From 80a7f1cf44113cf06ec864929ebaa7215be63839 Mon Sep 17 00:00:00 2001 From: Sandy Date: Mon, 16 Jan 2023 15:06:04 -0600 Subject: [PATCH] gosec cleanupc Signed-off-by: Sandy --- emilia/galleries.go | 2 +- emilia/imaging.go | 3 ++- emilia/syscalls.go | 2 +- ichika/build.go | 2 +- ichika/holoscene.go | 6 +++--- ichika/rss.go | 12 +++++++----- 6 files changed, 15 insertions(+), 12 deletions(-) diff --git a/emilia/galleries.go b/emilia/galleries.go index 2a8828a..c8619f1 100644 --- a/emilia/galleries.go +++ b/emilia/galleries.go @@ -148,7 +148,7 @@ func galleryVendorItem(item *GalleryItem) yunyun.FullPathFile { } // Open the file writer and encode the image there. - imgFile, err := os.Create(localVendoredPath) + imgFile, err := os.Create(filepath.Clean(localVendoredPath)) if err != nil { fmt.Printf("Failed to create file %s: %s\n", localVendoredPath, err.Error()) return fallbackReturn diff --git a/emilia/imaging.go b/emilia/imaging.go index 02a52a6..8694953 100644 --- a/emilia/imaging.go +++ b/emilia/imaging.go @@ -5,6 +5,7 @@ import ( "image" "net/http" "os" + "path/filepath" "github.com/disintegration/imaging" "github.com/pkg/errors" @@ -12,7 +13,7 @@ import ( // OpenImage opens local path image and returns decoded image. func OpenImage(path string) (image.Image, error) { - file, err := os.Open(path) + file, err := os.Open(filepath.Clean(path)) if err != nil { return nil, errors.Wrap(err, "OpenImage: opening file "+path) } diff --git a/emilia/syscalls.go b/emilia/syscalls.go index 6aa4580..28835b0 100644 --- a/emilia/syscalls.go +++ b/emilia/syscalls.go @@ -11,7 +11,7 @@ func FileExists(path string) bool { // Mkdir creates a directory and reports fatal errors. func Mkdir(path string) error { // Make sure that the vendor directory exists. - err := os.Mkdir(string(path), 0755) + err := os.Mkdir(string(path), 0750) // If we couldn't create the vendor directory and it doesn't // exist, then turn off the vendor option. if err != nil && !os.IsExist(err) { diff --git a/ichika/build.go b/ichika/build.go index 1e76f2a..835806a 100644 --- a/ichika/build.go +++ b/ichika/build.go @@ -116,7 +116,7 @@ func build() { // writeFile takes a filename and a bufio reader and writes it. func writeFile(filename string, reader *bufio.Reader) (int64, error) { - target, err := os.Create(filename) + target, err := os.Create(filepath.Clean(filename)) if err != nil { return -1, errors.Wrap(err, "failed to create "+filename) } diff --git a/ichika/holoscene.go b/ichika/holoscene.go index 548e01e..de969c4 100644 --- a/ichika/holoscene.go +++ b/ichika/holoscene.go @@ -16,7 +16,7 @@ const ( func updateHolosceneTitles(dryRun bool) { if dryRun { - if err := os.Mkdir(holosceneTitlesTempDir, 0755); err != nil { + if err := os.Mkdir(holosceneTitlesTempDir, 0750); err != nil { fmt.Printf("Failed to create temp dir: %s", err) os.Exit(1) } @@ -30,7 +30,7 @@ func updateHolosceneTitles(dryRun bool) { actuallyFound := make([]*os.File, 0, len(outputs)) for _, v := range outputs { - file, err := os.Open(v) + file, err := os.Open(filepath.Clean(v)) if err != nil { fmt.Printf("Couldn't open %s: %s\n", v, err) continue @@ -60,7 +60,7 @@ func updateHolosceneTitles(dryRun bool) { file, err = os.CreateTemp(holosceneTitlesTempDir, filepath.Base(filename)) } else { - file, err = os.Create(filename) + file, err = os.Create(filepath.Clean(filename)) } if err != nil { fmt.Printf("Failed to overwrite %s: %s\n", diff --git a/ichika/rss.go b/ichika/rss.go index 3fe85f4..2991773 100644 --- a/ichika/rss.go +++ b/ichika/rss.go @@ -5,6 +5,7 @@ import ( "fmt" "io" "os" + "path/filepath" "sort" "time" @@ -76,21 +77,22 @@ func rssf(dryRun bool) { }, } - feedXml, err := os.Create(string(emilia.JoinWorkdir(rssXMLFilename))) + xmlTarget := string(emilia.JoinWorkdir(rssXMLFilename)) + feedXml, err := os.Create(filepath.Clean(xmlTarget)) if err != nil { - fmt.Printf("couldn't create %s: %s\n", rssXMLFilename, err) + fmt.Printf("couldn't create %s: %s\n", xmlTarget, err) os.Exit(1) } encoder := xml.NewEncoder(feedXml) if err := encoder.Encode(feed); err != nil { - fmt.Printf("failed to encode %s: %s\n", rssXMLFilename, err) + fmt.Printf("failed to encode %s: %s\n", xmlTarget, err) os.Exit(1) } if err := feedXml.Close(); err != nil { - fmt.Printf("failed to close %s: %s", rssXMLFilename, err) + fmt.Printf("failed to close %s: %s", xmlTarget, err) os.Exit(1) } - fmt.Printf("Created rss file in %s\n", rssXMLFilename) + fmt.Printf("Created rss file in %s\n", xmlTarget) } // getDate takes a page and returns its date if any found.