fix CWE-703

yuvalk · yuvalk · commit 51dde8faa2c7 · 2021-09-25T21:28:37.000+03:00
Handle all error cases.

for the future, if error is very rare and unlikely to happen on any
normal (supported) user case, it's ok to use `panic(err)`
in other cases, it's better to propageate error up back to user and logs
diff --git a/cmd/performance-profile-creator/cmd/root.go b/cmd/performance-profile-creator/cmd/root.go
@@ -291,7 +291,9 @@ func makeClusterInfoFromClusterData(cluster ClusterData) ClusterInfo {
 }
 
 func showClusterInfoJSON(cInfo ClusterInfo) {
-	json.NewEncoder(os.Stdout).Encode(cInfo)
+	if err := json.NewEncoder(os.Stdout).Encode(cInfo); err != nil {
+		panic(fmt.Errorf("Could not create JSON, err: %s", err))
+	}
 }
 
 func showClusterInfoLog(cInfo ClusterInfo) {
@@ -506,7 +508,9 @@ func createProfile(profileData ProfileData) {
 
 	// write CSV to out dir
 	writer := strings.Builder{}
-	csvtools.MarshallObject(&profile, &writer)
+	if err := csvtools.MarshallObject(&profile, &writer); err != nil {
+		panic(fmt.Errorf("Could not marshal profile, err: %s", err))
+	}
 
 	fmt.Printf("%s", writer.String())
 }
diff --git a/functests/0_config/config.go b/functests/0_config/config.go
@@ -116,7 +116,9 @@ var _ = Describe("[performance][config] Performance configuration", func() {
 
 func externalPerformanceProfile(performanceManifest string) (*performancev2.PerformanceProfile, error) {
 	performanceScheme := runtime.NewScheme()
-	performancev2.AddToScheme(performanceScheme)
+	if err := performancev2.AddToScheme(performanceScheme); err != nil {
+		return nil, fmt.Errorf("Failed to add to scheme, err: %s", err)
+	}
 
 	decode := serializer.NewCodecFactory(performanceScheme).UniversalDeserializer().Decode
 	manifest, err := ioutil.ReadFile(filepath.Clean(performanceManifest))
diff --git a/functests/3_performance_status/status.go b/functests/3_performance_status/status.go
@@ -49,9 +49,9 @@ var _ = Describe("Status testing of performance profile", func() {
 
 	AfterEach(func() {
 		if clean != nil {
-			clean()
+			err := clean()
+			Expect(err).ToNot(HaveOccurred(), "Failed to clean, err: %s", err)
 		}
-
 	})
 
 	Context("[rfe_id:28881][performance] Performance Addons detailed status", func() {
@@ -135,7 +135,7 @@ var _ = Describe("Status testing of performance profile", func() {
 				err := testclient.Client.Get(context.TODO(), key, runtimeClass)
 				// if err != nil probably the resource were already deleted
 				if err == nil {
-					testclient.Client.Delete(context.TODO(), runtimeClass)
+					err = testclient.Client.Delete(context.TODO(), runtimeClass)
 				}
 				return err
 			}
diff --git a/functests/5_latency_testing/latency_testing.go b/functests/5_latency_testing/latency_testing.go
@@ -157,7 +157,9 @@ func setEnvAndGetDescription(tst latencyTest) string {
 }
 
 func setEnvWriteDescription(envVar string, val string, sb *bytes.Buffer, flag *bool) {
-	os.Setenv(envVar, val)
+	if err := os.Setenv(envVar, val); err != nil {
+		panic(err)
+	}
 	fmt.Fprintf(sb, "%s = %s \n", envVar, val)
 	*flag = true
 }
diff --git a/pkg/cmd/render/render.go b/pkg/cmd/render/render.go
@@ -95,7 +95,9 @@ func (r *renderOpts) AddFlags(fs *pflag.FlagSet) {
 
 func (r *renderOpts) readFlagsFromEnv() {
 	if ppInFiles := os.Getenv("PERFORMANCE_PROFILE_INPUT_FILES"); len(ppInFiles) > 0 {
-		r.performanceProfileInputFiles.Set(ppInFiles)
+		if err := r.performanceProfileInputFiles.Set(ppInFiles); err != nil {
+			panic(err)
+		}
 	}
 
