Skip to content

Commit

Permalink
Fix gosec security error.
Browse files Browse the repository at this point in the history
  • Loading branch information
cinar committed Dec 22, 2023
1 parent b7b5232 commit 050ce1a
Show file tree
Hide file tree
Showing 3 changed files with 18 additions and 8 deletions.
4 changes: 2 additions & 2 deletions helper/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -152,7 +152,7 @@ fmt.Println(actual) // [2, 4, 6, 8, 10, 12, 14, 16, 18, 20]
```

<a name="AppendOrWriteToCsvFile"></a>
## func [AppendOrWriteToCsvFile](<https://github.com/cinar/indicator/blob/v2/helper/csv.go#L285>)
## func [AppendOrWriteToCsvFile](<https://github.com/cinar/indicator/blob/v2/helper/csv.go#L294>)

```go
func AppendOrWriteToCsvFile[T any](fileName string, hasHeader bool, rows <-chan *T) error
Expand Down Expand Up @@ -553,7 +553,7 @@ fmt.Println(helper.ChanToSlice(squared)) // [4, 9, 25, 100]
```

<a name="ReadFromCsvFile"></a>
## func [ReadFromCsvFile](<https://github.com/cinar/indicator/blob/v2/helper/csv.go#L272>)
## func [ReadFromCsvFile](<https://github.com/cinar/indicator/blob/v2/helper/csv.go#L281>)

```go
func ReadFromCsvFile[T any](fileName string, hasHeader bool) (<-chan *T, error)
Expand Down
19 changes: 14 additions & 5 deletions helper/csv.go
Original file line number Diff line number Diff line change
Expand Up @@ -168,13 +168,13 @@ func (c *Csv[T]) ReadFromFile(fileName string) (<-chan *T, error) {
// file's column order matches the field order of the given row struct to ensure consistent
// data structure.
func (c *Csv[T]) AppendToFile(fileName string, rows <-chan *T) error {
return c.writeToFileWithFlag(fileName, os.O_APPEND, rows)
return c.writeToFileWithFlag(fileName, true, rows)
}

// WriteToFile creates a new file with the given name and writes the provided rows
// of data to it, overwriting any existing content.
func (c *Csv[T]) WriteToFile(fileName string, rows <-chan *T) error {
return c.writeToFileWithFlag(fileName, os.O_CREATE, rows)
return c.writeToFileWithFlag(fileName, false, rows)
}

// updateColumnIndexes aligns column indices to match the order of column headers.
Expand Down Expand Up @@ -203,13 +203,22 @@ func (c *Csv[T]) updateColumnIndexes(csvReader *csv.Reader) error {

// writeToFileWithFlag writes the provided rows of data to a file with the given name, using the
// specified flag mode for precise control over file opening and writing behavior.
func (c *Csv[T]) writeToFileWithFlag(fileName string, flag int, rows <-chan *T) error {
file, err := os.OpenFile(filepath.Clean(fileName), flag|os.O_WRONLY, 0600)
func (c *Csv[T]) writeToFileWithFlag(fileName string, appendRows bool, rows <-chan *T) error {
var file *os.File
var err error

// Gosec complains if flag is a variable.
if appendRows {
file, err = os.OpenFile(filepath.Clean(fileName), os.O_APPEND|os.O_WRONLY, 0600)
} else {
file, err = os.OpenFile(filepath.Clean(fileName), os.O_CREATE|os.O_WRONLY, 0600)
}

if err != nil {
return err
}

writeHeader := c.hasHeader && (flag == os.O_CREATE)
writeHeader := c.hasHeader && !appendRows

err = c.writeToWriter(file, writeHeader, rows)
if err != nil {
Expand Down
3 changes: 2 additions & 1 deletion pre-commit.sh
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,12 @@
(command -v revive) || go install github.com/mgechev/revive@latest
(command -v staticcheck) || go install honnef.co/go/tools/cmd/staticcheck@latest
(command -v gomarkdoc) || go install github.com/princjef/gomarkdoc/cmd/gomarkdoc@latest

(command -v gosec) || go install github.com/securego/gosec/v2/cmd/gosec@latest
go fmt ./...
go fix ./...
go vet ./...
go test -cover ./...
gosec ./...

revive -config=revive.toml ./...
staticcheck ./...
Expand Down

0 comments on commit 050ce1a

Please sign in to comment.