Fix new semgrep issues (#350)

nickeskov · web-flow · commit 9a5574f0837a · 2025-03-24T20:11:41.000+04:00
* Fix some semgrep issues.

* Fix semgrep issue in 'vault.go'.
diff --git a/cmd/bots/discord/discord.go b/cmd/bots/discord/discord.go
@@ -2,6 +2,7 @@ package main
 
 import (
 	"context"
+	stderrs "errors"
 	"flag"
 	"log"
 	"os"
@@ -89,7 +90,7 @@ func runDiscordBot() error {
 	logger, atom, err := tools.SetupZapLogger(cfg.logLevel, cfg.development)
 	if err != nil {
 		log.Printf("Failed to setup zap logger: %v", err)
-		return common.ErrInvalidParameters
+		return stderrs.Join(common.ErrInvalidParameters, err)
 	}
 
 	defer func(zap *zap.Logger) {
@@ -156,8 +157,7 @@ func runDiscordBot() error {
 		return err
 	}
 	defer func() {
-		closeErr := discordBotEnv.Bot.Close()
-		if err != nil {
+		if closeErr := discordBotEnv.Bot.Close(); closeErr != nil {
 			logger.Error("failed to close discord bot web socket", zap.Error(closeErr))
 		}
 	}()
diff --git a/cmd/bots/internal/common/environment.go b/cmd/bots/internal/common/environment.go
@@ -487,7 +487,7 @@ func (tgEnv *TelegramBotEnvironment) UnsubscribeFromAlert(alertType entities.Ale
 	}
 	err := alertSub.subscription.Unsubscribe()
 	if err != nil {
-		return errors.New("failed to unsubscribe from alert")
+		return errors.Wrap(err, "failed to unsubscribe from alert")
 	}
 	ok = tgEnv.IsAlreadySubscribed(alertType)
 	if !ok {
diff --git a/cmd/bots/telegram/telegram.go b/cmd/bots/telegram/telegram.go
@@ -104,7 +104,7 @@ func runTelegramBot() error {
 	logger, atom, err := tools.SetupZapLogger(cfg.logLevel, cfg.development)
 	if err != nil {
 		log.Printf("Failed to setup zap logger: %v", err)
-		return common.ErrInvalidParameters
+		return errors.Join(common.ErrInvalidParameters, err)
 	}
 
 	defer func(zap *zap.Logger) {
diff --git a/cmd/nodemon/nodemon.go b/cmd/nodemon/nodemon.go
@@ -127,7 +127,7 @@ func (c *nodemonL2Config) validate(logger *zap.Logger) error {
 	}
 	if err := validateURLs(urls); err != nil {
 		logger.Error("Invalid L2 node URL", zap.Error(err))
-		return errInvalidParameters
+		return stderrs.Join(errInvalidParameters, err)
 	}
 	for i, nodeName := range names {
 		if nodeName == "" {
@@ -321,7 +321,7 @@ func run() error {
 	logger, atom, err := tools.SetupZapLogger(cfg.logLevel, cfg.development)
 	if err != nil {
 		log.Printf("Failed to setup zap logger: %v", err)
-		return errInvalidParameters
+		return stderrs.Join(errInvalidParameters, err)
 	}
 	defer func(zap *zap.Logger) {
 		if syncErr := zap.Sync(); syncErr != nil {
diff --git a/pkg/clients/vault.go b/pkg/clients/vault.go
@@ -2,6 +2,7 @@ package clients
 
 import (
 	"context"
+	stderrs "errors"
 
 	vault "github.com/hashicorp/vault/api"
 	auth "github.com/hashicorp/vault/api/auth/userpass"
@@ -34,6 +35,8 @@ func NewVaultSimpleClient(ctx context.Context, logger *zap.Logger, addr, user, p
 	return client, nil
 }
 
+var errWatcherRenewFailed = errors.New("token renewal failed")
+
 // Once you've set the token for your Vault client, you will need to
 // periodically renew its lease.
 //
@@ -58,7 +61,7 @@ func renewToken(ctx context.Context, logger *zap.Logger, client *vault.Client, u
 		}
 		logger.Info("Successfully authenticated to Vault", zap.String("request_id", vaultLoginResp.RequestID))
 		tokenErr := manageTokenLifecycle(ctx, logger, client, vaultLoginResp)
-		if tokenErr != nil && !errors.Is(tokenErr, context.Canceled) {
+		if tokenErr != nil && !errors.Is(tokenErr, context.Canceled) && !errors.Is(tokenErr, errWatcherRenewFailed) {
 			logger.Fatal("unable to start managing token lifecycle", zap.Error(tokenErr))
 		}
 	}
@@ -99,7 +102,7 @@ func manageTokenLifecycle(ctx context.Context, logger *zap.Logger, client *vault
 		case renewErr := <-watcher.DoneCh():
 			if renewErr != nil {
 				logger.Error("Failed to renew vault token. Re-attempting login.", zap.Error(renewErr))
-				return nil
+				return stderrs.Join(errWatcherRenewFailed, renewErr)
 			}
 			// This occurs once the token has reached max TTL.
 			logger.Info("Vault token can no longer be renewed. Re-attempting login.")

