go-errorlint icon indicating copy to clipboard operation
go-errorlint copied to clipboard

Published 20 hours ago verified publisher icon polyfloyd

io.ReadCloser io.EOF seems to be should also be whitelisted

Open psydvl opened this issue 1 year ago • 3 comments

However, this can be solved somehow with the whitelisting that follows interface embedding

Example:

func Magic(rc io.ReadCloser) {
	a := make([]byte, 10)
	_, err := rc.Read(a)
	if err != nil && err != io.EOF {
		fmt.Println(err)
		return
	}
	fmt.Println(a)
}

type MyReader interface{
	io.Reader
}

func MyMagic(rc MyReader) {
	a := make([]byte, 10)
	_, err := rc.Read(a)
	if err != nil && err != io.EOF {
		fmt.Println(err)
		return
	}
	fmt.Println(a)
}

Both raise comparing with != will fail on wrapped errors. Use errors.Is to check for a specific error

psydvl avatar Jan 25 '24 16:01 psydvl

Thanks for reporting this! I allowed io.EOF from (io.ReadCloser).Read.

The second example is a bit trickier as the allow-list works based on the name of the type. And since MyReader is a custom type it is not known by the allow-list. A solution would involve checking whether the source function implements one of the allowed interfaces, but I have not attempted that yet.

polyfloyd avatar Jan 25 '24 19:01 polyfloyd

Should we also expect same behavior for next types?

  • json.Decoder{}.Decode()
  • csv.Reader{}.Read() ReadAll()
  • mime/multipart.Reader{}.NextPart()

https://github.com/search?q=repo%3Agolang%2Fgo+%22func+Example%22+%22%3D%3D+io.EOF%22&type=code

psydvl avatar Jan 31 '24 18:01 psydvl

Yes, any function in the standard library that returns io.EOF is ok to allow

polyfloyd avatar Jan 31 '24 22:01 polyfloyd

Fixed in d1fbedb7e97b9da420a6e9ad88f9afdeb48f09ee

polyfloyd avatar May 30 '24 10:05 polyfloyd