DeineAgenturUG/go-xmlsec
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix static analyzers warnings and errors

Browse Source
This commit is contained in:
Nicola Asuni
2016-11-14 11:56:53 +00:00
parent 616b150bbc
commit 2bb9d29926
9 changed files with 32 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
decrypt.go
View File

@@ -33,6 +33,7 @@ func Decrypt(privateKey []byte, doc []byte) ([]byte, error) {
return nil, popError()
}
// nosec
key := C.xmlSecCryptoAppKeyLoadMemory(
(*C.xmlSecByte)(unsafe.Pointer(&privateKey[0])),
C.xmlSecSize(len(privateKey)),
@@ -59,6 +60,7 @@ func Decrypt(privateKey []byte, doc []byte) ([]byte, error) {
}
defer C.xmlSecEncCtxDestroy(encCtx)
// nosec
encDataNode := C.xmlSecFindNode(C.xmlDocGetRootElement(parsedDoc),
(*C.xmlChar)(unsafe.Pointer(&C.xmlSecNodeEncryptedData)),
(*C.xmlChar)(unsafe.Pointer(&C.xmlSecEncNs)))
@@ -70,7 +72,6 @@ func Decrypt(privateKey []byte, doc []byte) ([]byte, error) {
if rv := C.xmlSecEncCtxDecrypt(encCtx, encDataNode); rv < 0 {
return nil, popError()
}
encDataNode = nil // the template is inserted in the doc, so we don't own it
return dumpDoc(parsedDoc), nil
}

4
encrypt.go
View File

@@ -91,6 +91,7 @@ var errInvalidAlgorithm = errors.New("invalid algorithm")
// Note: the invocations of C.CString() here return a pointer to a string
// allocated from the C heap that would normally need to freed by calling
// C.free, but because these are global, we can just leak them.
// nosec
var (
constDsigNamespace = (*C.xmlChar)(unsafe.Pointer(C.CString("http://www.w3.org/2000/09/xmldsig#")))
constDigestMethod = (*C.xmlChar)(unsafe.Pointer(C.CString("DigestMethod")))
@@ -117,6 +118,7 @@ func Encrypt(publicKey, doc []byte, opts EncryptOptions) ([]byte, error) {
return nil, mustPopError()
}
// nosec
key := C.xmlSecCryptoAppKeyLoadMemory(
(*C.xmlSecByte)(unsafe.Pointer(&publicKey[0])),
C.xmlSecSize(len(publicKey)),
@@ -126,6 +128,7 @@ func Encrypt(publicKey, doc []byte, opts EncryptOptions) ([]byte, error) {
return nil, mustPopError()
}
// nosec
if rv := C.xmlSecCryptoAppKeyCertLoadMemory(key,
(*C.xmlSecByte)(unsafe.Pointer(&publicKey[0])),
C.xmlSecSize(len(publicKey)),
@@ -162,6 +165,7 @@ func Encrypt(publicKey, doc []byte, opts EncryptOptions) ([]byte, error) {
// create encryption template to encrypt XML file and replace
// its content with encryption result
// nosec
encDataNode := C.xmlSecTmplEncDataCreate(parsedDoc, sessionCipherTransform,
nil, (*C.xmlChar)(unsafe.Pointer(&C.xmlSecTypeEncElement)), nil, nil)
if encDataNode == nil {

4
error.go
View File

@@ -49,8 +49,8 @@ func onXmlsecError(file *C.char, line C.int, funcName *C.char, errorObject *C.ch
globalErrors[threadID] = append(globalErrors[threadID], err)
}
//export onXmlError
func onXmlError(msg *C.char) {
//export onXMLError
func onXMLError(msg *C.char) {
threadID := getThreadID()
globalErrors[threadID] = append(globalErrors[threadID],
fmt.Errorf("%s", strings.TrimSuffix(C.GoString(msg), "\n")))

4
error_thunk.go
View File

@@ -8,7 +8,7 @@ package xmlsec
// #include <xmlsec/xmlsec.h>
// #include <xmlsec/errors.h>
//
// void onXmlError(const char *msg); // implemented in go
// void onXMLError(const char *msg); // implemented in go
// void onXmlsecError(const char *file, int line, const char *funcName, const char *errorObject, const char *errorSubject, int reason, const char *msg); // implemented in go
//
// static void onXmlGenericError_cgo(void *ctx, const char *format, ...) {
@@ -17,7 +17,7 @@ package xmlsec
// va_start(args, format);
// vsnprintf(buffer, 256, format, args);
// va_end (args);
// onXmlError(buffer);
// onXMLError(buffer);
// }
//
// static void onXmlsecError_cgo(const char *file, int line, const char *funcName, const char *errorObject, const char *errorSubject, int reason, const char *msg) {

6
examples/xmldsig.go
View File

@@ -6,7 +6,7 @@ import (
"io/ioutil"
"os"
"github.com/andy-miracl/go-xmlsec"
"github.com/miracl/go-xmlsec"
)
func main() {
@@ -31,6 +31,10 @@ func main() {
}
buf, err := ioutil.ReadAll(os.Stdin)
if err != nil {
fmt.Printf("%s\n", err)
os.Exit(1)
}
if *doSign {
signedBuf, err := xmlsec.Sign(key, buf, xmlsec.SignatureOptions{})

