Catch or explicitly ignore unhandled errors

Author: geofffranks

src/code.cloudfoundry.org/bosh-dns-adapter/config/config.go

@@ -27,6 +27,7 @@ type Config struct {
 }
 
 func init() {
+	// #nosec G104 - don't handle error here - only thing that would be returned is if we had an empty name passed in, and we're in an init block with limitid handling capability
 	validator.SetValidationFunc("cidr", func(v interface{}, param string) error {
 		cidr, ok := v.(string)
 		if !ok {

src/code.cloudfoundry.org/bosh-dns-adapter/main.go

@@ -93,7 +93,8 @@ func main() {
 	}
 
 	go func() {
-		http.Serve(l, metricsWrap("GetIPs", http.HandlerFunc(getIPsHandler.ServeHTTP)))
+		err = http.Serve(l, metricsWrap("GetIPs", http.HandlerFunc(getIPsHandler.ServeHTTP)))
+		logger.Info("http-server-returned", lager.Data{"error": err})
 	}()
 
 	uptimeSource := metrics.NewUptimeSource()
@@ -122,6 +123,9 @@ func main() {
 	logger.Info("server-started")
 	sig := <-signalChannel
 	monitor.Signal(sig)
-	l.Close()
+	err = l.Close()
+	if err != nil {
+		logger.Error("erro-closing-server", err)
+	}
 	logger.Info("server-stopped")
 }

src/code.cloudfoundry.org/bosh-dns-adapter/sdcclient/service_discovery_client.go

@@ -86,7 +86,9 @@ func (s *ServiceDiscoveryClient) IPs(infrastructureName string) ([]string, error
 		}
 
 		defer func(httpResp *http.Response) {
+			// #nosec G104 - ignore errors in the defer block, this response was bad anyway and we just want to best-effort clean it up
 			io.Copy(io.Discard, httpResp.Body)
+			// #nosec G104 - ignore errors in the defer block, this response was bad anyway and we just want to best-effort clean it up
 			httpResp.Body.Close()
 		}(httpResp)
 
@@ -102,6 +104,7 @@ func (s *ServiceDiscoveryClient) IPs(infrastructureName string) ([]string, error
 	}
 
 	bytes, err := io.ReadAll(httpResp.Body)
+	// #nosec G104 - ignore closing body errors. we either have all the data and can keep going
 	httpResp.Body.Close()
 	if err != nil {
 		return []string{}, err

src/code.cloudfoundry.org/cf-pusher/cmd/cf-pusher/main.go

@@ -231,8 +231,13 @@ func main() {
 	if err := apiConnector.Connect(); err != nil {
 		log.Fatalf("connecting to api: %s", err)
 	}
-	adapter.TargetOrg(scaleGroup.Org)
-	adapter.TargetSpace(scaleGroup.Space)
+	if err := adapter.TargetOrg(scaleGroup.Org); err != nil {
+		log.Fatalf("targeting org %s: %s", scaleGroup.Org, err)
+	}
+
+	if err := adapter.TargetSpace(scaleGroup.Space); err != nil {
+		log.Fatalf("targeting space %s: %s", scaleGroup.Space, err)
+	}
 
 	// declare what apps we expect
 	expectedApps := map[string]int{

src/code.cloudfoundry.org/policy-server/cmd/policy-server-asg-syncer/main.go

@@ -158,7 +158,10 @@ func main() {
 
 	err = <-monitor.Wait()
 	if connectionPool != nil {
-		connectionPool.Close()
+		closeErr := connectionPool.Close()
+		if closeErr != nil {
+			logger.Error("error-closing-connection-pool", err)
+		}
 	}
 	if err != nil {
 		logger.Error("exited-with-failure", err)

src/code.cloudfoundry.org/policy-server/cmd/policy-server-internal/main.go

@@ -202,7 +202,10 @@ func main() {
 
 	err = <-monitor.Wait()
 	if connectionPool != nil {
-		connectionPool.Close()
+		closeErr := connectionPool.Close()
+		if closeErr != nil {
+			logger.Error("error-closing-connection-pool", err)
+		}
 	}
 	if err != nil {
 		logger.Error("exited-with-failure", err)

