New feature: Shred files and directories

bcessa · bcessa · commit 989f3fa322cf · 2022-10-11T11:31:59.000+01:00
The new 'shred' command allows to safely remove files and directories
from the filesystem while ensuring dangling data is not recoverable.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -17,7 +17,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v3
         with:
-          go-version: 1.18.x
+          go-version: 1.19.x
 
       # Checkout code
       - name: Checkout repository
diff --git a/.github/workflows/maintenance.yml b/.github/workflows/maintenance.yml
@@ -7,7 +7,7 @@ jobs:
     name: "close stale issues and pull requests"
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/stale@v5
+      - uses: actions/stale@v6
         with:
           # On the 'debug' mode the action will not perform any operation.
           # Add the secret ACTIONS_STEP_DEBUG with a value of 'true' in the repository.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -15,7 +15,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v3
         with:
-          go-version: 1.18.x
+          go-version: 1.19.x
 
       # Checkout code
       - name: Checkout repository
diff --git a/.golangci.yml b/.golangci.yml
@@ -3,13 +3,7 @@ run:
   issues-exit-code: 1
   tests: true
   build-tags: []
-  skip-dirs:
-    - vendor$
-    - third_party$
-    - testdata$
-    - examples$
-    - Godeps$
-    - builtin$
+  skip-dirs-use-default: true
   skip-files:
     - ".*\\.pb\\.go$"
     - ".*\\.pb\\.gw\\.go$"
@@ -28,7 +22,6 @@ linters:
     - gofmt
     - ineffassign
     - staticcheck
-    - structcheck
     - typecheck
     - varcheck
     - gocyclo
@@ -52,7 +45,6 @@ linters:
     - noctx
     - predeclared
     - exportloopref
-    - wastedassign
     - whitespace
     #- wrapcheck
     #- nestif
@@ -62,6 +54,9 @@ linters:
     - deadcode
     - unused
     - dupl
+    # https://github.com/golangci/golangci-lint/issues/2649
+    - structcheck
+    - wastedassign
 issues:
   exclude-use-default: false
   exclude-rules:
diff --git a/cmd/decrypt.go b/cmd/decrypt.go
@@ -116,7 +116,7 @@ func runDecrypt(_ *cobra.Command, args []string) error {
 	}
 
 	// Start tred workers pool
-	pool, err := newPool(viper.GetInt("decrypt.workers"), key, viper.GetString("decrypt.cipher"), log)
+	wp, err := newPool(viper.GetInt("decrypt.workers"), key, viper.GetString("decrypt.cipher"), log)
 	if err != nil {
 		log.WithField("error", err).Fatal("could not initialize TRED workers")
 		return err
@@ -157,19 +157,19 @@ func runDecrypt(_ *cobra.Command, args []string) error {
 			}
 
 			// Add job to processing pool
-			pool.add(job{file: f, showBar: false})
+			wp.add(job{file: f, showBar: false})
 			return nil
 		})
 	} else {
 		// Process single file
-		pool.add(job{file: input, showBar: true})
+		wp.add(job{file: input, showBar: true})
 	}
 
 	// Wait for operations to complete
-	pool.done()
+	wp.done()
 	log.WithFields(xlog.Fields{
 		"time":  time.Since(start),
-		"files": pool.count,
+		"files": wp.count,
 	}).Info("operation completed")
 	return err
 }
diff --git a/cmd/encrypt.go b/cmd/encrypt.go
@@ -116,7 +116,7 @@ func runEncrypt(_ *cobra.Command, args []string) error {
 	}
 
 	// Start tred workers pool
-	pool, err := newPool(viper.GetInt("encrypt.workers"), key, viper.GetString("encrypt.cipher"), log)
+	wp, err := newPool(viper.GetInt("encrypt.workers"), key, viper.GetString("encrypt.cipher"), log)
 	if err != nil {
 		log.WithField("error", err).Fatal("could not initialize TRED workers")
 		return err
@@ -157,19 +157,19 @@ func runEncrypt(_ *cobra.Command, args []string) error {
 			}
 
 			// Add job to processing pool
-			pool.add(job{file: f, showBar: false, encrypt: true})
+			wp.add(job{file: f, showBar: false, encrypt: true})
 			return nil
 		})
 	} else {
 		// Process single file
-		pool.add(job{file: input, showBar: true, encrypt: true})
+		wp.add(job{file: input, showBar: true, encrypt: true})
 	}
 
