diff --git a/pkg/cephfs/cephconf.go b/pkg/cephfs/cephconf.go index d9a0cebbd..d690d7eaa 100644 --- a/pkg/cephfs/cephconf.go +++ b/pkg/cephfs/cephconf.go @@ -39,15 +39,13 @@ const cephKeyring = `[client.{{.UserID}}] key = {{.Key}} ` -// gosec -const cephSecret = `{{.Key}}` +const cephSecret = `{{.Key}}` // #nosec -// gosec const ( cephConfigRoot = "/etc/ceph" cephConfigFileNameFmt = "ceph.share.%s.conf" cephKeyringFileNameFmt = "ceph.share.%s.client.%s.keyring" - cephSecretFileNameFmt = "ceph.share.%s.client.%s.secret" + cephSecretFileNameFmt = "ceph.share.%s.client.%s.secret" // #nosec ) var ( @@ -78,7 +76,7 @@ type cephConfigData struct { } func writeCephTemplate(fileName string, m os.FileMode, t *template.Template, data interface{}) error { - // gosec + // #nosec if err := os.MkdirAll(cephConfigRoot, 0755); err != nil { return err } diff --git a/pkg/cephfs/util.go b/pkg/cephfs/util.go index 44b93cc13..fe5eca6fe 100644 --- a/pkg/cephfs/util.go +++ b/pkg/cephfs/util.go @@ -40,7 +40,7 @@ func makeVolumeID(volName string) volumeID { func execCommand(command string, args ...string) ([]byte, error) { glog.V(4).Infof("cephfs: EXEC %s %s", command, args) - cmd := exec.Command(command, args...) + cmd := exec.Command(command, args...) // #nosec return cmd.CombinedOutput() } diff --git a/pkg/cephfs/volumemounter.go b/pkg/cephfs/volumemounter.go index 58ff48abd..16c2ad27c 100644 --- a/pkg/cephfs/volumemounter.go +++ b/pkg/cephfs/volumemounter.go @@ -36,7 +36,9 @@ var ( // Load available ceph mounters installed on system into availableMounters // Called from driver.go's Run() func loadAvailableMounters() error { + // #nosec fuseMounterProbe := exec.Command("ceph-fuse", "--version") + // #nosec kernelMounterProbe := exec.Command("mount.ceph") if fuseMounterProbe.Run() == nil { diff --git a/pkg/cephfs/volumeoptions.go b/pkg/cephfs/volumeoptions.go index ce59d9c2a..1dbb55122 100644 --- a/pkg/cephfs/volumeoptions.go +++ b/pkg/cephfs/volumeoptions.go @@ -132,8 +132,8 @@ func newVolumeOptions(volOptions, secret map[string]string) (*volumeOptions, err } // This field is optional, don't check for its presence - // nolint: errcheck - // (skip errcheck as this is optional) + // nolint + // (skip errcheck and gosec as this is optional) extractOption(&opts.Mounter, "mounter", volOptions) if err = opts.validate(); err != nil { diff --git a/pkg/rbd/controllerserver.go b/pkg/rbd/controllerserver.go index ab17f4c66..e79cf4258 100644 --- a/pkg/rbd/controllerserver.go +++ b/pkg/rbd/controllerserver.go @@ -55,14 +55,14 @@ var ( // info from metadata store func (cs *ControllerServer) LoadExDataFromMetadataStore() error { vol := &rbdVolume{} - // nolint: errcheck + // nolint cs.MetadataStore.ForAll("csi-rbd-vol-", vol, func(identifier string) error { rbdVolumes[identifier] = vol return nil }) snap := &rbdSnapshot{} - // nolint: errcheck + // nolint cs.MetadataStore.ForAll("csi-rbd-(.*)-snap-", snap, func(identifier string) error { rbdSnapshots[identifier] = snap return nil @@ -104,10 +104,10 @@ func (cs *ControllerServer) CreateVolume(ctx context.Context, req *csi.CreateVol // check for the requested capacity and already allocated capacity if exVol, err := getRBDVolumeByName(req.GetName()); err == nil { // Since err is nil, it means the volume with the same name already exists - // need to check if the size of exisiting volume is the same as in new + // need to check if the size of existing volume is the same as in new // request if exVol.VolSize >= req.GetCapacityRange().GetRequiredBytes() { - // exisiting volume is compatible with new request and should be reused. + // existing volume is compatible with new request and should be reused. // TODO (sbezverk) Do I need to make sure that RBD volume still exists? return &csi.CreateVolumeResponse{ Volume: &csi.Volume{ @@ -145,22 +145,9 @@ func (cs *ControllerServer) CreateVolume(ctx context.Context, req *csi.CreateVol volSizeGB := int(volSizeBytes / 1024 / 1024 / 1024) // Check if there is already RBD image with requested name - found, _, _ := rbdStatus(rbdVol, rbdVol.UserID, req.GetSecrets()) - if !found { - // if VolumeContentSource is not nil, this request is for snapshot - if req.VolumeContentSource != nil { - if err = cs.checkSnapshot(req, rbdVol); err != nil { - return nil, err - } - } else { - err = createRBDImage(rbdVol, volSizeGB, rbdVol.AdminID, req.GetSecrets()) - if err != nil { - glog.Warningf("failed to create volume: %v", err) - return nil, err - } - - glog.V(4).Infof("create volume %s", volName) - } + err = cs.checkrbdStatus(rbdVol, req, volSizeGB) + if err != nil { + return nil, err } if createErr := cs.MetadataStore.Create(volumeID, rbdVol); createErr != nil { glog.Warningf("failed to store volume metadata with error: %v", err) @@ -181,6 +168,28 @@ func (cs *ControllerServer) CreateVolume(ctx context.Context, req *csi.CreateVol }, nil } +func (cs *ControllerServer) checkrbdStatus(rbdVol *rbdVolume, req *csi.CreateVolumeRequest, volSizeGB int) error { + var err error + // Check if there is already RBD image with requested name + found, _, _ := rbdStatus(rbdVol, rbdVol.UserID, req.GetSecrets()) // #nosec + if !found { + // if VolumeContentSource is not nil, this request is for snapshot + if req.VolumeContentSource != nil { + if err = cs.checkSnapshot(req, rbdVol); err != nil { + return err + } + } else { + err = createRBDImage(rbdVol, volSizeGB, rbdVol.AdminID, req.GetSecrets()) + if err != nil { + glog.Warningf("failed to create volume: %v", err) + return err + } + + glog.V(4).Infof("create volume %s", rbdVol.VolName) + } + } + return nil +} func (cs *ControllerServer) checkSnapshot(req *csi.CreateVolumeRequest, rbdVol *rbdVolume) error { snapshot := req.VolumeContentSource.GetSnapshot() if snapshot == nil { @@ -275,19 +284,10 @@ func (cs *ControllerServer) ControllerPublishVolume(ctx context.Context, req *cs // CreateSnapshot creates the snapshot in backend and stores metadata // in store func (cs *ControllerServer) CreateSnapshot(ctx context.Context, req *csi.CreateSnapshotRequest) (*csi.CreateSnapshotResponse, error) { - if err := cs.Driver.ValidateControllerServiceRequest(csi.ControllerServiceCapability_RPC_CREATE_DELETE_SNAPSHOT); err != nil { - glog.Warningf("invalid create snapshot req: %v", req) + + if err := cs.validateSnapshotReq(req); err != nil { return nil, err } - - // Check sanity of request Snapshot Name, Source Volume Id - if len(req.Name) == 0 { - return nil, status.Error(codes.InvalidArgument, "Snapshot Name cannot be empty") - } - if len(req.SourceVolumeId) == 0 { - return nil, status.Error(codes.InvalidArgument, "Source Volume ID cannot be empty") - } - snapshotNameMutex.LockKey(req.GetName()) defer func() { @@ -338,54 +338,16 @@ func (cs *ControllerServer) CreateSnapshot(ctx context.Context, req *csi.CreateS rbdSnap.SourceVolumeID = req.GetSourceVolumeId() rbdSnap.SizeBytes = rbdVolume.VolSize - err = createSnapshot(rbdSnap, rbdSnap.AdminID, req.GetSecrets()) + err = cs.doSnapshot(rbdSnap, req.GetSecrets()) // if we already have the snapshot, return the snapshot if err != nil { - if exitErr, ok := err.(*exec.ExitError); ok { - if status, ok := exitErr.Sys().