src/code.cloudfoundry.org/policy-server/cmd/policy-server/main.go

@@ -324,7 +324,10 @@ func main() {
 
 	err = <-monitor.Wait()
 	if connectionPool != nil {
-		connectionPool.Close()
+		closeErr := connectionPool.Close()
+		if closeErr != nil {
+			logger.Error("error-closing-connection-pool", err)
+		}
 	}
 	if err != nil {
 		logger.Error("exited-with-failure", err)

src/code.cloudfoundry.org/policy-server/handlers/asgs_index.go

@@ -52,6 +52,7 @@ func (h *AsgsIndex) ServeHTTP(w http.ResponseWriter, req *http.Request) {
 	}
 
 	w.WriteHeader(http.StatusOK)
+	// #nosec G104 - ignore errors writing http responses to avoid spamming logs during a DoS
 	w.Write(bytes)
 }
 

src/code.cloudfoundry.org/policy-server/handlers/policies_cleanup.go

@@ -59,5 +59,6 @@ func (h *PoliciesCleanup) ServeHTTP(w http.ResponseWriter, req *http.Request) {
 	}
 
 	w.WriteHeader(http.StatusOK)
+	// #nosec G104 - ignore errors writing http responses to avoid spamming logs during a DoS
 	w.Write(bytes)
 }

src/code.cloudfoundry.org/policy-server/handlers/policies_create.go

@@ -96,5 +96,6 @@ func (h *PoliciesCreate) ServeHTTP(w http.ResponseWriter, req *http.Request) {
 
 	logger.Info("created-policies", lager.Data{"policies": policies, "userName": tokenData.UserName})
 	w.WriteHeader(http.StatusOK)
+	// #nosec G104 - ignore error writing http response to avoid spamming logs on a DoS
 	w.Write([]byte("{}"))
 }

src/code.cloudfoundry.org/policy-server/handlers/policies_delete.go

@@ -63,5 +63,6 @@ func (h *PoliciesDelete) ServeHTTP(w http.ResponseWriter, req *http.Request) {
 
 	logger.Info("deleted-policies", lager.Data{"policies": policies, "userName": tokenData.UserName})
 	w.WriteHeader(http.StatusOK)
+	// #nosec G104 - ignore errors writing http responses to avoid spamming logs during a DoS
 	w.Write([]byte(`{}`))
 }

src/code.cloudfoundry.org/policy-server/handlers/policies_index.go

@@ -80,6 +80,7 @@ func (h *PoliciesIndex) ServeHTTP(w http.ResponseWriter, req *http.Request) {
 	}
 
 	w.WriteHeader(http.StatusOK)
+	// #nosec G104 - ignore errors writing http responses to avoid spamming logs during a DoS
 	w.Write(bytes)
 }
 

src/code.cloudfoundry.org/policy-server/handlers/policies_index_internal.go

@@ -54,6 +54,7 @@ func (h *PoliciesIndexInternal) ServeHTTP(w http.ResponseWriter, req *http.Reque
 	}
 
 	w.WriteHeader(http.StatusOK)
+	// #nosec G104 - ignore errors writing http responses to avoid spamming logs during a DoS
 	w.Write(bytes)
 }
 

src/code.cloudfoundry.org/policy-server/handlers/policies_last_updated_internal.go

