Merge pull request #41 from liquidweb/gosec

integrate gosec

Author: sgsullivan

Makefile

@@ -1,21 +1,22 @@
 SHELL=/bin/bash
 
-default:
-	$(MAKE) install
+install: security
+	scripts/build/install
+
+security:
+	go get github.com/securego/gosec/cmd/gosec
+	@gosec ./...
 
 clean:
 	rm -rf _exe/
 
-static:
+static: security
 	scripts/build/static
 
-build:
+build: security
 	scripts/build/dynamic
 
-install:
-	scripts/build/install
-
-release-build:
+release-build: security
 	scripts/build/release-build
 
 .PHONY: clean static all build

cmd/auth.go

@@ -29,7 +29,9 @@ var authCmd = &cobra.Command{
 Setup your LiquidWeb API credentials
 Test your LiquidWeb API credentials.`,
 	Run: func(cmd *cobra.Command, args []string) {
-		cmd.Help()
+		if err := cmd.Help(); err != nil {
+			lwCliInst.Die(err)
+		}
 		os.Exit(1)
 	},
 }

cmd/authAddContext.go

@@ -47,7 +47,9 @@ Use this if you've already setup contexts with "auth init".`,
 			if err != nil {
 				lwCliInst.Die(err)
 			}
-			f.Close()
+			if err := f.Close(); err != nil {
+				lwCliInst.Die(err)
+			}
 			if err := os.Chmod(file, 0600); err != nil {
 				lwCliInst.Die(err)
 			}
@@ -85,6 +87,10 @@ func init() {
 	authAddContextCmd.Flags().String("api-url", "https://api.liquidweb.com", "API URL to use")
 	authAddContextCmd.Flags().Int("timeout", 30, "timeout value when communicating with api-url")
 
-	authAddContextCmd.MarkFlagRequired("username")
-	authAddContextCmd.MarkFlagRequired("password")
+	if err := authAddContextCmd.MarkFlagRequired("username"); err != nil {
+		lwCliInst.Die(err)
+	}
+	if err := authAddContextCmd.MarkFlagRequired("password"); err != nil {
+		lwCliInst.Die(err)
+	}
 }

cmd/authInit.go

@@ -87,15 +87,19 @@ func fetchAuthDataInteractively() (writeConfig bool, err error) {
 	// warn before deleting config
 	var haveProceedAnswer bool
 	for !haveProceedAnswer {
-		term.Write([]byte("Warning: This will delete all auth contexts. Continue (yes/[no])?: "))
+		if _, err = term.Write([]byte("Warning: This will delete all auth contexts. Continue (yes/[no])?: ")); err != nil {
+			return
+		}
 		proceedBytes, readErr := term.ReadLine()
 		if readErr != nil {
 			err = readErr
 			return
 		}
 		proceedString := cast.ToString(proceedBytes)
 		if proceedString != "yes" && proceedString != "no" && proceedString != "" {
-			term.Write([]byte("invalid input.\n"))
+			if _, err = term.Write([]byte("invalid input.\n")); err != nil {
+				return
+			}
 			continue
 		}
 
@@ -119,7 +123,9 @@ func fetchAuthDataInteractively() (writeConfig bool, err error) {
 	userInputExitEarly := make(chan bool)
 	userInputContext := make(chan cmdTypes.AuthContext)
 
-	term.Write([]byte("\nTo exit early, type 'exit' or send EOF (ctrl+d)\n\n"))
+	if _, err = term.Write([]byte("\nTo exit early, type 'exit' or send EOF (ctrl+d)\n\n")); err != nil {
+		return
+	}
 
 	// start context add loop
 	go func() {
@@ -139,7 +145,10 @@ func fetchAuthDataInteractively() (writeConfig bool, err error) {
 
