Implement GOSec for security scanning Fix vulnerabilities (#227)

* Implement GOSec for security scanning Fix vulnerabilities * Fix lint failure * address PR comments and fix build break * Fix test break in mqsc
2018-10-11 15:39:22 +01:00
parent 6d11b0d8ae
commit 78ce84b3a1
20 changed files with 150 additions and 39 deletions
--- a/cmd/runmqdevserver/keystore.go
+++ b/cmd/runmqdevserver/keystore.go
@@ -65,11 +65,27 @@ func (ks *KeyStore) Create() error {
 			stashFile := ks.Filename[0:len(ks.Filename)-len(extension)] + ".sth"
 			rdbFile := ks.Filename[0:len(ks.Filename)-len(extension)] + ".rdb"
 			crlFile := ks.Filename[0:len(ks.Filename)-len(extension)] + ".crl"
-			os.Remove(stashFile)
-			os.Remove(rdbFile)
-			os.Remove(crlFile)
+			err = os.Remove(stashFile)
+			if err != nil {
+				log.Errorf("Error removing %s: %v", stashFile, err)
+				return err
+			}
+			err = os.Remove(rdbFile)
+			if err != nil {
+				log.Errorf("Error removing %s: %v", rdbFile, err)
+				return err
+			}
+			err = os.Remove(crlFile)
+			if err != nil {
+				log.Errorf("Error removing %s: %v", crlFile, err)
+				return err
+			}
+		}
+		err = os.Remove(ks.Filename)
+		if err != nil {
+			log.Errorf("Error removing %s: %v", ks.Filename, err)
+			return err
 		}
-		os.Remove(ks.Filename)
 	} else if !os.IsNotExist(err) {
 		// If the keystore exists but cannot be accessed then return the error
 		return err
--- a/cmd/runmqdevserver/main.go
+++ b/cmd/runmqdevserver/main.go
@@ -30,13 +30,17 @@ import (
 var log *logger.Logger

 func setPassword(user string, password string) error {
+	// #nosec G204
 	cmd := exec.Command("chpasswd")
 	stdin, err := cmd.StdinPipe()
 	if err != nil {
 		return err
 	}
 	fmt.Fprintf(stdin, "%s:%s", user, password)
-	stdin.Close()
+	err = stdin.Close()
+	if err != nil {
+		log.Errorf("Error closing password stdin: %v", err)
+	}
 	_, _, err = command.RunCmd(cmd)
 	if err != nil {
 		return err
@@ -165,6 +169,10 @@ func main() {
 		osExit(1)
 	} else {
 		// Replace this process with runmqserver
-		syscall.Exec("/usr/local/bin/runmqserver", []string{"runmqserver"}, os.Environ())
+		// #nosec G204
+		err = syscall.Exec("/usr/local/bin/runmqserver", []string{"runmqserver"}, os.Environ())
+		if err != nil {
+			log.Errorf("Error replacing this process with runmqserver: %v", err)
+		}
 	}
 }
--- a/cmd/runmqdevserver/mqsc.go
+++ b/cmd/runmqdevserver/mqsc.go
@@ -35,7 +35,14 @@ func updateMQSC(appPasswordRequired bool) error {
 			return err
 		}
 	} else {
-		os.Remove(mqsc)
+		_, err := os.Stat(mqsc)
+		if !os.IsNotExist(err) {
+			err = os.Remove(mqsc)
+			if err != nil {
+				log.Errorf("Error removing file %s: %v", mqsc, err)
+				return err
+			}
+		}
 	}
 	return nil
 }
--- a/cmd/runmqdevserver/template.go
+++ b/cmd/runmqdevserver/template.go
@@ -36,7 +36,11 @@ func processTemplateFile(templateFile, destFile string, data interface{}) error
 	_, err = os.Stat(dir)
 	if err != nil {
 		if os.IsNotExist(err) {
-			os.MkdirAll(dir, 0660)
+			err = os.MkdirAll(dir, 0660)
+			if err != nil {
+				log.Error(err)
+				return err
+			}
 			mqmUID, mqmGID, err := command.LookupMQM()
 			if err != nil {
 				log.Error(err)
@@ -51,6 +55,7 @@ func processTemplateFile(templateFile, destFile string, data interface{}) error
 			return err
 		}
 	}
+	// #nosec G302
 	f, err := os.OpenFile(destFile, os.O_CREATE|os.O_WRONLY, 0660)
 	defer f.Close()
 	err = t.Execute(f, data)
--- a/cmd/runmqdevserver/tls.go
+++ b/cmd/runmqdevserver/tls.go
@@ -85,6 +85,7 @@ func configureTLS(qmName string, inputFile string, passPhrase string) error {
 	_, err = os.Stat(dir)
 	if err != nil {
 		if os.IsNotExist(err) {
+			// #nosec G301
 			err = os.MkdirAll(dir, 0770)
 			if err != nil {
 				return err