@@ -34,5 +34,6 @@ func (h *PoliciesLastUpdatedInternal) ServeHTTP(w http.ResponseWriter, req *http
 	}
 
 	w.WriteHeader(http.StatusOK)
+	// #nosec G104 - ignore errors writing http responses to avoid spamming logs during a DoS
 	w.Write([]byte(strconv.Itoa(lastUpdated)))
 }

src/code.cloudfoundry.org/policy-server/handlers/tags_create.go

@@ -55,5 +55,6 @@ func (h *TagsCreate) ServeHTTP(w http.ResponseWriter, req *http.Request) {
 		return
 	}
 	w.WriteHeader(http.StatusOK)
+	// #nosec G104 - ignore errors writing http responses to avoid spamming logs during a DoS
 	w.Write(tagJSON)
 }

src/code.cloudfoundry.org/policy-server/handlers/tags_index.go

@@ -41,5 +41,6 @@ func (h *TagsIndex) ServeHTTP(w http.ResponseWriter, req *http.Request) {
 	}
 
 	w.WriteHeader(http.StatusOK)
+	// #nosec G104 - ignore errors writing http responses to avoid spamming logs during a DoS
 	w.Write(responseBytes)
 }

src/code.cloudfoundry.org/policy-server/handlers/uptime_handler.go

@@ -14,5 +14,6 @@ func (h *UptimeHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
 	w.WriteHeader(http.StatusOK)
 	currentTime := time.Now()
 	uptime := currentTime.Sub(h.StartTime)
+	// #nosec G104 - ignore errors writing http responses to avoid spamming logs during a DoS
 	w.Write([]byte(fmt.Sprintf("Network policy server, up for %v\n", uptime)))
 }

src/code.cloudfoundry.org/policy-server/handlers/whoami_handler.go

@@ -32,5 +32,6 @@ func (h *WhoAmIHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
 	}
 
 	w.WriteHeader(http.StatusOK)
+	// #nosec G104 - ignore errors writing http responses to avoid spamming logs during a DoS
 	w.Write(responseJSON)
 }

src/code.cloudfoundry.org/policy-server/integration/helpers/configurable_mock_cc_server.go

@@ -81,24 +81,28 @@ func (c *ConfigurableMockCCServer) ServeHTTP(w http.ResponseWriter, r *http.Requ
 
 	if r.URL.Path == "/v3/apps" {
 		w.WriteHeader(http.StatusOK)
+		// #nosec G104 - ignore errors writing http responses to avoid spamming logs during a DoS
 		w.Write([]byte(buildCCGuidsResponse(c.apps)))
 		return
 	}
 
 	if r.URL.Path == "/v3/spaces" {
 		w.WriteHeader(http.StatusOK)
+		// #nosec G104 - ignore errors writing http responses to avoid spamming logs during a DoS
 		w.Write([]byte(buildCCGuidsResponse(c.spaces)))
 		return
 	}
 
 	if r.URL.Path == "/v3/security_groups" {
 		w.WriteHeader(http.StatusOK)
+		// #nosec G104 - ignore errors writing http responses to avoid spamming logs during a DoS
 		w.Write([]byte(buildCCSecurityGroupsResponse(c.securityGroups)))
 		return
 	}
 
 	if r.URL.Path == "/internal/v4/asg_latest_update" {
 		w.WriteHeader(http.StatusOK)
+		// #nosec G104 - ignore errors writing http responses to avoid spamming logs during a DoS
 		w.Write([]byte(buildCCASGLatestUpdateResponse(c.asgLatestUpdate)))
 	}
 

src/code.cloudfoundry.org/policy-server/integration/helpers/helpers.go

@@ -35,61 +35,72 @@ var MockCCServer = httptest.NewServer(http.HandlerFunc(func(w http.ResponseWrite
 	if r.URL.Path == "/v3/apps" {
 		if strings.Contains(r.URL.RawQuery, "app-guid-not-in-my-spaces") {
 			w.WriteHeader(http.StatusOK)
+			// #nosec G104 - ignore errors writing http responses to avoid spamming logs during a DoS
 			w.Write([]byte(fixtures.AppsV3TwoSpaces))
 			return
 		}
 		if strings.Contains(r.URL.RawQuery, "live-app-1-guid") {
 			w.WriteHeader(http.StatusOK)
+			// #nosec G104 - ignore errors writing http responses to avoid spamming logs during a DoS
 			w.Write([]byte(fixtures.AppsV3LiveApp1GUID))
 			return
 		}
 		if strings.Contains(r.URL.RawQuery, "live-app-2-guid") {
 			w.WriteHeader(http.StatusOK)
+			// #nosec G104 - ignore errors writing http responses to avoid spamming logs during a DoS
 			w.Write([]byte(fixtures.AppsV3LiveApp2GUID))
 			return
 		}
 		if strings.Contains(r.URL.RawQuery, "live-app-3-guid") {
 			w.WriteHeader(http.StatusOK)
+			// #nosec G104 - ignore errors writing http responses to avoid spamming logs during a DoS
 			w.Write([]byte(fixtures.AppsV3LiveApp3GUID))
 			return
 		}
 		w.WriteHeader(http.StatusOK)
+		// #nosec G104 - ignore errors writing http responses to avoid spamming logs during a DoS
 		w.Write([]byte(fixtures.AppsV3OneSpace))
 		return
 	}
 
