From a2cf933c733920ef5de573940d76104d3cf65f57 Mon Sep 17 00:00:00 2001
From: huof6890 <68298506@qq.com>
Date: Thu, 14 Jul 2022 16:41:18 +0800
Subject: [PATCH 1/5] fix gosec error

---
 pkg/recovery/recovery.go | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/pkg/recovery/recovery.go b/pkg/recovery/recovery.go
index a2612817d3..35127ce3a0 100644
--- a/pkg/recovery/recovery.go
+++ b/pkg/recovery/recovery.go
@@ -79,14 +79,18 @@ func LogCrash(r interface{}) {
 }
 
 func writeHeapProfile(path string) {
-	f, err := os.OpenFile(path, os.O_CREATE|os.O_RDWR, 0644)
+	f, err := os.OpenFile(filepath.Clean(path), os.O_CREATE|os.O_RDWR, 0600)
 	if err != nil {
 		log.S().Errorf("crashlog: open heap profile error: %v", err)
 		return
 	}
-	defer f.Close()
 	if err := pprof.WriteHeapProfile(f); err != nil {
 		log.S().Errorf("crashlog: write heap profile error: %v", err)
+		return
+	}
+	if err = f.Close(); err != nil {
+		log.S().Errorf("crashlog: close heap profile error: %v", err)
+		return
 	}
 }
 

From 6e5b292427717ac18ec9ae221b67d135e566baea Mon Sep 17 00:00:00 2001
From: huof6890 <68298506@qq.com>
Date: Thu, 14 Jul 2022 16:50:09 +0800
Subject: [PATCH 2/5] fix ioctl/doc gosec

---
 ioctl/doc/doc.go | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/ioctl/doc/doc.go b/ioctl/doc/doc.go
index 2a7cebed66..1afdb80d86 100644
--- a/ioctl/doc/doc.go
+++ b/ioctl/doc/doc.go
@@ -32,19 +32,17 @@ func GenMarkdownTreeCustom(c *cobra.Command, dir string, name string, path strin
 		filename = filepath.Join(path, "README.md")
 	}
 
-	f, err := os.Create(filename)
+	f, err := os.Create(filepath.Clean(filename))
 	if err != nil {
 		return err
 	}
-	defer f.Close()
-
 	if _, err := io.WriteString(f, filePrepender(filename)); err != nil {
 		return err
 	}
 	if err := GenMarkdownCustom(c, f, linkHandler); err != nil {
 		return err
 	}
-	return nil
+	return f.Close()
 }
 
 // GenMarkdownCustom creates custom markdown output.

From 7b5e8e760b0c172987919797bdf4d309f5b2537d Mon Sep 17 00:00:00 2001
From: huof6890 <68298506@qq.com>
Date: Mon, 18 Jul 2022 20:42:41 +0800
Subject: [PATCH 3/5] move into defer

---
 ioctl/doc/doc.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/ioctl/doc/doc.go b/ioctl/doc/doc.go
index 1afdb80d86..44ccf98803 100644
--- a/ioctl/doc/doc.go
+++ b/ioctl/doc/doc.go
@@ -36,13 +36,16 @@ func GenMarkdownTreeCustom(c *cobra.Command, dir string, name string, path strin
 	if err != nil {
 		return err
 	}
+	defer func() error {
+		return f.Close()
+	}()
 	if _, err := io.WriteString(f, filePrepender(filename)); err != nil {
 		return err
 	}
 	if err := GenMarkdownCustom(c, f, linkHandler); err != nil {
 		return err
 	}
-	return f.Close()
+	return nil
 }
 
 // GenMarkdownCustom creates custom markdown output.