(syscall.WaitStatus); ok { - if status.ExitStatus() == int(syscall.EEXIST) { - glog.Warningf("Snapshot with the same name: %s, we return this.", req.GetName()) - } else { - glog.Warningf("failed to create snapshot: %v", err) - return nil, err - } - } else { - glog.Warningf("failed to create snapshot: %v", err) - return nil, err - } - } else { - glog.Warningf("failed to create snapshot: %v", err) - return nil, err - } - } else { - glog.V(4).Infof("create snapshot %s", snapName) - err = protectSnapshot(rbdSnap, rbdSnap.AdminID, req.GetSecrets()) - - if err != nil { - err = deleteSnapshot(rbdSnap, rbdSnap.AdminID, req.GetSecrets()) - if err != nil { - return nil, fmt.Errorf("snapshot is created but failed to protect and delete snapshot: %v", err) - } - return nil, fmt.Errorf("Snapshot is created but failed to protect snapshot") - } + return nil, err } rbdSnap.CreatedAt = ptypes.TimestampNow().GetSeconds() - if createErr := cs.MetadataStore.Create(snapshotID, rbdSnap); createErr != nil { - - glog.Warningf("rbd: failed to store snapInfo with error: %v", err) - // Unprotect snapshot - err = unprotectSnapshot(rbdSnap, rbdSnap.AdminID, req.GetSecrets()) - if err != nil { - return nil, status.Errorf(codes.Unknown, "This Snapshot should be removed but failed to unprotect snapshot: %s/%s with error: %v", rbdSnap.Pool, rbdSnap.SnapName, err) - } - // Deleting snapshot - glog.V(4).Infof("deleting Snaphot %s", rbdSnap.SnapName) - if err = deleteSnapshot(rbdSnap, rbdSnap.AdminID, req.GetSecrets()); err != nil { - return nil, status.Errorf(codes.Unknown, "This Snapshot should be removed but failed to delete snapshot: %s/%s with error: %v", rbdSnap.Pool, rbdSnap.SnapName, err) - } - return nil, createErr + if err = cs.storeSnapMetadata(rbdSnap, req.GetSecrets()); err != nil { + return nil, err } rbdSnapshots[snapshotID] = rbdSnap @@ -402,6 +364,75 @@ func (cs *ControllerServer) CreateSnapshot(ctx context.Context, req *csi.CreateS }, nil } +func (cs *ControllerServer) storeSnapMetadata(rbdSnap *rbdSnapshot, secret map[string]string) error { + errCreate := cs.MetadataStore.Create(rbdSnap.SnapID, rbdSnap) + if errCreate != nil { + glog.Warningf("rbd: failed to store snapInfo with error: %v", errCreate) + // Unprotect snapshot + err := unprotectSnapshot(rbdSnap, rbdSnap.AdminID, secret) + if err != nil { + return status.Errorf(codes.Unknown, "This Snapshot should be removed but failed to unprotect snapshot: %s/%s with error: %v", rbdSnap.Pool, rbdSnap.SnapName, err) + } + // Deleting snapshot + glog.V(4).Infof("deleting Snaphot %s", rbdSnap.SnapName) + if err = deleteSnapshot(rbdSnap, rbdSnap.AdminID, secret); err != nil { + return status.Errorf(codes.Unknown, "This Snapshot should be removed but failed to delete snapshot: %s/%s with error: %v", rbdSnap.Pool, rbdSnap.SnapName, err) + } + } + return errCreate +} + +func (cs *ControllerServer) validateSnapshotReq(req *csi.CreateSnapshotRequest) error { + if err := cs.Driver.ValidateControllerServiceRequest(csi.ControllerServiceCapability_RPC_CREATE_DELETE_SNAPSHOT); err != nil { + glog.Warningf("invalid create snapshot req: %v", req) + return err + } + + // Check sanity of request Snapshot Name, Source Volume Id + if len(req.Name) == 0 { + return status.Error(codes.InvalidArgument, "Snapshot Name cannot be empty") + } + if len(req.SourceVolumeId) == 0 { + return status.Error(codes.InvalidArgument, "Source Volume ID cannot be empty") + } + return nil +} + +func (cs *ControllerServer) doSnapshot(rbdSnap *rbdSnapshot, secret map[string]string) error { + err := createSnapshot(rbdSnap, rbdSnap.AdminID, secret) + // if we already have the snapshot, return the snapshot + if err != nil { + if exitErr, ok := err.(*exec.ExitError); ok { + if status, ok := exitErr.Sys().(syscall.WaitStatus); ok { + if status.ExitStatus() == int(syscall.EEXIST) { + glog.Warningf("Snapshot with the same name: %s, we return this.", rbdSnap.SnapName) + } else { + glog.Warningf("failed to create snapshot: %v", err) + return err + } + } else { + glog.Warningf("failed to create snapshot: %v", err) + return err + } + } else { + glog.Warningf("failed to create snapshot: %v", err) + return err + } + } else { + glog.V(4).Infof("create snapshot %s", rbdSnap.SnapName) + err = protectSnapshot(rbdSnap, rbdSnap.AdminID, secret) + + if err != nil { + err = deleteSnapshot(rbdSnap, rbdSnap.AdminID, secret) + if