 	if r.URL.Path == "/v3/spaces" {
 		w.WriteHeader(http.StatusOK)
+		// #nosec G104 - ignore errors writing http responses to avoid spamming logs during a DoS
 		w.Write([]byte(fixtures.SpaceV3LiveSpaces))
 		return
 	}
 
 	if r.URL.Path == "/v2/spaces/space-1-guid" {
 		w.WriteHeader(http.StatusOK)
+		// #nosec G104 - ignore errors writing http responses to avoid spamming logs during a DoS
 		w.Write([]byte(fixtures.Space1))
 		return
 	}
 	if r.URL.Path == "/v2/spaces/space-2-guid" {
 		w.WriteHeader(http.StatusOK)
+		// #nosec G104 - ignore errors writing http responses to avoid spamming logs during a DoS
 		w.Write([]byte(fixtures.Space2))
 		return
 	}
 
 	if r.URL.Path == "/v2/spaces" {
 		if strings.Contains(r.URL.RawQuery, "space-1") {
 			w.WriteHeader(http.StatusOK)
+			// #nosec G104 - ignore errors writing http responses to avoid spamming logs during a DoS
 			w.Write([]byte(fixtures.SubjectSpace))
 			return
 		}
 		if strings.Contains(r.URL.RawQuery, "space-2") {
 			w.WriteHeader(http.StatusOK)
+			// #nosec G104 - ignore errors writing http responses to avoid spamming logs during a DoS
 			w.Write([]byte(fixtures.SubjectSpaceEmpty))
 			return
 		}
 	}
 
 	if r.URL.Path == "/v2/users/some-user-or-client-id/spaces" {
 		w.WriteHeader(http.StatusOK)
+		// #nosec G104 - ignore errors writing http responses to avoid spamming logs during a DoS
 		w.Write([]byte(fixtures.SubjectSpaces))
 		return
 	}
@@ -109,18 +120,23 @@ var MockUAAServer = httptest.NewServer(http.HandlerFunc(func(w http.ResponseWrit
 			switch token {
 			case "valid-token":
 				w.WriteHeader(http.StatusOK)
+				// #nosec G104 - ignore errors writing http responses to avoid spamming logs during a DoS
 				w.Write([]byte(`{"scope":["network.admin"], "user_name":"some-user", "sub": "some-user-or-client-id"}`))
 			case "valid-client-token":
 				w.WriteHeader(http.StatusOK)
+				// #nosec G104 - ignore errors writing http responses to avoid spamming logs during a DoS
 				w.Write([]byte(`{"scope":["network.admin"], "sub": "some-client-id"}`))
 			case "space-dev-with-network-write-token":
 				w.WriteHeader(http.StatusOK)
+				// #nosec G104 - ignore errors writing http responses to avoid spamming logs during a DoS
 				w.Write([]byte(`{"scope":["network.write"], "user_name":"some-user", "sub": "some-user-or-client-id"}`))
 			case "space-dev-token":
 				w.WriteHeader(http.StatusOK)
+				// #nosec G104 - ignore errors writing http responses to avoid spamming logs during a DoS
 				w.Write([]byte(`{"scope":[], "user_name":"some-user", "sub": "some-user-or-client-id"}`))
 			default:
 				w.WriteHeader(http.StatusBadRequest)
+				// #nosec G104 - ignore errors writing http responses to avoid spamming logs during a DoS
 				w.Write([]byte(`{"error_description":"banana"}`))
 			}
 		} else {
@@ -142,6 +158,7 @@ var MockUAAServer = httptest.NewServer(http.HandlerFunc(func(w http.ResponseWrit
 		`
 		if r.Header["Authorization"][0] == "Basic dGVzdDp0ZXN0" {
 			w.WriteHeader(http.StatusOK)
+			// #nosec G104 - ignore errors writing http responses to avoid spamming logs during a DoS
 			w.Write([]byte(token))
 		} else {
 			w.WriteHeader(http.StatusUnauthorized)
@@ -263,7 +280,10 @@ func VerifyTCPConnection(address string) error {
 	if err != nil {
 		return err
 	}
-	conn.Close()
+	err = conn.Close()
+	if err != nil {
+		return err
+	}
 	return nil
 }
 