 			// context name
 			for !haveContextNameAnswer {
-				term.Write([]byte("Name this context: "))
+				if _, err := term.Write([]byte("Name this context: ")); err != nil {
+					userInputError <- err
+					break WHILEMOREADDS
+				}
 				contextNameBytes, err := term.ReadLine()
 				if err != nil {
 					userInputError <- err
@@ -150,7 +159,10 @@ func fetchAuthDataInteractively() (writeConfig bool, err error) {
 					userInputExitEarly <- true
 					break WHILEMOREADDS
 				} else if contextNameAnswer == "" {
-					term.Write([]byte("context name cannot be blank.\n"))
+					if _, err := term.Write([]byte("context name cannot be blank.\n")); err != nil {
+						userInputError <- err
+						break WHILEMOREADDS
+					}
 				} else {
 					haveContextNameAnswer = true
 					context.ContextName = contextNameAnswer
@@ -159,7 +171,10 @@ func fetchAuthDataInteractively() (writeConfig bool, err error) {
 
 			// username
 			for !haveUsernameAnswer {
-				term.Write([]byte("LiquidWeb username: "))
+				if _, err := term.Write([]byte("LiquidWeb username: ")); err != nil {
+					userInputError <- err
+					break WHILEMOREADDS
+				}
 				usernameBytes, err := term.ReadLine()
 				if err != nil {
 					userInputError <- err
@@ -170,7 +185,10 @@ func fetchAuthDataInteractively() (writeConfig bool, err error) {
 					userInputExitEarly <- true
 					break WHILEMOREADDS
 				} else if usernameAnswer == "" {
-					term.Write([]byte("username cannot be blank.\n"))
+					if _, err := term.Write([]byte("username cannot be blank.\n")); err != nil {
+						userInputError <- err
+						break WHILEMOREADDS
+					}
 				} else {
 					haveUsernameAnswer = true
 					context.Username = usernameAnswer
@@ -189,7 +207,10 @@ func fetchAuthDataInteractively() (writeConfig bool, err error) {
 					userInputExitEarly <- true
 					break WHILEMOREADDS
 				} else if passwordAnswer == "" {
-					term.Write([]byte("password cannot be blank.\n"))
+					if _, err := term.Write([]byte("password cannot be blank.\n")); err != nil {
+						userInputError <- err
+						break WHILEMOREADDS
+					}
 				} else {
 					havePasswordAnswer = true
 					context.Password = passwordAnswer
@@ -198,7 +219,10 @@ func fetchAuthDataInteractively() (writeConfig bool, err error) {
 
 			// make current context?
 			for !haveMakeCurrentContextAnswer {
-				term.Write([]byte("Make current context? ([yes]/no)"))
+				if _, err := term.Write([]byte("Make current context? ([yes]/no)")); err != nil {
+					userInputError <- err
+					break WHILEMOREADDS
+				}
 				makeCurrentContextBytes, err := term.ReadLine()
 				if err != nil {
 					userInputError <- err
@@ -210,7 +234,10 @@ func fetchAuthDataInteractively() (writeConfig bool, err error) {
 					break WHILEMOREADDS
 				}
 				if makeCurrentContextString != "" && makeCurrentContextString != "yes" && makeCurrentContextString != "no" {
-					term.Write([]byte("invalid input.\n"))
+					if _, err := term.Write([]byte("invalid input.\n")); err != nil {
+						userInputError <- err
+						break WHILEMOREADDS
+					}
 					continue
 				}
 
@@ -222,7 +249,10 @@ func fetchAuthDataInteractively() (writeConfig bool, err error) {
 
 			// more contexts to add ?
 			for !haveMoreContextsToAddAnswer {
-				term.Write([]byte("Add another context? (yes/[no]): "))
+				if _, err := term.Write([]byte("Add another context? (yes/[no]): ")); err != nil {
+					userInputError <- err
+					break WHILEMOREADDS
+				}
 				moreContextsBytes, err := term.ReadLine()
 				if err != nil {
 					userInputError <- err
@@ -235,7 +265,10 @@ func fetchAuthDataInteractively() (writeConfig bool, err error) {
 					break WHILEMOREADDS
 				}
 				if answer != "" && answer != "yes" && answer != "no" {
-					term.Write([]byte("invalid input.\n"))
+					if _, err := term.Write([]byte("invalid input.\n")); err != nil {
+						userInputError <- err
+						break WHILEMOREADDS
+					}
 					continue
 				}
 
