From 00e2957738550c060d05732b2145c56124a2aa71 Mon Sep 17 00:00:00 2001
From: Volker Schukai <volker.schukai@schukai.com>
Date: Sat, 28 Oct 2023 11:05:05 +0200
Subject: [PATCH] fix: update gosec issues #5
---
database.go | 6 +++---
devenv.nix | 10 +++++-----
persistence.go | 2 ++
runnable-fileoperation.go | 4 ++--
runnable-sftp.go | 3 ++-
runnable-shell.go | 1 +
6 files changed, 15 insertions(+), 11 deletions(-)
diff --git a/database.go b/database.go
index 61b3674..5b22a87 100644
--- a/database.go
+++ b/database.go
@@ -111,9 +111,9 @@ func (s *DBSaver) Start() error {
tx.Model(&permJob.Stats).Updates(permJob.Stats)
}
- for _, log := range memLogs {
- log.LogID = 0
- _ = tx.Create(&log)
+ for i, _ := range memLogs {
+ memLogs[i].LogID = 0
+ _ = tx.Create(&memLogs[i])
// no error handling, if it fails, it fails
}
diff --git a/devenv.nix b/devenv.nix
index da8f4c7..7d8af9a 100644
--- a/devenv.nix
+++ b/devenv.nix
@@ -9,12 +9,14 @@
blackbox-terminal
coreutils-full
dbeaver
+ dbeaver
delve
dialog
drill
exa
fd
fd
+ feh
gcc12
gdlv
git
@@ -23,6 +25,7 @@
gnumake
gnused
go-licenses
+ gosec
go-task
gum
httpie
@@ -34,18 +37,15 @@
memcached
netcat
nixfmt
+ nodePackages.mermaid-cli
+ openssh
procps
ranger
unixtools.xxd
- dbeaver
unzip
util-linux
wget
zlib
- nodePackages.mermaid-cli
- feh
- openssh
-
];
# https://devenv.sh/languages/
diff --git a/persistence.go b/persistence.go
index 3366001..1f2b283 100644
--- a/persistence.go
+++ b/persistence.go
@@ -73,6 +73,7 @@ func ReadJSON(r io.Reader) ([]JobPersistence, error) {
}
func ReadYAMLFile(filePath string) ([]JobPersistence, error) {
+ // #nosec
file, err := os.Open(filePath)
if err != nil {
return nil, err
@@ -82,6 +83,7 @@ func ReadYAMLFile(filePath string) ([]JobPersistence, error) {
}
func ReadJsonFile(filePath string) ([]JobPersistence, error) {
+ // #nosec
file, err := os.Open(filePath)
if err != nil {
return nil, err
diff --git a/runnable-fileoperation.go b/runnable-fileoperation.go
index 09d3940..600fc6d 100644
--- a/runnable-fileoperation.go
+++ b/runnable-fileoperation.go
@@ -62,7 +62,7 @@ func (f *FileOperationRunnable) Run() (RunResult[FileOperationResult], error) {
},
}, nil
case FileOperationWrite:
- err := os.WriteFile(f.FilePath, []byte(f.Content), 0644)
+ err := os.WriteFile(f.FilePath, []byte(f.Content), 0600)
if err != nil {
return RunResult[FileOperationResult]{Status: ResultStatusFailed}, err
}
@@ -85,7 +85,7 @@ func (f *FileOperationRunnable) Run() (RunResult[FileOperationResult], error) {
}, nil
case FileOperationAppend:
- fp, err := os.OpenFile(f.FilePath, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
+ fp, err := os.OpenFile(f.FilePath, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0600)
if err != nil {
return RunResult[FileOperationResult]{Status: ResultStatusFailed}, err
}
diff --git a/runnable-sftp.go b/runnable-sftp.go
index 7c4625f..dd2bc3b 100644
--- a/runnable-sftp.go
+++ b/runnable-sftp.go
@@ -134,6 +134,7 @@ func (s *SFTPRunnable) Run() (RunResult[SFTPResult], error) {
hkCallback = ssh.FixedHostKey(hostKey)
} else {
if s.Insecure {
+ // #nosec
hkCallback = ssh.InsecureIgnoreHostKey()
} else {
hkCallback = ssh.FixedHostKey(nil)
@@ -235,7 +236,7 @@ func (s *SFTPRunnable) copyRemoteToLocal(sftpClient *sftp.Client) ([]string, err
var filesCopied []string
// create destination directory
- err := os.MkdirAll(s.DstDir, 0755)
+ err := os.MkdirAll(s.DstDir, 0700)
if err != nil {
return nil, err
}
diff --git a/runnable-shell.go b/runnable-shell.go
index a376289..6297749 100644
--- a/runnable-shell.go
+++ b/runnable-shell.go
@@ -74,6 +74,7 @@ func (s *ShellRunnable) Run() (RunResult[ShellResult], error) {
}
+ // #nosec
cmd := exec.Command("sh", scriptPath)
output, err := cmd.Output()
--
GitLab