From 5449f73297273072a64722be0f6de843faf9f191 Mon Sep 17 00:00:00 2001 From: Eng Zer Jun Date: Sun, 9 Jan 2022 23:45:43 +0800 Subject: [PATCH 1/2] refactor: use `os.ReadDir` for lightweight directory reading This commit also replaces the existing io/ioutil functions with their new definitions in io and os packages, since the io/ioutil package has been deprecated as of Go 1.16, see https://golang.org/doc/go1.16#ioutil. Reference: https://pkg.go.dev/io/ioutil#ReadDir Signed-off-by: Eng Zer Jun --- internal/metrics/collectors/processes.go | 6 +++--- internal/metrics/listener.go | 3 +-- internal/nginx/manager.go | 3 +-- internal/nginx/utils.go | 3 +-- internal/nginx/verify.go | 4 ++-- internal/nginx/verify_test.go | 4 ++-- 6 files changed, 10 insertions(+), 13 deletions(-) diff --git a/internal/metrics/collectors/processes.go b/internal/metrics/collectors/processes.go index cd1963f400..d6be989d04 100644 --- a/internal/metrics/collectors/processes.go +++ b/internal/metrics/collectors/processes.go @@ -3,7 +3,7 @@ package collectors import ( "bytes" "fmt" - "io/ioutil" + "os" "strconv" "github.com/golang/glog" @@ -45,7 +45,7 @@ func getWorkerProcesses() (int, int, error) { var workerProcesses int var prevWorkerProcesses int - procFolders, err := ioutil.ReadDir("/proc") + procFolders, err := os.ReadDir("/proc") if err != nil { return 0, 0, fmt.Errorf("unable to read directory /proc : %w", err) } @@ -57,7 +57,7 @@ func getWorkerProcesses() (int, int, error) { } cmdlineFile := fmt.Sprintf("/proc/%v/cmdline", folder.Name()) - content, err := ioutil.ReadFile(cmdlineFile) + content, err := os.ReadFile(cmdlineFile) if err != nil { return 0, 0, fmt.Errorf("unable to read file %v: %w", cmdlineFile, err) } diff --git a/internal/metrics/listener.go b/internal/metrics/listener.go index fa1d2a8983..932ac23234 100644 --- a/internal/metrics/listener.go +++ b/internal/metrics/listener.go @@ -2,7 +2,6 @@ package metrics import ( "fmt" - "io/ioutil" "net/http" "os" "strconv" @@ -75,7 +74,7 @@ func runServer(port string, registry prometheus.Gatherer, prometheusSecret *api_ } func writeTempFile(data []byte, name string) (*os.File, error) { - f, err := ioutil.TempFile("", name) + f, err := os.CreateTemp("", name) if err != nil { return nil, fmt.Errorf("failed to create temp file: %w", err) } diff --git a/internal/nginx/manager.go b/internal/nginx/manager.go index 9ea835e60c..bcb0a90903 100644 --- a/internal/nginx/manager.go +++ b/internal/nginx/manager.go @@ -2,7 +2,6 @@ package nginx import ( "fmt" - "io/ioutil" "net/http" "os" "os/exec" @@ -265,7 +264,7 @@ func (lm *LocalManager) DeleteAppProtectResourceFile(name string) { // ClearAppProtectFolder clears contents of a config folder func (lm *LocalManager) ClearAppProtectFolder(name string) { - files, err := ioutil.ReadDir(name) + files, err := os.ReadDir(name) if err != nil { glog.Fatalf("Failed to read the App Protect folder %s: %v", name, err) } diff --git a/internal/nginx/utils.go b/internal/nginx/utils.go index 3306d2dbb3..6cc70c742a 100644 --- a/internal/nginx/utils.go +++ b/internal/nginx/utils.go @@ -3,7 +3,6 @@ package nginx import ( "bytes" "fmt" - "io/ioutil" "os" "os/exec" "path" @@ -51,7 +50,7 @@ func createFileAndWrite(name string, b []byte) error { } func createFileAndWriteAtomically(filename string, tempPath string, mode os.FileMode, content []byte) { - file, err := ioutil.TempFile(tempPath, path.Base(filename)) + file, err := os.CreateTemp(tempPath, path.Base(filename)) if err != nil { glog.Fatalf("Couldn't create a temp file for the file %v: %v", filename, err) } diff --git a/internal/nginx/verify.go b/internal/nginx/verify.go index 33033bbbf3..cdb9142a05 100644 --- a/internal/nginx/verify.go +++ b/internal/nginx/verify.go @@ -5,7 +5,7 @@ import ( "context" "fmt" "html/template" - "io/ioutil" + "io" "net" "net/http" "strconv" @@ -47,7 +47,7 @@ func (c *verifyClient) GetConfigVersion() (int, error) { return 0, fmt.Errorf("non-200 response: %v", resp.StatusCode) } - body, err := ioutil.ReadAll(resp.Body) + body, err := io.ReadAll(resp.Body) if err != nil { return 0, fmt.Errorf("failed to read the response body: %w", err) } diff --git a/internal/nginx/verify_test.go b/internal/nginx/verify_test.go index 30e72b0cf5..9eb50ff63f 100644 --- a/internal/nginx/verify_test.go +++ b/internal/nginx/verify_test.go @@ -2,7 +2,7 @@ package nginx import ( "bytes" - "io/ioutil" + "io" "net/http" "strings" "testing" @@ -14,7 +14,7 @@ type Transport struct{} func (c Transport) RoundTrip(_ *http.Request) (*http.Response, error) { return &http.Response{ StatusCode: 200, - Body: ioutil.NopCloser(bytes.NewBufferString("42")), + Body: io.NopCloser(bytes.NewBufferString("42")), Header: make(http.Header), }, nil } From 5d44c8da41556692b54175750ba60698e88a92e1 Mon Sep 17 00:00:00 2001 From: Eng Zer Jun Date: Thu, 13 Jan 2022 01:22:32 +0800 Subject: [PATCH 2/2] chore: fix gosec G304 lint issue Signed-off-by: Eng Zer Jun --- internal/metrics/collectors/processes.go | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/internal/metrics/collectors/processes.go b/internal/metrics/collectors/processes.go index d6be989d04..3a8da2f19d 100644 --- a/internal/metrics/collectors/processes.go +++ b/internal/metrics/collectors/processes.go @@ -4,7 +4,9 @@ import ( "bytes" "fmt" "os" + "path/filepath" "strconv" + "strings" "github.com/golang/glog" "github.com/prometheus/client_golang/prometheus" @@ -56,7 +58,10 @@ func getWorkerProcesses() (int, int, error) { continue } - cmdlineFile := fmt.Sprintf("/proc/%v/cmdline", folder.Name()) + cmdlineFile := filepath.Clean(fmt.Sprintf("/proc/%v/cmdline", folder.Name())) + if !strings.HasPrefix(cmdlineFile, "/proc/") { + panic(fmt.Errorf("unsafe input")) + } content, err := os.ReadFile(cmdlineFile) if err != nil { return 0, 0, fmt.Errorf("unable to read file %v: %w", cmdlineFile, err)