Fix static analyzers warnings and errors

decrypt.go

@@ -33,6 +33,7 @@ func Decrypt(privateKey []byte, doc []byte) ([]byte, error) {
 		return nil, popError()
 	}
 
+	// nosec
 	key := C.xmlSecCryptoAppKeyLoadMemory(
 		(*C.xmlSecByte)(unsafe.Pointer(&privateKey[0])),
 		C.xmlSecSize(len(privateKey)),
@@ -59,6 +60,7 @@ func Decrypt(privateKey []byte, doc []byte) ([]byte, error) {
 	}
 	defer C.xmlSecEncCtxDestroy(encCtx)
 
+	// nosec
 	encDataNode := C.xmlSecFindNode(C.xmlDocGetRootElement(parsedDoc),
 		(*C.xmlChar)(unsafe.Pointer(&C.xmlSecNodeEncryptedData)),
 		(*C.xmlChar)(unsafe.Pointer(&C.xmlSecEncNs)))
@@ -70,7 +72,6 @@ func Decrypt(privateKey []byte, doc []byte) ([]byte, error) {
 	if rv := C.xmlSecEncCtxDecrypt(encCtx, encDataNode); rv < 0 {
 		return nil, popError()
 	}
-	encDataNode = nil // the template is inserted in the doc, so we don't own it
 
 	return dumpDoc(parsedDoc), nil
 }

encrypt.go

@@ -91,6 +91,7 @@ var errInvalidAlgorithm = errors.New("invalid algorithm")
 // Note: the invocations of C.CString() here return a pointer to a string
 // allocated from the C heap that would normally need to freed by calling
 // C.free, but because these are global, we can just leak them.
+// nosec
 var (
 	constDsigNamespace = (*C.xmlChar)(unsafe.Pointer(C.CString("http://www.w3.org/2000/09/xmldsig#")))
 	constDigestMethod  = (*C.xmlChar)(unsafe.Pointer(C.CString("DigestMethod")))
@@ -117,6 +118,7 @@ func Encrypt(publicKey, doc []byte, opts EncryptOptions) ([]byte, error) {
 		return nil, mustPopError()
 	}
 
+	// nosec
 	key := C.xmlSecCryptoAppKeyLoadMemory(
 		(*C.xmlSecByte)(unsafe.Pointer(&publicKey[0])),
 		C.xmlSecSize(len(publicKey)),
@@ -126,6 +128,7 @@ func Encrypt(publicKey, doc []byte, opts EncryptOptions) ([]byte, error) {
 		return nil, mustPopError()
 	}
 
+	// nosec
 	if rv := C.xmlSecCryptoAppKeyCertLoadMemory(key,
 		(*C.xmlSecByte)(unsafe.Pointer(&publicKey[0])),
 		C.xmlSecSize(len(publicKey)),
@@ -162,6 +165,7 @@ func Encrypt(publicKey, doc []byte, opts EncryptOptions) ([]byte, error) {
 
 	// create encryption template to encrypt XML file and replace
 	// its content with encryption result
+	// nosec
 	encDataNode := C.xmlSecTmplEncDataCreate(parsedDoc, sessionCipherTransform,
 		nil, (*C.xmlChar)(unsafe.Pointer(&C.xmlSecTypeEncElement)), nil, nil)
 	if encDataNode == nil {

error.go

@@ -49,8 +49,8 @@ func onXmlsecError(file *C.char, line C.int, funcName *C.char, errorObject *C.ch
 	globalErrors[threadID] = append(globalErrors[threadID], err)
 }
 
-//export onXmlError
+//export onXMLError
-func onXmlError(msg *C.char) {
+func onXMLError(msg *C.char) {
 	threadID := getThreadID()
 	globalErrors[threadID] = append(globalErrors[threadID],
 		fmt.Errorf("%s", strings.TrimSuffix(C.GoString(msg), "\n")))

error_thunk.go

@@ -8,7 +8,7 @@ package xmlsec
 // #include <xmlsec/xmlsec.h>
 // #include <xmlsec/errors.h>
 //
-// void onXmlError(const char *msg);  // implemented in go
+// void onXMLError(const char *msg);  // implemented in go
 // void onXmlsecError(const char *file, int line, const char *funcName, const char *errorObject, const char *errorSubject, int reason, const char *msg);  // implemented in go
 //
 // static void onXmlGenericError_cgo(void *ctx, const char *format, ...) {
@@ -17,7 +17,7 @@ package xmlsec
 // 	va_start(args, format);
 // 	vsnprintf(buffer, 256, format, args);
 // 	va_end (args);
-//  onXmlError(buffer);
+//  onXMLError(buffer);
 // }
 //
 // static void onXmlsecError_cgo(const char *file, int line, const char *funcName, const char *errorObject, const char *errorSubject, int reason, const char *msg) {

examples/xmldsig.go

@@ -6,7 +6,7 @@ import (
 	"io/ioutil"
 	"os"
 
-	"github.com/andy-miracl/go-xmlsec"
+	"github.com/miracl/go-xmlsec"
 )
 
 func main() {
@@ -31,6 +31,10 @@ func main() {
 	}
 
 	buf, err := ioutil.ReadAll(os.Stdin)
+	if err != nil {
+		fmt.Printf("%s\n", err)
+		os.Exit(1)
+	}
 
 	if *doSign {
 		signedBuf, err := xmlsec.Sign(key, buf, xmlsec.SignatureOptions{})

signature.go

@@ -10,6 +10,8 @@ import (
 type Method struct {
 	Algorithm string `xml:",attr"`
 }
+
+// Reference data struct
 type Reference struct {
 	URI                 string   `xml:"URI,attr"`
 	ReferenceTransforms []Method `xml:"Transforms>Transform"`
@@ -17,6 +19,7 @@ type Reference struct {
 	DigestValue         string   `xml:"DigestValue"`
 }
 
