diff --git a/cli/cmd/init.go b/cli/cmd/init.go
index 85d88fbc9fe0905703d5d46964d9726969b04c6e..833af65bd87e62960083fd0c2ede897ce3d83723 100644
--- a/cli/cmd/init.go
+++ b/cli/cmd/init.go
@@ -73,7 +73,10 @@ func init() {
 	rootCmd.AddCommand(initCmd)
 
 	initCmd.Flags().StringVar(&controllerAPIEndpoint, "controller", "gosdn-develop.apps.ocp.fbi.h-da.de:55055", "address of the controller")
-	viper.BindPFlag("controllerAPIEndpoint", initCmd.Flags().Lookup("controller"))
+	err := viper.BindPFlag("controllerAPIEndpoint", initCmd.Flags().Lookup("controller"))
+	if err != nil {
+		fmt.Fprintln(os.Stderr, "Could not bind controllerAPIEndpoint:", err)
+	}
 
 	// Set controller flag as required (possibly not?)
 	//if err := initCmd.MarkFlagRequired("controller"); err != nil {
diff --git a/cli/cmd/prompt.go b/cli/cmd/prompt.go
index 656435f763d7d3636e280b00e7e18f129f8582fd..aa4c341f648583ad76d457b84145cd6efbdcbe0d 100644
--- a/cli/cmd/prompt.go
+++ b/cli/cmd/prompt.go
@@ -86,7 +86,11 @@ func executeFunc(s string) {
 		return
 	}
 	rootCmd.SetArgs(strings.Fields(s))
-	rootCmd.Execute()
+	err := rootCmd.Execute()
+
+	if err != nil {
+		fmt.Fprintln(os.Stderr, "Could not execute:", err)
+	}
 }
 
 func flagVisitor(f *pflag.Flag) {
diff --git a/controller/config/config.go b/controller/config/config.go
index eac7d0e791985a5664d37269ee36b3034263faaf..dab434d61578d4d207fa9ebebde2c0ecbb1392a5 100644
--- a/controller/config/config.go
+++ b/controller/config/config.go
@@ -35,7 +35,11 @@ var LogLevel logrus.Level
 
 // Init gets called on module import
 func Init() {
-	InitializeConfig()
+	err := InitializeConfig()
+	if err != nil {
+		log.Error("failed initialization of module import", err)
+	}
+
 }
 
 // InitializeConfig loads the configuration
diff --git a/controller/northbound/server/core.go b/controller/northbound/server/core.go
index c88be01c021c8b39d01877eb77abcbadb46ba433..ef7c617321924730d26872101cf8771499854b5b 100644
--- a/controller/northbound/server/core.go
+++ b/controller/northbound/server/core.go
@@ -99,7 +99,14 @@ func (s core) DeletePnd(ctx context.Context, request *pb.DeletePndRequest) (*pb.
 	if err != nil {
 		return nil, handleRPCError(labels, err)
 	}
-	pndc.Delete(pndID)
+
+	err = pndc.Delete(pndID)
+	if err != nil {
+		return &pb.DeletePndResponse{
+			Timestamp: time.Now().UnixNano(),
+			Status:    pb.Status_STATUS_ERROR,
+		}, err
+	}
 
 	return &pb.DeletePndResponse{
 		Timestamp: time.Now().UnixNano(),
diff --git a/controller/nucleus/principalNetworkDomain.go b/controller/nucleus/principalNetworkDomain.go
index 5ecd5e57bb26768e7379a35f822891a89d40a558..a4dbf0354200e9b4d2b12fd908d04284b26f1e64 100644
--- a/controller/nucleus/principalNetworkDomain.go
+++ b/controller/nucleus/principalNetworkDomain.go
@@ -7,6 +7,7 @@ import (
 	"io"
 	"os"
 	"path/filepath"
+	"strings"
 	"time"
 
 	"code.fbi.h-da.de/danet/gosdn/controller/metrics"
@@ -620,6 +621,15 @@ func saveGenericClientStreamToFile(t GenericGrpcClient, filename string, id uuid
 	folderName := viper.GetString("plugin-folder")
 	path := filepath.Join(folderName, id.String(), filename)
 
+	// clean path to prevent attackers to get access to to directories elsewhere on the system
+	path = filepath.Clean(path)
+	if !strings.HasPrefix(path, folderName) {
+		return uuid.Nil, &errors.ErrInvalidParameters{
+			Func:  saveGenericClientStreamToFile,
+			Param: path,
+		}
+	}
+
 	// create the directory hierarchy based on the path
 	if err := os.MkdirAll(filepath.Dir(path), 0770); err != nil {
 		return uuid.Nil, err
@@ -629,7 +639,12 @@ func saveGenericClientStreamToFile(t GenericGrpcClient, filename string, id uuid
 	if err != nil {
 		return uuid.Nil, err
 	}
-	defer f.Close()
+
+	defer func() {
+		if err := f.Close(); err != nil {
+			log.Error("error closing file: ", err)
+		}
+	}()
 
 	// receive byte stream
 	for {
@@ -639,11 +654,21 @@ func saveGenericClientStreamToFile(t GenericGrpcClient, filename string, id uuid
 				break
 			}
 			t.CloseSend()
+			closeErr := t.CloseSend()
+			if closeErr != nil {
+				return uuid.Nil, closeErr
+			}
+
 			return uuid.Nil, err
 		}
 		n, err := f.Write(payload.Chunk)
 		if err != nil {
 			t.CloseSend()
+			closeErr := t.CloseSend()
+			if closeErr != nil {
+				return uuid.Nil, closeErr
+			}
+
 			return uuid.Nil, err
 		}
 		log.WithField("n", n).Trace("wrote bytes")
diff --git a/csbi/run.go b/csbi/run.go
index 1e81a75fea66ebe23e649c1ec3a688e69b2d91df..96373dd0218260a11c8580a230dea5c86749ecf2 100644
--- a/csbi/run.go
+++ b/csbi/run.go
@@ -56,7 +56,12 @@ func Run(bindAddr string) {
 		signal.Reset(os.Interrupt)
 		ctx, cancel := context.WithTimeout(context.Background(), time.Minute)
 		defer cancel()
-		stopHttpServer(ctx)
+		err := stopHttpServer(ctx)
+
+		if err != nil {
+			log.WithFields(log.Fields{}).Info(err)
+		}
+
 		o.Shutdown(ctx)
 	}()