diff --git a/Makefile b/Makefile index 4567096..de41680 100644 --- a/Makefile +++ b/Makefile @@ -13,10 +13,12 @@ test: gocyclo -over 10 $(shell find . -iname '*.go' -type f) staticcheck ./... go test -v -cover ./... + gosec -exclude-dir=tests ./... .PHONY: setup setup: go install github.com/fzipp/gocyclo/cmd/gocyclo@latest + go install github.com/securego/gosec/v2/cmd/gosec@latest go install github.com/swaggo/swag/cmd/swag@latest go install honnef.co/go/tools/cmd/staticcheck@latest diff --git a/cmd/pushbits/main.go b/cmd/pushbits/main.go index 254065e..30d9c50 100644 --- a/cmd/pushbits/main.go +++ b/cmd/pushbits/main.go @@ -77,5 +77,8 @@ func main() { engine := router.Create(c.Debug, cm, db, dp) - runner.Run(engine, c.HTTP.ListenAddress, c.HTTP.Port) + err = runner.Run(engine, c.HTTP.ListenAddress, c.HTTP.Port) + if err != nil { + log.Fatal(err) + } } diff --git a/internal/api/application.go b/internal/api/application.go index 9914924..341b588 100644 --- a/internal/api/application.go +++ b/internal/api/application.go @@ -35,7 +35,11 @@ func (h *ApplicationHandler) registerApplication(ctx *gin.Context, a *model.Appl } a.MatrixID = channelID - h.DB.UpdateApplication(a) + + err = h.DB.UpdateApplication(a) + if success := successOrAbort(ctx, http.StatusInternalServerError, err); !success { + return err + } return nil } @@ -55,7 +59,6 @@ func (h *ApplicationHandler) createApplication(ctx *gin.Context, u *model.User, if err := h.registerApplication(ctx, &application, u); err != nil { err := h.DB.DeleteApplication(&application) - if success := successOrAbort(ctx, http.StatusInternalServerError, err); !success { log.Printf("Cannot delete application with ID %d.", application.ID) } diff --git a/internal/api/user.go b/internal/api/user.go index 385c443..3421459 100644 --- a/internal/api/user.go +++ b/internal/api/user.go @@ -44,6 +44,8 @@ func (h *UserHandler) deleteApplications(ctx *gin.Context, u *model.User) error } for _, application := range applications { + application := application // See https://stackoverflow.com/a/68247837 + if err := h.AH.deleteApplication(ctx, &application, u); err != nil { return err } @@ -59,6 +61,8 @@ func (h *UserHandler) updateChannels(ctx *gin.Context, u *model.User, matrixID s } for _, application := range applications { + application := application // See https://stackoverflow.com/a/68247837 + err := h.DP.DeregisterApplication(&application, u) if success := successOrAbort(ctx, http.StatusInternalServerError, err); !success { return err @@ -68,6 +72,8 @@ func (h *UserHandler) updateChannels(ctx *gin.Context, u *model.User, matrixID s u.MatrixID = matrixID for _, application := range applications { + application := application // See https://stackoverflow.com/a/68247837 + err := h.AH.registerApplication(ctx, &application, u) if err != nil { return err diff --git a/internal/authentication/credentials/hibp.go b/internal/authentication/credentials/hibp.go index 81680a8..33bd131 100644 --- a/internal/authentication/credentials/hibp.go +++ b/internal/authentication/credentials/hibp.go @@ -1,7 +1,7 @@ package credentials import ( - "crypto/sha1" + "crypto/sha1" //#nosec G505 -- False positive, see the use below. "fmt" "io/ioutil" "log" @@ -21,7 +21,7 @@ func IsPasswordPwned(password string) (bool, error) { return true, nil } - hash := sha1.Sum([]byte(password)) + hash := sha1.Sum([]byte(password)) //#nosec G401 -- False positive, only the first 5 bytes are transmitted. hashStr := fmt.Sprintf("%X", hash) lookup := hashStr[0:5] match := hashStr[5:] diff --git a/internal/database/database.go b/internal/database/database.go index c7f52ff..886e042 100644 --- a/internal/database/database.go +++ b/internal/database/database.go @@ -24,8 +24,10 @@ type Database struct { } func createFileDir(file string) { - if _, err := os.Stat(filepath.Dir(file)); os.IsNotExist(err) { - if err := os.MkdirAll(filepath.Dir(file), 0775); err != nil { + dir := filepath.Dir(file) + + if _, err := os.Stat(dir); os.IsNotExist(err) { + if err := os.MkdirAll(dir, 0750); err != nil { panic(err) } } @@ -67,14 +69,20 @@ func Create(cm *credentials.Manager, dialect, connection string) (*Database, err sql.SetConnMaxLifetime(9 * time.Minute) } - db.AutoMigrate(&model.User{}, &model.Application{}) + err = db.AutoMigrate(&model.User{}, &model.Application{}) + if err != nil { + return nil, err + } return &Database{gormdb: db, sqldb: sql, credentialsManager: cm}, nil } // Close closes the database connection. func (d *Database) Close() { - d.sqldb.Close() + err := d.sqldb.Close() + if err != nil { + log.Printf("Error while closing database: %s", err) + } } // Populate fills the database with initial information like the admin user. @@ -111,12 +119,16 @@ func (d *Database) RepairChannels(dp Dispatcher) error { } for _, user := range users { + user := user // See https://stackoverflow.com/a/68247837 + applications, err := d.GetApplications(&user) if err != nil { return err } for _, application := range applications { + application := application // See https://stackoverflow.com/a/68247837 + if err := dp.UpdateApplication(&application); err != nil { return err } diff --git a/internal/dispatcher/dispatcher.go b/internal/dispatcher/dispatcher.go index 735c072..caa4329 100644 --- a/internal/dispatcher/dispatcher.go +++ b/internal/dispatcher/dispatcher.go @@ -44,7 +44,11 @@ func Create(homeserver, username, password string, formatting configuration.Form func (d *Dispatcher) Close() { log.Printf("Logging out.") - d.client.Logout() + _, err := d.client.Logout() + if err != nil { + log.Printf("Error while logging out: %s", err) + } + d.client.ClearCredentials() log.Printf("Successfully logged out.") diff --git a/internal/runner/runner.go b/internal/runner/runner.go index 2043179..911f778 100644 --- a/internal/runner/runner.go +++ b/internal/runner/runner.go @@ -7,6 +7,11 @@ import ( ) // Run starts the Gin engine. -func Run(engine *gin.Engine, address string, port int) { - engine.Run(fmt.Sprintf("%s:%d", address, port)) +func Run(engine *gin.Engine, address string, port int) error { + err := engine.Run(fmt.Sprintf("%s:%d", address, port)) + if err != nil { + return err + } + + return nil }