Merge pull request #719 from grnhse/gosec-x-oauth-basic-skip

Add `x-oauth-basic` nosec annotation & address gosec unhandled errors
2020-08-11 11:56:07 -07:00 · 2020-08-11 11:56:07 -07:00 · 35ed7a313b
commit 35ed7a313b
parent d69fd6af22 b6e78efc1e
3 changed files with 10 additions and 4 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -11,6 +11,7 @@

 ## Changes since v6.0.0

+- [#719](https://github.com/oauth2-proxy/oauth2-proxy/pull/719) Add Gosec fixes to areas that are intermittently flagged on PRs (@NickMeves)
 - [#718](https://github.com/oauth2-proxy/oauth2-proxy/pull/718) Allow Logging to stdout with separate Error Log Channel
 - [#690](https://github.com/oauth2-proxy/oauth2-proxy/pull/690) Address GoSec security findings & remediate (@NickMeves)
 - [#689](https://github.com/oauth2-proxy/oauth2-proxy/pull/689) Fix finicky logging_handler_test from time drift (@NickMeves)
--- a/pkg/logger/logger.go
+++ b/pkg/logger/logger.go
@ -144,11 +144,10 @@ func (l *Logger) formatLogMessage(calldepth int, message string) []byte {
 		panic(err)
 	}

-	_, err = l.writer.Write([]byte("\n"))
+	_, err = logBuff.Write([]byte("\n"))
 	if err != nil {
 		panic(err)
 	}
-	logBuff.Write([]byte("\n"))

 	return logBuff.Bytes()
 }
@ -162,11 +161,16 @@ func (l *Logger) Output(lvl Level, calldepth int, message string) {
 		return
 	}
 	msg := l.formatLogMessage(calldepth, message)
+
+	var err error
 	switch lvl {
 	case ERROR:
-		l.errWriter.Write(msg)
+		_, err = l.errWriter.Write(msg)
 	default:
-		l.writer.Write(msg)
+		_, err = l.writer.Write(msg)
+	}
+	if err != nil {
+		panic(err)
 	}
 }

--- a/pkg/middleware/jwt_session.go
+++ b/pkg/middleware/jwt_session.go
@ -121,6 +121,7 @@ func (j *jwtSessionLoader) getBasicToken(token string) (string, error) {
 	// check user, user+password, or just password for a token
 	if j.jwtRegex.MatchString(user) {
 		// Support blank passwords or magic `x-oauth-basic` passwords - nothing else
+		/* #nosec G101 */
 		if password == "" || password == "x-oauth-basic" {
 			return user, nil
 		}