gaurd against nil pointer dereferencing

cmd/root.go

@@ -189,7 +189,10 @@ func getPki() pki.Pki {
 func readProfile() {
 	if viper.IsSet("profiles") {
 		profiles := viper.Get("profiles")
-		profName := rootCmd.Flag("profile").Value.String()
+		profName := ""
+		if rootCmd.Flag("profile") != nil && rootCmd.Flag("profile").Value != nil {
+			profName = rootCmd.Flag("profile").Value.String()
+		}
 
 		if profName != "" || pgpKeyName == "" {
 			for _, prof := range profiles.([]interface{}) {
@@ -212,7 +215,14 @@ func readProfile() {
 // if we are getting stdin from a pipe we don't want
 // to output log info about it that could mess up parsing
 func stdinIsPiped() bool {
-	fi, _ := os.Stdin.Stat()
+	fi, err := os.Stdin.Stat()
+	if err != nil {
+		logger.Fatal().Err(err).Msgf("Fatal error: %s", err)
+	}
+	if fi != nil {
+		return ((fi.Mode() & os.ModeCharDevice) == 0)
+	}
 
-	return ((fi.Mode() & os.ModeCharDevice) == 0)
+	// if something goes wrong assume we are piped
+	return true
 }

pki/pki.go

@@ -25,7 +25,7 @@ import (
 	"bufio"
 	"bytes"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"os"
 	"os/user"
 	"path/filepath"
@@ -146,6 +146,9 @@ func (p *Pki) EncryptSecret(plainText string) (string, error) {
 	if err != nil {
 		return plainText, fmt.Errorf("encryption error: %s", err)
 	}
+	if plainFile == nil {
+		return plainText, fmt.Errorf("encryption error: plainFile is nil")
+	}
 
 	if _, err = fmt.Fprintf(plainFile, "%s", plainText); err != nil {
 		return plainText, fmt.Errorf("encryption error: %s", err)
@@ -154,6 +157,7 @@ func (p *Pki) EncryptSecret(plainText string) (string, error) {
 	if err = plainFile.Close(); err != nil {
 		return plainText, fmt.Errorf("encryption error: %s", err)
 	}
+
 	if err = w.Close(); err != nil {
 		return plainText, fmt.Errorf("encryption error: %s", err)
 	}
@@ -186,8 +190,11 @@ func (p *Pki) DecryptSecret(cipherText string) (plainText string, err error) {
 	if err != nil {
 		return cipherText, fmt.Errorf("unable to read PGP message: %s", err)
 	}
+	if md == nil {
+		return cipherText, fmt.Errorf("unable to read PGP message: md is nil")
+	}
 
-	body, err := ioutil.ReadAll(md.UnverifiedBody)
+	body, err := io.ReadAll(md.UnverifiedBody)
 	if err != nil {
 		return cipherText, fmt.Errorf("unable to read message body: %s", err)
 	}
@@ -197,6 +204,10 @@ func (p *Pki) DecryptSecret(cipherText string) (plainText string, err error) {
 
 // GetKeyByID returns a keyring by the given ID
 func (p *Pki) GetKeyByID(keyring *openpgp.EntityList, id interface{}) *openpgp.Entity {
+	if keyring == nil {
+		return nil
+	}
+
 	for _, entity := range *keyring {
 		if entity.PrivateKey != nil && entity.PrivateKey.KeyIdString() == id.(string) {
 			return entity
@@ -269,6 +280,9 @@ func (p *Pki) KeyUsedForEncryptedFile(file string) (string, error) {
 	if err != nil {
 		return "", fmt.Errorf("unable to read PGP message: %s", err)
 	}
+	if md == nil {
+		return "", fmt.Errorf("unable to read PGP message: md is nil")
+	}
 
 	for index := 0; index < len(md.EncryptedToKeyIds); index++ {
 		id := md.EncryptedToKeyIds[index]
@@ -282,6 +296,9 @@ func (p *Pki) KeyUsedForEncryptedFile(file string) (string, error) {
 }
 
 func (p *Pki) keyStringForID(id uint64) string {
+	if p.SecRing == nil {
+		return ""
+	}
 	keys := p.SecRing.KeysById(id, nil)
 	if len(keys) > 0 {
 		for n := 0; n < len(keys); n++ {

sls/sls.go

@@ -307,8 +307,10 @@ func (s *Sls) GetValueFromPath(path string) interface{} {
 	for i := 0; i < len(parts); i++ {
 		args[i] = parts[i]
 	}
-	results := s.Yaml.Get(args...)
-	return results
+	if s.Yaml != nil {
+		return s.Yaml.Get(args...)
+	}
+	return nil
 }
 
 // SetValueFromPath returns the value from a path string
@@ -331,7 +333,6 @@ func (s *Sls) SetValueFromPath(path string, value string) error {
 // PerformAction takes an action string (encrypt or decrypt)
 // and applies that action on all items
 func (s *Sls) PerformAction(action string) (bytes.Buffer, error) {
-	var err error
 	var buf bytes.Buffer
 
 	if validAction(action) {
@@ -340,19 +341,29 @@ func (s *Sls) PerformAction(action string) (bytes.Buffer, error) {
 		for key := range s.Yaml.Values {
 			if s.EncryptionPath != "" {
 				vals := s.GetValueFromPath(key)
-				if s.EncryptionPath == key {
-					stuff[key], err = s.ProcessValues(vals, action)
-					if err != nil {
-						return buf, err
+				if vals != nil {
+					if s.EncryptionPath == key {
+						processed, err := s.ProcessValues(vals, action)
+						if err != nil {
+							return buf, err
+						}
+						if processed != nil {
+							stuff[key] = processed
+						}
+					} else {
+						stuff[key] = vals
 					}
-				} else {
-					stuff[key] = vals
 				}
 			} else {
 				vals := s.GetValueFromPath(key)
-				stuff[key], err = s.ProcessValues(vals, action)
-				if err != nil {
-					return buf, err
+				if vals != nil {
+					processed, err := s.ProcessValues(vals, action)
+					if err != nil {
+						return buf, err
+					}
+					if processed != nil {
+						stuff[key] = processed
+					}
 				}
 			}
 		}
@@ -451,11 +462,23 @@ func (s *Sls) doMap(vals map[string]interface{}, action string) (map[string]inte
 		vtype := reflect.TypeOf(val).Kind()
 		switch vtype {
 		case reflect.Slice:
-			ret[key], err = s.doSlice(val, action)
+			var slice interface{}
+			slice, err = s.doSlice(val, action)
+			if slice != nil {
+				ret[key] = slice
+			}
 		case reflect.Map:
-			ret[key], err = s.doMap(val.(map[string]interface{}), action)
+			var slice interface{}
+			slice, err = s.doMap(val.(map[string]interface{}), action)
+			if slice != nil {
+				ret[key] = slice
+			}
 		default:
-			ret[key], err = s.doString(val, action)
+			var slice interface{}
+			slice, err = s.doString(val, action)
+			if slice != nil {
+				ret[key] = slice
+			}
 		}
 	}