 	// Wait for operations to complete
-	pool.done()
+	wp.done()
 	log.WithFields(xlog.Fields{
 		"time":  time.Since(start),
-		"files": pool.count,
+		"files": wp.count,
 	}).Info("operation completed")
 	return err
 }
diff --git a/cmd/pool.go b/cmd/pool.go
@@ -17,6 +17,7 @@ type job struct {
 	file    string
 	showBar bool
 	encrypt bool
+	shred   bool
 }
 
 type pool struct {
@@ -84,7 +85,9 @@ func (w *worker) run() {
 	for j := range w.jobs {
 		// Run operation
 		var err error
-		if j.encrypt {
+		if j.shred {
+			err = w.shred(j.file, j.showBar)
+		} else if j.encrypt {
 			err = w.encrypt(j.file, j.showBar)
 		} else {
 			err = w.decrypt(j.file, j.showBar)
@@ -199,3 +202,42 @@ func (w *worker) decrypt(file string, withBar bool) error {
 	}
 	return err
 }
+
+// nolint: gosec
+func (w *worker) shred(file string, withBar bool) error {
+	// Open input file
+	input, err := os.Open(filepath.Clean(file))
+	if err != nil {
+		return err
+	}
+
+	// Create new file for the ciphertext
+	output, err := os.Create(fmt.Sprintf("%s%s", file, viper.GetString("encrypt.suffix")))
+	if err != nil {
+		return err
+	}
+
+	// Get progress bar
+	var r io.Reader
+	r = input
+	if !viper.GetBool("shred.silent") && withBar {
+		bar := getProgressBar(input)
+		bar.Start()
+		defer bar.Finish()
+		r = bar.NewProxyReader(input)
+	}
+
+	// Encrypt file in-place
+	_, err = w.tw.Encrypt(r, output)
+	if err == nil {
+		_ = input.Close()
+		_ = output.Close()
+		if err := os.Remove(input.Name()); err != nil {
+			w.log.WithField("file", file).Warning("failed to remove file")
+		}
+		if err := os.Remove(output.Name()); err != nil {
+			w.log.WithField("file", file).Warning("failed to remove file")
+		}
+	}
+	return err
+}
diff --git a/cmd/shred.go b/cmd/shred.go
@@ -0,0 +1,148 @@
+package cmd
+
+import (
+	"crypto/rand"
+	"os"
+	"path/filepath"
+	"runtime"
+	"strings"
+	"time"
+
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
+	"go.bryk.io/pkg/cli"
+	"go.bryk.io/pkg/errors"
+	xlog "go.bryk.io/pkg/log"
+)
+
+var shredCmd = &cobra.Command{
+	Use:     "shred",
+	Aliases: []string{"del", "rm"},
+	Example: "tred shred -ra [INPUT]",
+	Short:   "Securely delete files/directories while preventing contents recovery",
+	RunE:    runShred,
+}
+
+func init() {
+	params := []cli.Param{
+		{
+			Name:      "recursive",
+			Usage:     "recursively process directories",
+			FlagKey:   "shred.recursive",
+			ByDefault: false,
+			Short:     "r",
+		},
+		{
+			Name:      "all",
+			Usage:     "include hidden files",
+			FlagKey:   "shred.all",
+			ByDefault: false,
+			Short:     "a",
+		},
+		{
+			Name:      "workers",
+			Usage:     "number or workers to run for parallel processing",
+			FlagKey:   "shred.workers",
+			ByDefault: runtime.NumCPU(),
+			Short:     "w",
+		},
+		{
+			Name:      "silent",
+			Usage:     "suppress all output",
+			FlagKey:   "shred.silent",
+			ByDefault: false,
+			Short:     "s",
+		},
+	}
+	if err := cli.SetupCommandParams(shredCmd, params, viper.GetViper()); err != nil {
+		panic(err)
+	}
+	rootCmd.AddCommand(shredCmd)
+}
+
+func runShred(_ *cobra.Command, args []string) error {
+	log := getLogger(viper.GetBool("shred.silent"))
+
+	// Get input
+	if len(args) == 0 {
+		log.Fatal("missing required input")
+		return errors.New("missing required input")
+	}
+
+	// Get input absolute path
+	input, err := filepath.Abs(args[0])
+	if err != nil {
+		log.WithField("error", err).Fatal("invalid source provided")
+		return err
+	}
+
+	// Get temporary encryption key
+	key := make([]byte, 64)
+	if _, err := rand.Read(key); err != nil {
+		return errors.Wrap(err, "generate encryption key")
+	}
+
+	// Start tred workers pool
+	wp, err := newPool(viper.GetInt("shred.workers"), key, "chacha", log)
+	if err != nil {
+		log.WithField("error", err).Fatal("could not initialize TRED workers")
+		return err
+	}
+
+	// Process input
+	cleanUpDirs := []string{}
+	start := time.Now()
+	if isDir(input) {
+		err = filepath.Walk(input, func(f string, i os.FileInfo, err error) error {
+			// Unexpected error walking the directory
+			if err != nil {
+				log.WithFields(xlog.Fields{
+					"location": f,
+					"error":    err,
+				}).Warning("failed to traverse location")
+				return err
+			}
+
+			// Ignore hidden files
+			if strings.HasPrefix(filepath.Base(f), ".") && !viper.GetBool("shred.all") {
+				log.WithFields(xlog.Fields{
+					"location": f,
+				}).Debug("ignoring hidden file")
+				return nil
+			}
+
+			// Don't go into subdirectories if not required
+			if i.IsDir() && !viper.GetBool("shred.recursive") {
+				log.WithFields(xlog.Fields{
+					"location": f,
+				}).Debug("ignoring directory on non-recursive run")
+				return filepath.SkipDir
+			}
+
+			// Ignore subdir markers
+			if i.IsDir() {
+				cleanUpDirs = append(cleanUpDirs, f)
+				return nil
+			}
+
+			// Add job to processing pool
+			wp.add(job{file: f, showBar: false, shred: true})
+			return nil
+		})
+		cleanUpDirs = append(cleanUpDirs, input)
+	} else {
+		// Process single file
+		wp.add(job{file: input, showBar: true, shred: true})
+	}
+
+	// Wait for operations to complete
+	wp.done()
+	for _, td := range cleanUpDirs {
+		_ = os.Remove(td) // remove empty directories, ignore errors
+	}
+	log.WithFields(xlog.Fields{
+		"time":  time.Since(start),
+		"files": wp.count,
+	}).Info("operation completed")
+	return err
+}
diff --git a/go.mod b/go.mod
@@ -1,12 +1,45 @@
 module github.com/bryk-io/tred-cli
 
