search

tonymet / gcloud-go

A faster Google Cloud & Firebase CLI with no dependencies. Reduces CI/CD costs for deployments & storage
GNU General Public License v3.0
4 stars 1 forks source link

Resolve gosec warnings #5

Open tonymet opened 1 week ago

tonymet commented 1 week ago

Clear up these gosec warnings, especially the SEVERITY:MEDIUM ones

Setup

  1. Create firebase dev site for testing
  2. install gosec
 go install github.com/securego/gosec/v2/cmd/gosec@latest

Testing

$ go test ./...
# run e2e test this way:
$ go run . deploy -source ./public -site dev-gcloud-go

List of Warnings

Results:

[//home/gcloud-go/rest/storage.go:54] - G304 (CWE-22): Potential file inclusion via variable (Confidence: HIGH, Severity: MEDIUM)
    53:                                         results <- err
  > 54:                                 } else if outF, err := os.Create(outputFileName); err != nil {
    55:                                         results <- err

Autofix:

[//home/gcloud-go/rest/api_calls.go:76] - G304 (CWE-22): Potential file inclusion via variable (Confidence: HIGH, Severity: MEDIUM)
    75:                         for shaHash := range jobs {
  > 76:                                 if f, err := os.Open(ppath.Join(stagingDir, shaHash)); err != nil {
    77:                                         results <- err

Autofix:

[//home/gcloud-go/compress/fs_mock.go:57] - G304 (CWE-22): Potential file inclusion via variable (Confidence: HIGH, Severity: MEDIUM)
    56: func (osFS) Open(name string) (fileReader, error)   { return os.Open(name) }
  > 57: func (osFS) Create(name string) (fileWriter, error) { return os.Create(name) }
    58:

Autofix:

[//home/gcloud-go/compress/fs_mock.go:56] - G304 (CWE-22): Potential file inclusion via variable (Confidence: HIGH, Severity: MEDIUM)
    55:
  > 56: func (osFS) Open(name string) (fileReader, error)   { return os.Open(name) }
    57: func (osFS) Create(name string) (fileWriter, error) { return os.Create(name) }

Autofix:

[//home/gcloud-go/rest/storage.go:62] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
    61:                                         objReader.Close()
  > 62:                                         outF.Close()
    63:                                         results <- nil

Autofix:

[//home/gcloud-go/rest/storage.go:61] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
    60:                                 } else {
  > 61:                                         objReader.Close()
    62:                                         outF.Close()

Autofix:

[//home/gcloud-go/compress/compress.go:37] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
    36:                 inF.Close()
  > 37:                 outF.Close()
    38:                 return h, nil

Autofix:

[//home/gcloud-go/compress/compress.go:36] - G104 (CWE-703): Errors unhandled. (Confidence: HIGH, Severity: LOW)
    35:         } else {
  > 36:                 inF.Close()
    37:                 outF.Close()

Autofix:

Summary:
  Gosec  : dev
  Files  : 7
  Lines  : 685
  Nosec  : 0
  Issues : 8
tonymet commented 1 week ago

@deining a good issue related to your last fix.