src/code.cloudfoundry.org/policy-server/store/migrations_store.go

@@ -55,6 +55,7 @@ func (m *MigrationsStore) HasV2MigrationOccurred() (bool, error) {
 	rows, err := m.DBConn.Query(query)
 	defer func() {
 		if rows != nil {
+			// #nosec G104 - don't override the return value in the defer block because our close failed
 			rows.Close()
 		}
 	}()
@@ -103,8 +104,9 @@ func (m *MigrationsStore) tableExists(tableName string) bool {
 	if err != nil {
 		return false
 	}
-	rows.Close()
-	return true
+	err = rows.Close()
+	// if Query() fails, we return false (including if there are failures not related to the table existing). do the same here
+	return err == nil
 }
 
 func (m *MigrationsStore) migrationIDExists(ids ...string) (bool, error) {

src/code.cloudfoundry.org/service-discovery-controller/mbus/subscriber.go

@@ -131,7 +131,10 @@ func (s *Subscriber) RunOnce() error {
 
 				s.table.ResumePruning()
 
-				s.sendStartMessage()
+				err = s.sendStartMessage()
+				if err != nil {
+					s.logger.Error("error sending start message after reconnecting to nats server", err)
+				}
 			})),
 			nats.DisconnectHandler(nats.ConnHandler(func(conn *nats.Conn) {
 				s.logger.Info(

src/code.cloudfoundry.org/service-discovery-controller/routes/server.go

@@ -125,11 +125,17 @@ func (s *Server) Run(signals <-chan os.Signal, ready chan<- struct{}) error {
 	for {
 		select {
 		case err := <-exited:
-			httpServer.Close()
+			closeErr := httpServer.Close()
+			if closeErr != nil {
+				s.logger.Error("Error closing SDC http server: %s", err)
+			}
 			s.logger.Info(fmt.Sprintf("SDC http server exiting with: %v", err))
 			return err
 		case signal := <-signals:
-			httpServer.Close()
+			err := httpServer.Close()
+			if err != nil {
+				s.logger.Error("Error closing SDC http server: %s", err)
+			}
 			s.logger.Info(fmt.Sprintf("SDC http server exiting with signal: %v", signal))
 			return nil
 		}

src/code.cloudfoundry.org/test-helpers/conflicting_server.go

@@ -11,7 +11,12 @@ import (
 func LaunchConflictingServer(port int) *http.Server {
 	address := fmt.Sprintf("127.0.0.1:%d", port)
 	conflictingServer := &http.Server{Addr: address, ReadHeaderTimeout: 5 * time.Second}
-	go func() { conflictingServer.ListenAndServe() }()
+	go func() {
+		err := conflictingServer.ListenAndServe()
+		if err != nil {
+			fmt.Printf("conflictingServer closed with error: %s\n", err)
+		}
+	}()
 	client := &http.Client{}
 	Eventually(func() bool {
 		resp, err := client.Get(fmt.Sprintf("http://%s", address))