Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[pkg] fix deferring unsafe method "Close" on type "*os.File" #3548

Merged
merged 11 commits into from
Jul 20, 2022
18 changes: 10 additions & 8 deletions ioctl/doc/doc.go
Original file line number Diff line number Diff line change
Expand Up @@ -16,12 +16,12 @@ import (
// GenMarkdownTreeCustom is the the same as GenMarkdownTree, but
// with custom filePrepender and linkHandler.
func GenMarkdownTreeCustom(c *cobra.Command, dir string, name string, path string, filePrepender func(string) string,
linkHandler func(*cobra.Command, string) string) error {
linkHandler func(*cobra.Command, string) string) (err error) {
for _, child := range c.Commands() {
if !child.IsAvailableCommand() || child.IsAdditionalHelpTopicCommand() {
continue
}
if err := GenMarkdownTreeCustom(child, dir, name, path, filePrepender, linkHandler); err != nil {
if err = GenMarkdownTreeCustom(child, dir, name, path, filePrepender, linkHandler); err != nil {
return err
}
}
Expand All @@ -32,19 +32,21 @@ func GenMarkdownTreeCustom(c *cobra.Command, dir string, name string, path strin
filename = filepath.Join(path, "README.md")
}

f, err := os.Create(filepath.Clean(filename))
var f *os.File
f, err = os.Create(filepath.Clean(filename))
if err != nil {
return err
}
defer f.Close()
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can you check why security scan considers f.Close() as "unsafe method"? does it mean the error is not checked? like you need to:

defer func() {
    return f.Close()
}

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

error is skipped by defer f.Close(). it's unsafe. error should return.
defer func() error { return f.Close() }
or return f.Close() at the end of processing is both ok

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i see, so should check/catch the error inside defer

if return f.Close() at the end, also need to handle f.Close() in L42 and L45, so defer is better

Copy link
Member

@Liuhaai Liuhaai Jul 15, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

although current code is acceptable, you could find a new way to improve it

Copy link
Contributor Author

@huof6829 huof6829 Jul 18, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok. modified


if _, err := io.WriteString(f, filePrepender(filename)); err != nil {
defer func() {
err = f.Close()
}()
if _, err = io.WriteString(f, filePrepender(filename)); err != nil {
return err
}
if err := GenMarkdownCustom(c, f, linkHandler); err != nil {
if err = GenMarkdownCustom(c, f, linkHandler); err != nil {
return err
}
return nil
return err
}

// GenMarkdownCustom creates custom markdown output.
Expand Down
10 changes: 8 additions & 2 deletions pkg/recovery/recovery.go
Original file line number Diff line number Diff line change
Expand Up @@ -79,14 +79,20 @@ func LogCrash(r interface{}) {
}

func writeHeapProfile(path string) {
f, err := os.OpenFile(filepath.Clean(path), os.O_CREATE|os.O_RDWR, 0644)
f, err := os.OpenFile(filepath.Clean(path), os.O_CREATE|os.O_RDWR, 0600)
if err != nil {
log.S().Errorf("crashlog: open heap profile error: %v", err)
return
}
defer f.Close()
defer func() {
if err = f.Close(); err != nil {
log.S().Errorf("crashlog: close heap profile error: %v", err)
return
}
}()
if err := pprof.WriteHeapProfile(f); err != nil {
log.S().Errorf("crashlog: write heap profile error: %v", err)
return
}
}

Expand Down