 	if assetInDir := os.Getenv("ASSET_INPUT_DIR"); len(assetInDir) > 0 {
diff --git a/pkg/utils/csvtools/csvtools.go b/pkg/utils/csvtools/csvtools.go
@@ -81,7 +81,10 @@ func MarshallObject(obj interface{}, writer io.Writer) error {
 			unstructured.RemoveNestedField(deployment, "spec", "template", "metadata", "creationTimestamp")
 			unstructured.RemoveNestedField(deployment, "status")
 		}
-		unstructured.SetNestedSlice(r.Object, deployments, "spec", "install", "spec", "deployments")
+		err = unstructured.SetNestedSlice(r.Object, deployments, "spec", "install", "spec", "deployments")
+		if err != nil {
+			return err
+		}
 	}
 
 	jsonBytes, err = json.Marshal(r.Object)
diff --git a/tools/csv-processor/csv-processor.go b/tools/csv-processor/csv-processor.go
@@ -245,9 +245,12 @@ Performance Addon Operator provides the ability to enable advanced node performa
 
 	// write CSV to out dir
 	writer := strings.Builder{}
-	csvtools.MarshallObject(operatorCSV, &writer)
+	err := csvtools.MarshallObject(operatorCSV, &writer)
+	if err != nil {
+		panic(err)
+	}
 	outputFilename := filepath.Join(*outputDir, finalizedCsvFilename())
-	err := ioutil.WriteFile(outputFilename, []byte(writer.String()), 0600)
+	err = ioutil.WriteFile(outputFilename, []byte(writer.String()), 0600)
 	if err != nil {
 		panic(err)
 	}
@@ -318,10 +321,16 @@ Performance Addon Operator provides the ability to enable advanced node performa
 	}
 
 	// start with a fresh output directory if it already exists
-	os.RemoveAll(*outputDir)
+	err = os.RemoveAll(*outputDir)
+	if err != nil {
+		panic(err)
+	}
 
 	// create output directory
-	os.MkdirAll(*outputDir, os.FileMode(0775))
+	err = os.MkdirAll(*outputDir, os.FileMode(0775))
+	if err != nil {
+		panic(err)
+	}
 
 	generateUnifiedCSV(userData)
 }
diff --git a/tools/csv-replace-imageref/csv-replace-imageref.go b/tools/csv-replace-imageref/csv-replace-imageref.go
@@ -29,7 +29,9 @@ func processCSV(operatorImage, csvInput string, dst io.Writer) {
 
 	operatorCSV.Annotations["containerImage"] = operatorImage
 
-	csvtools.MarshallObject(operatorCSV, dst)
+	if err := csvtools.MarshallObject(operatorCSV, dst); err != nil {
+		panic(fmt.Errorf("could not marshall CSV, err: %s", err))
+	}
 }
 
