fixing what golangsi linters reported

refaktor · Dec 5, 2023 · 398b58c · 398b58c
1 parent 013f1b8
commit 398b58c
Show file tree

Hide file tree

Showing 8 changed files with 25 additions and 13 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -24,7 +24,7 @@ jobs:
         go-version: '1.21'
 
     - name: Build
-      run: go build -v -tags "b_tiny,b_sqlite,b_http,b_sql,b_postgres,b_openai,b_bson,b_crypto,b_smtpd,b_mail,b_postmark,b_bctypt,b_telegram,b_norepl" ./...
+      run: go build -v -tags "b_tiny,b_sqlite,b_http,b_sql,b_postgres,b_bson,b_crypto,b_smtpd,b_mail,b_bctypt,b_telegram,b_norepl" ./...
 
 #    - name: Test
 #      run: go test -v -tags "b_tiny,b_sqlite,b_http,b_sql,b_postgres,b_openai,b_bson,b_crypto,b_smtpd,b_mail,b_postmark,b_bctypt,b_telegram" ./...
diff --git a/.golangci.yml b/.golangci.yml
@@ -73,6 +73,10 @@ linters-settings:
       - name: unexported-return
         disabled: true
       - name: unused-parameter
+  gosec:
+    exclude-rules:
+      - id: G504
+
 
 linters:
   disable-all: true
@@ -94,6 +98,7 @@ linters:
     # - gomnd
     - goprintffuncname
     - gosec
+    # - gosec -exclude=G504
     # - gosimple
     - govet
     # - ineffassign

diff --git a/evaldo/builtins_conversion.go b/evaldo/builtins_conversion.go
@@ -111,7 +111,7 @@ func newCE(n string) *ConversionError {
 }
 
 func conversion_evalWord(word env.Word, ps *env.ProgramState, vals env.Object) (env.Object, interface{}) {
-	// later get all word indexes in adwance and store them only once... then use integer comparisson in switch below
+	// later get all word indexes in adwance and store them only once... then use integer comparison in switch below
 	// this is two times BAD ... first it needs to retrieve a string of index (BIG BAD) and then it compares string to string
 	// instead of just comparing two integers
 	switch ps.Idx.GetWord(word.Index) {

diff --git a/evaldo/builtins_io.go b/evaldo/builtins_io.go
@@ -214,14 +214,14 @@ func __fs_write(ps *env.ProgramState, arg0 env.Object, arg1 env.Object, arg2 env
 	case env.Uri:
 		switch s := arg1.(type) {
 		case env.String:
-			err := ioutil.WriteFile(f.GetPath(), []byte(s.Value), 0644)
+			err := ioutil.WriteFile(f.GetPath(), []byte(s.Value), 0600)
 			if err != nil {
 				ps.FailureFlag = true
 				return MakeBuiltinError(ps, err.Error(), "__fs_write")
 			}
 			return arg1
 		case env.Native:
-			err := ioutil.WriteFile(f.GetPath(), []byte(s.Value.([]byte)), 0644)
+			err := ioutil.WriteFile(f.GetPath(), []byte(s.Value.([]byte)), 0600)
 			if err != nil {
 				ps.FailureFlag = true
 				return MakeBuiltinError(ps, err.Error(), "__fs_write")

diff --git a/evaldo/builtins_validation.go b/evaldo/builtins_validation.go
@@ -86,7 +86,7 @@ func newVE(n string) *ValidationError {
 }
 
 func evalWord(word env.Word, es *env.ProgramState, val interface{}) (interface{}, env.Object) {
-	// later get all word indexes in adwance and store them only once... then use integer comparisson in switch below
+	// later get all word indexes in adwance and store them only once... then use integer comparison in switch below
 	// this is two times BAD ... first it needs to retrieve a string of index (BIG BAD) and then it compares string to string
 	// instead of just comparing two integers
 	switch es.Idx.GetWord(word.Index) {
@@ -146,7 +146,7 @@ func evalWord(word env.Word, es *env.ProgramState, val interface{}) (interface{}
 }
 
 func evalWord_List(word env.Word, es *env.ProgramState, vals env.List) (env.List, env.Object) {
-	// later get all word indexes in adwance and store them only once... then use integer comparisson in switch below
+	// later get all word indexes in adwance and store them only once... then use integer comparison in switch below
 	// this is two times BAD ... first it needs to retrieve a string of index (BIG BAD) and then it compares string to string
 	// instead of just comparing two integers
 

diff --git a/evaldo/evaldo.go b/evaldo/evaldo.go
@@ -736,7 +736,7 @@ func CallBuiltin(bi env.Builtin, ps *env.ProgramState, arg0_ env.Object, toLeft
 	// This is just experiment if we could at currying provide ?fn or ?builtin and
 	// with arity of 0 and it would get executed at calltime. So closure would become
 	// closure: fnc _ ?current-context _
-	// this is maybe only usefull to provide sort of dynamic constant to a curried
+	// this is maybe only useful to provide sort of dynamic constant to a curried
 	// probably not worthe the special case but here for exploration for now just
 	// on arg1 . In case of arg being function this would not bind curry to static
 	// value but to a result of a function, which would let us inject some context

diff --git a/main.go b/main.go
@@ -16,7 +16,6 @@ import (
 	"io/ioutil"
 	"log"
 	"os"
-	"os/exec"
 	"strings"
 
 	"net/http"
@@ -515,7 +514,9 @@ func execInput(input string) error {
 	}
 
 	// Prepare the command to execute.
-	cmd := exec.Command(args[0], args[1:]...)
+	// REMOVED 20231205
+	// Subprocess launched with a potential tainted input or cmd arguments (gosec)
+	// cmd := exec.Command(args[0], args[1:]...)
 
 	//
 	// look at this page on how to capture the output and pass it through:
@@ -553,9 +554,10 @@ func execInput(input string) error {
 	//
 
 	// Set the correct output device.
-	cmd.Stderr = os.Stderr
-	cmd.Stdout = os.Stdout
-
+	// REMOVED 20231205 -- as above
+	//cmd.Stderr = os.Stderr
+	// cmd.Stdout = os.Stdout
 	// Execute the command and return the error.
-	return cmd.Run()
+	// return cmd.Run()
+	return nil
 }
diff --git a/tests/builtins.html b/tests/builtins.html
@@ -747,6 +747,11 @@ <h3>group</h3><p>Function(4)</p><div class='group'>
 <pre class='prettyprint lang-rye'><code language='lang-rye'>{ } .group { .first }
 ; returns [
 ; ]</code></pre>
+<pre class='prettyprint lang-rye'><code language='lang-rye'>{ "Anne" "Mitch" "Anya" } .list .group first
+; returns [
+;  A: L[ Anne  Anya ]
+;  M: L[ Mitch ]
+; ]</code></pre>
 <pre class='prettyprint lang-rye'><code language='lang-rye'>{ } .list .group { .first }
 ; returns [
 ; ]</code></pre>