taigrr/wtf
1
0
Fork 0
mirror of https://github.com/taigrr/wtf synced 2025-01-18 04:03:14 -08:00
Code Issues Projects Releases Wiki Activity

20191217 gosec (#796)

Browse Source 
* Add gosec to the Makefile

Signed-off-by: Chris Cummer <chriscummer@me.com>

* Fix some issues found by gosec

Signed-off-by: Chris Cummer <chriscummer@me.com>
This commit is contained in:
Chris Cummer
2019-12-17 14:59:16 -08:00
committed by GitHub
parent cde904ff08
commit 10f761dbcb
11 changed files with 50 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
modules/cmdrunner/widget.go
View File

@@ -128,7 +128,10 @@ func runCommandLoop(widget *Widget) {
// The command has exited, print any error messages
if err != nil {
widget.m.Lock()
widget.buffer.WriteString(err.Error())
_, err := widget.buffer.WriteString(err.Error())
if err != nil {
return
}
widget.m.Unlock()
}
widget.redrawChan <- true

9
modules/gcal/client.go
View File

@@ -15,6 +15,7 @@ import (
"log"
"net/http"
"os"
"path/filepath"
"sort"
"time"
@@ -33,7 +34,7 @@ func (widget *Widget) Fetch() ([]*CalEvent, error) {
secretPath, _ := utils.ExpandHomeDir(widget.settings.secretFile)
b, err := ioutil.ReadFile(secretPath)
b, err := ioutil.ReadFile(filepath.Clean(secretPath))
if err != nil {
return nil, err
}
@@ -125,9 +126,9 @@ func isAuthenticated() bool {
}
func (widget *Widget) authenticate() {
secretPath, _ := utils.ExpandHomeDir(widget.settings.secretFile)
secretPath, _ := utils.ExpandHomeDir(filepath.Clean(widget.settings.secretFile))
b, err := ioutil.ReadFile(secretPath)
b, err := ioutil.ReadFile(filepath.Clean(secretPath))
if err != nil {
log.Fatalf("Unable to read secret file. %v", widget.settings.secretFile)
}
@@ -166,7 +167,7 @@ func tokenCacheFile() (string, error) {
// tokenFromFile retrieves a Token from a given file path.
// It returns the retrieved Token and any read error encountered.
func tokenFromFile(file string) (*oauth2.Token, error) {
f, err := os.Open(file)
f, err := os.Open(filepath.Clean(file))
if err != nil {
return nil, err
}

3
modules/googleanalytics/client.go
View File

@@ -6,6 +6,7 @@ import (
"io/ioutil"
"log"
"net/http"
"path/filepath"
"time"
"github.com/wtfutil/wtf/utils"
@@ -47,7 +48,7 @@ func (widget *Widget) Fetch() []websiteReport {
}
func buildNetClient(secretPath string) *http.Client {
clientSecret, err := ioutil.ReadFile(secretPath)
clientSecret, err := ioutil.ReadFile(filepath.Clean(secretPath))
if err != nil {
log.Fatalf("Unable to read secretPath. %v", err)
}

4
modules/gspreadsheets/client.go
View File

@@ -32,7 +32,7 @@ func (widget *Widget) Fetch() ([]*sheets.ValueRange, error) {
secretPath, _ := utils.ExpandHomeDir(widget.settings.secretFile)
b, err := ioutil.ReadFile(secretPath)
b, err := ioutil.ReadFile(filepath.Clean(secretPath))
if err != nil {
log.Fatalf("Unable to read secretPath. %v", err)
return nil, err
@@ -125,7 +125,7 @@ func tokenCacheFile() (string, error) {
// tokenFromFile retrieves a Token from a given file path.
// It returns the retrieved Token and any read error encountered.
func tokenFromFile(file string) (*oauth2.Token, error) {
f, err := os.Open(file)
f, err := os.Open(filepath.Clean(file))
if err != nil {
return nil, err
}

7
modules/textfile/widget.go
View File

@@ -5,6 +5,7 @@ import (
"fmt"
"io/ioutil"
"os"
"path/filepath"
"time"
"github.com/alecthomas/chroma/formatters"
@@ -91,7 +92,7 @@ func (widget *Widget) content() (string, string, bool) {
func (widget *Widget) formattedText() string {
filePath, _ := utils.ExpandHomeDir(widget.CurrentSource())
file, err := os.Open(filePath)
file, err := os.Open(filepath.Clean(filePath))
if err != nil {
return err.Error()
}
@@ -124,9 +125,9 @@ func (widget *Widget) formattedText() string {
}
func (widget *Widget) plainText() string {
filePath, _ := utils.ExpandHomeDir(widget.CurrentSource())
filePath, _ := utils.ExpandHomeDir(filepath.Clean(widget.CurrentSource()))
text, err := ioutil.ReadFile(filePath)
text, err := ioutil.ReadFile(filepath.Clean(filePath))
if err != nil {
return err.Error()
}