fix G107 G304 gosec warnings (#24)

someshkoli · web-flow · commit 56bc14ab0f36 · 2021-05-03T21:18:38.000-04:00
Signed-off-by: someshkoli &lt;kolisomesh27@gmail.com&gt;
diff --git a/model/unmarshal_json.go b/model/unmarshal_json.go
@@ -28,6 +28,7 @@ const prefix = "file:/"
 
 func getBytesFromFile(s string) (b []byte, err error) {
 
+	// #nosec
 	if resp, err := http.Get(s); err == nil {
 		defer resp.Body.Close()
 		buf := new(bytes.Buffer)
@@ -43,7 +44,7 @@ func getBytesFromFile(s string) (b []byte, err error) {
 			return nil, err
 		}
 	}
-	if b, err = ioutil.ReadFile(s); err != nil {
+	if b, err = ioutil.ReadFile(filepath.Clean(s)); err != nil {
 		return nil, err
 	}
 	return b, nil
diff --git a/parser/parser.go b/parser/parser.go
@@ -17,11 +17,13 @@ package parser
 import (
 	"encoding/json"
 	"fmt"
-	"github.com/serverlessworkflow/sdk-go/model"
 	"io/ioutil"
 	"os"
-	"sigs.k8s.io/yaml"
+	"path/filepath"
 	"strings"
+
+	"github.com/serverlessworkflow/sdk-go/model"
+	"sigs.k8s.io/yaml"
 )
 
 const (
@@ -55,7 +57,7 @@ func FromFile(path string) (*model.Workflow, error) {
 	if err := checkFilePath(path); err != nil {
 		return nil, err
 	}
-	fileBytes, err := ioutil.ReadFile(path)
+	fileBytes, err := ioutil.ReadFile(filepath.Clean(path))
 	if err != nil {
 		return nil, err
 	}

Original file line number	Diff line number	Diff line change
`@@ -28,6 +28,7 @@ const prefix = "file:/"`
`28`	`28`
`29`	`29`	`func getBytesFromFile(s string) (b []byte, err error) {`
`30`	`30`
	`31`	`+ // #nosec`
`31`	`32`	`if resp, err := http.Get(s); err == nil {`
`32`	`33`	`defer resp.Body.Close()`
`33`	`34`	`buf := new(bytes.Buffer)`
`@@ -43,7 +44,7 @@ func getBytesFromFile(s string) (b []byte, err error) {`
`43`	`44`	`return nil, err`
`44`	`45`	`}`
`45`	`46`	`}`
`46`		`- if b, err = ioutil.ReadFile(s); err != nil {`
	`47`	`+ if b, err = ioutil.ReadFile(filepath.Clean(s)); err != nil {`
`47`	`48`	`return nil, err`
`48`	`49`	`}`
`49`	`50`	`return b, nil`