forks/linsk
forks/linsk
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Address gosec warnings

Browse source
This commit is contained in:
AlexSSD7 2023-09-02 12:14:02 +01:00
commit 7ef53ac8d8
4 changed files with 16 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

7
storage/hash.go
View file

@ -7,12 +7,15 @@ import (
"fmt"
"io"
"os"
"path/filepath"
"github.com/pkg/errors"
)
func validateFileHash(path string, hash []byte) error {
f, err := os.OpenFile(path, os.O_RDONLY, 0400)
pathClean := filepath.Clean(path)
f, err := os.OpenFile(pathClean, os.O_RDONLY, 0400)
if err != nil {
return errors.Wrap(err, "open file")
}
@ -38,7 +41,7 @@ func validateFileHash(path string, hash []byte) error {
sum := h.Sum(nil)
if !bytes.Equal(sum, hash) {
return fmt.Errorf("hash mismatch: want '%v', have '%v' (path '%v')", hex.EncodeToString(hash), hex.EncodeToString(sum), path)
return fmt.Errorf("hash mismatch: want '%v', have '%v' (path '%v')", hex.EncodeToString(hash), hex.EncodeToString(sum), pathClean)
}
return nil