-go 1.16
+go 1.18
 
 require (
 	github.com/cheggaaa/pb/v3 v3.1.0
 	github.com/pkg/errors v0.9.1
 	github.com/spf13/cobra v1.5.0
-	github.com/spf13/viper v1.12.0
-	go.bryk.io/pkg v0.0.0-20220808192228-d72c45988885
-	golang.org/x/term v0.0.0-20220722155259-a9ba230a4035
+	github.com/spf13/viper v1.13.0
+	go.bryk.io/pkg v0.0.0-20221011100809-a2bf420b8f3f
+	golang.org/x/term v0.0.0-20220919170432-7a66f970e087
+)
+
+require (
+	github.com/VividCortex/ewma v1.1.1 // indirect
+	github.com/briandowns/spinner v1.19.0 // indirect
+	github.com/fatih/color v1.13.0 // indirect
+	github.com/fsnotify/fsnotify v1.5.4 // indirect
+	github.com/hashicorp/hcl v1.0.0 // indirect
+	github.com/inconshreveable/mousetrap v1.0.0 // indirect
+	github.com/magiconair/properties v1.8.6 // indirect
+	github.com/mattn/go-colorable v0.1.12 // indirect
+	github.com/mattn/go-isatty v0.0.14 // indirect
+	github.com/mattn/go-runewidth v0.0.12 // indirect
+	github.com/mitchellh/mapstructure v1.5.0 // indirect
+	github.com/pelletier/go-toml v1.9.5 // indirect
+	github.com/pelletier/go-toml/v2 v2.0.5 // indirect
+	github.com/rivo/uniseg v0.2.0 // indirect
+	github.com/rs/zerolog v1.28.0 // indirect
+	github.com/sirupsen/logrus v1.9.0 // indirect
+	github.com/spf13/afero v1.8.2 // indirect
+	github.com/spf13/cast v1.5.0 // indirect
+	github.com/spf13/jwalterweatherman v1.1.0 // indirect
+	github.com/spf13/pflag v1.0.5 // indirect
+	github.com/subosito/gotenv v1.4.1 // indirect
+	go.uber.org/atomic v1.7.0 // indirect
+	go.uber.org/multierr v1.6.0 // indirect
+	go.uber.org/zap v1.23.0 // indirect
+	golang.org/x/crypto v0.0.0-20221005025214-4161e89ecf1b // indirect
+	golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10 // indirect
+	golang.org/x/text v0.3.7 // indirect
+	gopkg.in/ini.v1 v1.67.0 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
diff --git a/go.sum b/go.sum
