[Go] Address Gosec vulnerabilities in Go client mustache template (#12540)

* Fix potential file inclusion via variable * Fix deferring unsafe method "Close" on type "*os.File" * Update samples * Correction to use existing variable * Correction generated samples
2022-06-11 03:10:48 +02:00 · 2022-06-11 03:10:48 +02:00 · aeb40ab0ae
commit aeb40ab0ae
parent 45f430f5c8
4 changed files with 20 additions and 8 deletions
--- a/modules/openapi-generator/src/main/resources/go/client.mustache
+++ b/modules/openapi-generator/src/main/resources/go/client.mustache
@ -457,11 +457,14 @@ func (c *APIClient) decode(v interface{}, b []byte, contentType string) (err err

 // Add a file to the multipart request
 func addFile(w *multipart.Writer, fieldName, path string) error {
-	file, err := os.Open(path)
+    file, err := os.Open(filepath.Clean(path))
 	if err != nil {
 		return err
 	}
-	defer file.Close()
+    err = file.Close()
+    if err != nil {
+        return err
+    }

 	part, err := w.CreateFormFile(fieldName, filepath.Base(path))
 	if err != nil {
--- a/samples/client/petstore/go/go-petstore/client.go
+++ b/samples/client/petstore/go/go-petstore/client.go
@ -417,11 +417,14 @@ func (c *APIClient) decode(v interface{}, b []byte, contentType string) (err err

 // Add a file to the multipart request
 func addFile(w *multipart.Writer, fieldName, path string) error {
-	file, err := os.Open(path)
+    file, err := os.Open(filepath.Clean(path))
 	if err != nil {
 		return err
 	}
-	defer file.Close()
+    err = file.Close()
+    if err != nil {
+        return err
+    }

 	part, err := w.CreateFormFile(fieldName, filepath.Base(path))
 	if err != nil {
--- a/samples/openapi3/client/extensions/x-auth-id-alias/go-experimental/client.go
+++ b/samples/openapi3/client/extensions/x-auth-id-alias/go-experimental/client.go
@ -402,11 +402,14 @@ func (c *APIClient) decode(v interface{}, b []byte, contentType string) (err err

 // Add a file to the multipart request
 func addFile(w *multipart.Writer, fieldName, path string) error {
-	file, err := os.Open(path)
+    file, err := os.Open(filepath.Clean(path))
 	if err != nil {
 		return err
 	}
-	defer file.Close()
+    err = file.Close()
+    if err != nil {
+        return err
+    }

 	part, err := w.CreateFormFile(fieldName, filepath.Base(path))
 	if err != nil {
--- a/samples/openapi3/client/petstore/go/go-petstore/client.go
+++ b/samples/openapi3/client/petstore/go/go-petstore/client.go
@ -430,11 +430,14 @@ func (c *APIClient) decode(v interface{}, b []byte, contentType string) (err err

 // Add a file to the multipart request
 func addFile(w *multipart.Writer, fieldName, path string) error {
-	file, err := os.Open(path)
+    file, err := os.Open(filepath.Clean(path))
 	if err != nil {
 		return err
 	}
-	defer file.Close()
+    err = file.Close()
+    if err != nil {
+        return err
+    }

 	part, err := w.CreateFormFile(fieldName, filepath.Base(path))
 	if err != nil {