search

HACKERALERT / Picocrypt

A very small, very simple, yet very secure encryption tool.
GNU General Public License v3.0
2.42k stars 145 forks source link

suggestion for imrpovement #174

Closed pilinux closed 1 year ago

pilinux commented 1 year ago

Perhaps you can check and handle the errors (when not equals to nil) returned from different functions? Thanks.

Picocrypt.go:449:17: Error return value of `rand.Read` is not checked (errcheck)
                            rand.Read(data)

Picocrypt.go:861:13: Error return value of `fin.Read` is not checked (errcheck)
                fin.Read(tmp)

Picocrypt.go:871:14: Error return value of `fin.Read` is not checked (errcheck)
                    fin.Read(tmp)

Picocrypt.go:876:15: Error return value of `fin.Read` is not checked (errcheck)
                        fin.Read(tmp)

Picocrypt.go:974:17: Error return value of `filepath.Walk` is not checked (errcheck)
            filepath.Walk(name, func(path string, _ os.FileInfo, _ error) error {

Picocrypt.go:1215:14: Error return value of `fout.Write` is not checked (errcheck)
            fout.Write(dst)

Picocrypt.go:1348:12: Error return value of `rand.Read` is not checked (errcheck)
        rand.Read(salt)

Picocrypt.go:1349:12: Error return value of `rand.Read` is not checked (errcheck)
        rand.Read(hkdfSalt)

Picocrypt.go:1636:11: Error return value of `hkdf.Read` is not checked (errcheck)
    hkdf.Read(subkey)

Picocrypt.go:1645:11: Error return value of `hkdf.Read` is not checked (errcheck)
    hkdf.Read(serpentKey)

Picocrypt.go:1815:13: Error return value of `hkdf.Read` is not checked (errcheck)
            hkdf.Read(nonce)

Picocrypt.go:1837:12: Error return value of `fout.Seek` is not checked (errcheck)
        fout.Seek(int64(309+len(comments)*3), 0)

Picocrypt.go:1838:13: Error return value of `fout.Write` is not checked (errcheck)
        fout.Write(rsEncode(rs64, keyHash))

Picocrypt.go:1839:13: Error return value of `fout.Write` is not checked (errcheck)
        fout.Write(rsEncode(rs32, keyfileHash))

Picocrypt.go:1879:12: Error return value of `os.Rename` is not checked (errcheck)
        os.Rename(fout.Name(), fout.Name()+".tmp")

Picocrypt.go:2200:11: Error return value of `rs.Encode` is not checked (errcheck)
    rs.Encode(data, func(s infectious.Share) {

Picocrypt.go:795:4: ineffectual assignment to folders (ineffassign)
            folders++

Picocrypt.go:803:4: ineffectual assignment to files (ineffassign)
            files++
HACKERALERT commented 1 year ago

Out of curiousity, what command did you use to get this?

These potential errors don't need to be checked because they've already been checked above or are basically a guaranteed success. For example:

Picocrypt.go:449:17: Error return value of `rand.Read` is not checked (errcheck)

It's safe to assume that crypto/rand will produce things correctly.

Picocrypt.go:861:13: Error return value of `fin.Read` is not checked (errcheck)

There's already a check on L851 when opening a file. If the file can be opened, it can generally be read without issues.

And so on. Sure, these are "real" errors that can be checked, but it's diminishing returns in terms of code cleanliness.

pilinux commented 1 year ago

For all go projects, I generally use: