Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Properly handle closing of files after writing #113

Merged
merged 1 commit into from
Mar 20, 2023
Merged

Properly handle closing of files after writing #113

merged 1 commit into from
Mar 20, 2023

Conversation

samcoe
Copy link
Contributor

@samcoe samcoe commented Mar 19, 2023
edited

Addresses two CodeQL warnings about properly handling the return value when closing a file that has been written to.

Fixes https://github.com/cli/go-gh/security/code-scanning/13
Fixes https://github.com/cli/go-gh/security/code-scanning/14

@samcoe samcoe self-assigned this Mar 19, 2023
@samcoe samcoe requested review from mislav and vilmibm March 19, 2023 22:54
@samcoe samcoe force-pushed the defer-write-error-handling branch from 76d4f64 to f3e8bc2 Compare March 19, 2023 22:55
@samcoe samcoe force-pushed the defer-write-error-handling branch from f3e8bc2 to c5bfe37 Compare March 19, 2023 23:14
mislav
mislav suggested changes Mar 20, 2023
View reviewed changes
Copy link
Contributor

@mislav mislav left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ditto other PR: could we just ignore the errors? I don't think the end user benefits from file.Close() error aborting their gh command

defer func() {
  _ = f.Close()
}()

@samcoe
Copy link
Contributor Author

samcoe commented Mar 20, 2023
edited

@mislav I think the CodeQL warnings are not exactly around having an unhandled error and more that since we are writing to these files the data might be cached until the file handle is closed, so the errors that happen here are most likely to be errors writing that cached data to the file which feel more important than just a standard file closing error. We do normal expose write errors to the user as they indicate a potential lose of data.

Note there are other use cases of defer f.Close() that I didn't fix up because the file is only being read from and not written to.

mislav
mislav approved these changes Mar 20, 2023
View reviewed changes
Copy link
Contributor

@mislav mislav left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

so the errors that happen here are most likely to be errors writing that cached data to the file which feel more important than just a standard file closing error.

Good point. In that case I agree about config file write errors being properly handled.

Note that fileStorage.store() error is typically discarded by the caller, so it's not really important to properly handle Close() there. You could still do it for completeness

@samcoe samcoe merged commit 32d3260 into trunk Mar 20, 2023
@samcoe samcoe deleted the defer-write-error-handling branch March 20, 2023 21:31
@samcoe samcoe mentioned this pull request Mar 22, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mislav mislav mislav approved these changes

@vilmibm vilmibm Awaiting requested review from vilmibm

Assignees

@samcoe samcoe

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@samcoe @mislav