Replace deprecated package (#4475)

* fix: replace deprecated library in chaoscenter/graphql

Signed-off-by: namkyu1999 <lak9348@konkuk.ac.kr>

* fix: replace deprecated library in authentication server

Signed-off-by: namkyu1999 <lak9348@konkuk.ac.kr>

* fix: replace deprecated library in subscriber

Signed-off-by: namkyu1999 <lak9348@konkuk.ac.kr>

* fix: resolve security issue

Signed-off-by: namkyu1999 <lak9348@konkuk.ac.kr>

* fix: update codeql version

Signed-off-by: namkyu1999 <lak9348@konkuk.ac.kr>

---------

Signed-off-by: namkyu1999 <lak9348@konkuk.ac.kr>

.github/workflows/codeql-analysis.yml

@@ -43,7 +43,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
+      uses: github/codeql-action/init@v3
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -54,7 +54,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v1
+      uses: github/codeql-action/autobuild@v3
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -68,4 +68,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      uses: github/codeql-action/analyze@v3

chaoscenter/authentication/api/handlers/rest/user_handlers_test.go

@@ -4,7 +4,7 @@ import (
 	"bytes"
 	"encoding/json"
 	"errors"
-	"io/ioutil"
+	"io"
 	"log"
 	"net/http"
 	"net/http/httptest"
@@ -26,7 +26,7 @@ import (
 // TestMain is the entry point for testing
 func TestMain(m *testing.M) {
 	gin.SetMode(gin.TestMode)
-	log.SetOutput(ioutil.Discard)
+	log.SetOutput(io.Discard)
 	os.Exit(m.Run())
 }
 
@@ -516,7 +516,7 @@ func TestResetPassword(t *testing.T) {
 			c := GetTestGinContext(w)
 			c.Request.Method = http.MethodPost
 			bodyBytes, _ := json.Marshal(tt.inputBody)
-			c.Request.Body = ioutil.NopCloser(bytes.NewReader([]byte(bodyBytes)))
+			c.Request.Body = io.NopCloser(bytes.NewReader(bodyBytes))
 			c.Set("role", tt.mockRole)
 			c.Set("uid", tt.mockUID)
 			c.Set("username", tt.mockUsername)
@@ -592,7 +592,7 @@ func TestUpdateUserState(t *testing.T) {
 			c := GetTestGinContext(w)
 			c.Request.Method = http.MethodPost
 			bodyBytes, _ := json.Marshal(tc.inputBody)
-			c.Request.Body = ioutil.NopCloser(bytes.NewReader([]byte(bodyBytes)))
+			c.Request.Body = io.NopCloser(bytes.NewReader([]byte(bodyBytes)))
 			c.Set("role", tc.mockRole)
 			c.Set("uid", tc.mockUID)
 			c.Set("username", tc.mockUsername)

chaoscenter/graphql/server/pkg/chaos_infrastructure/infra_utils.go

@@ -2,19 +2,17 @@ package chaos_infrastructure
 
 import (
 	"fmt"
+	"os"
+	"strings"
 
 	"github.com/ghodss/yaml"
 	"github.com/litmuschaos/litmus/chaoscenter/graphql/server/graph/model"
 	store "github.com/litmuschaos/litmus/chaoscenter/graphql/server/pkg/data-store"
 	dbChaosInfra "github.com/litmuschaos/litmus/chaoscenter/graphql/server/pkg/database/mongodb/chaos_infrastructure"
 	"github.com/litmuschaos/litmus/chaoscenter/graphql/server/pkg/k8s"
 	"github.com/litmuschaos/litmus/chaoscenter/graphql/server/utils"
-	"github.com/sirupsen/logrus"
+	log "github.com/sirupsen/logrus"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
-
-	"io/ioutil"
-	"os"
-	"strings"
 )
 
 type SubscriberConfigurations struct {
@@ -65,7 +63,7 @@ func GetK8sInfraYaml(infra dbChaosInfra.ChaosInfra) ([]byte, error) {
 	} else if infra.InfraScope == NamespaceScope {
 		respData, err = ManifestParser(infra, "manifests/namespace", &config)
 	} else {
-		logrus.Error("INFRA_SCOPE env is empty!")
+		log.Error("INFRA_SCOPE env is empty!")
 	}
 	if err != nil {
 		return nil, err
@@ -129,7 +127,11 @@ func ManifestParser(infra dbChaosInfra.ChaosInfra, rootPath string, config *Subs
 		return nil, fmt.Errorf("failed to open the file %v", err)
 	}
 
