fix some gosec issues

tim-mwangi · tim-mwangi · commit 8e8104b34964 · 2025-07-14T10:45:35.000+03:00
diff --git a/examples/gin-server/main.go b/examples/gin-server/main.go
@@ -1,6 +1,7 @@
 package main
 
 import (
+	"log"
 	"net/http"
 
 	"github.com/gin-gonic/gin"
@@ -38,5 +39,8 @@ func main() {
 
 	r := setupRouter()
 	// Listen and Server in 0.0.0.0:8080
-	r.Run(":8080")
+	err := r.Run(":8080")
+	if err != nil {
+		log.Fatalf("gin server failed with error: %v", err)
+	}
 }
diff --git a/examples/http-server/main.go b/examples/http-server/main.go
@@ -90,6 +90,8 @@ func main() {
 	))
 	// Uncomment to enable TLS server
 	// log.Fatal(http.ListenAndServeTLS(":8081", certFile, keyFile, r))
+	// G114 (CWE-676): Use of net/http serve function that has no support for setting timeouts (Confidence: HIGH, Severity: MEDIUM)
+	// #nosec G114
 	log.Fatal(http.ListenAndServe(":8081", r))
 }
 
@@ -135,7 +137,7 @@ func fooHandler(w http.ResponseWriter, r *http.Request) {
 	w.Header().Set("Content-Type", "application/json")
 	w.WriteHeader(http.StatusOK)
 
-	w.Write([]byte(fmt.Sprintf("{\"param0\": \"Hello %s\", \"authorization\": \"Bearer some-jwt-token\", \"param2\":{\"param3\":\"param4\",\"value\":\"00000\"}}", p.Name)))
+	_, _ = w.Write([]byte(fmt.Sprintf("{\"param0\": \"Hello %s\", \"authorization\": \"Bearer some-jwt-token\", \"param2\":{\"param3\":\"param4\",\"value\":\"00000\"}}", p.Name)))
 }
 
 var responseBody string = `{"serviceCount":4,"personalDetailChildren":[{"id":"41d29bf9-3d7b-4e7b-90f1-e405693b592f","firstName":"Bruce","lastName":"Meyer","dateOfBirth":"1951-4-20",` +
@@ -192,7 +194,7 @@ func payloadHandler(w http.ResponseWriter, r *http.Request) {
 
 	w.Header().Set("Content-Type", "application/json")
 	w.WriteHeader(http.StatusOK)
-	w.Write([]byte(responseBody))
+	_, _ = w.Write([]byte(responseBody))
 }
 
 // Should be a GET request
@@ -215,7 +217,7 @@ func barHandler(w http.ResponseWriter, r *http.Request) {
 	}
 
 	w.WriteHeader(http.StatusOK)
-	w.Write([]byte(fmt.Sprintf("{\"message\": \"Hello %s\"}", author)))
+	_, _ = w.Write([]byte(fmt.Sprintf("{\"message\": \"Hello %s\"}", author)))
 }
 
 // Should be a POST request.
@@ -234,7 +236,7 @@ func barBodyHandler(w http.ResponseWriter, r *http.Request) {
 	w.Header().Add("Set-Cookie", "timothercookie789=cval1;secure")
 	w.Header().Add("Set-Cookie", "timothercookie=cval2;secure")
 	w.WriteHeader(http.StatusOK)
-	w.Write([]byte(fmt.Sprintf("{\"message\": \"Hello %s\"}", author)))
+	_, _ = w.Write([]byte(fmt.Sprintf("{\"message\": \"Hello %s\"}", author)))
 }
 
 const multipartMaxSize int64 = 1024 * 1024
@@ -261,7 +263,7 @@ func multipartFormHandler(w http.ResponseWriter, r *http.Request) {
 		w.WriteHeader(http.StatusInternalServerError)
 		return
 	}
-	err = os.WriteFile("/tmp/gadat1.png", buf, 0644)
+	err = os.WriteFile("/tmp/gadat1.png", buf, 0600)
 	if err != nil {
 		fmt.Printf("error while writing file: %v\n", err)
 		w.WriteHeader(http.StatusInternalServerError)
@@ -275,7 +277,7 @@ func multipartFormHandler(w http.ResponseWriter, r *http.Request) {
 	w.Header().Add("Set-Cookie", "othercookie789=cval1;secure")
 	w.Header().Add("Set-Cookie", "othercookie=cval2;secure")
 	w.WriteHeader(http.StatusOK)
-	w.Write([]byte(fmt.Sprintf("{\"message\": \"Hello %s\"}", author)))
+	_, _ = w.Write([]byte(fmt.Sprintf("{\"message\": \"Hello %s\"}", author)))
 }
 
 func outgoingCallHandler(w http.ResponseWriter, r *http.Request) {
@@ -330,7 +332,7 @@ func echoUpperCaseHandler(w http.ResponseWriter, r *http.Request) {
 
 	w.Header().Set("Content-Type", "application/json")
 	w.WriteHeader(http.StatusOK)
-	w.Write([]byte(strings.ToUpper(string(sBody))))
+	_, _ = w.Write([]byte(strings.ToUpper(string(sBody))))
 }
 
