io.ReadCloser io.EOF seems to be should also be whitelisted

polyfloyd / go-errorlint

A source code linter that can be used to find code that will cause problems with Go's error wrapping scheme

MIT License

248 stars 19 forks source link

io.ReadCloser io.EOF seems to be should also be whitelisted #66

Closed psydvl closed 6 months ago

psydvl commented 10 months ago

However, this can be solved somehow with the whitelisting that follows interface embedding

Example:

func Magic(rc io.ReadCloser) {
    a := make([]byte, 10)
    _, err := rc.Read(a)
    if err != nil && err != io.EOF {
        fmt.Println(err)
        return
    }
    fmt.Println(a)
}

type MyReader interface{
    io.Reader
}

func MyMagic(rc MyReader) {
    a := make([]byte, 10)
    _, err := rc.Read(a)
    if err != nil && err != io.EOF {
        fmt.Println(err)
        return
    }
    fmt.Println(a)
}

Both raise comparing with != will fail on wrapped errors. Use errors.Is to check for a specific error

polyfloyd commented 10 months ago

Thanks for reporting this! I allowed io.EOF from (io.ReadCloser).Read.

The second example is a bit trickier as the allow-list works based on the name of the type. And since MyReader is a custom type it is not known by the allow-list. A solution would involve checking whether the source function implements one of the allowed interfaces, but I have not attempted that yet.

psydvl commented 10 months ago

Should we also expect same behavior for next types?

json.Decoder{}.Decode()
csv.Reader{}.Read() ReadAll()
mime/multipart.Reader{}.NextPart()

https://github.com/search?q=repo%3Agolang%2Fgo+%22func+Example%22+%22%3D%3D+io.EOF%22&type=code

polyfloyd commented 10 months ago

Yes, any function in the standard library that returns io.EOF is ok to allow

polyfloyd commented 6 months ago

Fixed in d1fbedb7e97b9da420a6e9ad88f9afdeb48f09ee