Merge pull request #130 from SuperSandro2000/lints-agents

Fix whole bunch of lints
quexten · Mar 5, 2024 · bc1a94b · bc1a94b
2 parents 60abbb0 + eb400ee
commit bc1a94b
Show file tree

Hide file tree

Showing 14 changed files with 221 additions and 141 deletions.
diff --git a/agent/actions/config.go b/agent/actions/config.go
@@ -144,7 +144,14 @@ func handleGetConfigEnvironment(request messages.IPCMessage, cfg *config.Config,
 
 func handleSetClientID(request messages.IPCMessage, cfg *config.Config, vault *vault.Vault, ctx *sockets.CallingContext) (response messages.IPCMessage, err error) {
 	clientID := messages.ParsePayload(request).(messages.SetClientIDRequest).Value
-	cfg.SetClientID(clientID)
+	err = cfg.SetClientID(clientID)
+	if err != nil {
+		return messages.IPCMessageFromPayload(messages.ActionResponse{
+			Success: false,
+			Message: err.Error(),
+		})
+	}
+
 	err = cfg.WriteConfig()
 	if err != nil {
 		return messages.IPCMessageFromPayload(messages.ActionResponse{
@@ -160,7 +167,14 @@ func handleSetClientID(request messages.IPCMessage, cfg *config.Config, vault *v
 
 func handleSetClientSecret(request messages.IPCMessage, cfg *config.Config, vault *vault.Vault, ctx *sockets.CallingContext) (response messages.IPCMessage, err error) {
 	clientSecret := messages.ParsePayload(request).(messages.SetClientSecretRequest).Value
-	cfg.SetClientSecret(clientSecret)
+	err = cfg.SetClientSecret(clientSecret)
+	if err != nil {
+		return messages.IPCMessageFromPayload(messages.ActionResponse{
+			Success: false,
+			Message: err.Error(),
+		})
+	}
+
 	err = cfg.WriteConfig()
 	if err != nil {
 		return messages.IPCMessageFromPayload(messages.ActionResponse{

diff --git a/agent/actions/login.go b/agent/actions/login.go
@@ -57,7 +57,7 @@ func handleLogin(msg messages.IPCMessage, cfg *config.Config, vault *vault.Vault
 		return
 	}
 
-	cfg.SetToken(config.LoginToken{
+	_ = cfg.SetToken(config.LoginToken{
 		AccessToken:  token.AccessToken,
 		ExpiresIn:    token.ExpiresIn,
 		TokenType:    token.TokenType,
@@ -88,7 +88,7 @@ func handleLogin(msg messages.IPCMessage, cfg *config.Config, vault *vault.Vault
 	if err != nil {
 		defer func() {
 			notify.Notify("Goldwarden", "Could not decrypt. Wrong password?", "", 10*time.Second, func() {})
-			cfg.SetToken(config.LoginToken{})
+			_ = cfg.SetToken(config.LoginToken{})
 			vault.Clear()
 		}()
 
@@ -103,9 +103,9 @@ func handleLogin(msg messages.IPCMessage, cfg *config.Config, vault *vault.Vault
 		return
 	}
 
-	cfg.SetUserSymmetricKey(vault.Keyring.GetAccountKey().Bytes())
-	cfg.SetMasterPasswordHash([]byte(masterpasswordHash))
-	cfg.SetMasterKey([]byte(masterKey.GetBytes()))
+	err = cfg.SetUserSymmetricKey(vault.Keyring.GetAccountKey().Bytes())
+	err = cfg.SetMasterPasswordHash([]byte(masterpasswordHash))
+	err = cfg.SetMasterKey([]byte(masterKey.GetBytes()))
 	var protectedUserSymetricKey crypto.SymmetricEncryptionKey
 	if vault.Keyring.IsMemguard {
 		protectedUserSymetricKey, err = crypto.MemguardSymmetricEncryptionKeyFromBytes(vault.Keyring.GetAccountKey().Bytes())
@@ -115,7 +115,7 @@ func handleLogin(msg messages.IPCMessage, cfg *config.Config, vault *vault.Vault
 	if err != nil {
 		defer func() {
 			notify.Notify("Goldwarden", "Could not decrypt. Wrong password?", "", 10*time.Second, func() {})
-			cfg.SetToken(config.LoginToken{})
+			_ = cfg.SetToken(config.LoginToken{})
 			vault.Clear()
 		}()
 

