Merge pull request #261 from Prateeknandle/go-sec_issue

checking err for stream close

go.mod

@@ -176,6 +176,9 @@ require (
 	github.com/xlab/treeprint v1.0.0 // indirect
 	go.mongodb.org/mongo-driver v1.8.4 // indirect
 	go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect
+	go.uber.org/atomic v1.10.0 // indirect
+	go.uber.org/multierr v1.8.0 // indirect
+	go.uber.org/zap v1.23.0 // indirect
 	golang.org/x/crypto v0.1.0 // indirect
 	golang.org/x/net v0.1.0 // indirect
 	golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094 // indirect

go.sum

@@ -135,6 +135,7 @@ github.com/aymanbagabas/go-osc52 v1.0.3/go.mod h1:zT8H+Rk4VSabYN90pWyugflM3ZhpTZ
 github.com/aymanbagabas/go-osc52 v1.2.1 h1:q2sWUyDcozPLcLabEMd+a+7Ea2DitxZVN9hTxab9L4E=
 github.com/aymanbagabas/go-osc52 v1.2.1/go.mod h1:zT8H+Rk4VSabYN90pWyugflM3ZhpTZNC7cASDfUCdT4=
 github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM=
+github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
@@ -1081,11 +1082,18 @@ go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5/go.mod h1:nmDLcffg48OtT/PSW0H
 go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
+go.uber.org/atomic v1.10.0 h1:9qC72Qh0+3MqyJbAn8YU5xVq1frD8bn3JtD2oXtafVQ=
+go.uber.org/atomic v1.10.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
 go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A=
+go.uber.org/goleak v1.1.12 h1:gZAh5/EyT/HQwlpkCy6wTpqfH9H8Lz8zbm3dZh+OyzA=
 go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
 go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
+go.uber.org/multierr v1.8.0 h1:dg6GjLku4EH+249NNmoIciG9N/jURbDG+pFlTkhzIC8=
+go.uber.org/multierr v1.8.0/go.mod h1:7EAYxJLBy9rStEaz58O2t4Uvip6FSURkq8/ppBp95ak=
 go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
 go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo=
+go.uber.org/zap v1.23.0 h1:OjGQ5KQDEUawVHxNwQgPpiypGHOxo2mNZsOqTak4fFY=
+go.uber.org/zap v1.23.0/go.mod h1:D+nX8jyLsMHMYrln8A0rJjFt/T/9/bGgIhAqxv5URuY=
 go.universe.tf/metallb v0.9.6/go.mod h1:mJnnUITBIRREP/BMjZWxa6K2Rh8QA1zJZEhuBD9pf5M=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=

recommend/imageHandler.go

@@ -25,6 +25,7 @@ import (
 	"github.com/docker/docker/client"
 	"github.com/docker/docker/pkg/jsonmessage"
 	"github.com/fatih/color"
+	kg "github.com/kubearmor/KubeArmor/KubeArmor/log"
 	"github.com/moby/term"
 	log "github.com/sirupsen/logrus"
 )
@@ -138,7 +139,11 @@ func pullImage(imageName string) error {
 	if err != nil {
 		return err
 	}
-	defer out.Close()
+	defer func() {
+		if err := out.Close(); err != nil {
+			kg.Warnf("Error closing io stream %s\n", err)
+		}
+	}()
 	termFd, isTerm := term.GetFdInfo(os.Stderr)
 	err = jsonmessage.DisplayJSONMessagesStream(out, os.Stderr, termFd, isTerm, nil)
 	if err != nil {
@@ -251,7 +256,11 @@ func saveImageToTar(imageName string) string {
 	if err != nil {
 		log.WithError(err).Fatal("could not save image")
 	}
-	defer imgdata.Close()
+	defer func() {
+		if err := imgdata.Close(); err != nil {
+			kg.Warnf("Error closing io stream %s\n", err)
+		}
+	}()
 
 	tarname := filepath.Join(tempDir, randString(8)+".tar")
 

recommend/policyTemplates.go

@@ -15,6 +15,7 @@ import (
 
 	"github.com/cavaliergopher/grab/v3"
 	"github.com/google/go-github/github"
+	kg "github.com/kubearmor/KubeArmor/KubeArmor/log"
 	pol "github.com/kubearmor/KubeArmor/pkg/KubeArmorController/api/security.kubearmor.com/v1"
 	log "github.com/sirupsen/logrus"
 	"sigs.k8s.io/yaml"
@@ -153,7 +154,11 @@ func unZip(source, dest string) error {
 		if err = create.Close(); err != nil {
 			return err
 		}
-		defer open.Close()
+		defer func() {
+			if err := open.Close(); err != nil {
+				kg.Warnf("Error closing io stream %s\n", err)
+			}
+		}()
 	}
 	return nil
 }

sysdump/sysdump.go

@@ -16,6 +16,7 @@ import (
 
 	"golang.org/x/sync/errgroup"
 