From 5c265dda38911f984ac249f0a6302408770ee8b1 Mon Sep 17 00:00:00 2001
From: huof6890 <68298506@qq.com>
Date: Tue, 19 Jul 2022 09:45:58 +0800
Subject: [PATCH 4/5] move f.Close() into defer

---
 ioctl/doc/doc.go         |  6 +++---
 pkg/recovery/recovery.go | 10 ++++++----
 2 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/ioctl/doc/doc.go b/ioctl/doc/doc.go
index 44ccf98803..cc88297a76 100644
--- a/ioctl/doc/doc.go
+++ b/ioctl/doc/doc.go
@@ -36,8 +36,8 @@ func GenMarkdownTreeCustom(c *cobra.Command, dir string, name string, path strin
 	if err != nil {
 		return err
 	}
-	defer func() error {
-		return f.Close()
+	defer func() {
+		err = f.Close()
 	}()
 	if _, err := io.WriteString(f, filePrepender(filename)); err != nil {
 		return err
@@ -45,7 +45,7 @@ func GenMarkdownTreeCustom(c *cobra.Command, dir string, name string, path strin
 	if err := GenMarkdownCustom(c, f, linkHandler); err != nil {
 		return err
 	}
-	return nil
+	return err
 }
 
 // GenMarkdownCustom creates custom markdown output.
diff --git a/pkg/recovery/recovery.go b/pkg/recovery/recovery.go
index 35127ce3a0..b9c012e494 100644
--- a/pkg/recovery/recovery.go
+++ b/pkg/recovery/recovery.go
@@ -84,14 +84,16 @@ func writeHeapProfile(path string) {
 		log.S().Errorf("crashlog: open heap profile error: %v", err)
 		return
 	}
+	defer func() {
+		if err = f.Close(); err != nil {
+			log.S().Errorf("crashlog: close heap profile error: %v", err)
+			return
+		}
+	}()
 	if err := pprof.WriteHeapProfile(f); err != nil {
 		log.S().Errorf("crashlog: write heap profile error: %v", err)
 		return
 	}
-	if err = f.Close(); err != nil {
-		log.S().Errorf("crashlog: close heap profile error: %v", err)
-		return
-	}
 }
 
 func printInfo(name string, info func() (interface{}, error)) {

From 7907629128bffca43f0963d523e1aaef66a0e918 Mon Sep 17 00:00:00 2001
From: huof6890 <68298506@qq.com>
Date: Tue, 19 Jul 2022 13:16:27 +0800
Subject: [PATCH 5/5] fix err return wrong

---
 ioctl/doc/doc.go | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/ioctl/doc/doc.go b/ioctl/doc/doc.go
index cc88297a76..37573ca7ae 100644
--- a/ioctl/doc/doc.go
+++ b/ioctl/doc/doc.go
@@ -16,12 +16,12 @@ import (
 // GenMarkdownTreeCustom is the the same as GenMarkdownTree, but
 // with custom filePrepender and linkHandler.
 func GenMarkdownTreeCustom(c *cobra.Command, dir string, name string, path string, filePrepender func(string) string,
-	linkHandler func(*cobra.Command, string) string) error {
+	linkHandler func(*cobra.Command, string) string) (err error) {
 	for _, child := range c.Commands() {
 		if !child.IsAvailableCommand() || child.IsAdditionalHelpTopicCommand() {
 			continue
 		}
-		if err := GenMarkdownTreeCustom(child, dir, name, path, filePrepender, linkHandler); err != nil {
+		if err = GenMarkdownTreeCustom(child, dir, name, path, filePrepender, linkHandler); err != nil {
 			return err
 		}
 	}
@@ -32,17 +32,18 @@ func GenMarkdownTreeCustom(c *cobra.Command, dir string, name string, path strin
 		filename = filepath.Join(path, "README.md")
 	}
 
-	f, err := os.Create(filepath.Clean(filename))
+	var f *os.File
+	f, err = os.Create(filepath.Clean(filename))
 	if err != nil {
 		return err
 	}
 	defer func() {
 		err = f.Close()
 	}()
-	if _, err := io.WriteString(f, filePrepender(filename)); err != nil {
+	if _, err = io.WriteString(f, filePrepender(filename)); err != nil {
 		return err
 	}
-	if err := GenMarkdownCustom(c, f, linkHandler); err != nil {
+	if err = GenMarkdownCustom(c, f, linkHandler); err != nil {
 		return err
 	}
 	return err