diff --git a/agent/actions/logins.go b/agent/actions/logins.go
@@ -69,11 +69,7 @@ func handleGetLoginCipher(request messages.IPCMessage, cfg *config.Config, vault
 	if !login.Login.Totp.IsNull() {
 		decryptedTotp, err := crypto.DecryptWith(login.Login.Totp, cipherKey)
 		if err == nil {
-			if err == nil {
-				decryptedLogin.TOTPSeed = string(decryptedTotp)
-			} else {
-				fmt.Println(err)
-			}
+			decryptedLogin.TOTPSeed = string(decryptedTotp)
 		} else {
 			fmt.Println(string(decryptedTotp))
 		}
@@ -117,11 +113,7 @@ func handleListLoginsRequest(request messages.IPCMessage, cfg *config.Config, va
 			continue
 		}
 
-		var decryptedName []byte = []byte{}
-		var decryptedUsername []byte = []byte{}
-		var decryptedPassword []byte = []byte{}
-		var decryptedTotp []byte = []byte{}
-		var decryptedURL []byte = []byte{}
+		var decryptedName, decryptedUsername, decryptedPassword, decryptedTotp, decryptedURL []byte
 
 		if !login.Name.IsNull() {
 			decryptedName, err = crypto.DecryptWith(login.Name, key)

diff --git a/agent/actions/vault.go b/agent/actions/vault.go
@@ -146,7 +146,10 @@ func handleLockVault(request messages.IPCMessage, cfg *config.Config, vault *vau
 
 func handleWipeVault(request messages.IPCMessage, cfg *config.Config, vault *vault.Vault, callingContext *sockets.CallingContext) (response messages.IPCMessage, err error) {
 	cfg.Purge()
-	cfg.WriteConfig()
+	err = cfg.WriteConfig()
+	if err != nil {
+		panic(err)
+	}
 	vault.Clear()
 
 	response, err = messages.IPCMessageFromPayload(messages.ActionResponse{

diff --git a/agent/bitwarden/auth.go b/agent/bitwarden/auth.go
@@ -208,7 +208,15 @@ func LoginWithDevice(ctx context.Context, email string, cfg *config.Config, vaul
 			}
 			if authRequestData.RequestApproved {
 				masterKey, err := crypto.DecryptWithAsymmetric([]byte(authRequestData.Key), publicKey)
+				if err != nil {
+					return LoginResponseToken{}, crypto.MasterKey{}, "", fmt.Errorf("could not decrypt key with asymmetric key: %s", err.Error())
+				}
+
 				masterPasswordHash, err := crypto.DecryptWithAsymmetric([]byte(authRequestData.MasterPasswordHash), publicKey)
+				if err != nil {
+					return LoginResponseToken{}, crypto.MasterKey{}, "", fmt.Errorf("could not decrypt master password hash with asymmetric key: %s", err.Error())
+				}
+
 				values := urlValues(
 					"grant_type", "password",
 					"username", email,
@@ -233,7 +241,7 @@ func LoginWithDevice(ctx context.Context, email string, cfg *config.Config, vaul
 					return LoginResponseToken{}, crypto.MasterKey{}, "", fmt.Errorf("captcha required, please login via the web interface")
 
 				} else if err != nil {
-					return LoginResponseToken{}, crypto.MasterKey{}, "", fmt.Errorf("could not login via password: %v", err)
+					return LoginResponseToken{}, crypto.MasterKey{}, "", fmt.Errorf("could not login via password: %s", err.Error())
 				}
 				return loginResponseToken, crypto.MasterKeyFromBytes(masterKey), string(masterPasswordHash), nil
 			}
@@ -282,13 +290,17 @@ func RefreshToken(ctx context.Context, cfg *config.Config) bool {
 				return false
 			}
 
