From 050ce1a643418906e737366a4d7ba071c09d9df5 Mon Sep 17 00:00:00 2001 From: Onur Cinar Date: Thu, 21 Dec 2023 21:41:29 -0800 Subject: [PATCH] Fix gosec security error. --- helper/README.md | 4 ++-- helper/csv.go | 19 ++++++++++++++----- pre-commit.sh | 3 ++- 3 files changed, 18 insertions(+), 8 deletions(-) diff --git a/helper/README.md b/helper/README.md index c9fa77e..20f1ef8 100644 --- a/helper/README.md +++ b/helper/README.md @@ -152,7 +152,7 @@ fmt.Println(actual) // [2, 4, 6, 8, 10, 12, 14, 16, 18, 20] ``` -## func [AppendOrWriteToCsvFile]() +## func [AppendOrWriteToCsvFile]() ```go func AppendOrWriteToCsvFile[T any](fileName string, hasHeader bool, rows <-chan *T) error @@ -553,7 +553,7 @@ fmt.Println(helper.ChanToSlice(squared)) // [4, 9, 25, 100] ``` -## func [ReadFromCsvFile]() +## func [ReadFromCsvFile]() ```go func ReadFromCsvFile[T any](fileName string, hasHeader bool) (<-chan *T, error) diff --git a/helper/csv.go b/helper/csv.go index 3763b6d..a8067c1 100644 --- a/helper/csv.go +++ b/helper/csv.go @@ -168,13 +168,13 @@ func (c *Csv[T]) ReadFromFile(fileName string) (<-chan *T, error) { // file's column order matches the field order of the given row struct to ensure consistent // data structure. func (c *Csv[T]) AppendToFile(fileName string, rows <-chan *T) error { - return c.writeToFileWithFlag(fileName, os.O_APPEND, rows) + return c.writeToFileWithFlag(fileName, true, rows) } // WriteToFile creates a new file with the given name and writes the provided rows // of data to it, overwriting any existing content. func (c *Csv[T]) WriteToFile(fileName string, rows <-chan *T) error { - return c.writeToFileWithFlag(fileName, os.O_CREATE, rows) + return c.writeToFileWithFlag(fileName, false, rows) } // updateColumnIndexes aligns column indices to match the order of column headers. @@ -203,13 +203,22 @@ func (c *Csv[T]) updateColumnIndexes(csvReader *csv.Reader) error { // writeToFileWithFlag writes the provided rows of data to a file with the given name, using the // specified flag mode for precise control over file opening and writing behavior. -func (c *Csv[T]) writeToFileWithFlag(fileName string, flag int, rows <-chan *T) error { - file, err := os.OpenFile(filepath.Clean(fileName), flag|os.O_WRONLY, 0600) +func (c *Csv[T]) writeToFileWithFlag(fileName string, appendRows bool, rows <-chan *T) error { + var file *os.File + var err error + + // Gosec complains if flag is a variable. + if appendRows { + file, err = os.OpenFile(filepath.Clean(fileName), os.O_APPEND|os.O_WRONLY, 0600) + } else { + file, err = os.OpenFile(filepath.Clean(fileName), os.O_CREATE|os.O_WRONLY, 0600) + } + if err != nil { return err } - writeHeader := c.hasHeader && (flag == os.O_CREATE) + writeHeader := c.hasHeader && !appendRows err = c.writeToWriter(file, writeHeader, rows) if err != nil { diff --git a/pre-commit.sh b/pre-commit.sh index c040940..324f4e3 100755 --- a/pre-commit.sh +++ b/pre-commit.sh @@ -3,11 +3,12 @@ (command -v revive) || go install github.com/mgechev/revive@latest (command -v staticcheck) || go install honnef.co/go/tools/cmd/staticcheck@latest (command -v gomarkdoc) || go install github.com/princjef/gomarkdoc/cmd/gomarkdoc@latest - +(command -v gosec) || go install github.com/securego/gosec/v2/cmd/gosec@latest go fmt ./... go fix ./... go vet ./... go test -cover ./... +gosec ./... revive -config=revive.toml ./... staticcheck ./...