 func main() {

Original file line number	Diff line number	Diff line change
`@@ -291,7 +291,9 @@ func makeClusterInfoFromClusterData(cluster ClusterData) ClusterInfo {`
`291`	`291`	`}`
`292`	`292`
`293`	`293`	`func showClusterInfoJSON(cInfo ClusterInfo) {`
`294`		`- json.NewEncoder(os.Stdout).Encode(cInfo)`
	`294`	`+ if err := json.NewEncoder(os.Stdout).Encode(cInfo); err != nil {`
	`295`	`+ panic(fmt.Errorf("Could not create JSON, err: %s", err))`
	`296`	`+ }`
`295`	`297`	`}`
`296`	`298`
`297`	`299`	`func showClusterInfoLog(cInfo ClusterInfo) {`
`@@ -506,7 +508,9 @@ func createProfile(profileData ProfileData) {`
`506`	`508`
`507`	`509`	`// write CSV to out dir`
`508`	`510`	`writer := strings.Builder{}`
`509`		`- csvtools.MarshallObject(&profile, &writer)`
	`511`	`+ if err := csvtools.MarshallObject(&profile, &writer); err != nil {`
	`512`	`+ panic(fmt.Errorf("Could not marshal profile, err: %s", err))`
	`513`	`+ }`
`510`	`514`
`511`	`515`	`fmt.Printf("%s", writer.String())`
`512`	`516`	`}`
Original file line number	Diff line number	Diff line change
`@@ -49,9 +49,9 @@ var _ = Describe("Status testing of performance profile", func() {`
`49`	`49`
`50`	`50`	`AfterEach(func() {`
`51`	`51`	`if clean != nil {`
`52`		`- clean()`
	`52`	`+ err := clean()`
	`53`	`+ Expect(err).ToNot(HaveOccurred(), "Failed to clean, err: %s", err)`
`53`	`54`	`}`
`54`		`-`
`55`	`55`	`})`
`56`	`56`
`57`	`57`	`Context("[rfe_id:28881][performance] Performance Addons detailed status", func() {`
`@@ -135,7 +135,7 @@ var _ = Describe("Status testing of performance profile", func() {`
`135`	`135`	`err := testclient.Client.Get(context.TODO(), key, runtimeClass)`
`136`	`136`	`// if err != nil probably the resource were already deleted`
`137`	`137`	`if err == nil {`
`138`		`- testclient.Client.Delete(context.TODO(), runtimeClass)`
	`138`	`+ err = testclient.Client.Delete(context.TODO(), runtimeClass)`
`139`	`139`	`}`
`140`	`140`	`return err`
`141`	`141`	`}`
Original file line number	Diff line number	Diff line change
`@@ -157,7 +157,9 @@ func setEnvAndGetDescription(tst latencyTest) string {`
`157`	`157`	`}`
`158`	`158`
`159`	`159`	`func setEnvWriteDescription(envVar string, val string, sb bytes.Buffer, flag bool) {`
`160`		`- os.Setenv(envVar, val)`
	`160`	`+ if err := os.Setenv(envVar, val); err != nil {`
	`161`	`+ panic(err)`
	`162`	`+ }`
`161`	`163`	`fmt.Fprintf(sb, "%s = %s \n", envVar, val)`
`162`	`164`	`*flag = true`
`163`	`165`	`}`
Original file line number	Diff line number	Diff line change
`@@ -95,7 +95,9 @@ func (r renderOpts) AddFlags(fs pflag.FlagSet) {`
`95`	`95`
`96`	`96`	`func (r *renderOpts) readFlagsFromEnv() {`
`97`	`97`	`if ppInFiles := os.Getenv("PERFORMANCE_PROFILE_INPUT_FILES"); len(ppInFiles) > 0 {`
`98`		`- r.performanceProfileInputFiles.Set(ppInFiles)`
	`98`	`+ if err := r.performanceProfileInputFiles.Set(ppInFiles); err != nil {`
	`99`	`+ panic(err)`
	`100`	`+ }`
`99`	`101`	`}`
`100`	`102`
`101`	`103`	`if assetInDir := os.Getenv("ASSET_INPUT_DIR"); len(assetInDir) > 0 {`
Original file line number	Diff line number	Diff line change
`@@ -81,7 +81,10 @@ func MarshallObject(obj interface{}, writer io.Writer) error {`
`81`	`81`	`unstructured.RemoveNestedField(deployment, "spec", "template", "metadata", "creationTimestamp")`
`82`	`82`	`unstructured.RemoveNestedField(deployment, "status")`
`83`	`83`	`}`
`84`		`- unstructured.SetNestedSlice(r.Object, deployments, "spec", "install", "spec", "deployments")`
	`84`	`+ err = unstructured.SetNestedSlice(r.Object, deployments, "spec", "install", "spec", "deployments")`
	`85`	`+ if err != nil {`
	`86`	`+ return err`
	`87`	`+ }`
`85`	`88`	`}`
`86`	`89`
`87`	`90`	`jsonBytes, err = json.Marshal(r.Object)`
Original file line number	Diff line number	Diff line change
`@@ -29,7 +29,9 @@ func processCSV(operatorImage, csvInput string, dst io.Writer) {`
`29`	`29`
`30`	`30`	`operatorCSV.Annotations["containerImage"] = operatorImage`
`31`	`31`
`32`		`- csvtools.MarshallObject(operatorCSV, dst)`
	`32`	`+ if err := csvtools.MarshallObject(operatorCSV, dst); err != nil {`
	`33`	`+ panic(fmt.Errorf("could not marshall CSV, err: %s", err))`
	`34`	`+ }`
`33`	`35`	`}`
`34`	`36`
`35`	`37`	`func main() {`