err != nil { + return fmt.Errorf("snapshot is created but failed to protect and delete snapshot: %v", err) + } + return fmt.Errorf("Snapshot is created but failed to protect snapshot") + } + } + return nil +} + // DeleteSnapshot deletes the snapshot in backend and removes the //snapshot metadata from store func (cs *ControllerServer) DeleteSnapshot(ctx context.Context, req *csi.DeleteSnapshotRequest) (*csi.DeleteSnapshotResponse, error) { diff --git a/pkg/rbd/nodeserver.go b/pkg/rbd/nodeserver.go index a54bf7058..632d42a30 100644 --- a/pkg/rbd/nodeserver.go +++ b/pkg/rbd/nodeserver.go @@ -67,47 +67,16 @@ func (ns *NodeServer) NodePublishVolume(ctx context.Context, req *csi.NodePublis } }() - var volName string - isBlock := req.GetVolumeCapability().GetBlock() != nil - - if isBlock { - // Get volName from targetPath - s := strings.Split(targetPath, "/") - volName = s[len(s)-1] - } else { - // Get volName from targetPath - if !strings.HasSuffix(targetPath, "/mount") { - return nil, fmt.Errorf("rbd: malformed the value of target path: %s", targetPath) - } - s := strings.Split(strings.TrimSuffix(targetPath, "/mount"), "/") - volName = s[len(s)-1] + volName, err := ns.getVolumeName(req) + if err != nil { + return nil, err } + isBlock := req.GetVolumeCapability().GetBlock() != nil // Check if that target path exists properly - notMnt, err := ns.mounter.IsNotMountPoint(targetPath) + notMnt, err := ns.createTargetPath(targetPath, isBlock) if err != nil { - if os.IsNotExist(err) { - if isBlock { - // create an empty file - targetPathFile, e := os.OpenFile(targetPath, os.O_CREATE|os.O_RDWR, 0750) - if e != nil { - glog.V(4).Infof("Failed to create targetPath:%s with error: %v", targetPath, err) - return nil, status.Error(codes.Internal, e.Error()) - } - if err = targetPathFile.Close(); err != nil { - glog.V(4).Infof("Failed to close targetPath:%s with error: %v", targetPath, err) - return nil, status.Error(codes.Internal, err.Error()) - } - } else { - // Create a directory - if err = os.MkdirAll(targetPath, 0750); err != nil { - return nil, status.Error(codes.Internal, err.Error()) - } - } - notMnt = true - } else { - return nil, status.Error(codes.Internal, err.Error()) - } + return nil, err } if !notMnt { @@ -125,11 +94,41 @@ func (ns *NodeServer) NodePublishVolume(ctx context.Context, req *csi.NodePublis } glog.V(4).Infof("rbd image: %s/%s was successfully mapped at %s\n", req.GetVolumeId(), volOptions.Pool, devicePath) + // Publish Path + err = ns.mountVolume(req, devicePath) + if err != nil { + return nil, err + } + return &csi.NodePublishVolumeResponse{}, nil +} + +func (ns *NodeServer) getVolumeName(req *csi.NodePublishVolumeRequest) (string, error) { + var volName string + isBlock := req.GetVolumeCapability().GetBlock() != nil + targetPath := req.GetTargetPath() + if isBlock { + // Get volName from targetPath + s := strings.Split(targetPath, "/") + volName = s[len(s)-1] + } else { + // Get volName from targetPath + if !strings.HasSuffix(targetPath, "/mount") { + return "", fmt.Errorf("rbd: malformed the value of target path: %s", targetPath) + } + s := strings.Split(strings.TrimSuffix(targetPath, "/mount"), "/") + volName = s[len(s)-1] + } + return volName, nil +} + +func (ns *NodeServer) mountVolume(req *csi.NodePublishVolumeRequest, devicePath string) error { // Publish Path fsType := req.GetVolumeCapability().GetMount().GetFsType() readOnly := req.GetReadonly() attrib := req.GetVolumeContext() mountFlags := req.GetVolumeCapability().GetMount().GetMountFlags() + isBlock := req.GetVolumeCapability().GetBlock() != nil + targetPath := req.GetTargetPath() glog.V(4).Infof("target %v\nisBlock %v\nfstype %v\ndevice %v\nreadonly %v\nattributes %v\n mountflags %v\n", targetPath, isBlock, fsType, devicePath, readOnly, attrib, mountFlags) @@ -138,7 +137,7 @@ func (ns *NodeServer) NodePublishVolume(ctx context.Context, req *csi.NodePublis if isBlock { options := []string{"bind"} if err := diskMounter.Mount(devicePath, targetPath, fsType, options); err != nil { - return nil, err + return err } } else { options := []string{} @@ -147,11 +146,42 @@ func (ns *NodeServer) NodePublishVolume(ctx context.Context, req *csi.NodePublis } if err := diskMounter.FormatAndMount(devicePath, targetPath, fsType, options); err != nil { - return nil, err + return err } } + return nil +} + +func (ns *NodeServer) createTargetPath(targetPath string, isBlock bool) (bool, error) { + // Check if that target path exists properly + notMnt, err := ns.mounter.IsNotMountPoint(targetPath) + if err != nil { + if os.IsNotExist(err) { + if isBlock { + // create an empty file + // #nosec + targetPathFile, e := os.OpenFile(targetPath, os.O_CREATE|os.O_RDWR, 0750) + if e != nil { + glog.V(4).Infof("Failed to create targetPath:%s with error: %v", targetPath, err) + return notMnt, status.Error(codes.Internal, e.Error()) + } + if err = targetPathFile.Close(); err != nil { + glog.V(4).Infof("Failed to close targetPath:%s with error: %v", targetPath, err) + return notMnt, status.Error(codes.Internal, err.Error()) + } + } else { + // Create a directory + if err = os.MkdirAll(targetPath, 0750); err != nil { + return notMnt, status.Error(codes.Internal, err.Error()) + } + } + notMnt = true + } else { + return false, status.Error(codes.Internal, err.Error()) + } + } + return notMnt, err - return &csi.NodePublishVolumeResponse{}, nil } // NodeUnpublishVolume unmounts the volume from the target path @@ -230,6 +260,7 @@ func (ns *NodeServer) NodeUnpublishVolume(ctx context.Context, req *csi.NodeUnpu } func resolveBindMountedBlockDevice(mountPath string) (string, error) { + // #nosec cmd := exec.Command("findmnt", "-n", "-o", "SOURCE", "--first-only", "--target", mountPath) out, err := cmd.CombinedOutput() if err != nil { @@ -244,7 +275,7 @@ func parseFindMntResolveSource(out string) (string, error) { // cut trailing newline out = strings.TrimSuffix(out, "\n") // Check if out is a mounted device - reMnt := regexp.MustCompile("^(/[^/]+(?:/[^/]*)*)$") + reMnt := regexp.MustCompile(`^(/[^/]+(?:/[^/]*)*)$`) if match := reMnt.FindStringSubmatch(out); match != nil { return match[1], nil } diff --git a/pkg/rbd/rbd_attach.go b/pkg/rbd/rbd_attach.go index 1cca3f8b7..6a6505266 100644 --- a/pkg/rbd/rbd_attach.go +++ b/pkg/rbd/rbd_attach.go @@ -61,6 +61,7 @@ func getRbdDevFromImageAndPool(pool string, image string) (string, bool) { name := f.Name() // First match pool, then match name. poolFile := path.Join(sysPath, name, "pool") + // #nosec poolBytes, err := ioutil.ReadFile(poolFile) if err != nil { glog.V(4).Infof("error reading %s: %v", poolFile, err) @@ -71,6 +72,7 @@ func getRbdDevFromImageAndPool(pool string, image string) (string, bool) { continue } imgFile := path.Join(sysPath, name, "name") + // #nosec imgBytes, err := ioutil.ReadFile(imgFile) if err != nil { glog.V(4).Infof("error reading %s: %v", imgFile, err) @@ -140,12 +142,14 @@ func getNbdDevFromImageAndPool(pool string, image string) (string, bool) { glog.V(4).Infof("error reading nbd info directory %s: %v", nbdPath, err) continue } + // #nosec pidBytes, err := ioutil.ReadFile(path.Join(nbdPath, "pid")) if err != nil { glog.V(5).Infof("did not find valid pid file in dir %s: %v", nbdPath, err) continue } cmdlineFileName := path.Join(hostRootFS, "/proc", strings.TrimSpace(string(pidBytes)), "cmdline") + // #nosec rawCmdline, err := ioutil.ReadFile(cmdlineFileName) if err != nil { glog.V(4).Infof("failed to read cmdline file %s: %v", cmdlineFileName, err) @@ -246,22 +250,11 @@ func attachRBDImage(volOptions *rbdVolume, userID string, credentials map[string Factor: rbdImageWatcherFactor, Steps: rbdImageWatcherSteps, } - err := wait.ExponentialBackoff(backoff, func() (bool, error) { - used, rbdOutput, err := rbdStatus(volOptions, userID, credentials) - if err != nil { - return false, fmt.Errorf("fail to check rbd image status with: (%v), rbd output: (%s)", err, rbdOutput) - } - return !used, nil - }) - // return error if rbd image has not become available for the specified timeout - if err == wait.ErrWaitTimeout { - return "", fmt.Errorf("rbd image %s is still being used", imagePath) - } - // return error if any other errors were encountered during wating for the image to become available + err := waitForrbdImage(backoff, volOptions, userID, credentials) + if err != nil { return "", err } - mon, err := getMon(volOptions, credentials) if err != nil { return "", err @@ -287,6 +280,25 @@ func attachRBDImage(volOptions *rbdVolume, userID string, credentials map[string return devicePath, nil } +func waitForrbdImage(backoff wait.Backoff, volOptions *rbdVolume, userID string, credentials map[string]string) error { + image := volOptions.VolName + imagePath := fmt.Sprintf("%s/%s", volOptions.Pool, image) + + err := wait.ExponentialBackoff(backoff, func() (bool, error) { + used, rbdOutput, err := rbdStatus(volOptions, userID, credentials) + if err != nil { + return false, fmt.Errorf("fail to check rbd image status with: (%v), rbd output: (%s)", err, rbdOutput) + } + return !used, nil + }) + // return error if rbd image has not become available for the specified timeout + if err == wait.ErrWaitTimeout { + return fmt.Errorf("rbd image %s is still being used", imagePath) + } + // return error if any other errors were encountered during waiting for the image to become available + return err +} + func detachRBDDevice(devicePath string) error { var err error var output []byte diff --git a/pkg/rbd/rbd_util.go b/pkg/rbd/rbd_util.go index abff869d8..b2583f7a2 100644 --- a/pkg/rbd/rbd_util.go +++ b/pkg/rbd/rbd_util.go @@ -145,7 +145,7 @@ func createRBDImage(pOpts *rbdVolume, volSz int, adminID string, credentials map } // rbdStatus checks if there is watcher on the image. -// It returns true if there is a watcher onthe image, otherwise returns false. +// It returns true if there is a watcher on the image, otherwise returns false. func rbdStatus(pOpts *rbdVolume, userID string, credentials map[string]string) (bool, string, error) { var output string var cmd []byte @@ -221,6 +221,7 @@ func deleteRBDImage(pOpts *rbdVolume, adminID string, credentials map[string]str } func execCommand(command string, args []string) ([]byte, error) { + // #nosec cmd := exec.Command(command, args...) return cmd.CombinedOutput() } diff --git a/pkg/util/nodecache.go b/pkg/util/nodecache.go index f4a1c566f..e32c77513 100644 --- a/pkg/util/nodecache.go +++ b/pkg/util/nodecache.go @@ -40,6 +40,7 @@ var cacheDir = "controller" func (nc *NodeCache) EnsureCacheDirectory(cacheDir string) error { fullPath := path.Join(nc.BasePath, cacheDir) if _, err := os.Stat(fullPath); os.IsNotExist(err) { + // #nosec if err := os.Mkdir(fullPath, 0755); err != nil { return errors.Wrapf(err, "node-cache: failed to create %s folder with error: %v", fullPath, err) } @@ -66,6 +67,7 @@ func (nc *NodeCache) ForAll(pattern string, destObj interface{}, f ForAllFunc) e if !strings.HasSuffix(file.Name(), ".json") { continue } + // #nosec fp, err := os.Open(path.Join(nc.BasePath, cacheDir, file.Name())) if err != nil { glog.Infof("node-cache: open file: %s err %v", file.Name(), err) @@ -111,6 +113,7 @@ func (nc *NodeCache) Create(identifier string, data interface{}) error { // Get retrieves the metadata from cache directory with identifier name func (nc *NodeCache) Get(identifier string, data interface{}) error { file := path.Join(nc.BasePath, cacheDir, identifier+".json") + // #nosec fp, err := os.Open(file) if err != nil { return errors.Wrapf(err, "node-cache: open error for %s", file)