Details
-
Bug
-
Resolution: Done
-
Undefined
-
openshift-4.12.z
-
None
Description
Description of problem:
Severity: Low
In ./pkg/util/cert.go:
func GenCerts(...) error {
var err error
if rootCA == nil || rootKey == nil {
return err
}
os.MkdirAll(dir, 0700)
certBuff, keyBuff, err := GenCertsBuff(common, svcName)
if err != nil {
return err
}
certPath := filepath.Join(dir, certFilename)
keyPath := filepath.Join(dir, keyFilename)
ioutil.WriteFile(certPath, certBuff, 0644)
ioutil.WriteFile(keyPath, keyBuff, 0644)
return err
}
It must be noted that:
Mode 0644 is unneeded here for 'keyPath' – 0400 is sufficient.
The calls to ioutil.Writefile() and os.MkdirAll() lack error handling.
The ioutil package is deprecated as of Go 1.16 and is replaced by os / io.
Reference(s):
https://pkg.go.dev/io
https://pkg.go.dev/os
Version-Release number of selected component (if applicable):
How reproducible:
Steps to Reproduce:
1. 2. 3.
Actual results:
Expected results:
Additional info: