Problem: medium shiftleft scan findings (fix #127)

[leejw51crypto]

Solution: change filemode to 600, check filepath validity, remove defer in file.close

[codecov]

Codecov Report

Merging #199 into master will increase coverage by 2.43%.
The diff coverage is 0.00%.

@@            Coverage Diff             @@
##           master     #199      +/-   ##
==========================================
+ Coverage   26.96%   29.40%   +2.43%     
==========================================
  Files          32       32              
  Lines        5762     5768       +6     
==========================================
+ Hits         1554     1696     +142     
+ Misses       4031     3870     -161     
- Partials      177      202      +25     

Flag	Coverage Δ
#integration_tests	26.94% <0.00%> (-0.03%)	⬇️
#unit_tests	27.78% <0.00%> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
cmd/chain-maind/app/app.go	56.59% <0.00%> (-0.95%)	⬇️
x/chainmain/client/cli/testnet.go	9.66% <0.00%> (ø)
x/genutil/client/cli/gentx.go	21.27% <0.00%> (-0.47%)	⬇️
x/gov/client/cli/tx.go	47.68% <0.00%> (+0.66%)	⬆️
x/staking/client/cli/tx.go	48.40% <0.00%> (+19.42%)	⬆️
config/config.go	66.66% <0.00%> (+20.83%)	⬆️
x/bank/client/cli/tx.go	75.58% <0.00%> (+32.55%)	⬆️
x/staking/client/cli/utils.go	38.46% <0.00%> (+38.46%)	⬆️
app/coins.go	61.76% <0.00%> (+52.94%)	⬆️
x/gov/client/cli/parse.go	100.00% <0.00%> (+100.00%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 08d59d9...748b134. Read the comment docs.

[devashishdxt]

Can we remove the earlier file.Close()?

[leejw51crypto]

previously, it was defer flie.Close, so closed after function returns.
now it explicitly close file

[yihuang]

defer can close the file in case of panic.

[leejw51crypto]

in golang, there is no exception,
so this is the same with previous version

[yihuang]

in golang, there is no exception,
so this is the same with previous version

golang has panic, and defer can run when that happens.

[leejw51crypto]

ok, i'll check

[leejw51crypto]

i'll add unit test for the coverage

[yihuang]

why remove this defer line, isn't defer is better than close manually?

[leejw51crypto]

i think so, too.
but code analysis tool recommends not use defer to file.close in issue #127

[yihuang]

https://www.joeshaw.org/dont-defer-close-on-writable-files/
I guess the objection to defer close method is it don't check and properly handle the return value of it, so if we don't handle the error of close method in new style, we don't solve the real issue. and we lost the handling of panic.

[leejw51crypto]

ok, i'll modify based upon the link

[tomtau]

one other option: securego/gosec#512 (comment)

[yihuang]

we can make a extension method file.CloseOrWarn() ? ;D

[tomtau]

• defer for closing files is still OK -- it's a common pattern -- the problematic part is missing the error code -- the easiest way may be just to defer a function that will close the file, but also log any errors (if they happen)

• for the path from env, keeping it simple with filepath.Clean

[tomtau]

For this file path finding, two things:

1. it's likely a false positive, as the scope of this is very limited -- at least in the case of genutil
2. this "fix" is a bit problematic:

• it's done after opening the file
• it does some custom input validation with a deny list

So I suggest keeping this simple and either:

• suppress this warning (// nolint: gosec)
• or just do a simple path cleanup / canonical path -- filepath.Clean(path)

[tomtau]

and if err is not nil, it'll be lost? I'm not sure of the exact defer semantics, but perhaps logging the error (if cerr is not nil) won't hurt?

[yihuang]

I guess assign to err at here don't have any effect.

[leejw51crypto]

yes, i changed to display the log