Remove semgrep, use errcheck, gosec, govulncheck

2025-08-01 15:49:09 +02:00 · 2023-03-25 23:20:08 +01:00 · 2023-03-25 23:20:08 +01:00 · f251b12fc8
commit f251b12fc8
parent e078a30fe2
19 changed files with 197 additions and 803 deletions
--- a/internal/api/application_test.go
+++ b/internal/api/application_test.go
@ -52,7 +52,7 @@ func TestMain(m *testing.M) {
 	db, err := mockups.GetEmptyDatabase(config.Crypto)
 	if err != nil {
 		cleanUp()
-		log.L.Println("Can not set up database: ", err)
+		log.L.Println("Cannot set up database: ", err)
 		os.Exit(1)
 	}
 	TestDatabase = db
@ -60,7 +60,7 @@ func TestMain(m *testing.M) {
 	appHandler, err := getApplicationHandler(config)
 	if err != nil {
 		cleanUp()
-		log.L.Println("Can not set up application handler: ", err)
+		log.L.Println("Cannot set up application handler: ", err)
 		os.Exit(1)
 	}

@ -124,9 +124,9 @@ func TestApi_RegisterApplication(t *testing.T) {
 			// Parse body only for successful requests
 			if req.ShouldStatus >= 200 && req.ShouldStatus < 300 {
 				body, err := io.ReadAll(w.Body)
-				require.NoErrorf(err, "Can not read request body")
+				require.NoErrorf(err, "Cannot read request body")
 				err = json.Unmarshal(body, &application)
-				require.NoErrorf(err, "Can not unmarshal request body")
+				require.NoErrorf(err, "Cannot unmarshal request body")

 				SuccessAplications[user.ID] = append(SuccessAplications[user.ID], application)
 			}
@ -159,9 +159,9 @@ func TestApi_GetApplications(t *testing.T) {
 			// Parse body only for successful requests
 			if req.ShouldStatus >= 200 && req.ShouldStatus < 300 {
 				body, err := io.ReadAll(w.Body)
-				require.NoErrorf(err, "Can not read request body")
+				require.NoErrorf(err, "Cannot read request body")
 				err = json.Unmarshal(body, &applications)
-				require.NoErrorf(err, "Can not unmarshal request body")
+				require.NoErrorf(err, "Cannot unmarshal request body")
 				if err != nil {
 					continue
 				}
@ -239,9 +239,9 @@ func TestApi_GetApplication(t *testing.T) {
 			// Parse body only for successful requests
 			if req.ShouldStatus >= 200 && req.ShouldStatus < 300 {
 				body, err := io.ReadAll(w.Body)
-				require.NoErrorf(err, "Can not read request body")
+				require.NoErrorf(err, "Cannot read request body")
 				err = json.Unmarshal(body, &application)
-				require.NoErrorf(err, "Can not unmarshal request body: %v", err)
+				require.NoErrorf(err, "Cannot unmarshal request body: %v", err)

 				assert.Equalf(application.ID, app.ID, "Application ID should be %d but is %d", app.ID, application.ID)
 				assert.Equalf(application.Name, app.Name, "Application Name should be %s but is %s", app.Name, application.Name)
@ -356,5 +356,8 @@ func validateAllApplications(user *model.User, apps []model.Application) bool {
 }

 func cleanUp() {
-	os.Remove("pushbits-test.db")
+	err := os.Remove("pushbits-test.db")
+	if err != nil {
+		log.L.Warnln("Cannot delete test database: ", err)
+	}
 }
--- a/internal/api/context_test.go
+++ b/internal/api/context_test.go
@ -4,6 +4,7 @@ import (
 	"testing"

 	"github.com/gin-gonic/gin"
+	"github.com/pushbits/server/internal/log"
 	"github.com/pushbits/server/internal/model"
 	"github.com/pushbits/server/tests"
 	"github.com/pushbits/server/tests/mockups"
@ -58,7 +59,11 @@ func TestApi_getApplication(t *testing.T) {
 	gin.SetMode(gin.TestMode)

 	applications := mockups.GetAllApplications()
-	mockups.AddApplicationsToDb(TestDatabase, applications)
+
+	err := mockups.AddApplicationsToDb(TestDatabase, applications)
+	if err != nil {
+		log.L.Fatalln("Cannot add mock applications to database: ", err)
+	}

 	// No testing of invalid ids as that is tested in TestApi_getID already
 	testCases := make(map[uint]tests.Request)
--- a/internal/authentication/credentials/hibp.go
+++ b/internal/authentication/credentials/hibp.go
@ -22,7 +22,6 @@ func IsPasswordPwned(password string) (bool, error) {
 		return true, nil
 	}

