fix: prefer clean paths to prohibit gosec issues

Also, - refactor: prefer `os.ReadFile` and `os.WriteFile`
gofiber · May 24, 2024 · 586ad8b · 586ad8b
1 parent 61a2ec0
commit 586ad8b
Showing 1 changed file with 7 additions and 6 deletions.
diff --git a/cmd/helpers.go b/cmd/helpers.go
@@ -5,7 +5,6 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"os"
 	"os/exec"
 	"path"
@@ -77,12 +76,14 @@ func replaceWalkFn(path string, info os.FileInfo, pattern string, old, new []byt
 	}
 
 	if matched {
+		cleanedPath := filepath.Clean(path)
+
 		var oldContent []byte
-		if oldContent, err = ioutil.ReadFile(filepath.Clean(path)); err != nil {
+		if oldContent, err = os.ReadFile(cleanedPath); err != nil {
 			return
 		}
 
-		if err = ioutil.WriteFile(path, bytes.Replace(oldContent, old, new, -1), 0); err != nil {
+		if err = os.WriteFile(cleanedPath, bytes.Replace(oldContent, old, new, -1), 0); err != nil {
 			return
 		}
 	}
@@ -92,7 +93,7 @@ func replaceWalkFn(path string, info os.FileInfo, pattern string, old, new []byt
 
 func createFile(filePath, content string) (err error) {
 	var f *os.File
-	if f, err = os.Create(filePath); err != nil {
+	if f, err = os.Create(filepath.Clean(filePath)); err != nil {
 		return
 	}
 
@@ -153,11 +154,11 @@ func storeJson(filename string, v interface{}) error {
 		return err
 	}
 
-	return ioutil.WriteFile(filename, b, 0600)
+	return os.WriteFile(filename, b, 0600)
 }
 
 func loadJson(filename string, v interface{}) error {
-	b, err := ioutil.ReadFile(path.Clean(filename))
+	b, err := os.ReadFile(path.Clean(filename))
 	if err != nil {
 		return err
 	}