diff --git a/cmd/root.go b/cmd/root.go index 2251827..2773a43 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -189,7 +189,10 @@ func getPki() pki.Pki { func readProfile() { if viper.IsSet("profiles") { profiles := viper.Get("profiles") - profName := rootCmd.Flag("profile").Value.String() + profName := "" + if rootCmd.Flag("profile") != nil && rootCmd.Flag("profile").Value != nil { + profName = rootCmd.Flag("profile").Value.String() + } if profName != "" || pgpKeyName == "" { for _, prof := range profiles.([]interface{}) { @@ -212,7 +215,14 @@ func readProfile() { // if we are getting stdin from a pipe we don't want // to output log info about it that could mess up parsing func stdinIsPiped() bool { - fi, _ := os.Stdin.Stat() + fi, err := os.Stdin.Stat() + if err != nil { + logger.Fatal().Err(err).Msgf("Fatal error: %s", err) + } + if fi != nil { + return ((fi.Mode() & os.ModeCharDevice) == 0) + } - return ((fi.Mode() & os.ModeCharDevice) == 0) + // if something goes wrong assume we are piped + return true } diff --git a/pki/pki.go b/pki/pki.go index 5abd1ab..b926030 100644 --- a/pki/pki.go +++ b/pki/pki.go @@ -25,7 +25,7 @@ import ( "bufio" "bytes" "fmt" - "io/ioutil" + "io" "os" "os/user" "path/filepath" @@ -146,6 +146,9 @@ func (p *Pki) EncryptSecret(plainText string) (string, error) { if err != nil { return plainText, fmt.Errorf("encryption error: %s", err) } + if plainFile == nil { + return plainText, fmt.Errorf("encryption error: plainFile is nil") + } if _, err = fmt.Fprintf(plainFile, "%s", plainText); err != nil { return plainText, fmt.Errorf("encryption error: %s", err) @@ -154,6 +157,7 @@ func (p *Pki) EncryptSecret(plainText string) (string, error) { if err = plainFile.Close(); err != nil { return plainText, fmt.Errorf("encryption error: %s", err) } + if err = w.Close(); err != nil { return plainText, fmt.Errorf("encryption error: %s", err) } @@ -186,8 +190,11 @@ func (p *Pki) DecryptSecret(cipherText string) (plainText string, err error) { if err != nil { return cipherText, fmt.Errorf("unable to read PGP message: %s", err) } + if md == nil { + return cipherText, fmt.Errorf("unable to read PGP message: md is nil") + } - body, err := ioutil.ReadAll(md.UnverifiedBody) + body, err := io.ReadAll(md.UnverifiedBody) if err != nil { return cipherText, fmt.Errorf("unable to read message body: %s", err) } @@ -197,6 +204,10 @@ func (p *Pki) DecryptSecret(cipherText string) (plainText string, err error) { // GetKeyByID returns a keyring by the given ID func (p *Pki) GetKeyByID(keyring *openpgp.EntityList, id interface{}) *openpgp.Entity { + if keyring == nil { + return nil + } + for _, entity := range *keyring { if entity.PrivateKey != nil && entity.PrivateKey.KeyIdString() == id.(string) { return entity @@ -269,6 +280,9 @@ func (p *Pki) KeyUsedForEncryptedFile(file string) (string, error) { if err != nil { return "", fmt.Errorf("unable to read PGP message: %s", err) } + if md == nil { + return "", fmt.Errorf("unable to read PGP message: md is nil") + } for index := 0; index < len(md.EncryptedToKeyIds); index++ { id := md.EncryptedToKeyIds[index] @@ -282,6 +296,9 @@ func (p *Pki) KeyUsedForEncryptedFile(file string) (string, error) { } func (p *Pki) keyStringForID(id uint64) string { + if p.SecRing == nil { + return "" + } keys := p.SecRing.KeysById(id, nil) if len(keys) > 0 { for n := 0; n < len(keys); n++ { diff --git a/sls/sls.go b/sls/sls.go index 3b786f4..14bb89e 100644 --- a/sls/sls.go +++ b/sls/sls.go @@ -307,8 +307,10 @@ func (s *Sls) GetValueFromPath(path string) interface{} { for i := 0; i < len(parts); i++ { args[i] = parts[i] } - results := s.Yaml.Get(args...) - return results + if s.Yaml != nil { + return s.Yaml.Get(args...) + } + return nil } // SetValueFromPath returns the value from a path string @@ -331,7 +333,6 @@ func (s *Sls) SetValueFromPath(path string, value string) error { // PerformAction takes an action string (encrypt or decrypt) // and applies that action on all items func (s *Sls) PerformAction(action string) (bytes.Buffer, error) { - var err error var buf bytes.Buffer if validAction(action) { @@ -340,19 +341,29 @@ func (s *Sls) PerformAction(action string) (bytes.Buffer, error) { for key := range s.Yaml.Values { if s.EncryptionPath != "" { vals := s.GetValueFromPath(key) - if s.EncryptionPath == key { - stuff[key], err = s.ProcessValues(vals, action) - if err != nil { - return buf, err + if vals != nil { + if s.EncryptionPath == key { + processed, err := s.ProcessValues(vals, action) + if err != nil { + return buf, err + } + if processed != nil { + stuff[key] = processed + } + } else { + stuff[key] = vals } - } else { - stuff[key] = vals } } else { vals := s.GetValueFromPath(key) - stuff[key], err = s.ProcessValues(vals, action) - if err != nil { - return buf, err + if vals != nil { + processed, err := s.ProcessValues(vals, action) + if err != nil { + return buf, err + } + if processed != nil { + stuff[key] = processed + } } } } @@ -451,11 +462,23 @@ func (s *Sls) doMap(vals map[string]interface{}, action string) (map[string]inte vtype := reflect.TypeOf(val).Kind() switch vtype { case reflect.Slice: - ret[key], err = s.doSlice(val, action) + var slice interface{} + slice, err = s.doSlice(val, action) + if slice != nil { + ret[key] = slice + } case reflect.Map: - ret[key], err = s.doMap(val.(map[string]interface{}), action) + var slice interface{} + slice, err = s.doMap(val.(map[string]interface{}), action) + if slice != nil { + ret[key] = slice + } default: - ret[key], err = s.doString(val, action) + var slice interface{} + slice, err = s.doString(val, action) + if slice != nil { + ret[key] = slice + } } }