-			cfg.SetToken(config.LoginToken{
+			err = cfg.SetToken(config.LoginToken{
 				AccessToken:  loginResponseToken.AccessToken,
 				RefreshToken: "",
 				Key:          loginResponseToken.Key,
 				TokenType:    loginResponseToken.TokenType,
 				ExpiresIn:    loginResponseToken.ExpiresIn,
 			})
+			if err != nil {
+				authLog.Error("Could not set token: %s", err.Error())
+				return false
+			}
 		} else {
 			authLog.Info("No api credentials set")
 		}
@@ -306,13 +318,17 @@ func RefreshToken(ctx context.Context, cfg *config.Config) bool {
 			notify.Notify("Goldwarden", fmt.Sprintf("Could not refresh token: %v", err), "", 0, func() {})
 			return false
 		}
-		cfg.SetToken(config.LoginToken{
+		err = cfg.SetToken(config.LoginToken{
 			AccessToken:  loginResponseToken.AccessToken,
 			RefreshToken: loginResponseToken.RefreshToken,
 			Key:          loginResponseToken.Key,
 			TokenType:    loginResponseToken.TokenType,
 			ExpiresIn:    loginResponseToken.ExpiresIn,
 		})
+		if err != nil {
+			authLog.Error("Could not set token: %s", err.Error())
+			return false
+		}
 	}
 
 	authLog.Info("Token refreshed")

diff --git a/agent/bitwarden/crypto/crypto.go b/agent/bitwarden/crypto/crypto.go
@@ -123,6 +123,9 @@ func MemguardAssymmetricEncryptionKeyFromBytes(key []byte) (MemguardAsymmetricEn
 
 func (key MemoryAsymmetricEncryptionKey) PublicBytes() []byte {
 	privateKey, err := x509.ParsePKCS8PrivateKey(key.encKey)
+	if err != nil {
+		panic(err)
+	}
 	pub := (privateKey.(*rsa.PrivateKey)).Public()
 	publicKeyBytes, err := x509.MarshalPKIXPublicKey(pub)
 	if err != nil {
@@ -137,6 +140,9 @@ func (key MemguardAsymmetricEncryptionKey) PublicBytes() []byte {
 		panic(err)
 	}
 	privateKey, err := x509.ParsePKCS8PrivateKey(buffer.Bytes())
+	if err != nil {
+		panic(err)
+	}
 	pub := (privateKey.(*rsa.PrivateKey)).Public()
 	publicKeyBytes, err := x509.MarshalPKIXPublicKey(pub)
 	if err != nil {

diff --git a/agent/bitwarden/crypto/keyhierarchy.go b/agent/bitwarden/crypto/keyhierarchy.go
@@ -90,9 +90,15 @@ func stretchKey(masterKey MasterKey, useMemguard bool) (SymmetricEncryptionKey,
 
 	var r io.Reader
 	r = hkdf.Expand(sha256.New, buffer.Data(), []byte("enc"))
-	r.Read(key)
+	_, err = r.Read(key)
+	if err != nil {
+		return nil, err
+	}
 	r = hkdf.Expand(sha256.New, buffer.Data(), []byte("mac"))
-	r.Read(macKey)
+	_, err = r.Read(macKey)
+	if err != nil {
+		return nil, err
+	}
 
 	if useMemguard {
 		return MemguardSymmetricEncryptionKey{memguard.NewEnclave(key), memguard.NewEnclave(macKey)}, nil

diff --git a/agent/bitwarden/send.go b/agent/bitwarden/send.go
@@ -71,7 +71,10 @@ func CreateSend(ctx context.Context, cfg *config.Config, vault *vault.Vault, nam
 	}
 
 	sendUseKeyPairBytes := make([]byte, 64)
-	hkdf.New(sha256.New, sendSourceKey, []byte("bitwarden-send"), []byte("send")).Read(sendUseKeyPairBytes)
+	_, err = hkdf.New(sha256.New, sendSourceKey, []byte("bitwarden-send"), []byte("send")).Read(sendUseKeyPairBytes)
+	if err != nil {
+		return "", err
+	}
 
 	sendUseKeyPair, err := crypto.MemorySymmetricEncryptionKeyFromBytes(sendUseKeyPairBytes)
 	if err != nil {

diff --git a/agent/bitwarden/sync.go b/agent/bitwarden/sync.go
@@ -25,7 +25,11 @@ func Sync(ctx context.Context, config *config.Config) (models.SyncData, error) {
 	}
 
 	home, _ := os.UserHomeDir()
-	WriteVault(sync, home+path)
+	err := WriteVault(sync, home+path)
+	if err != nil {
+		return sync, err
+	}
+
 	return sync, nil
 }
 