5
signature.go
View File

@@ -10,6 +10,8 @@ import (
type Method struct {
Algorithm string `xml:",attr"`
}
// Reference data struct
type Reference struct {
URI string `xml:"URI,attr"`
ReferenceTransforms []Method `xml:"Transforms>Transform"`
@@ -17,6 +19,7 @@ type Reference struct {
DigestValue string `xml:"DigestValue"`
}
// SignedInfo struct
type SignedInfo struct {
CanonicalizationMethod Method `xml:"CanonicalizationMethod"`
SignatureMethod Method `xml:"SignatureMethod"`
@@ -66,7 +69,7 @@ func DefaultSignature(pemEncodedPublicKey []byte) Signature {
},
Reference: Reference{
ReferenceTransforms: []Method{
Method{Algorithm: "http://www.w3.org/2000/09/xmldsig#enveloped-signature"},
{Algorithm: "http://www.w3.org/2000/09/xmldsig#enveloped-signature"},
},
DigestMethod: Method{
Algorithm: "http://www.w3.org/2000/09/xmldsig#sha1",

1
thread_darwin.go
View File

@@ -9,5 +9,6 @@ import "C"
func getThreadID() uintptr {
// Darwin lacks a meaningful version of gettid() so instead we use
// ptread_self() as a proxy.
// nosec
return uintptr(unsafe.Pointer(C.pthread_self()))
}

5
xmldsig.go
View File

@@ -48,6 +48,7 @@ func Sign(key []byte, doc []byte, opts SignatureOptions) ([]byte, error) {
}
defer C.xmlSecDSigCtxDestroy(ctx)
// nosec
ctx.signKey = C.xmlSecCryptoAppKeyLoadMemory(
(*C.xmlSecByte)(unsafe.Pointer(&key[0])),
C.xmlSecSize(len(key)),
@@ -63,6 +64,7 @@ func Sign(key []byte, doc []byte, opts SignatureOptions) ([]byte, error) {
}
defer closeDoc(parsedDoc)
// nosec
node := C.xmlSecFindNode(C.xmlDocGetRootElement(parsedDoc),
(*C.xmlChar)(unsafe.Pointer(&C.xmlSecNodeSignature)),
(*C.xmlChar)(unsafe.Pointer(&C.xmlSecDSigNs)))
@@ -106,6 +108,7 @@ func Verify(publicKey []byte, doc []byte, opts SignatureOptions) error {
return mustPopError()
}
// nosec
key := C.xmlSecCryptoAppKeyLoadMemory(
(*C.xmlSecByte)(unsafe.Pointer(&publicKey[0])),
C.xmlSecSize(len(publicKey)),
@@ -115,6 +118,7 @@ func Verify(publicKey []byte, doc []byte, opts SignatureOptions) error {
return mustPopError()
}
// nosec
if rv := C.xmlSecCryptoAppKeyCertLoadMemory(key,
(*C.xmlSecByte)(unsafe.Pointer(&publicKey[0])),
C.xmlSecSize(len(publicKey)),
@@ -139,6 +143,7 @@ func Verify(publicKey []byte, doc []byte, opts SignatureOptions) error {
}
defer closeDoc(parsedDoc)
// nosec
node := C.xmlSecFindNode(C.xmlDocGetRootElement(parsedDoc),
(*C.xmlChar)(unsafe.Pointer(&C.xmlSecNodeSignature)),
(*C.xmlChar)(unsafe.Pointer(&C.xmlSecDSigNs)))

10
xmlsec.go
View File

@@ -40,6 +40,7 @@ func init() {
}
func newDoc(buf []byte, idattrs []XMLIDOption) (*C.xmlDoc, error) {
// nosec
ctx := C.xmlCreateMemoryParserCtxt((*C.char)(unsafe.Pointer(&buf[0])),
C.int(len(buf)))
if ctx == nil {
@@ -76,15 +77,18 @@ func addIDAttr(node *C.xmlNode, attrName, nodeName, nsHref string) {
cur = C.xmlSecGetNextElementNode(cur.next)
}
// nosec
if C.GoString((*C.char)(unsafe.Pointer(node.name))) != nodeName {
return
}
// nosec
if nsHref != "" && node.ns != nil && C.GoString((*C.char)(unsafe.Pointer(node.ns.href))) != nsHref {
return
}
// the attribute with name equal to attrName should exist
for attr := node.properties; attr != nil; attr = attr.next {
// nosec
if C.GoString((*C.char)(unsafe.Pointer(attr.name))) == attrName {
id := C.xmlNodeListGetString(node.doc, attr.children, 1)
if id == nil {
@@ -104,9 +108,9 @@ func dumpDoc(doc *C.xmlDoc) []byte {
var buffer *C.xmlChar
var bufferSize C.int
C.xmlDocDumpMemory(doc, &buffer, &bufferSize)
defer C.MY_xmlFree(unsafe.Pointer(buffer))
defer C.MY_xmlFree(unsafe.Pointer(buffer)) // nosec
return C.GoBytes(unsafe.Pointer(buffer), bufferSize)
return C.GoBytes(unsafe.Pointer(buffer), bufferSize) // nosec
}
func dumpNode(node *C.xmlNode) []byte {
@@ -114,5 +118,5 @@ func dumpNode(node *C.xmlNode) []byte {
defer C.xmlBufferFree(buffer)
bufferSize := C.xmlNodeDump(buffer, nil, node, 0, 0)
return C.GoBytes(unsafe.Pointer(buffer.content), bufferSize)
return C.GoBytes(unsafe.Pointer(buffer.content), bufferSize) // nosec
}