 func echoHandler(w http.ResponseWriter, r *http.Request) {
@@ -350,7 +352,7 @@ func echoHandler(w http.ResponseWriter, r *http.Request) {
 	}
 	w.Header().Set("Access-Control-Allow-Credentials", "true")
 	w.WriteHeader(http.StatusOK)
-	w.Write([]byte(string(sBody)))
+	_, _ = w.Write([]byte(string(sBody)))
 }
 
 func getXmlHandler(w http.ResponseWriter, r *http.Request) {
@@ -372,5 +374,5 @@ func getXmlHandler(w http.ResponseWriter, r *http.Request) {
 
 	w.Header().Set("Content-Type", "application/xml")
 	w.WriteHeader(http.StatusOK)
-	w.Write([]byte(xmlSampleBody))
+	_, _ = w.Write([]byte(xmlSampleBody))
 }
diff --git a/examples/mux-server/main.go b/examples/mux-server/main.go
@@ -28,6 +28,8 @@ func main() {
 	r := mux.NewRouter()
 	r.Use(hypermux.NewMiddleware(&sdkhttp.Options{})) // here we use the mux middleware
 	r.HandleFunc("/foo", http.HandlerFunc(fooHandler))
+	// G114 (CWE-676): Use of net/http serve function that has no support for setting timeouts (Confidence: HIGH, Severity: MEDIUM)
+	// #nosec G114
 	log.Fatal(http.ListenAndServe(":8081", r))
 }
 
@@ -54,5 +56,5 @@ func fooHandler(w http.ResponseWriter, r *http.Request) {
 
 	w.Header().Set("Content-Type", "application/json")
 	w.WriteHeader(http.StatusOK)
-	w.Write([]byte(fmt.Sprintf("{\"message\": \"Hello %s\"}", p.Name)))
+	_, _ = w.Write([]byte(fmt.Sprintf("{\"message\": \"Hello %s\"}", p.Name)))
 }
diff --git a/examples/sql-query/main.go b/examples/sql-query/main.go
@@ -40,6 +40,8 @@ func main() {
 		http.HandlerFunc(fooHandlerFunc),
 		"/foo",
 	))
+	// G114 (CWE-676): Use of net/http serve function that has no support for setting timeouts (Confidence: HIGH, Severity: MEDIUM)
+	// #nosec G114
 	log.Fatal(http.ListenAndServe(":8081", r))
 }
 
@@ -68,7 +70,7 @@ func fooHandler(db *sql.DB, w http.ResponseWriter, r *http.Request) {
 
 	w.Header().Set("Content-Type", "application/json")
 	w.WriteHeader(http.StatusOK)
-	w.Write([]byte(fmt.Sprintf("{\"message\": \"Hello %s\"}", p.Name)))
+	_, _ = w.Write([]byte(fmt.Sprintf("{\"message\": \"Hello %s\"}", p.Name)))
 }
 
 func dbConn() (db *sql.DB) {

Original file line number	Diff line number	Diff line change
`@@ -28,6 +28,8 @@ func main() {`
`28`	`28`	`r := mux.NewRouter()`
`29`	`29`	`r.Use(hypermux.NewMiddleware(&sdkhttp.Options{})) // here we use the mux middleware`
`30`	`30`	`r.HandleFunc("/foo", http.HandlerFunc(fooHandler))`
	`31`	`+ // G114 (CWE-676): Use of net/http serve function that has no support for setting timeouts (Confidence: HIGH, Severity: MEDIUM)`
	`32`	`+ // #nosec G114`
`31`	`33`	`log.Fatal(http.ListenAndServe(":8081", r))`
`32`	`34`	`}`
`33`	`35`
`@@ -54,5 +56,5 @@ func fooHandler(w http.ResponseWriter, r *http.Request) {`
`54`	`56`
`55`	`57`	`w.Header().Set("Content-Type", "application/json")`
`56`	`58`	`w.WriteHeader(http.StatusOK)`
`57`		`- w.Write([]byte(fmt.Sprintf("{\"message\": \"Hello %s\"}", p.Name)))`
	`59`	`+ _, _ = w.Write([]byte(fmt.Sprintf("{\"message\": \"Hello %s\"}", p.Name)))`
`58`	`60`	`}`
Original file line number	Diff line number	Diff line change
`@@ -40,6 +40,8 @@ func main() {`
`40`	`40`	`http.HandlerFunc(fooHandlerFunc),`
`41`	`41`	`"/foo",`
`42`	`42`	`))`
	`43`	`+ // G114 (CWE-676): Use of net/http serve function that has no support for setting timeouts (Confidence: HIGH, Severity: MEDIUM)`
	`44`	`+ // #nosec G114`
`43`	`45`	`log.Fatal(http.ListenAndServe(":8081", r))`
`44`	`46`	`}`
`45`	`47`
`@@ -68,7 +70,7 @@ func fooHandler(db sql.DB, w http.ResponseWriter, r http.Request) {`
`68`	`70`
`69`	`71`	`w.Header().Set("Content-Type", "application/json")`
`70`	`72`	`w.WriteHeader(http.StatusOK)`
`71`		`- w.Write([]byte(fmt.Sprintf("{\"message\": \"Hello %s\"}", p.Name)))`
	`73`	`+ _, _ = w.Write([]byte(fmt.Sprintf("{\"message\": \"Hello %s\"}", p.Name)))`
`72`	`74`	`}`
`73`	`75`
`74`	`76`	`func dbConn() (db *sql.DB) {`