Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

False positive G307: Deferring unsafe method "Close" on type "*os.File" (gosec) linting error #234

Closed
atc0005 opened this issue Nov 8, 2021 · 3 comments · Fixed by #235
Closed

False positive G307: Deferring unsafe method "Close" on type "*os.File" (gosec) linting error #234

atc0005 opened this issue Nov 8, 2021 · 3 comments · Fixed by #235
Assignees
@atc0005
Labels
App: list-emails bug Something isn't working linting
Milestone
v0.4.12

Comments

@atc0005
Copy link
Owner

atc0005 commented Nov 8, 2021

These linting errors were surfaced from an upgraded golangci-lint:

internal/config/file.go:43:3: G307: Deferring unsafe method "Close" on type "*os.File" (gosec)
		defer func() {
			if err := fh.Close(); err != nil {
				// Ignore "file already closed" errors
				if !errors.Is(err, os.ErrClosed) {
					c.Log.Error().Msgf(
						"failed to close file %q: %s",
						file,
						err.Error(),
					)
				}
			}
		}()
internal/files/report.go:103:2: G307: Deferring unsafe method "Close" on type "*os.File" (gosec)
	defer func(filename string) {
		if err := f.Close(); err != nil {
			// Ignore "file already closed" errors
			if !errors.Is(err, os.ErrClosed) {
				logger.Error().
					Err(err).
					Str("filename", filename).
					Msg("failed to close file")
			}
		}
	}(reportFilePath)
cmd/list-emails/main.go:65:2: G307: Deferring unsafe method "Close" on type "*os.File" (gosec)
	defer func(filename string) {
		if err := cfg.LogFileHandle.Close(); err != nil {
			// Ignore "file already closed" errors
			if !errors.Is(err, os.ErrClosed) {
				// We're using the standalone Err function from rs/zerolog/log
				// as we have the main logger set to write to a log file,
				// which we just failed to close. By default, this message
				// will go to stderr and should be decipherable by the user.
				zlog.Error().
					Err(err).
					Str("filename", filename).
					Msg("failed to close file")
			}
		}
	}(cfg.LogFileHandle.Name())
@atc0005 atc0005 added bug Something isn't working linting App: list-emails labels Nov 8, 2021
@atc0005 atc0005 added this to the Next Release milestone Nov 8, 2021
@atc0005 atc0005 self-assigned this Nov 8, 2021
@atc0005
Copy link
Owner Author

atc0005 commented Nov 8, 2021

Looks like a false-positive.

Upstream bug report here:

securego/gosec#714

The workaround appears to be disabling the specific linting rule, so will go that route vs waiting for upstream to fix the issue on their end.

@atc0005
Copy link
Owner Author

atc0005 commented Nov 8, 2021

Looks to be relevant:

atc0005 added a commit that referenced this issue Nov 8, 2021
@atc0005
Ignore false-positive gosec G307 linting errors
fb9dc65 
Issues reported after upgrading golangci-lint to v1.43.0.
gosec was updated in that version from v2.8.1 to v2.9.1.

refs #234
refs golangci/golangci-lint#2299
@atc0005 atc0005 mentioned this issue Nov 8, 2021
Merged
@atc0005 atc0005 linked a pull request Nov 8, 2021 that will close this issue
Ignore false-positive gosec G307 linting errors #235
Merged
@atc0005
Copy link
Owner Author

atc0005 commented Nov 8, 2021

Fixed by #235.

@atc0005 atc0005 closed this as completed Nov 8, 2021
@atc0005 atc0005 changed the title G307: Deferring unsafe method "Close" on type "*os.File" (gosec) (false positive) G307: Deferring unsafe method "Close" on type "*os.File" (gosec) Nov 8, 2021
@atc0005 atc0005 changed the title (false positive) G307: Deferring unsafe method "Close" on type "*os.File" (gosec) False positive G307: Deferring unsafe method "Close" on type "*os.File" (gosec) linting error Nov 8, 2021
@atc0005 atc0005 mentioned this issue Nov 9, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@atc0005 atc0005

Labels
App: list-emails bug Something isn't working linting
Projects
None yet
Milestone
v0.4.12
Development

Successfully merging a pull request may close this issue.

Ignore false-positive gosec G307 linting errors atc0005/check-mail
1 participant
@atc0005