Giters

HACKERALERT / Picocrypt

A very small, very simple, yet very secure encryption tool.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

suggestion for imrpovement

pilinux opened this issue · comments

commented

Perhaps you can check and handle the errors (when not equals to nil) returned from different functions? Thanks.

Picocrypt.go:449:17: Error return value of `rand.Read` is not checked (errcheck)
							rand.Read(data)

Picocrypt.go:861:13: Error return value of `fin.Read` is not checked (errcheck)
				fin.Read(tmp)

Picocrypt.go:871:14: Error return value of `fin.Read` is not checked (errcheck)
					fin.Read(tmp)

Picocrypt.go:876:15: Error return value of `fin.Read` is not checked (errcheck)
						fin.Read(tmp)

Picocrypt.go:974:17: Error return value of `filepath.Walk` is not checked (errcheck)
			filepath.Walk(name, func(path string, _ os.FileInfo, _ error) error {

Picocrypt.go:1215:14: Error return value of `fout.Write` is not checked (errcheck)
			fout.Write(dst)

Picocrypt.go:1348:12: Error return value of `rand.Read` is not checked (errcheck)
		rand.Read(salt)

Picocrypt.go:1349:12: Error return value of `rand.Read` is not checked (errcheck)
		rand.Read(hkdfSalt)

Picocrypt.go:1636:11: Error return value of `hkdf.Read` is not checked (errcheck)
	hkdf.Read(subkey)

Picocrypt.go:1645:11: Error return value of `hkdf.Read` is not checked (errcheck)
	hkdf.Read(serpentKey)

Picocrypt.go:1815:13: Error return value of `hkdf.Read` is not checked (errcheck)
			hkdf.Read(nonce)

Picocrypt.go:1837:12: Error return value of `fout.Seek` is not checked (errcheck)
		fout.Seek(int64(309+len(comments)*3), 0)

Picocrypt.go:1838:13: Error return value of `fout.Write` is not checked (errcheck)
		fout.Write(rsEncode(rs64, keyHash))

Picocrypt.go:1839:13: Error return value of `fout.Write` is not checked (errcheck)
		fout.Write(rsEncode(rs32, keyfileHash))

Picocrypt.go:1879:12: Error return value of `os.Rename` is not checked (errcheck)
		os.Rename(fout.Name(), fout.Name()+".tmp")

Picocrypt.go:2200:11: Error return value of `rs.Encode` is not checked (errcheck)
	rs.Encode(data, func(s infectious.Share) {

Picocrypt.go:795:4: ineffectual assignment to folders (ineffassign)
			folders++

Picocrypt.go:803:4: ineffectual assignment to files (ineffassign)
			files++
commented

Out of curiousity, what command did you use to get this?

These potential errors don't need to be checked because they've already been checked above or are basically a guaranteed success. For example:

Picocrypt.go:449:17: Error return value of `rand.Read` is not checked (errcheck)

It's safe to assume that crypto/rand will produce things correctly.

Picocrypt.go:861:13: Error return value of `fin.Read` is not checked (errcheck)

There's already a check on L851 when opening a file. If the file can be opened, it can generally be read without issues.

And so on. Sure, these are "real" errors that can be checked, but it's diminishing returns in terms of code cleanliness.