Add nosec details

Author: lukasz-zimnoch

pkg/chain/ethereum/ethutil/ethutil.go

@@ -35,7 +35,9 @@ func AddressFromHex(hex string) (common.Address, error) {
 
 // DecryptKeyFile reads in a key file and uses the password to decrypt it.
 func DecryptKeyFile(keyFile, password string) (*keystore.Key, error) {
-	data, err := ioutil.ReadFile(keyFile) // #nosec
+	// #nosec G304 (file path provided as taint input)
+	// This line is used to read a local key file. There is no user input.
+	data, err := ioutil.ReadFile(keyFile)
 	if err != nil {
 		return nil, fmt.Errorf("unable to read KeyFile %s [%v]", keyFile, err)
 	}

pkg/generate/generate.go

@@ -38,7 +38,13 @@ func OrganizeImports(codeBuffer *bytes.Buffer, filePath string) error {
 // error writing the file.
 func SaveBufferToFile(buffer *bytes.Buffer, filePath string) error {
 	file, err := os.Create(filePath)
-	defer file.Close() // #nosec
+
+	// #nosec G104 (audit errors not checked)
+	// This line is placed in the auxiliary generator code,
+	// not in the core application. Also, the Close function returns only
+	// the error. It doesn't return any other values which can be a security
+	// threat when used without checking the error.
+	defer file.Close()
 	if err != nil {
 		return fmt.Errorf("output file %s creation failed [%v]", filePath, err)
 	}

pkg/persistence/disk_persistence.go

@@ -140,7 +140,10 @@ func write(filePath string, data []byte) error {
 
 // read a file from a file system
 func read(filePath string) ([]byte, error) {
-	readFile, err := os.Open(filePath) // #nosec
+	// #nosec G304 (file path provided as taint input)
+	// This line opens a file from the predefined storage.
+	// There is no user input.
+	readFile, err := os.Open(filePath)
 	if err != nil {
 		return nil, err
 	}

tools/generators/ethereum/contract.go

@@ -61,7 +61,11 @@ func main() {
 	contractOutputPath := flag.Arg(1)
 	commandOutputPath := flag.Arg(2)
 
-	abiFile, err := ioutil.ReadFile(abiPath) // #nosec
+	// #nosec G304 (file path provided as taint input)
+	// This line is placed in the auxiliary generator code,
+	// not in the core application. User input has to be passed to
+	// provide a path to the contract ABI.
+	abiFile, err := ioutil.ReadFile(abiPath)
 	if err != nil {
 		panic(fmt.Sprintf(
 			"Failed to read ABI file at [%v]: [%v].",
@@ -223,7 +227,13 @@ func organizeImports(outFile string, buf *bytes.Buffer) error {
 // Stores the Buffer `buf` content to a file in `filePath`
 func saveBufferToFile(buf *bytes.Buffer, filePath string) error {
 	file, err := os.Create(filePath)
-	defer file.Close() // #nosec
+
+	// #nosec G104 (audit errors not checked)
+	// This line is placed in the auxiliary generator code,
+	// not in the core application. Also, the Close function returns only
+	// the error. It doesn't return any other values which can be a security
+	// threat when used without checking the error.
+	defer file.Close()
 	if err != nil {
 		return fmt.Errorf("output file %s creation failed [%v]", filePath, err)
 	}

tools/generators/template/template.go

@@ -30,7 +30,12 @@ func main() {
 	}
 
 	templateFile := os.Args[templateFileArgIndex]
-	templateContents, err := ioutil.ReadFile(templateFile) // #nosec
+
+	// #nosec G304 (file path provided as taint input)
+	// This line is placed in the auxiliary generator code,
+	// not in the core application. User input has to be passed to provide a
+	// path to the template file.
+	templateContents, err := ioutil.ReadFile(templateFile)
 	if err != nil {
 		errorAndExit(fmt.Sprintf("Failed to open template file: [%v].", err))
 	}