@@ -287,7 +320,9 @@ WAIT:
 		case complete := <-userInputComplete:
 			if complete {
 				// wipe the config for a clean slate.
-				writeEmptyConfig()
+				if err := writeEmptyConfig(); err != nil {
+					lwCliInst.Die(err)
+				}
 				cfgFile, cfgPathErr := getExpectedConfigPath()
 				if cfgPathErr != nil {
 					err = cfgPathErr
@@ -301,12 +336,16 @@ WAIT:
 					if err != nil {
 						lwCliInst.Die(err)
 					}
-					f.Close()
+					if err := f.Close(); err != nil {
+						lwCliInst.Die(err)
+					}
 					if err := os.Chmod(cfgFile, 0600); err != nil {
 						lwCliInst.Die(err)
 					}
 
-					lwCliInst.Viper.ReadConfig(bytes.NewBuffer([]byte{}))
+					if err := lwCliInst.Viper.ReadConfig(bytes.NewBuffer([]byte{})); err != nil {
+						lwCliInst.Die(err)
+					}
 				}
 
 				// set Viper config from contexts slice
@@ -366,7 +405,9 @@ func writeEmptyConfig() error {
 	if err != nil {
 		return err
 	}
-	f.Close()
+	if err := f.Close(); err != nil {
+		return err
+	}
 
 	if err := os.Chmod(cfgFile, 0600); err != nil {
 		return err

cmd/authRemoveContext.go

@@ -42,5 +42,7 @@ func init() {
 	authCmd.AddCommand(authRemoveContextCmd)
 
 	authRemoveContextCmd.Flags().String("context", "", "name of context to remove")
-	authRemoveContextCmd.MarkFlagRequired("context")
+	if err := authRemoveContextCmd.MarkFlagRequired("context"); err != nil {
+		lwCliInst.Die(err)
+	}
 }

cmd/authUpdateContext.go

@@ -116,5 +116,7 @@ func init() {
 	authUpdateContextCmd.Flags().Bool("set-insecure", false, "enable insecure SSL validation of api url")
 	authUpdateContextCmd.Flags().Bool("set-secure", false, "enable secure SSL validation of api url")
 
-	authUpdateContextCmd.MarkFlagRequired("context")
+	if err := authUpdateContextCmd.MarkFlagRequired("context"); err != nil {
+		lwCliInst.Die(err)
+	}
 }

cmd/authUseContext.go

@@ -38,7 +38,9 @@ See also: get-context, get-contexts.
 If you've never setup any contexts, check "auth init".`,
 	Run: func(cmd *cobra.Command, args []string) {
 		if len(args) != 1 {
-			cmd.Help()
+			if err := cmd.Help(); err != nil {
+				lwCliInst.Die(err)
+			}
 			os.Exit(1)
 		}
 

cmd/cloud.go

@@ -28,7 +28,9 @@ var cloudCmd = &cobra.Command{
 
 For a full list of capabilities, please refer to the "Available Commands" section.`,
 	Run: func(cmd *cobra.Command, args []string) {
-		cmd.Help()
+		if err := cmd.Help(); err != nil {
+			lwCliInst.Die(err)
+		}
 		os.Exit(1)
 	},
 }

cmd/cloudBackup.go

@@ -28,7 +28,9 @@ var cloudBackupCmd = &cobra.Command{
 
 For a full list of capabilities, please refer to the "Available Commands" section.`,
 	Run: func(cmd *cobra.Command, args []string) {
-		cmd.Help()
+		if err := cmd.Help(); err != nil {
+			lwCliInst.Die(err)
+		}
 		os.Exit(1)
 	},
 }

cmd/cloudBackupDetails.go

@@ -47,5 +47,7 @@ func init() {
 
 	cloudBackupDetailsCmd.Flags().Int64("backup-id", -1,
 		"id number of the backup (see 'cloud backup list')")
-	cloudBackupDetailsCmd.MarkFlagRequired("backup-id")
+	if err := cloudBackupDetailsCmd.MarkFlagRequired("backup-id"); err != nil {
+		lwCliInst.Die(err)
+	}
 }