From 981cac479851b559d0247b2186fd1170bf1e2fec Mon Sep 17 00:00:00 2001 From: Dmitry S Date: Thu, 15 Feb 2024 17:49:53 +0100 Subject: [PATCH 1/2] fix semgrep issues dgryski.semgrep-go ruleset Signed-off-by: Dmitry S --- cmd/cosign/cli/download/sbom.go | 2 +- cmd/cosign/cli/generate/generate.go | 3 +-- cmd/cosign/cli/verify/verify_blob.go | 3 ++- internal/pkg/cosign/common.go | 3 ++- pkg/cosign/verify.go | 3 ++- pkg/providers/interface.go | 2 +- 6 files changed, 9 insertions(+), 7 deletions(-) diff --git a/cmd/cosign/cli/download/sbom.go b/cmd/cosign/cli/download/sbom.go index 79c6968fac2..e9270bec74f 100644 --- a/cmd/cosign/cli/download/sbom.go +++ b/cmd/cosign/cli/download/sbom.go @@ -100,7 +100,7 @@ func SBOMCmd( } sboms = append(sboms, string(sbom)) - fmt.Fprint(out, string(sbom)) + out.Write(sbom) return sboms, nil } diff --git a/cmd/cosign/cli/generate/generate.go b/cmd/cosign/cli/generate/generate.go index ef5cac0cea1..ee2e6b459a5 100644 --- a/cmd/cosign/cli/generate/generate.go +++ b/cmd/cosign/cli/generate/generate.go @@ -17,7 +17,6 @@ package generate import ( "context" - "fmt" "io" "github.com/google/go-containerregistry/pkg/name" @@ -49,6 +48,6 @@ func GenerateCmd(ctx context.Context, regOpts options.RegistryOptions, imageRef if err != nil { return err } - fmt.Fprint(w, string(json)) + w.Write(json) return nil } diff --git a/cmd/cosign/cli/verify/verify_blob.go b/cmd/cosign/cli/verify/verify_blob.go index 9648ef3613a..bd172a3aae1 100644 --- a/cmd/cosign/cli/verify/verify_blob.go +++ b/cmd/cosign/cli/verify/verify_blob.go @@ -24,6 +24,7 @@ import ( "errors" "fmt" "io" + "io/fs" "os" "path/filepath" @@ -313,7 +314,7 @@ func base64signature(sigRef, bundlePath string) (string, error) { case sigRef != "": targetSig, err = blob.LoadFileOrURL(sigRef) if err != nil { - if !os.IsNotExist(err) { + if !errors.Is(err, fs.ErrNotExist) { // ignore if file does not exist, it can be a base64 encoded string as well return "", err } diff --git a/internal/pkg/cosign/common.go b/internal/pkg/cosign/common.go index a3ad5d7efb7..a1aa8ebc35f 100644 --- a/internal/pkg/cosign/common.go +++ b/internal/pkg/cosign/common.go @@ -18,6 +18,7 @@ import ( "errors" "hash" "io" + "io/fs" "os" ) @@ -27,7 +28,7 @@ const ( func FileExists(filename string) (bool, error) { info, err := os.Stat(filename) - if os.IsNotExist(err) { + if errors.Is(err, fs.ErrNotExist) { return false, nil } if err != nil { diff --git a/pkg/cosign/verify.go b/pkg/cosign/verify.go index aa600a7415f..abd551d8028 100644 --- a/pkg/cosign/verify.go +++ b/pkg/cosign/verify.go @@ -27,6 +27,7 @@ import ( "encoding/json" "encoding/pem" "fmt" + "io/fs" "net/http" "os" "regexp" @@ -834,7 +835,7 @@ func loadSignatureFromFile(ctx context.Context, sigRef string, signedImgRef name var b64sig string targetSig, err := blob.LoadFileOrURL(sigRef) if err != nil { - if !os.IsNotExist(err) { + if !errors.Is(err, fs.ErrNotExist) { return nil, err } targetSig = []byte(sigRef) diff --git a/pkg/providers/interface.go b/pkg/providers/interface.go index 30d595aa5bd..d85f067f0ac 100644 --- a/pkg/providers/interface.go +++ b/pkg/providers/interface.go @@ -80,7 +80,7 @@ func Provide(ctx context.Context, audience string) (string, error) { } id, err = provider.p.Provide(ctx, audience) if err == nil { - return id, err + return id, nil } } // return the last id/err combo, unless there wasn't an error in From d3a853e2e9377dc8db34c2b81523aa2107e3b705 Mon Sep 17 00:00:00 2001 From: Dmitry S Date: Thu, 15 Feb 2024 19:46:08 +0100 Subject: [PATCH 2/2] golangci-lint: check error value of out.Write() Signed-off-by: Dmitry S --- cmd/cosign/cli/download/sbom.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/cmd/cosign/cli/download/sbom.go b/cmd/cosign/cli/download/sbom.go index e9270bec74f..66ff4257259 100644 --- a/cmd/cosign/cli/download/sbom.go +++ b/cmd/cosign/cli/download/sbom.go @@ -100,7 +100,9 @@ func SBOMCmd( } sboms = append(sboms, string(sbom)) - out.Write(sbom) + if _, err := out.Write(sbom); err != nil { + return nil, err + } return sboms, nil }