Merge pull request #3194 from semaphoreui/copilot/fix-03578144-9001-4905-9b7a-8c0500083ac2

fiftin · web-flow · commit f8bea2b4d59a · 2025-08-09T15:22:20.000+05:00
Fix critical bugs in Go codebase: mutex ordering, slice bounds, and error handling
diff --git a/api/apps.go b/api/apps.go
@@ -22,6 +22,7 @@ func appMiddleware(next http.Handler) http.Handler {
 		appID, err := helpers.GetStrParam("app_id", w, r)
 		if err != nil {
 			helpers.WriteErrorStatus(w, err.Error(), http.StatusBadRequest)
+			return
 		}
 
 		if err := validateAppID(appID); err != nil {
diff --git a/api/user.go b/api/user.go
@@ -52,7 +52,10 @@ func getAPITokens(w http.ResponseWriter, r *http.Request) {
 	}
 
 	for i := range tokens {
-		tokens[i].ID = tokens[i].ID[:8]
+		if len(tokens[i].ID) >= 8 {
+			tokens[i].ID = tokens[i].ID[:8]
+		}
+		// If ID is shorter than 8 chars, leave it as-is
 	}
 
 	helpers.WriteJSON(w, http.StatusOK, tokens)
diff --git a/cli/setup/setup.go b/cli/setup/setup.go
@@ -296,7 +296,8 @@ func askValue(prompt string, defaultValue string, item any) {
 
 	_, _ = fmt.Sscanln(defaultValue, item)
 
-	scanErrorChecker(fmt.Scanln(item))
+	n, err := fmt.Scanln(item)
+	scanErrorChecker(n, err)
 
 	// Empty line after prompt
 	fmt.Println("")
@@ -312,7 +313,8 @@ func askConfirmation(prompt string, defaultValue bool, item *bool) {
 
 	var answer string
 
-	scanErrorChecker(fmt.Scanln(&answer))
+	n, err := fmt.Scanln(&answer)
+	scanErrorChecker(n, err)
 
 	switch strings.ToLower(answer) {
 	case "y", "yes":
diff --git a/db/factory/store.go b/db/factory/store.go
@@ -24,4 +24,6 @@ func CreateStore() db.Store {
 	default:
 		panic("Unsupported database dialect: " + config.Dialect)
 	}
+	// This line should never be reached due to panic above, but satisfies linter
+	return nil
 }
diff --git a/go.mod b/go.mod
@@ -17,7 +17,6 @@ require (
 	github.com/gorilla/websocket v1.5.3
 	github.com/lib/pq v1.10.9
 	github.com/mdp/qrterminal/v3 v3.2.1
-	github.com/pkg/errors v0.9.1
 	github.com/pquerna/otp v1.4.0
 	github.com/robfig/cron/v3 v3.0.1
 	github.com/semaphoreui/semaphore/pro v0.0.0
diff --git a/services/schedules/SchedulePool.go b/services/schedules/SchedulePool.go
@@ -195,8 +195,8 @@ func (p *SchedulePool) clear() {
 }
 
 func (p *SchedulePool) Destroy() {
-	defer p.locker.Unlock()
 	p.locker.Lock()
+	defer p.locker.Unlock()
 	p.cron.Stop()
 	p.clear()
 	p.cron = nil

Original file line number	Diff line number	Diff line change
`@@ -22,6 +22,7 @@ func appMiddleware(next http.Handler) http.Handler {`
`22`	`22`	`appID, err := helpers.GetStrParam("app_id", w, r)`
`23`	`23`	`if err != nil {`
`24`	`24`	`helpers.WriteErrorStatus(w, err.Error(), http.StatusBadRequest)`
	`25`	`+ return`
`25`	`26`	`}`
`26`	`27`
`27`	`28`	`if err := validateAppID(appID); err != nil {`
Original file line number	Diff line number	Diff line change
`@@ -52,7 +52,10 @@ func getAPITokens(w http.ResponseWriter, r *http.Request) {`
`52`	`52`	`}`
`53`	`53`
`54`	`54`	`for i := range tokens {`
`55`		`- tokens[i].ID = tokens[i].ID[:8]`
	`55`	`+ if len(tokens[i].ID) >= 8 {`
	`56`	`+ tokens[i].ID = tokens[i].ID[:8]`
	`57`	`+ }`
	`58`	`+ // If ID is shorter than 8 chars, leave it as-is`
`56`	`59`	`}`
`57`	`60`
`58`	`61`	`helpers.WriteJSON(w, http.StatusOK, tokens)`
Original file line number	Diff line number	Diff line change
`@@ -24,4 +24,6 @@ func CreateStore() db.Store {`
`24`	`24`	`default:`
`25`	`25`	`panic("Unsupported database dialect: " + config.Dialect)`
`26`	`26`	`}`
	`27`	`+ // This line should never be reached due to panic above, but satisfies linter`
	`28`	`+ return nil`
`27`	`29`	`}`
Original file line number	Diff line number	Diff line change
`@@ -195,8 +195,8 @@ func (p *SchedulePool) clear() {`
`195`	`195`	`}`
`196`	`196`
`197`	`197`	`func (p *SchedulePool) Destroy() {`
`198`		`- defer p.locker.Unlock()`
`199`	`198`	`p.locker.Lock()`
	`199`	`+ defer p.locker.Unlock()`
`200`	`200`	`p.cron.Stop()`
`201`	`201`	`p.clear()`
`202`	`202`	`p.cron = nil`