Closed
Description
Summary
gosec v2.9.1 starts detecting G307 (CWE-703): Deferring unsafe method "Close" on type "*os.File" (Confidence: HIGH, Severity: MEDIUM) which could have been avoided by following #512 with previous version of gosec.
Steps to reproduce the behavior
package main
import (
"log"
"os"
)
func main() {
f, err := os.Open("./testfile.txt")
if err != nil {
log.Fatal(err)
return
}
defer func() {
if err := f.Close(); err != nil {
log.Fatal("failed to close file")
}
}()
log.Println("success")
return
}(~/work/achiku/gosec-issue)
❯❯❯ ll
total 8
-rw-r--r-- 1 chiku staff 268 10 18 11:32 main.go
-rw-r--r-- 1 chiku staff 0 10 18 11:31 testfile.txt
(~/work/achiku/gosec-issue)
❯❯❯ go run main.go
2021/10/18 11:32:22 success
(~/work/achiku/gosec-issue)
❯❯❯ gosec .
[gosec] 2021/10/18 11:32:27 Including rules: default
[gosec] 2021/10/18 11:32:27 Excluding rules: default
[gosec] 2021/10/18 11:32:27 Import directory: /Users/chiku/work/achiku/gosec-issue
[gosec] 2021/10/18 11:32:28 Checking package: main
[gosec] 2021/10/18 11:32:28 Checking file: /Users/chiku/work/achiku/gosec-issue/main.go
Results:
[/Users/chiku/work/achiku/gosec-issue/main.go:14-18] - G307 (CWE-703): Deferring unsafe method "Close" on type "*os.File" (Confidence: HIGH, Severity: MEDIUM)
13: }
> 14: defer func() {
> 15: if err := f.Close(); err != nil {
> 16: log.Fatal("failed to close file")
> 17: }
> 18: }()
19: log.Println("success")
Summary:
Gosec : 2.9.1
Files : 1
Lines : 21
Nosec : 0
Issues : 1
with v2.8.1
(~/work/achiku/gosec-issue)
❯❯❯ curl -sfL https://github.com/raw/securego/gosec/master/install.sh | sh -s -- -b $GOPATH/bin v2.8.1
securego/gosec info checking GitHub for tag 'v2.8.1'
securego/gosec info found version: 2.8.1 for v2.8.1/darwin/amd64
securego/gosec info installed /Users/chiku/sdk/go1.16.7/bin/gosec
(~/work/achiku/gosec-issue)
❯❯❯ gosec .
[gosec] 2021/10/18 11:32:43 Including rules: default
[gosec] 2021/10/18 11:32:43 Excluding rules: default
[gosec] 2021/10/18 11:32:43 Import directory: /Users/chiku/work/achiku/gosec-issue
[gosec] 2021/10/18 11:32:44 Checking package: main
[gosec] 2021/10/18 11:32:44 Checking file: /Users/chiku/work/achiku/gosec-issue/main.go
Results:
Summary:
Gosec : 2.8.1
Files : 1
Lines : 21
Nosec : 0
Issues : 0
gosec version
Go version (output of 'go version')
❯❯❯ go version
go version go1.16.7 darwin/amd64
Operating system / Environment
❯❯❯ uname -a
Darwin FVFZR19DLYWP 20.5.0 Darwin Kernel Version 20.5.0: Sat May 8 05:10:33 PDT 2021; root:xnu-7195.121.3~9/RELEASE_X86_64 x86_64
Expected behavior
No errors, or solve this error.
Actual behavior
gosec detects G307 (CWE-703).