fixing sec issues

2025-09-07 01:14:19 +02:00
parent b3232e79d5
commit af11e843a4
13 changed files with 88 additions and 37 deletions
--- a/pkg/remote/client/client.go
+++ b/pkg/remote/client/client.go
@@ -9,6 +9,7 @@ import (
 	"errors"
 	"fmt"
 	"io"
+	"log/slog"
 	"mime/multipart"
 	"net/http"
 	"net/url"
@@ -220,7 +221,7 @@ func (c *Client) Pull(gameID, archivePath string) error {

 	req.SetBasicAuth(c.username, c.password)

-	f, err := os.OpenFile(archivePath+".part", os.O_CREATE|os.O_WRONLY, 0740)
+	f, err := os.OpenFile(archivePath+".part", os.O_CREATE|os.O_WRONLY, 0600)
 	if err != nil {
 		return fmt.Errorf("failed to open file: %w", err)
 	}
@@ -275,20 +276,24 @@ func (c *Client) PullBackup(gameID, uuid, archivePath string) error {

 	req.SetBasicAuth(c.username, c.password)

-	f, err := os.OpenFile(archivePath+".part", os.O_CREATE|os.O_WRONLY, 0740)
+	f, err := os.OpenFile(archivePath+".part", os.O_CREATE|os.O_WRONLY, 0600)
 	if err != nil {
 		return fmt.Errorf("failed to open file: %w", err)
 	}

 	res, err := cli.Do(req)
 	if err != nil {
-		f.Close()
+		if err := f.Close(); err != nil {
+			slog.Error("failed to close file", "err", err)
+		}
 		return fmt.Errorf("cannot connect to remote: %w", err)
 	}
 	defer res.Body.Close()

 	if res.StatusCode != http.StatusOK {
-		f.Close()
+		if err := f.Close(); err != nil {
+			slog.Error("failed to close file", "err", err)
+		}
 		return fmt.Errorf("cannot connect to remote: server return code: %s", res.Status)
 	}

@@ -299,10 +304,14 @@ func (c *Client) PullBackup(gameID, uuid, archivePath string) error {
 	defer bar.Close()

 	if _, err := io.Copy(io.MultiWriter(f, bar), res.Body); err != nil {
-		f.Close()
+		if err := f.Close(); err != nil {
+			slog.Error("failed to close file", "err", err)
+		}
 		return fmt.Errorf("an error occured while copying the file from the remote: %w", err)
 	}
-	f.Close()
+	if err := f.Close(); err != nil {
+		slog.Error("failed to close file", "err", err)
+	}

 	if err := os.Rename(archivePath+".part", archivePath); err != nil {
 		return fmt.Errorf("failed to move temporary data: %w", err)
@@ -431,9 +440,15 @@ func (c *Client) push(u, archivePath string, m repository.Metadata) error {
 		return fmt.Errorf("failed to copy data: %w", err)
 	}

-	writer.WriteField("name", m.Name)
-	writer.WriteField("version", strconv.Itoa(m.Version))
-	writer.WriteField("date", m.Date.Format(time.RFC3339))
+	if err := writer.WriteField("name", m.Name); err != nil {
+		return err
+	}
+	if err := writer.WriteField("version", strconv.Itoa(m.Version)); err != nil {
+		return err
+	}
+	if err := writer.WriteField("date", m.Date.Format(time.RFC3339)); err != nil {
+		return err
+	}

 	if err := writer.Close(); err != nil {
 		return err
--- a/pkg/remote/remote.go
+++ b/pkg/remote/remote.go
@@ -32,7 +32,7 @@ func init() {
 	}

 	datastorepath = filepath.Join(roaming, "cloudsave", "data")
-	err = os.MkdirAll(datastorepath, 0740)
+	err = os.MkdirAll(datastorepath, 0600)
 	if err != nil {
 		panic("cannot make the datastore:" + err.Error())
 	}
@@ -62,7 +62,7 @@ func Set(gameID, url string) error {
 		URL: url,
 	}

-	f, err := os.OpenFile(filepath.Join(datastorepath, gameID, "remote.json"), os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0740)
+	f, err := os.OpenFile(filepath.Join(datastorepath, gameID, "remote.json"), os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
 	if err != nil {
 		return err
 	}