName,omitempty"`
-	NotValidBefore string `json:"notValidBefore,omitempty"`
-	NotValidAfter  string `json:"notValidAfter,omitempty"`
+	SubjectName           string `json:"subjectName,omitempty"`
+	IssuerName            string `json:"issuerName,omitempty"`
+	NotValidBefore        string `json:"notValidBefore,omitempty"`
+	NotValidAfter         string `json:"notValidAfter,omitempty"`
 	SignatureAlgorithmRef string `json:"signatureAlgorithmRef,omitempty"`
 }
 
 type cbomProtocol struct {
-	Type          string   `json:"type,omitempty"`
-	Version       string   `json:"version,omitempty"`
-	CipherSuites  []cbomCipherSuite `json:"cipherSuites,omitempty"`
+	Type         string            `json:"type,omitempty"`
+	Version      string            `json:"version,omitempty"`
+	CipherSuites []cbomCipherSuite `json:"cipherSuites,omitempty"`
 }
 
 type cbomCipherSuite struct {
@@ -113,8 +113,8 @@ type cbomOccurrence struct {
 }
 
 type cbomService struct {
-	BOMRef   string   `json:"bom-ref,omitempty"`
-	Name     string   `json:"name,omitempty"`
+	BOMRef    string   `json:"bom-ref,omitempty"`
+	Name      string   `json:"name,omitempty"`
 	Endpoints []string `json:"endpoints,omitempty"`
 }
 

pkg/reporter/sarif.go

@@ -55,9 +55,9 @@ type sarifRule struct {
 }
 
 type sarifRuleProperties struct {
-	Tags         []string `json:"tags,omitempty"`
-	QuantumRisk  string   `json:"quantumRisk,omitempty"`
-	Category     string   `json:"category,omitempty"`
+	Tags        []string `json:"tags,omitempty"`
+	QuantumRisk string   `json:"quantumRisk,omitempty"`
+	Category    string   `json:"category,omitempty"`
 }
 
 type sarifDefaultConfig struct {
@@ -69,11 +69,11 @@ type sarifMessage struct {
 }
 
 type sarifResult struct {
-	RuleID    string             `json:"ruleId"`
-	Level     string             `json:"level"`
-	Message   sarifMessage       `json:"message"`
-	Locations []sarifLocation    `json:"locations"`
-	Properties sarifResultProps  `json:"properties,omitempty"`
+	RuleID     string           `json:"ruleId"`
+	Level      string           `json:"level"`
+	Message    sarifMessage     `json:"message"`
+	Locations  []sarifLocation  `json:"locations"`
+	Properties sarifResultProps `json:"properties,omitempty"`
 }
 
 type sarifResultProps struct {