Original file line number	Diff line number	Diff line change
`@@ -487,7 +487,7 @@ func (tgEnv *TelegramBotEnvironment) UnsubscribeFromAlert(alertType entities.Ale`
`487`	`487`	`}`
`488`	`488`	`err := alertSub.subscription.Unsubscribe()`
`489`	`489`	`if err != nil {`
`490`		`- return errors.New("failed to unsubscribe from alert")`
	`490`	`+ return errors.Wrap(err, "failed to unsubscribe from alert")`
`491`	`491`	`}`
`492`	`492`	`ok = tgEnv.IsAlreadySubscribed(alertType)`
`493`	`493`	`if !ok {`
Original file line number	Diff line number	Diff line change
`@@ -104,7 +104,7 @@ func runTelegramBot() error {`
`104`	`104`	`logger, atom, err := tools.SetupZapLogger(cfg.logLevel, cfg.development)`
`105`	`105`	`if err != nil {`
`106`	`106`	`log.Printf("Failed to setup zap logger: %v", err)`
`107`		`- return common.ErrInvalidParameters`
	`107`	`+ return errors.Join(common.ErrInvalidParameters, err)`
`108`	`108`	`}`
`109`	`109`
`110`	`110`	`defer func(zap *zap.Logger) {`
Original file line number	Diff line number	Diff line change
`@@ -127,7 +127,7 @@ func (c nodemonL2Config) validate(logger zap.Logger) error {`
`127`	`127`	`}`
`128`	`128`	`if err := validateURLs(urls); err != nil {`
`129`	`129`	`logger.Error("Invalid L2 node URL", zap.Error(err))`
`130`		`- return errInvalidParameters`
	`130`	`+ return stderrs.Join(errInvalidParameters, err)`
`131`	`131`	`}`
`132`	`132`	`for i, nodeName := range names {`
`133`	`133`	`if nodeName == "" {`
`@@ -321,7 +321,7 @@ func run() error {`
`321`	`321`	`logger, atom, err := tools.SetupZapLogger(cfg.logLevel, cfg.development)`
`322`	`322`	`if err != nil {`
`323`	`323`	`log.Printf("Failed to setup zap logger: %v", err)`
`324`		`- return errInvalidParameters`
	`324`	`+ return stderrs.Join(errInvalidParameters, err)`
`325`	`325`	`}`
`326`	`326`	`defer func(zap *zap.Logger) {`
`327`	`327`	`if syncErr := zap.Sync(); syncErr != nil {`
Original file line number	Diff line number	Diff line change
`@@ -2,6 +2,7 @@ package clients`
`2`	`2`
`3`	`3`	`import (`
`4`	`4`	`"context"`
	`5`	`+ stderrs "errors"`
`5`	`6`
`6`	`7`	`vault "github.com/hashicorp/vault/api"`
`7`	`8`	`auth "github.com/hashicorp/vault/api/auth/userpass"`
`@@ -34,6 +35,8 @@ func NewVaultSimpleClient(ctx context.Context, logger *zap.Logger, addr, user, p`
`34`	`35`	`return client, nil`
`35`	`36`	`}`
`36`	`37`
	`38`	`+var errWatcherRenewFailed = errors.New("token renewal failed")`
	`39`	`+`
`37`	`40`	`// Once you've set the token for your Vault client, you will need to`
`38`	`41`	`// periodically renew its lease.`
`39`	`42`	`//`
`@@ -58,7 +61,7 @@ func renewToken(ctx context.Context, logger zap.Logger, client vault.Client, u`
`58`	`61`	`}`
`59`	`62`	`logger.Info("Successfully authenticated to Vault", zap.String("request_id", vaultLoginResp.RequestID))`
`60`	`63`	`tokenErr := manageTokenLifecycle(ctx, logger, client, vaultLoginResp)`
`61`		`- if tokenErr != nil && !errors.Is(tokenErr, context.Canceled) {`
	`64`	`+ if tokenErr != nil && !errors.Is(tokenErr, context.Canceled) && !errors.Is(tokenErr, errWatcherRenewFailed) {`
`62`	`65`	`logger.Fatal("unable to start managing token lifecycle", zap.Error(tokenErr))`
`63`	`66`	`}`
`64`	`67`	`}`
`@@ -99,7 +102,7 @@ func manageTokenLifecycle(ctx context.Context, logger zap.Logger, client vault`
`99`	`102`	`case renewErr := <-watcher.DoneCh():`
`100`	`103`	`if renewErr != nil {`
`101`	`104`	`logger.Error("Failed to renew vault token. Re-attempting login.", zap.Error(renewErr))`
`102`		`- return nil`
	`105`	`+ return stderrs.Join(errWatcherRenewFailed, renewErr)`
`103`	`106`	`}`
`104`	`107`	`// This occurs once the token has reached max TTL.`
`105`	`108`	`logger.Info("Vault token can no longer be renewed. Re-attempting login.")`