Skip to content

fix(lint,gosec): explicitly ignore errors from discarded HTTP request… #5645

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
johanbrandhorst merged 1 commit into from
Jun 10, 2025
Merged

fix(lint,gosec): explicitly ignore errors from discarded HTTP request… #5645

johanbrandhorst merged 1 commit into from
Jun 10, 2025

Conversation

@huin
Copy link
Contributor

@huin huin commented Jun 9, 2025

… body

Without this change, if the generated code uses Gosec, it may flag with a message similar to:

G104 (CWE-703): Errors unhandled (Confidence: HIGH, Severity: LOW)
    77: 	)
  > 78: 	io.Copy(io.Discard, req.Body)
    79: 	if err := req.ParseForm(); err != nil {

Have you read the Contributing Guidelines?

Yes. I have regenerated some files following the instructions.

I did have to inject export GOFLAGS=-buildvcs=false && into the bash command run in the first Docker command to avoid an error.

Brief description of what is fixed or changed

When Gosec is used, the generated code generated a warning G104 due to the implicitly ignored error from io.Copy. This seems relatively harmless (aside from potentially ignoring errors from reading the request body), so making the ignore explicit to placate the security checker.

Other comments

@huin huin marked this pull request as ready for review June 9, 2025 13:00
johanbrandhorst
johanbrandhorst requested changes Jun 9, 2025
View reviewed changes
Copy link
Collaborator

@johanbrandhorst johanbrandhorst left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@huin
fix(lint,gosec): explicitly ignore errors from discarded HTTP request…
711f975 
… body

Without this change, if the generated code uses Gosec, it may flag with
a message similar to:

```
G104 (CWE-703): Errors unhandled (Confidence: HIGH, Severity: LOW)
    77: 	)
  > 78: 	io.Copy(io.Discard, req.Body)
    79: 	if err := req.ParseForm(); err != nil {
```
@huin huin force-pushed the explicitly-ignore-discard-error branch from 2c7e1aa to 711f975 Compare June 10, 2025 07:22
@huin
Copy link
Contributor Author

huin commented Jun 10, 2025

Updated with requested fix.

johanbrandhorst
johanbrandhorst approved these changes Jun 10, 2025
View reviewed changes
Copy link
Collaborator

@johanbrandhorst johanbrandhorst left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@johanbrandhorst johanbrandhorst merged commit 520f7f7 into grpc-ecosystem:main Jun 10, 2025
14 checks passed
@huin
Copy link
Contributor Author

huin commented Jun 11, 2025

Thanks for the review!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@johanbrandhorst johanbrandhorst johanbrandhorst approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@huin @johanbrandhorst