From 5684c0ebea5e723140332ff57d638da2c1bb9014 Mon Sep 17 00:00:00 2001 From: Neil Carpenter Date: Sun, 9 Feb 2025 10:48:04 -0500 Subject: [PATCH 1/4] small changes to ensure handle closure & dir deletion --- main.go | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/main.go b/main.go index 801cf5a..08de311 100644 --- a/main.go +++ b/main.go @@ -79,7 +79,14 @@ func main() { return } } - + // ensure cleanup of repo folder + defer func() { + dirRemovalErr := os.RemoveAll("./terragoat") + if dirRemovalErr != nil { + log.Fatal(err) + } + fmt.Printf("Successfully removed directory.\n") + } // Create and checkout new branch w, err := repo.Worktree() if err != nil { @@ -173,12 +180,6 @@ func main() { fmt.Printf("Successfully created PR #%d\n", pr.GetNumber()) fmt.Printf("PR URL: %s\n", pr.GetHTMLURL()) - - dirRemovalErr := os.RemoveAll("./terragoat") - if dirRemovalErr != nil { - log.Fatal(err) - } - fmt.Printf("Successfully removed directory.\n") } func GetCode(branchPrefix string, repoURL string, githubPersonalAccessToken string) (string, *git.Repository, *http.BasicAuth, error) { From 8ea850c906c5b58ed1e0f0759ea6ad8de65d2685 Mon Sep 17 00:00:00 2001 From: Neil Carpenter Date: Sun, 9 Feb 2025 10:56:35 -0500 Subject: [PATCH 2/4] adding defer file.Close() --- main.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/main.go b/main.go index 08de311..bbafb93 100644 --- a/main.go +++ b/main.go @@ -109,6 +109,11 @@ func main() { exampleFile := "./terragoat/example2.tf" fmt.Printf("Creating file: %s\n", exampleFile) content, err := os.ReadFile("new_resource.tf") + if err != nil { + fmt.Printf("Error opening file: %s\n", err) + return + } + defer content.Close() err = os.WriteFile(exampleFile, content, 0644) if err != nil { fmt.Printf("Error creating file: %s\n", err) From d6f30f5d60d6c4794c05f994d0afde98ffece831 Mon Sep 17 00:00:00 2001 From: Neil Carpenter Date: Sun, 9 Feb 2025 11:19:26 -0500 Subject: [PATCH 3/4] fixing the fix --- get_vuln.go | 2 ++ main.go | 3 +-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/get_vuln.go b/get_vuln.go index cacc4f6..364ebb8 100644 --- a/get_vuln.go +++ b/get_vuln.go @@ -4,6 +4,8 @@ import ( "context" "github.com/google/go-github/v57/github" "log" + // don't need cryptographically secure random here + // nosemgrep: go.lang.security.audit.crypto.math_random.math-random-used "math/rand/v2" "os" "path/filepath" diff --git a/main.go b/main.go index bbafb93..4761938 100644 --- a/main.go +++ b/main.go @@ -86,7 +86,7 @@ func main() { log.Fatal(err) } fmt.Printf("Successfully removed directory.\n") - } + }() // Create and checkout new branch w, err := repo.Worktree() if err != nil { @@ -113,7 +113,6 @@ func main() { fmt.Printf("Error opening file: %s\n", err) return } - defer content.Close() err = os.WriteFile(exampleFile, content, 0644) if err != nil { fmt.Printf("Error creating file: %s\n", err) From b3de32405c05d5539b4972530f40710c44e66935 Mon Sep 17 00:00:00 2001 From: Neil Carpenter Date: Sun, 9 Feb 2025 11:25:28 -0500 Subject: [PATCH 4/4] adding exemptions for semgrep/opengrep findings --- main.go | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/main.go b/main.go index 4761938..f10d789 100644 --- a/main.go +++ b/main.go @@ -12,7 +12,9 @@ import ( "github.com/joho/godotenv" "golang.org/x/oauth2" "log" - "math/rand" + // don't need cryptographically secure random here + // nosemgrep: go.lang.security.audit.crypto.math_random.math-random-used + "math/rand/v2" "os" "strconv" "strings" @@ -43,7 +45,7 @@ func main() { _, pythonPackage, pythonVersion := getPythonVuln(githubPersonalAccessToken) - bugId := strconv.Itoa(rand.Intn(3000)) + bugId := strconv.Itoa(rand.IntN(3000)) if commitMsg == "" { commitMsg = generateCommit("Generate a short, complete commit message for a Git commit fixing a specific bug with bug ID" + bugId)