-	// nosemgrep: tests.semgrep-rules.go.lang.security.audit.crypto.insecure-module-used, tests.semgrep-rules.go.lang.security.audit.crypto.use-of-sha1
 	hash := sha1.Sum([]byte(password)) //#nosec G401 -- False positive, only the first 5 bytes are transmitted.
 	hashStr := fmt.Sprintf("%X", hash)
 	lookup := hashStr[0:5]
--- a/internal/configuration/configuration_test.go
+++ b/internal/configuration/configuration_test.go
@ -7,6 +7,7 @@ import (
 	"testing"

 	"github.com/jinzhu/configor"
+	"github.com/pushbits/server/internal/log"
 	"github.com/stretchr/testify/assert"
 	"gopkg.in/yaml.v2"
 )
@ -26,8 +27,7 @@ func TestMain(m *testing.M) {
 func TestConfiguration_GetMinimal(t *testing.T) {
 	err := writeMinimalConfig()
 	if err != nil {
-		fmt.Println("Could not write minimal config: ", err)
-		os.Exit(1)
+		log.L.Fatalln("Cannot write minimal config file: ", err)
 	}

 	validateConfig(t)
@ -38,8 +38,7 @@ func TestConfiguration_GetValid(t *testing.T) {

 	err := writeValidConfig()
 	if err != nil {
-		fmt.Println("Could not write valid config: ", err)
-		os.Exit(1)
+		log.L.Fatalln("Cannot write valid config file: ", err)
 	}

 	validateConfig(t)
@ -69,7 +68,7 @@ func TestConfiguration_GetEmpty(t *testing.T) {
 func TestConfiguration_GetInvalid(t *testing.T) {
 	err := writeInvalidConfig()
 	if err != nil {
-		fmt.Println("Could not write empty config: ", err)
+		fmt.Println("Could not write invalid config: ", err)
 		os.Exit(1)
 	}

@ -135,6 +134,7 @@ type InvalidConfiguration struct {
 // Writes a minimal config to config.yml
 func writeMinimalConfig() error {
 	cleanUp()
+
 	config := MinimalConfiguration{}
 	config.Admin.MatrixID = "000000"
 	config.Matrix.Username = "default-username"
@ -145,17 +145,26 @@ func writeMinimalConfig() error {
 		return err
 	}

-	return os.WriteFile("config_unittest.yml", configString, 0o644)
+	err = os.WriteFile("config_unittest.yml", configString, 0o644)
+	if err != nil {
+		return err
+	}
+
+	return nil
 }

 // Writes a config with default values to config.yml
 func writeValidConfig() error {
 	cleanUp()

+	err := writeMinimalConfig()
+	if err != nil {
+		return err
+	}
+
 	// Load minimal config to get default values
-	writeMinimalConfig()
 	config := &Configuration{}
-	err := configor.New(&configor.Config{
+	err = configor.New(&configor.Config{
 		Environment:          "production",
 		ENVPrefix:            "PUSHBITS",
 		ErrorOnUnmatchedKeys: true,
@ -173,18 +182,30 @@ func writeValidConfig() error {
 		return err
 	}

-	return os.WriteFile("config_unittest.yml", configString, 0o644)
+	err = os.WriteFile("config_unittest.yml", configString, 0o644)
+	if err != nil {
+		return err
+	}
+
+	return nil
 }

 // Writes a config that is empty
 func writeEmptyConfig() error {
 	cleanUp()
-	return os.WriteFile("config_unittest.yml", []byte(""), 0o644)
+
+	err := os.WriteFile("config_unittest.yml", []byte(""), 0o644)
+	if err != nil {
+		return err
+	}
+
+	return nil
 }

 // Writes a config with invalid entries
 func writeInvalidConfig() error {
 	cleanUp()
+
 	config := InvalidConfiguration{}
 	config.Debug = 1337
 	config.HTTP.ListenAddress = true
@ -196,9 +217,17 @@ func writeInvalidConfig() error {
 		return err
 	}

-	return os.WriteFile("config_unittest.yml", configString, 0o644)
+	err = os.WriteFile("config_unittest.yml", configString, 0o644)
+	if err != nil {
+		return err
+	}
+
+	return nil
 }

-func cleanUp() error {
-	return os.Remove("config_unittest.yml")
+func cleanUp() {
+	err := os.Remove("config_unittest.yml")
+	if err != nil {
+		log.L.Warnln("Cannot remove config file: ", err)
+	}
 }
--- a/internal/database/database.go
+++ b/internal/database/database.go
@ -28,7 +28,6 @@ func createFileDir(file string) {
 	dir := filepath.Dir(file)

 	if _, err := os.Stat(dir); os.IsNotExist(err) {
-		// nosemgrep: tests.semgrep-rules.go.lang.correctness.permissions.incorrect-default-permission
 		if err := os.MkdirAll(dir, 0o750); err != nil {
 			panic(err)
 		}