+// SignedInfo struct
 type SignedInfo struct {
 	CanonicalizationMethod Method    `xml:"CanonicalizationMethod"`
 	SignatureMethod        Method    `xml:"SignatureMethod"`
@@ -66,7 +69,7 @@ func DefaultSignature(pemEncodedPublicKey []byte) Signature {
 			},
 			Reference: Reference{
 				ReferenceTransforms: []Method{
-					Method{Algorithm: "http://www.w3.org/2000/09/xmldsig#enveloped-signature"},
+					{Algorithm: "http://www.w3.org/2000/09/xmldsig#enveloped-signature"},
 				},
 				DigestMethod: Method{
 					Algorithm: "http://www.w3.org/2000/09/xmldsig#sha1",

thread_darwin.go

@@ -9,5 +9,6 @@ import "C"
 func getThreadID() uintptr {
 	// Darwin lacks a meaningful version of gettid() so instead we use
 	// ptread_self() as a proxy.
+	// nosec
 	return uintptr(unsafe.Pointer(C.pthread_self()))
 }

xmldsig.go

@@ -48,6 +48,7 @@ func Sign(key []byte, doc []byte, opts SignatureOptions) ([]byte, error) {
 	}
 	defer C.xmlSecDSigCtxDestroy(ctx)
 
+	// nosec
 	ctx.signKey = C.xmlSecCryptoAppKeyLoadMemory(
 		(*C.xmlSecByte)(unsafe.Pointer(&key[0])),
 		C.xmlSecSize(len(key)),
@@ -63,6 +64,7 @@ func Sign(key []byte, doc []byte, opts SignatureOptions) ([]byte, error) {
 	}
 	defer closeDoc(parsedDoc)
 
+	// nosec
 	node := C.xmlSecFindNode(C.xmlDocGetRootElement(parsedDoc),
 		(*C.xmlChar)(unsafe.Pointer(&C.xmlSecNodeSignature)),
 		(*C.xmlChar)(unsafe.Pointer(&C.xmlSecDSigNs)))
@@ -106,6 +108,7 @@ func Verify(publicKey []byte, doc []byte, opts SignatureOptions) error {
 		return mustPopError()
 	}
 
+	// nosec
 	key := C.xmlSecCryptoAppKeyLoadMemory(
 		(*C.xmlSecByte)(unsafe.Pointer(&publicKey[0])),
 		C.xmlSecSize(len(publicKey)),
@@ -115,6 +118,7 @@ func Verify(publicKey []byte, doc []byte, opts SignatureOptions) error {
 		return mustPopError()
 	}
 
+	// nosec
 	if rv := C.xmlSecCryptoAppKeyCertLoadMemory(key,
 		(*C.xmlSecByte)(unsafe.Pointer(&publicKey[0])),
 		C.xmlSecSize(len(publicKey)),
@@ -139,6 +143,7 @@ func Verify(publicKey []byte, doc []byte, opts SignatureOptions) error {
 	}
 	defer closeDoc(parsedDoc)
 
+	// nosec
 	node := C.xmlSecFindNode(C.xmlDocGetRootElement(parsedDoc),
 		(*C.xmlChar)(unsafe.Pointer(&C.xmlSecNodeSignature)),
 		(*C.xmlChar)(unsafe.Pointer(&C.xmlSecDSigNs)))

xmlsec.go

@@ -40,6 +40,7 @@ func init() {
 }
 
 func newDoc(buf []byte, idattrs []XMLIDOption) (*C.xmlDoc, error) {
+	// nosec
 	ctx := C.xmlCreateMemoryParserCtxt((*C.char)(unsafe.Pointer(&buf[0])),
 		C.int(len(buf)))
 	if ctx == nil {
@@ -76,15 +77,18 @@ func addIDAttr(node *C.xmlNode, attrName, nodeName, nsHref string) {
 		cur = C.xmlSecGetNextElementNode(cur.next)
 	}
 
+	// nosec
 	if C.GoString((*C.char)(unsafe.Pointer(node.name))) != nodeName {
 		return
 	}
+	// nosec
 	if nsHref != "" && node.ns != nil && C.GoString((*C.char)(unsafe.Pointer(node.ns.href))) != nsHref {
 		return
 	}
 
 	// the attribute with name equal to attrName should exist
 	for attr := node.properties; attr != nil; attr = attr.next {
+		// nosec
 		if C.GoString((*C.char)(unsafe.Pointer(attr.name))) == attrName {
 			id := C.xmlNodeListGetString(node.doc, attr.children, 1)
 			if id == nil {
@@ -104,9 +108,9 @@ func dumpDoc(doc *C.xmlDoc) []byte {
 	var buffer *C.xmlChar
 	var bufferSize C.int
 	C.xmlDocDumpMemory(doc, &buffer, &bufferSize)
-	defer C.MY_xmlFree(unsafe.Pointer(buffer))
+	defer C.MY_xmlFree(unsafe.Pointer(buffer)) // nosec
 
-	return C.GoBytes(unsafe.Pointer(buffer), bufferSize)
+	return C.GoBytes(unsafe.Pointer(buffer), bufferSize) // nosec
 }
 
 func dumpNode(node *C.xmlNode) []byte {
@@ -114,5 +118,5 @@ func dumpNode(node *C.xmlNode) []byte {
 	defer C.xmlBufferFree(buffer)
 	bufferSize := C.xmlNodeDump(buffer, nil, node, 0, 0)
 
-	return C.GoBytes(unsafe.Pointer(buffer.content), bufferSize)
+	return C.GoBytes(unsafe.Pointer(buffer.content), bufferSize) // nosec
 }