From aeb40ab0ae7a5ac4f647efcef2ec148f536d4b3c Mon Sep 17 00:00:00 2001 From: Beppe Catanese <1771700+gcatanese@users.noreply.github.com> Date: Sat, 11 Jun 2022 03:10:48 +0200 Subject: [PATCH] [Go] Address Gosec vulnerabilities in Go client mustache template (#12540) * Fix potential file inclusion via variable * Fix deferring unsafe method "Close" on type "*os.File" * Update samples * Correction to use existing variable * Correction generated samples --- .../src/main/resources/go/client.mustache | 7 +++++-- samples/client/petstore/go/go-petstore/client.go | 7 +++++-- .../extensions/x-auth-id-alias/go-experimental/client.go | 7 +++++-- samples/openapi3/client/petstore/go/go-petstore/client.go | 7 +++++-- 4 files changed, 20 insertions(+), 8 deletions(-) diff --git a/modules/openapi-generator/src/main/resources/go/client.mustache b/modules/openapi-generator/src/main/resources/go/client.mustache index 8b9e173fe01..1c5b49dc017 100644 --- a/modules/openapi-generator/src/main/resources/go/client.mustache +++ b/modules/openapi-generator/src/main/resources/go/client.mustache @@ -457,11 +457,14 @@ func (c *APIClient) decode(v interface{}, b []byte, contentType string) (err err // Add a file to the multipart request func addFile(w *multipart.Writer, fieldName, path string) error { - file, err := os.Open(path) + file, err := os.Open(filepath.Clean(path)) if err != nil { return err } - defer file.Close() + err = file.Close() + if err != nil { + return err + } part, err := w.CreateFormFile(fieldName, filepath.Base(path)) if err != nil { diff --git a/samples/client/petstore/go/go-petstore/client.go b/samples/client/petstore/go/go-petstore/client.go index d3c90d43129..b36ccf909ec 100644 --- a/samples/client/petstore/go/go-petstore/client.go +++ b/samples/client/petstore/go/go-petstore/client.go @@ -417,11 +417,14 @@ func (c *APIClient) decode(v interface{}, b []byte, contentType string) (err err // Add a file to the multipart request func addFile(w *multipart.Writer, fieldName, path string) error { - file, err := os.Open(path) + file, err := os.Open(filepath.Clean(path)) if err != nil { return err } - defer file.Close() + err = file.Close() + if err != nil { + return err + } part, err := w.CreateFormFile(fieldName, filepath.Base(path)) if err != nil { diff --git a/samples/openapi3/client/extensions/x-auth-id-alias/go-experimental/client.go b/samples/openapi3/client/extensions/x-auth-id-alias/go-experimental/client.go index d538f243533..88876efab06 100644 --- a/samples/openapi3/client/extensions/x-auth-id-alias/go-experimental/client.go +++ b/samples/openapi3/client/extensions/x-auth-id-alias/go-experimental/client.go @@ -402,11 +402,14 @@ func (c *APIClient) decode(v interface{}, b []byte, contentType string) (err err // Add a file to the multipart request func addFile(w *multipart.Writer, fieldName, path string) error { - file, err := os.Open(path) + file, err := os.Open(filepath.Clean(path)) if err != nil { return err } - defer file.Close() + err = file.Close() + if err != nil { + return err + } part, err := w.CreateFormFile(fieldName, filepath.Base(path)) if err != nil { diff --git a/samples/openapi3/client/petstore/go/go-petstore/client.go b/samples/openapi3/client/petstore/go/go-petstore/client.go index f0cb8337545..7e53f88c2a0 100644 --- a/samples/openapi3/client/petstore/go/go-petstore/client.go +++ b/samples/openapi3/client/petstore/go/go-petstore/client.go @@ -430,11 +430,14 @@ func (c *APIClient) decode(v interface{}, b []byte, contentType string) (err err // Add a file to the multipart request func addFile(w *multipart.Writer, fieldName, path string) error { - file, err := os.Open(path) + file, err := os.Open(filepath.Clean(path)) if err != nil { return err } - defer file.Close() + err = file.Close() + if err != nil { + return err + } part, err := w.CreateFormFile(fieldName, filepath.Base(path)) if err != nil {