From 02e11f6237862d583ed2974715ab6fe21cdae5bf Mon Sep 17 00:00:00 2001
From: jongwhan lee <jonghwan@crypto.com>
Date: Wed, 21 Oct 2020 11:22:09 +0800
Subject: [PATCH] Problem: medium shiftleft scan findings (fix #127)

fix lint issue

use closure for file.close

fix manual file validity check
---
 cmd/chain-maind/app/app.go        | 15 +++++++++++++--
 x/chainmain/client/cli/testnet.go |  2 +-
 x/genutil/client/cli/gentx.go     | 14 +++++++++++---
 3 files changed, 25 insertions(+), 6 deletions(-)

diff --git a/cmd/chain-maind/app/app.go b/cmd/chain-maind/app/app.go
index c61b39325..3b8f84a96 100644
--- a/cmd/chain-maind/app/app.go
+++ b/cmd/chain-maind/app/app.go
@@ -5,6 +5,7 @@ import (
 	"encoding/json"
 	"io"
 	"os"
+	"path/filepath"
 
 	"github.com/cosmos/cosmos-sdk/codec"
 	"github.com/crypto-com/chain-main/app/params"
@@ -142,11 +143,20 @@ func initRootCmd(rootCmd *cobra.Command, encodingConfig params.EncodingConfig) {
 		config.SetRoot(clientCtx.HomeDir)
 		path := config.GenesisFile()
 
-		file, err := os.OpenFile(path, os.O_RDWR, 0644)
+		cleanedPath := filepath.Clean(path)
+		// nolint: gosec
+		file, err := os.OpenFile(cleanedPath, os.O_RDWR, 0600)
 		if err != nil {
 			return err
 		}
-		defer file.Close()
+
+		defer func() {
+			cerr := file.Close()
+			if err == nil {
+				err = cerr
+			}
+		}()
+
 		var genesis map[string]interface{}
 		if err := json.NewDecoder(file).Decode(&genesis); err != nil {
 			return err
@@ -161,6 +171,7 @@ func initRootCmd(rootCmd *cobra.Command, encodingConfig params.EncodingConfig) {
 		if _, err := file.Seek(0, 0); err != nil {
 			return err
 		}
+
 		return json.NewEncoder(file).Encode(&genesis)
 	}
 
diff --git a/x/chainmain/client/cli/testnet.go b/x/chainmain/client/cli/testnet.go
index 3ab8904f3..a5263f338 100644
--- a/x/chainmain/client/cli/testnet.go
+++ b/x/chainmain/client/cli/testnet.go
@@ -527,7 +527,7 @@ func writeFile(name string, dir string, contents []byte) error {
 		return err
 	}
 
-	err = tmos.WriteFile(file, contents, 0644)
+	err = tmos.WriteFile(file, contents, 0600)
 	if err != nil {
 		return err
 	}
diff --git a/x/genutil/client/cli/gentx.go b/x/genutil/client/cli/gentx.go
index 622ce1f83..f5b0aab1e 100644
--- a/x/genutil/client/cli/gentx.go
+++ b/x/genutil/client/cli/gentx.go
@@ -245,11 +245,20 @@ func readUnsignedGenTxFile(clientCtx client.Context, r io.Reader) (sdk.Tx, error
 }
 
 func writeSignedGenTx(clientCtx client.Context, outputDocument string, tx sdk.Tx) error {
-	outputFile, err := os.OpenFile(outputDocument, os.O_CREATE|os.O_EXCL|os.O_WRONLY, 0644)
+	cleanedPath := filepath.Clean(outputDocument)
+	// nolint: gosec
+	outputFile, err := os.OpenFile(cleanedPath, os.O_CREATE|os.O_EXCL|os.O_WRONLY, 0600)
+
 	if err != nil {
 		return err
 	}
-	defer outputFile.Close()
+
+	defer func() {
+		cerr := outputFile.Close()
+		if err == nil {
+			err = cerr
+		}
+	}()
 
 	json, err := clientCtx.TxConfig.TxJSONEncoder()(tx)
 	if err != nil {
@@ -257,6 +266,5 @@ func writeSignedGenTx(clientCtx client.Context, outputDocument string, tx sdk.Tx
 	}
 
 	_, err = fmt.Fprintf(outputFile, "%s\n", json)
-
 	return err
 }