169 Handling of some vulnerablities after mono

See merge request !259

cli/cmd/init.go

@@ -73,7 +73,10 @@ func init() {
 	rootCmd.AddCommand(initCmd)
 
 	initCmd.Flags().StringVar(&controllerAPIEndpoint, "controller", "gosdn-develop.apps.ocp.fbi.h-da.de:55055", "address of the controller")
-	viper.BindPFlag("controllerAPIEndpoint", initCmd.Flags().Lookup("controller"))
+	err := viper.BindPFlag("controllerAPIEndpoint", initCmd.Flags().Lookup("controller"))
+	if err != nil {
+		fmt.Fprintln(os.Stderr, "Could not bind controllerAPIEndpoint:", err)
+	}
 
 	// Set controller flag as required (possibly not?)
 	//if err := initCmd.MarkFlagRequired("controller"); err != nil {

cli/cmd/prompt.go

@@ -86,7 +86,11 @@ func executeFunc(s string) {
 		return
 	}
 	rootCmd.SetArgs(strings.Fields(s))
-	rootCmd.Execute()
+	err := rootCmd.Execute()
+
+	if err != nil {
+		fmt.Fprintln(os.Stderr, "Could not execute:", err)
+	}
 }
 
 func flagVisitor(f *pflag.Flag) {

controller/config/config.go

@@ -35,7 +35,11 @@ var LogLevel logrus.Level
 
 // Init gets called on module import
 func Init() {
-	InitializeConfig()
+	err := InitializeConfig()
+	if err != nil {
+		log.Error("failed initialization of module import", err)
+	}
+
 }
 
 // InitializeConfig loads the configuration

controller/northbound/server/core.go

@@ -99,7 +99,14 @@ func (s core) DeletePnd(ctx context.Context, request *pb.DeletePndRequest) (*pb.
 	if err != nil {
 		return nil, handleRPCError(labels, err)
 	}
-	pndc.Delete(pndID)
+
+	err = pndc.Delete(pndID)
+	if err != nil {
+		return &pb.DeletePndResponse{
+			Timestamp: time.Now().UnixNano(),
+			Status:    pb.Status_STATUS_ERROR,
+		}, err
+	}
 
 	return &pb.DeletePndResponse{
 		Timestamp: time.Now().UnixNano(),

controller/nucleus/principalNetworkDomain.go

@@ -7,6 +7,7 @@ import (
 	"io"
 	"os"
 	"path/filepath"
+	"strings"
 	"time"
 
 	"code.fbi.h-da.de/danet/gosdn/controller/metrics"
@@ -620,6 +621,15 @@ func saveGenericClientStreamToFile(t GenericGrpcClient, filename string, id uuid
 	folderName := viper.GetString("plugin-folder")
 	path := filepath.Join(folderName, id.String(), filename)
 
+	// clean path to prevent attackers to get access to to directories elsewhere on the system
+	path = filepath.Clean(path)
+	if !strings.HasPrefix(path, folderName) {
+		return uuid.Nil, &errors.ErrInvalidParameters{
+			Func:  saveGenericClientStreamToFile,
+			Param: path,
+		}
+	}
+
 	// create the directory hierarchy based on the path
 	if err := os.MkdirAll(filepath.Dir(path), 0770); err != nil {
 		return uuid.Nil, err
@@ -629,7 +639,12 @@ func saveGenericClientStreamToFile(t GenericGrpcClient, filename string, id uuid
 	if err != nil {
 		return uuid.Nil, err
 	}
-	defer f.Close()
+
+	defer func() {
+		if err := f.Close(); err != nil {
+			log.Error("error closing file: ", err)
+		}
+	}()
 
 	// receive byte stream
 	for {
@@ -639,11 +654,21 @@ func saveGenericClientStreamToFile(t GenericGrpcClient, filename string, id uuid
 				break
 			}
 			t.CloseSend()
+			closeErr := t.CloseSend()
+			if closeErr != nil {
+				return uuid.Nil, closeErr
+			}
+
 			return uuid.Nil, err
 		}
 		n, err := f.Write(payload.Chunk)
 		if err != nil {
 			t.CloseSend()
+			closeErr := t.CloseSend()
+			if closeErr != nil {
+				return uuid.Nil, closeErr
+			}
+
 			return uuid.Nil, err
 		}
 		log.WithField("n", n).Trace("wrote bytes")

csbi/run.go

@@ -56,7 +56,12 @@ func Run(bindAddr string) {
 		signal.Reset(os.Interrupt)
 		ctx, cancel := context.WithTimeout(context.Background(), time.Minute)
 		defer cancel()
-		stopHttpServer(ctx)
+		err := stopHttpServer(ctx)
+
+		if err != nil {
+			log.WithFields(log.Fields{}).Info(err)
+		}
+
 		o.Shutdown(ctx)
 	}()