@@ -55,7 +59,10 @@ func DoFullSync(ctx context.Context, vault *vault.Vault, config *config.Config,
 	}
 	if userSymmetricKey != nil {
 		log.Info("Initializing keyring from user symmetric key...")
-		crypto.InitKeyringFromUserSymmetricKey(vault.Keyring, *userSymmetricKey, sync.Profile.PrivateKey, orgKeys)
+		err = crypto.InitKeyringFromUserSymmetricKey(vault.Keyring, *userSymmetricKey, sync.Profile.PrivateKey, orgKeys)
+		if err != nil {
+			return err
+		}
 	}
 
 	log.Info("Clearing vault...")

diff --git a/agent/bitwarden/websocket.go b/agent/bitwarden/websocket.go
@@ -88,7 +88,10 @@ func connectToWebsocket(ctx context.Context, vault *vault.Vault, cfg *config.Con
 
 	done := make(chan struct{})
 	//handshake required for official bitwarden implementation
-	c.WriteMessage(1, []byte(`{"protocol":"messagepack","version":1}`))
+	err = c.WriteMessage(1, []byte(`{"protocol":"messagepack","version":1}`))
+	if err != nil {
+		return err
+	}
 
 	go func() {
 		for {
@@ -123,12 +126,14 @@ func connectToWebsocket(ctx context.Context, vault *vault.Vault, cfg *config.Con
 						websocketLog.Error("Error getting token %s", err)
 						break
 					}
-					DoFullSync(context.WithValue(ctx, AuthToken{}, token.AccessToken), vault, cfg, nil, false)
-					break
+					err = DoFullSync(context.WithValue(ctx, AuthToken{}, token.AccessToken), vault, cfg, nil, false)
+					if err != nil {
+						log.Error("could not perform full sync: %s", err.Error())
+						return
+					}
 				case SyncCipherDelete:
 					websocketLog.Warn("Delete requested for cipher " + cipherid)
 					vault.DeleteCipher(cipherid)
-					break
 				case SyncCipherUpdate:
 					websocketLog.Warn("Update requested for cipher " + cipherid)
 					token, err := cfg.GetToken()
@@ -154,8 +159,6 @@ func connectToWebsocket(ctx context.Context, vault *vault.Vault, cfg *config.Con
 						vault.AddOrUpdateLogin(cipher)
 					}
 					vault.SetLastSynced(time.Now().Unix())
-
-					break
 				case SyncCipherCreate:
 					websocketLog.Warn("Create requested for cipher " + cipherid)
 					token, err := cfg.GetToken()
@@ -176,11 +179,8 @@ func connectToWebsocket(ctx context.Context, vault *vault.Vault, cfg *config.Con
 						vault.AddOrUpdateLogin(cipher)
 					}
 					vault.SetLastSynced(time.Now().Unix())
-
-					break
 				case SyncSendCreate, SyncSendUpdate, SyncSendDelete:
 					websocketLog.Warn("SyncSend requested: sends are not supported")
-					break
 				case LogOut:
 					websocketLog.Info("LogOut received. Wiping vault and exiting...")
 					if vault.Keyring.IsMemguard {
@@ -213,17 +213,12 @@ func connectToWebsocket(ctx context.Context, vault *vault.Vault, cfg *config.Con
 							websocketLog.Error("Error creating auth response %s", err)
 						}
 					})
-
-					break
 				case AuthRequestResponse:
 					websocketLog.Info("AuthRequestResponse received")
-					break
 				case SyncFolderDelete, SyncFolderCreate, SyncFolderUpdate:
 					websocketLog.Warn("SyncFolder requested: folders are not supported")
-					break
 				case SyncOrgKeys, SyncSettings:
 					websocketLog.Warn("SyncOrgKeys requested: orgs / settings are not supported")
-					break
 				default:
 					websocketLog.Warn("Unknown message type received %d", mt1)
 				}