From dd0460ab454387433968f38a4f6d9d3072a30dad Mon Sep 17 00:00:00 2001 From: Tommi2Day Date: Sun, 18 Aug 2024 16:18:26 +0200 Subject: [PATCH] replace os.WriteFile and os.ReadFile --- CHANGELOG.md | 3 ++- common/file_helper_test.go | 8 ++++---- common/git_helper_test.go | 2 +- dblib/oracle_test.go | 4 +--- dblib/tns_dns_test.go | 4 +++- dblib/tns_ldap_test.go | 7 +++---- dblib/tns_test.go | 12 +++++------- pwlib/encode.go | 19 +++++++++---------- pwlib/get_password.go | 4 +--- pwlib/get_password_test.go | 6 ++---- pwlib/gpg.go | 3 +-- pwlib/gpg_test.go | 3 +-- pwlib/kms.go | 30 ++++++++--------------------- pwlib/kms_test.go | 3 +-- pwlib/openssl.go | 39 ++++++++++---------------------------- pwlib/openssl_test.go | 15 +++++++-------- pwlib/rsa.go | 37 ++++++++++++++---------------------- pwlib/rsa_test.go | 7 ++++--- 18 files changed, 77 insertions(+), 129 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f633059..1a895ae 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,8 +1,9 @@ # Go Library -## [v1.14.6 - 2024-08-18] +## [v1.14.7 - 2024-08-18] ### Changed - netlib,dblib: change docker network range +- use common.WriteStringToFile/ReadFileToString instead of os.WriteFile and os.ReadFile - update dependencies ### Fixed - fix new linter issues diff --git a/common/file_helper_test.go b/common/file_helper_test.go index 7adee45..cc1fa2b 100644 --- a/common/file_helper_test.go +++ b/common/file_helper_test.go @@ -32,8 +32,8 @@ func TestFileHelper(t *testing.T) { err := os.Chdir(test.TestDir) require.NoErrorf(t, err, "ChDir failed") _ = os.Remove(filename) - //nolint gosec - err = os.WriteFile(filename, []byte(data), 0644) + + err = WriteStringToFile(filename, data) require.NoErrorf(t, err, "Create testdata failed") // run @@ -67,8 +67,8 @@ func TestFileHelper(t *testing.T) { err := os.Chdir(test.TestDir) require.NoErrorf(t, err, "ChDir failed") _ = os.Remove(filename) - //nolint gosec - err = os.WriteFile(filename, []byte(data), 0644) + + err = WriteStringToFile(filename, data) require.NoErrorf(t, err, "Create testdata failed") lines := strings.Split(data, "\n") diff --git a/common/git_helper_test.go b/common/git_helper_test.go index cd7b44f..efa53a1 100644 --- a/common/git_helper_test.go +++ b/common/git_helper_test.go @@ -104,7 +104,7 @@ func TestGit(t *testing.T) { }) t.Run("TestNonGit ERROR", func(t *testing.T) { filename := path.Join(test.TestData, "testgit.txt") - err := os.WriteFile(filename, []byte("test"), 0600) + err := WriteStringToFile(filename, "test") require.NoErrorf(t, err, "WriteFile failed") gitDir, err := GetGitRootDir(filename) assert.NoErrorf(t, err, "GetGitRootDir should not fail: %s", err) diff --git a/dblib/oracle_test.go b/dblib/oracle_test.go index 5af470f..f165a0c 100644 --- a/dblib/oracle_test.go +++ b/dblib/oracle_test.go @@ -44,9 +44,7 @@ func TestWithOracle(t *testing.T) { test.InitTestDirs() tnsAdmin = test.TestData filename := tnsAdmin + "/connect.ora" - //_ = os.Chdir(tnsAdmin) - //nolint gosec - _ = os.WriteFile(filename, []byte(connectora), 0644) + _ = common.WriteStringToFile(filename, connectora) t.Logf("load from %s", filename) domain, _ := ReadSqlnetOra(tnsAdmin) diff --git a/dblib/tns_dns_test.go b/dblib/tns_dns_test.go index e7eeca1..98ed990 100644 --- a/dblib/tns_dns_test.go +++ b/dblib/tns_dns_test.go @@ -4,6 +4,8 @@ import ( "os" "testing" + "github.com/tommi2day/gomodules/common" + "github.com/tommi2day/gomodules/netlib" "github.com/stretchr/testify/assert" @@ -28,7 +30,7 @@ func TestRACInfo(t *testing.T) { require.NoErrorf(t, err, "ChDir failed") //nolint gosec - err = os.WriteFile(tnsAdmin+"/racinfo.ini", []byte(racinfoini), 0644) + err = common.WriteStringToFile(tnsAdmin+"/racinfo.ini", racinfoini) require.NoErrorf(t, err, "Create test racinfo.ini failed") if os.Getenv("SKIP_DNS") != "" { diff --git a/dblib/tns_ldap_test.go b/dblib/tns_ldap_test.go index cba148b..b1c9d1a 100644 --- a/dblib/tns_ldap_test.go +++ b/dblib/tns_ldap_test.go @@ -59,8 +59,7 @@ func TestOracleLdap(t *testing.T) { ldapAdmin := test.TestData t.Run("Parse wrong ldap.ora", func(t *testing.T) { - //nolint gosec - err = os.WriteFile(ldapAdmin+"/ldap.ora", []byte(ldaporaFail), 0644) + err = common.WriteStringToFile(ldapAdmin+"/ldap.ora", ldaporaFail) require.NoErrorf(t, err, "Create test ldap.ora failed") _, ldapservers := ReadLdapOra(ldapAdmin) e := 1 @@ -73,8 +72,8 @@ func TestOracleLdap(t *testing.T) { assert.Equal(t, expected, actual, "ldap entry 1 not match") } }) - //nolint gosec - err = os.WriteFile(ldapAdmin+"/ldap.ora", []byte(ldaporaOK), 0644) + + err = common.WriteStringToFile(ldapAdmin+"/ldap.ora", ldaporaOK) require.NoErrorf(t, err, "Create test ldap.ora failed") t.Run("Parse ldap.ora", func(t *testing.T) { oraclecontext, ldapservers := ReadLdapOra(ldapAdmin) diff --git a/dblib/tns_test.go b/dblib/tns_test.go index e66ef65..5ce47b3 100644 --- a/dblib/tns_test.go +++ b/dblib/tns_test.go @@ -5,6 +5,8 @@ import ( "strings" "testing" + "github.com/tommi2day/gomodules/common" + "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "github.com/tommi2day/gomodules/test" @@ -86,15 +88,11 @@ func TestParseTns(t *testing.T) { test.InitTestDirs() err = os.Chdir(test.TestDir) require.NoErrorf(t, err, "ChDir failed") - - //nolint gosec - err = os.WriteFile(tnsAdmin+"/sqlnet.ora", []byte(sqlnetcontent), 0644) + err = common.WriteStringToFile(tnsAdmin+"/sqlnet.ora", sqlnetcontent) require.NoErrorf(t, err, "Create test sqlnet.ora failed") - //nolint gosec - err = os.WriteFile(tnsAdmin+"/tnsnames.ora", []byte(tnsnamesora), 0644) + err = common.WriteStringToFile(tnsAdmin+"/tnsnames.ora", tnsnamesora) require.NoErrorf(t, err, "Create test tnsnames.ora failed") - //nolint gosec - err = os.WriteFile(tnsAdmin+"/ifile.ora", []byte(ifileora), 0644) + err = common.WriteStringToFile(tnsAdmin+"/ifile.ora", ifileora) require.NoErrorf(t, err, "Create test ifile.ora failed") t.Run("Check TNS_ADMIN", func(t *testing.T) { var actual string diff --git a/pwlib/encode.go b/pwlib/encode.go index 8c79e5b..d31bc57 100644 --- a/pwlib/encode.go +++ b/pwlib/encode.go @@ -2,24 +2,24 @@ package pwlib import ( "encoding/base64" - "os" + + "github.com/tommi2day/gomodules/common" log "github.com/sirupsen/logrus" ) // EncodeFile encodes a file using base64 func EncodeFile(plainFile string, targetFile string) (err error) { - var plaindata []byte + plainData := "" log.Debugf("Encrypt %s with B64 to %s", plainFile, targetFile) //nolint gosec - plaindata, err = os.ReadFile(plainFile) + plainData, err = common.ReadFileToString(plainFile) if err != nil { log.Debugf("Cannot read plaintext file %s:%s", plainFile, err) return } - b64 := base64.StdEncoding.EncodeToString(plaindata) - //nolint gosec - err = os.WriteFile(targetFile, []byte(b64), 0644) + b64 := base64.StdEncoding.EncodeToString([]byte(plainData)) + err = common.WriteStringToFile(targetFile, b64) if err != nil { log.Debugf("Cannot write: %s", err.Error()) return @@ -29,15 +29,14 @@ func EncodeFile(plainFile string, targetFile string) (err error) { // DecodeFile decodes a file using base64 func DecodeFile(cryptedfile string) (content []byte, err error) { - var data []byte + data := "" log.Debugf("decrypt b64 %s", cryptedfile) - //nolint gosec - data, err = os.ReadFile(cryptedfile) + data, err = common.ReadFileToString(cryptedfile) if err != nil { log.Debugf("Cannot Read file '%s': %s", cryptedfile, err) return } - bindata, err := base64.StdEncoding.DecodeString(string(data)) + bindata, err := base64.StdEncoding.DecodeString(data) if err != nil { log.Debugf("decode base64 for %s failed: %s", cryptedfile, err) return diff --git a/pwlib/get_password.go b/pwlib/get_password.go index deb72ae..f11b8d5 100644 --- a/pwlib/get_password.go +++ b/pwlib/get_password.go @@ -40,9 +40,7 @@ func (pc *PassConfig) DecryptFile() (lines []string, err error) { data, err = DecodeFile(cryptedfile) content = string(data) case typePlain: - //nolint gosec - data, err = os.ReadFile(cryptedfile) - content = string(data) + content, err = common.ReadFileToString(cryptedfile) case typeVault: content, err = GetVaultSecret(cryptedfile, "", "") case typeGPG: diff --git a/pwlib/get_password_test.go b/pwlib/get_password_test.go index d8d117a..0e8c55c 100644 --- a/pwlib/get_password_test.go +++ b/pwlib/get_password_test.go @@ -42,8 +42,7 @@ func TestCrypt(t *testing.T) { pc := NewConfig(app, dataDir, keyDir, app, m) filename := pc.PlainTextFile _ = os.Remove(filename) - //nolint gosec - err = os.WriteFile(filename, []byte(plain), 0644) + err = common.WriteStringToFile(filename, plain) require.NoErrorf(t, err, "Create testdata failed") // genkey or use existing for GPG @@ -93,8 +92,7 @@ func TestGetPassword(t *testing.T) { require.NoErrorf(t, err, "ChDir failed") filename := pc.PlainTextFile _ = os.Remove(filename) - //nolint gosec - err = os.WriteFile(filename, []byte(plain), 0644) + err = common.WriteStringToFile(filename, plain) require.NoErrorf(t, err, "Create testdata failed") _, _, err = GenRsaKey(pc.PubKeyFile, pc.PrivateKeyFile, pc.KeyPass) require.NoErrorf(t, err, "Prepare Key failed:%s", err) diff --git a/pwlib/gpg.go b/pwlib/gpg.go index 1c67237..f492c87 100644 --- a/pwlib/gpg.go +++ b/pwlib/gpg.go @@ -245,8 +245,7 @@ func GPGEncryptFile(plainFile string, targetFile string, publicKeyFile string) ( if err != nil { return } - //nolint gosec - err = os.WriteFile(targetFile, encryptedBytes, 0644) + err = common.WriteStringToFile(targetFile, string(encryptedBytes)) return } diff --git a/pwlib/gpg_test.go b/pwlib/gpg_test.go index 62e9174..952bab0 100644 --- a/pwlib/gpg_test.go +++ b/pwlib/gpg_test.go @@ -89,8 +89,7 @@ func TestGPG(t *testing.T) { } }) plaintextfile := path.Join(test.TestData, "test.gpg.txt") - //nolint gosec - err = os.WriteFile(plaintextfile, []byte(plain), 0644) + err = common.WriteStringToFile(plaintextfile, plain) require.NoErrorf(t, err, "Create testdata failed") cryptedfile := path.Join(test.TestData, "test.gpg.crypt") t.Run("Encrypt GPG File", func(t *testing.T) { diff --git a/pwlib/kms.go b/pwlib/kms.go index 02b7f5f..8eeb968 100644 --- a/pwlib/kms.go +++ b/pwlib/kms.go @@ -6,7 +6,6 @@ import ( "encoding/base64" "errors" "fmt" - "os" "strings" "github.com/tommi2day/gomodules/common" @@ -332,15 +331,13 @@ func KMSEncryptFile(plainFile string, targetFile string, keyID string, sessionPa } if len(sessionPassFile) > 0 { - //nolint gosec - err = os.WriteFile(sessionPassFile, []byte(crypted), 0644) + err = common.WriteStringToFile(sessionPassFile, crypted) if err != nil { log.Errorf("Cannot write session Key file %s:%v", sessionPassFile, err) } } - //nolint gosec - plaindata, err := os.ReadFile(plainFile) + plainData, err := common.ReadFileToString(plainFile) if err != nil { log.Debugf("Cannot read plaintext file %s:%s", plainFile, err) return @@ -348,14 +345,13 @@ func KMSEncryptFile(plainFile string, targetFile string, keyID string, sessionPa o := openssl.New() // openssl enc -e -aes-256-cbc -md sha246 -base64 -in $SOURCE -out $TARGET -pass pass:$PASSPHRASE - encrypted, err := o.EncryptBytes(sessionKey, plaindata, SSLDigest) + encrypted, err := o.EncryptBytes(sessionKey, []byte(plainData), SSLDigest) if err != nil { log.Errorf("cannot encrypt plaintext file %s:%s", plainFile, err) return } // write crypted output file - //nolint gosec - err = os.WriteFile(targetFile, encrypted, 0644) + err = common.WriteStringToFile(targetFile, string(encrypted)) if err != nil { log.Errorf("Cannot write: %s", err.Error()) return @@ -377,28 +373,18 @@ func KMSDecryptFile(cryptedFile string, keyID string, sessionPassFile string) (c log.Debug(err) return } - //nolint gosec - cryptedData, err := os.ReadFile(cryptedFile) + + cryptedData, err := common.ReadFileToString(cryptedFile) if err != nil { log.Debugf("cannot Read file '%s': %s", cryptedFile, err) return } encSessionKey := "" - - var sp []byte - //nolint gosec - sp, err = os.ReadFile(sessionPassFile) + encSessionKey, err = common.ReadFileToString(sessionPassFile) if err != nil { log.Debugf("cannot Read file '%s': %s", sessionPassFile, err) return } - encSessionKey = string(sp) - - if err != nil { - log.Debugf("Cannot Read file '%s': %s", sessionPassFile, err) - return - } - sessionKey, err := KMSDecryptString(svc, keyID, encSessionKey) if err != nil { log.Debugf("decode session key failed:%s", err) @@ -409,7 +395,7 @@ func KMSDecryptFile(cryptedFile string, keyID string, sessionPassFile string) (c // OPENSSL enc -d -aes-256-cbc -md sha256 -base64 -in $SOURCE -pass pass:$SESSIONKEY o := openssl.New() - decoded, err := o.DecryptBytes(sessionKey, cryptedData, SSLDigest) + decoded, err := o.DecryptBytes(sessionKey, []byte(cryptedData), SSLDigest) if err != nil { log.Debugf("Cannot decrypt data from '%s': %s", cryptedFile, err) return diff --git a/pwlib/kms_test.go b/pwlib/kms_test.go index 5a25f1a..8fe3709 100644 --- a/pwlib/kms_test.go +++ b/pwlib/kms_test.go @@ -26,8 +26,7 @@ func TestKMS(t *testing.T) { require.NoErrorf(t, err, "ChDir failed") filename := pc.PlainTextFile _ = os.Remove(filename) - //nolint gosec - err = os.WriteFile(filename, []byte(plainfile), 0644) + err = common.WriteStringToFile(filename, plainfile) require.NoErrorf(t, err, "Create testdata failed") var kmsClient *kms.Client diff --git a/pwlib/openssl.go b/pwlib/openssl.go index ec8fd74..8b5e1eb 100644 --- a/pwlib/openssl.go +++ b/pwlib/openssl.go @@ -3,7 +3,8 @@ package pwlib import ( "crypto/rand" "encoding/base64" - "os" + + "github.com/tommi2day/gomodules/common" openssl "github.com/Luzifer/go-openssl/v4" log "github.com/sirupsen/logrus" @@ -13,31 +14,20 @@ import ( func PrivateDecryptFileSSL(cryptedFile string, privateKeyFile string, keyPass string, sessionPassFile string) (content string, err error) { log.Debugf("decrypt %s with private key %s in OpenSSL format", cryptedFile, privateKeyFile) cryptedkey := "" - var data []byte - //nolint gosec - crypted, err := os.ReadFile(cryptedFile) + + data, err := common.ReadFileToString(cryptedFile) if err != nil { log.Debugf("Cannot Read file '%s': %s", cryptedFile, err) return } if len(sessionPassFile) > 0 { - //nolint gosec - data, err = os.ReadFile(sessionPassFile) + cryptedkey, err = common.ReadFileToString(sessionPassFile) if err != nil { log.Debugf("Cannot Read file '%s': %s", sessionPassFile, err) return } - cryptedkey = string(data) - } - /* - else { - // generate session key from crypted file - } - */ - if err != nil { - log.Debugf("Cannot Read file '%s': %s", sessionPassFile, err) - return } + crypted := []byte(data) sessionKey, err := PrivateDecryptString(cryptedkey, privateKeyFile, keyPass) if err != nil { log.Debugf("Cannot decrypt Session Key from '%s': %s", sessionPassFile, err) @@ -58,9 +48,6 @@ func PrivateDecryptFileSSL(cryptedFile string, privateKeyFile string, keyPass st func PubEncryptFileSSL(plainFile string, targetFile string, publicKeyFile string, sessionPassFile string) (err error) { const rb = 16 log.Debugf("Encrypt %s with public key %s in OpenSSL format", plainFile, publicKeyFile) - if err != nil { - return - } random := make([]byte, rb) _, err = rand.Read(random) if err != nil { @@ -74,15 +61,14 @@ func PubEncryptFileSSL(plainFile string, targetFile string, publicKeyFile string } if len(sessionPassFile) > 0 { - //nolint gosec - err = os.WriteFile(sessionPassFile, []byte(crypted), 0644) + err = common.WriteStringToFile(sessionPassFile, crypted) if err != nil { log.Errorf("Cannot write session Key file %s:%v", sessionPassFile, err) } } //nolint gosec - plaindata, err := os.ReadFile(plainFile) + plainData, err := common.ReadFileToString(plainFile) if err != nil { log.Debugf("Cannot read plaintext file %s:%s", plainFile, err) return @@ -90,19 +76,14 @@ func PubEncryptFileSSL(plainFile string, targetFile string, publicKeyFile string o := openssl.New() // openssl enc -e -aes-256-cbc -md sha246 -base64 -in $SOURCE -out $TARGET -pass pass:$PASSPHRASE - encrypted, err := o.EncryptBytes(sessionKey, plaindata, SSLDigest) + encrypted, err := o.EncryptBytes(sessionKey, []byte(plainData), SSLDigest) if err != nil { log.Errorf("cannot encrypt plaintext file %s:%s", plainFile, err) return } - /*if len(sessionPassFile) == 0 { - // include session key in crypted file - }*/ - // write crypted output file - //nolint gosec - err = os.WriteFile(targetFile, encrypted, 0644) + err = common.WriteStringToFile(targetFile, string(encrypted)) if err != nil { log.Errorf("Cannot write: %s", err.Error()) return diff --git a/pwlib/openssl_test.go b/pwlib/openssl_test.go index 663feb1..412bca3 100644 --- a/pwlib/openssl_test.go +++ b/pwlib/openssl_test.go @@ -184,8 +184,8 @@ func TestOpensslFile(t *testing.T) { require.NoErrorf(t, err, "ChDir failed") filename := pc.PlainTextFile _ = os.Remove(filename) - //nolint gosec - err = os.WriteFile(filename, []byte(plainfile), 0644) + + err = common.WriteStringToFile(filename, plainfile) require.NoErrorf(t, err, "Create testdata failed") // prepare keys @@ -225,8 +225,8 @@ func TestOpensslFile(t *testing.T) { if err != nil { t.Fatalf("Encrypting Keyfile failed: %v", err) } - //nolint gosec - err = os.WriteFile(pc.SessionPassFile, []byte(crypted), 0644) + + err = common.WriteStringToFile(pc.SessionPassFile, crypted) if err != nil { t.Fatalf("Cannot write session Key file %s:%v", pc.SessionPassFile, err) } @@ -262,7 +262,7 @@ func TestOpensslFile(t *testing.T) { }) t.Run("Encrypt_API-Decrypt_openssl", func(t *testing.T) { // encrypt using api - err := PubEncryptFileSSL(pc.PlainTextFile, pc.CryptedFile, pc.PubKeyFile, pc.SessionPassFile) + err = PubEncryptFileSSL(pc.PlainTextFile, pc.CryptedFile, pc.PubKeyFile, pc.SessionPassFile) assert.NoErrorf(t, err, "Cannot Encrypt using API:%s", err) if err != nil { t.Fatalf("Cannot Encrypt using API:%s", err) @@ -270,12 +270,11 @@ func TestOpensslFile(t *testing.T) { // verify witch openssl cmd // read session pass file - //nolint gosec - data, err := os.ReadFile(pc.SessionPassFile) + cryptedKey := "" + cryptedKey, err = common.ReadFileToString(pc.SessionPassFile) if err != nil { t.Fatalf("Cannot Read SessionPassFile %s:%v", pc.SessionPassFile, err) } - cryptedKey := string(data) // revert base64 encoding b64dec, err := base64.StdEncoding.DecodeString(cryptedKey) if err != nil { diff --git a/pwlib/rsa.go b/pwlib/rsa.go index b189579..8a7dd08 100644 --- a/pwlib/rsa.go +++ b/pwlib/rsa.go @@ -15,9 +15,10 @@ import ( "errors" "fmt" "io" - "os" "strings" + "github.com/tommi2day/gomodules/common" + log "github.com/sirupsen/logrus" ) @@ -51,7 +52,7 @@ func GenRsaKey(pubfilename string, privfilename string, password string) (public } // save it privatekeyPem := pem.EncodeToMemory(block) - err = os.WriteFile(privfilename, privatekeyPem, 0600) + err = common.WriteStringToFile(privfilename, string(privatekeyPem)) if err != nil { log.Errorf("cannot write %s: %s", privfilename, err) return @@ -66,8 +67,7 @@ func GenRsaKey(pubfilename string, privfilename string, password string) (public Bytes: pubbytes, } pubkeyPem := pem.EncodeToMemory(block) - //nolint gosec - err = os.WriteFile(pubfilename, pubkeyPem, 0644) + err = common.WriteStringToFile(pubfilename, string(pubkeyPem)) if err != nil { log.Errorf("cannot write %s: %s", pubfilename, err) return @@ -84,13 +84,12 @@ func GetPrivateKeyFromFile(privfilename string, rsaPrivateKeyPassword string) (p var privPemBytes []byte log.Debugf("GetPrivateKeyFromFile entered for %s", privfilename) - //nolint gosec - priv, err := os.ReadFile(privfilename) + priv, err := common.ReadFileToString(privfilename) if err != nil { log.Debugf("cannot read %s: %s", privfilename, err) return } - privPem, _ := pem.Decode(priv) + privPem, _ := pem.Decode([]byte(priv)) if privPem == nil { log.Debugf("cannot decode pem in %s", privfilename) return @@ -136,13 +135,12 @@ func GetPrivateKeyFromFile(privfilename string, rsaPrivateKeyPassword string) (p func GetPublicKeyFromFile(publicKeyFile string) (publicKey *rsa.PublicKey, err error) { var parsedKey interface{} log.Debugf("load public key from %s", publicKeyFile) - //nolint gosec - pub, err := os.ReadFile(publicKeyFile) + pub, err := common.ReadFileToString(publicKeyFile) if err != nil { log.Debugf("Cannot Read %s: %s", publicKeyFile, err) return } - pubPem, _ := pem.Decode(pub) + pubPem, _ := pem.Decode([]byte(pub)) if pubPem == nil { log.Debugf("Cannot Decode %s", publicKeyFile) return @@ -170,7 +168,6 @@ func GetPublicKeyFromFile(publicKeyFile string) (publicKey *rsa.PublicKey, err e // PubEncryptFileGo encrypts a file with public key with GO API func PubEncryptFileGo(plainFile string, targetFile string, publicKeyFile string) (err error) { const rb = 16 - var plaindata []byte log.Debugf("Encrypt %s with public key %s", plainFile, publicKeyFile) publicKey, err := GetPublicKeyFromFile(publicKeyFile) if err != nil { @@ -182,8 +179,8 @@ func PubEncryptFileGo(plainFile string, targetFile string, publicKeyFile string) log.Debugf("Cannot generate session key:%s", err) return } - //nolint gosec - plaindata, err = os.ReadFile(plainFile) + plainData := "" + plainData, err = common.ReadFileToString(plainFile) if err != nil { log.Debugf("Cannot read plaintext file %s:%s", plainFile, err) return @@ -220,15 +217,14 @@ func PubEncryptFileGo(plainFile string, targetFile string, publicKeyFile string) } // do encryption and seal - cipherdata := aesgcm.Seal(nil, nonce, plaindata, nil) + cipherdata := aesgcm.Seal(nil, nonce, []byte(plainData), nil) // encode all parts in base64 bindata := bytes.Join([][]byte{encSessionKey, nonce, cipherdata}, []byte("")) b64 := base64.StdEncoding.EncodeToString(bindata) // write crypted output file - //nolint gosec - err = os.WriteFile(targetFile, []byte(b64), 0644) + err = common.WriteStringToFile(targetFile, b64) if err != nil { log.Debugf("Cannot write: %s", err.Error()) return @@ -239,8 +235,7 @@ func PubEncryptFileGo(plainFile string, targetFile string, publicKeyFile string) // PrivateDecryptFileGo Decrypt a file with private key with GO API func PrivateDecryptFileGo(cryptedfile string, privatekeyfile string, keypass string) (content string, err error) { log.Debugf("decrypt %s with private key %s", cryptedfile, privatekeyfile) - //nolint gosec - data, err := os.ReadFile(cryptedfile) + data, err := common.ReadFileToString(cryptedfile) if err != nil { log.Debugf("Cannot Read file '%s': %s", cryptedfile, err) return @@ -250,7 +245,7 @@ func PrivateDecryptFileGo(cryptedfile string, privatekeyfile string, keypass str log.Debugf("Cannot read keys from '%s': %s", privatekeyfile, err) return } - bindata, err := base64.StdEncoding.DecodeString(string(data)) + bindata, err := base64.StdEncoding.DecodeString(data) if err != nil { log.Debugf("decode base64 for %s failed: %s", cryptedfile, err) return @@ -341,9 +336,5 @@ func PublicEncryptString(plain string, publicKeyFile string) (crypted string, er return } crypted = base64.StdEncoding.EncodeToString(data) - if err != nil { - log.Debugf("decode base64 failed: %s", err) - return - } return } diff --git a/pwlib/rsa_test.go b/pwlib/rsa_test.go index c4af27e..bdf5984 100644 --- a/pwlib/rsa_test.go +++ b/pwlib/rsa_test.go @@ -6,6 +6,8 @@ import ( "path" "testing" + "github.com/tommi2day/gomodules/common" + "github.com/tommi2day/gomodules/test" "github.com/stretchr/testify/assert" @@ -50,10 +52,9 @@ func TestGenRsaKey(t *testing.T) { assert.IsTypef(t, k, privkey, "Not a private key") assert.FileExists(t, pubfilename) assert.FileExists(t, privfilename) - //nolint gosec - content, err := os.ReadFile(privfilename) + content, err := common.ReadFileToString(privfilename) assert.NoErrorf(t, err, "File Read Error %s", err) - assert.Contains(t, string(content), "Proc-Type: 4,ENCRYPTED") + assert.Contains(t, content, "Proc-Type: 4,ENCRYPTED") }) }