Merge pull request #21 from babylonlabs-io/fix/gosec-issues

Merge fix gosec issues to dev
babylonlabs-io · Sep 2, 2024 · 6512861 · 6512861
2 parents 7fc65a9 + f655d9b
commit 6512861
Show file tree

Hide file tree

Showing 5 changed files with 15 additions and 7 deletions.
diff --git a/cmd/sid/cli/btc_headers.go b/cmd/sid/cli/btc_headers.go
@@ -9,19 +9,21 @@ import (
 
 	babylontypes "github.com/babylonlabs-io/babylon/types"
 	bbnbtclightclienttypes "github.com/babylonlabs-io/babylon/x/btclightclient/types"
+	"github.com/urfave/cli"
+	"go.uber.org/zap"
+
 	"github.com/babylonlabs-io/staking-indexer/btcclient"
 	"github.com/babylonlabs-io/staking-indexer/btcscanner"
 	"github.com/babylonlabs-io/staking-indexer/config"
 	"github.com/babylonlabs-io/staking-indexer/log"
 	"github.com/babylonlabs-io/staking-indexer/utils"
-	"github.com/urfave/cli"
-	"go.uber.org/zap"
 )
 
 const (
 	outputFileFlag        = "output"
 	withHeightFlag        = "with-height"
 	defaultOutputFileName = "btc-headers.json"
+	filePermission        = 0600
 )
 
 type HeadersState struct {
@@ -112,7 +114,7 @@ func btcHeaders(ctx *cli.Context) error {
 	}
 
 	outputFilePath := ctx.String(outputFileFlag)
-	if err := os.WriteFile(outputFilePath, bz, 0644); err != nil {
+	if err := os.WriteFile(outputFilePath, bz, filePermission); err != nil {
 		return fmt.Errorf("failed to write to output file %s: %w", outputFilePath, err)
 	}
 

diff --git a/itest/test_manager.go b/itest/test_manager.go
@@ -79,7 +79,7 @@ func StartManagerWithNBlocks(t *testing.T, n int, startHeight uint64) *TestManag
 	require.NoError(t, err)
 
 	dirPath := filepath.Join(t.TempDir(), "sid", "e2etest")
-	err = os.MkdirAll(dirPath, 0755)
+	err = os.MkdirAll(dirPath, 0750)
 	require.NoError(t, err)
 
 	return StartWithBitcoinHandler(t, h, minerAddressDecoded, dirPath, startHeight)

diff --git a/log/log.go b/log/log.go
@@ -15,6 +15,8 @@ import (
 	"github.com/babylonlabs-io/staking-indexer/utils"
 )
 
+const logFilePermission = 0600
+
 func NewRootLogger(format string, level string, w io.Writer) (*zap.Logger, error) {
 	cfg := zap.NewProductionEncoderConfig()
 	cfg.EncodeTime = func(ts time.Time, encoder zapcore.PrimitiveArrayEncoder) {
@@ -63,7 +65,7 @@ func NewRootLoggerWithFile(logFile string, level string) (*zap.Logger, error) {
 	if err := utils.MakeDirectory(filepath.Dir(logFile)); err != nil {
 		return nil, err
 	}
-	f, err := os.OpenFile(logFile, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0660)
+	f, err := os.OpenFile(filepath.Clean(logFile), os.O_CREATE|os.O_WRONLY|os.O_APPEND, logFilePermission)
 	if err != nil {
 		return nil, err
 	}

diff --git a/server/server.go b/server/server.go
@@ -65,7 +65,10 @@ func (s *Server) RunUntilShutdown(startHeight uint64) error {
 
 	defer func() {
 		s.logger.Info("Closing database...")
-		s.db.Close()
+		err := s.db.Close()
+		if err != nil {
+			s.logger.Fatal("error closing the database")
+		}
 		s.logger.Info("Database closed")
 	}()
 

diff --git a/testutils/utils.go b/testutils/utils.go
@@ -65,7 +65,8 @@ func MakeTestBackend(t *testing.T) kvdb.Backend {
 	require.NoError(t, err)
 
 	t.Cleanup(func() {
-		backend.Close()
+		err := backend.Close()
+		require.NoError(t, err)
 	})
 
 	return backend