+	kg "github.com/kubearmor/KubeArmor/KubeArmor/log"
 	"github.com/kubearmor/kubearmor-client/k8s"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -110,7 +111,11 @@ func Collect(c *k8s.Client, o Options) error {
 				fmt.Printf("failed getting logs from pod=%s err=%s\n", p.Name, err)
 				continue
 			}
-			defer s.Close()
+			defer func() {
+				if err := s.Close(); err != nil {
+					kg.Warnf("Error closing io stream %s\n", err)
+				}
+			}()
 			var logs bytes.Buffer
 			if _, err = io.Copy(&logs, s); err != nil {
 				return err

vm/label.go

@@ -11,9 +11,11 @@ import (
 	"net/http"
 	"strings"
 	"time"
+
+	kg "github.com/kubearmor/KubeArmor/KubeArmor/log"
 )
 
-//LabelOptions are optional configuration for kArmor vm policy
+// LabelOptions are optional configuration for kArmor vm policy
 type LabelOptions struct {
 	VMName   string
 	VMLabels string
@@ -26,7 +28,7 @@ type KubeArmorVirtualMachineLabel struct {
 	Labels []map[string]string `json:"labels,omitempty"`
 }
 
-//LabelHandling Function recives path to YAML file with the type of event and HTTP Server
+// LabelHandling Function recives path to YAML file with the type of event and HTTP Server
 func LabelHandling(t string, o LabelOptions, address string, isKvmsEnv bool) error {
 
 	var respBody []byte
@@ -73,7 +75,11 @@ func LabelHandling(t string, o LabelOptions, address string, isKvmsEnv bool) err
 		if err != nil {
 			return fmt.Errorf("failed to manage labels")
 		}
-		defer resp.Body.Close()
+		defer func() {
+			if err := resp.Body.Close(); err != nil {
+				kg.Warnf("Error closing http stream %s\n", err)
+			}
+		}()
 
 		respBody, err = io.ReadAll(resp.Body)
 		if err != nil {

vm/onboarding.go

@@ -16,6 +16,7 @@ import (
 	"time"
 
 	tp "github.com/kubearmor/KVMService/src/types"
+	kg "github.com/kubearmor/KubeArmor/KubeArmor/log"
 	"sigs.k8s.io/yaml"
 )
 
@@ -36,7 +37,11 @@ func postHTTPRequest(eventData []byte, vmAction string, address string) (string,
 	if err != nil {
 		return "", err
 	}
-	defer resp.Body.Close()
+	defer func() {
+		if err := resp.Body.Close(); err != nil {
+			kg.Warnf("Error closing http stream %s\n", err)
+		}
+	}()
 
 	respBody, err := io.ReadAll(resp.Body)
 	if err != nil {

vm/policy.go

@@ -16,6 +16,7 @@ import (
 	"time"
 
 	v2 "github.com/cilium/cilium/pkg/k8s/apis/cilium.io/v2"
+	kg "github.com/kubearmor/KubeArmor/KubeArmor/log"
 	tp "github.com/kubearmor/KubeArmor/KubeArmor/types"
 	pb "github.com/kubearmor/KubeArmor/protobuf"
 
@@ -102,13 +103,17 @@ func sendPolicyOverHTTP(address string, kind string, policyEventData []byte) err
 	if err != nil {
 		return fmt.Errorf("failed to send policy")
 	}
-	defer resp.Body.Close()
+	defer func() {
+		if err := resp.Body.Close(); err != nil {
+			kg.Warnf("Error closing http stream %s\n", err)
+		}
+	}()
 
 	fmt.Println("Success")
 	return nil
 }
 
-//PolicyHandling Function recives path to YAML file with the type of event and emits an Host Policy Event to KubeArmor gRPC/HTTP Server
+// PolicyHandling Function recives path to YAML file with the type of event and emits an Host Policy Event to KubeArmor gRPC/HTTP Server
 func PolicyHandling(t string, path string, o PolicyOptions, httpAddress string, isKvmsEnv bool) error {
 	var k struct {
 		Kind string `json:"kind"`