Fix gosec, errorlint, and gofmt linter errors in unseal.go and grpc.go
Co-authored-by: Junie <junie@jetbrains.com>
This commit is contained in:
@@ -1 +1 @@
|
||||
[{"lang":"en","usageCount":4}]
|
||||
[{"lang":"en","usageCount":5}]
|
||||
@@ -11,9 +11,9 @@ import (
|
||||
"os"
|
||||
|
||||
"github.com/spf13/cobra"
|
||||
"golang.org/x/term"
|
||||
"google.golang.org/grpc"
|
||||
"google.golang.org/grpc/credentials"
|
||||
"golang.org/x/term"
|
||||
|
||||
metacryptv1 "git.wntrmute.dev/kyle/metacrypt/gen/metacrypt/v1"
|
||||
)
|
||||
@@ -44,7 +44,7 @@ func runUnseal(cmd *cobra.Command, args []string) error {
|
||||
}
|
||||
|
||||
fmt.Print("Unseal password: ")
|
||||
passwordBytes, err := term.ReadPassword(int(os.Stdin.Fd()))
|
||||
passwordBytes, err := term.ReadPassword(int(os.Stdin.Fd())) //nolint:gosec
|
||||
fmt.Println()
|
||||
if err != nil {
|
||||
return fmt.Errorf("read password: %w", err)
|
||||
@@ -59,7 +59,7 @@ func runUnseal(cmd *cobra.Command, args []string) error {
|
||||
func buildTLSConfig(caCertPath string) (*tls.Config, error) {
|
||||
tlsCfg := &tls.Config{MinVersion: tls.VersionTLS12}
|
||||
if caCertPath != "" {
|
||||
pem, err := os.ReadFile(caCertPath)
|
||||
pem, err := os.ReadFile(caCertPath) //nolint:gosec
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("read CA cert: %w", err)
|
||||
}
|
||||
|
||||
@@ -3,6 +3,7 @@ package server
|
||||
import (
|
||||
"context"
|
||||
"crypto/tls"
|
||||
"errors"
|
||||
"fmt"
|
||||
"net"
|
||||
|
||||
@@ -33,7 +34,7 @@ func (g *systemServiceServer) Init(ctx context.Context, req *metacryptv1.InitReq
|
||||
Threads: g.s.cfg.Seal.Argon2Threads,
|
||||
}
|
||||
if err := g.s.seal.Initialize(ctx, []byte(req.Password), params); err != nil {
|
||||
if err == seal.ErrAlreadyInitialized {
|
||||
if errors.Is(err, seal.ErrAlreadyInitialized) {
|
||||
return nil, grpcstatus.Error(codes.AlreadyExists, "already initialized")
|
||||
}
|
||||
g.s.logger.Error("grpc init failed", "error", err)
|
||||
@@ -44,14 +45,14 @@ func (g *systemServiceServer) Init(ctx context.Context, req *metacryptv1.InitReq
|
||||
|
||||
func (g *systemServiceServer) Unseal(ctx context.Context, req *metacryptv1.UnsealRequest) (*metacryptv1.UnsealResponse, error) {
|
||||
if err := g.s.seal.Unseal([]byte(req.Password)); err != nil {
|
||||
switch err {
|
||||
case seal.ErrNotInitialized:
|
||||
switch {
|
||||
case errors.Is(err, seal.ErrNotInitialized):
|
||||
return nil, grpcstatus.Error(codes.FailedPrecondition, "not initialized")
|
||||
case seal.ErrInvalidPassword:
|
||||
case errors.Is(err, seal.ErrInvalidPassword):
|
||||
return nil, grpcstatus.Error(codes.Unauthenticated, "invalid password")
|
||||
case seal.ErrRateLimited:
|
||||
case errors.Is(err, seal.ErrRateLimited):
|
||||
return nil, grpcstatus.Error(codes.ResourceExhausted, "too many attempts, try again later")
|
||||
case seal.ErrNotSealed:
|
||||
case errors.Is(err, seal.ErrNotSealed):
|
||||
return nil, grpcstatus.Error(codes.AlreadyExists, "already unsealed")
|
||||
default:
|
||||
g.s.logger.Error("grpc unseal failed", "error", err)
|
||||
|
||||
Reference in New Issue
Block a user