-	defer file.Close()
+	defer func() {
+		if err := file.Close(); err != nil {
+			log.Warnf("failed to close file: %v", err)
+		}
+	}()
 
 	list, err := file.Readdirnames(0) // 0 to read all files and folders
 	if err != nil {
@@ -174,7 +176,7 @@ func ManifestParser(infra dbChaosInfra.ChaosInfra, rootPath string, config *Subs
 	}
 
 	for _, fileName := range list {
-		fileContent, err := ioutil.ReadFile(rootPath + "/" + fileName)
+		fileContent, err := os.ReadFile(rootPath + "/" + fileName)
 		if err != nil {
 			return nil, fmt.Errorf("failed to read the file %v", err)
 		}

chaoscenter/graphql/server/pkg/chaoshub/handler/handler.go

@@ -5,9 +5,9 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"net/http"
 	"os"
+	"path"
 	"path/filepath"
 	"strconv"
 	"strings"
@@ -17,9 +17,7 @@ import (
 	chaoshubops "github.com/litmuschaos/litmus/chaoscenter/graphql/server/pkg/chaoshub/ops"
 	"github.com/litmuschaos/litmus/chaoscenter/graphql/server/pkg/database/mongodb/chaos_hub"
 	"github.com/litmuschaos/litmus/chaoscenter/graphql/server/utils"
-
 	log "github.com/sirupsen/logrus"
-
 	"gopkg.in/yaml.v2"
 )
 
@@ -37,9 +35,9 @@ func GetChartsPath(chartsInput model.CloningInput, projectID string, isDefault b
 }
 
 // GetChartsData is used to get details of charts like experiments.
-func GetChartsData(ChartsPath string) ([]*model.Chart, error) {
+func GetChartsData(chartsPath string) ([]*model.Chart, error) {
 	var allChartsDetails []ChaosChart
-	Charts, err := ioutil.ReadDir(ChartsPath)
+	Charts, err := os.ReadDir(path.Clean(chartsPath))
 	if err != nil {
 		log.Error("file reading error", err)
 		return nil, err
@@ -48,7 +46,7 @@ func GetChartsData(ChartsPath string) ([]*model.Chart, error) {
 		if chart.Name() == "icons" {
 			continue
 		}
-		chartDetails, _ := ReadExperimentFile(ChartsPath + chart.Name() + "/" + chart.Name() + ".chartserviceversion.yaml")
+		chartDetails, _ := ReadExperimentFile(chartsPath + chart.Name() + "/" + chart.Name() + ".chartserviceversion.yaml")
 		allChartsDetails = append(allChartsDetails, chartDetails)
 	}
 
@@ -77,14 +75,17 @@ func GetExperimentData(experimentFilePath string) (*model.Chart, error) {
 		return nil, err
 	}
 	var chartData *model.Chart
-	json.Unmarshal(e, &chartData)
+	err = json.Unmarshal(e, &chartData)
+	if err != nil {
+		return nil, err
+	}
 	return chartData, nil
 }
 
 // ReadExperimentFile is used for reading experiment file from given path
-func ReadExperimentFile(path string) (ChaosChart, error) {
+func ReadExperimentFile(givenPath string) (ChaosChart, error) {
 	var experiment ChaosChart
-	experimentFile, err := ioutil.ReadFile(path)
+	experimentFile, err := os.ReadFile(path.Clean(givenPath))
 	if err != nil {
 		return experiment, fmt.Errorf("file path of the, err: %+v", err)
 	}
@@ -97,7 +98,7 @@ func ReadExperimentFile(path string) (ChaosChart, error) {
 // ReadExperimentYAMLFile is used for reading experiment/engine file from given path
 func ReadExperimentYAMLFile(path string) (string, error) {
 	var s string
-	YAMLData, err := ioutil.ReadFile(path)
+	YAMLData, err := os.ReadFile(path)
 	if err != nil {
 		return s, fmt.Errorf("file path of the, err: %+v", err)
 	}
@@ -110,7 +111,7 @@ func ReadExperimentYAMLFile(path string) (string, error) {
 func ListPredefinedWorkflowDetails(name string, projectID string) ([]*model.PredefinedExperimentList, error) {
 	experimentsPath := DefaultPath + projectID + "/" + name + "/workflows"
 	var predefinedWorkflows []*model.PredefinedExperimentList
-	files, err := ioutil.ReadDir(experimentsPath)
+	files, err := os.ReadDir(experimentsPath)
 	if err != nil {
 		return nil, err
 	}
@@ -160,13 +161,17 @@ func DownloadRemoteHub(hubDetails model.CreateRemoteChaosHub, projectID string)
 		return err
 	}
 	//create the destination directory where the hub will be downloaded
-	hubpath := dirPath + "/" + hubDetails.Name + ".zip"
-	destDir, err := os.Create(hubpath)
+	hubPath := dirPath + "/" + hubDetails.Name + ".zip"
+	destDir, err := os.Create(path.Clean(hubPath))
 	if err != nil {
 		log.Error(err)
 		return err
 	}
-	defer destDir.Close()
+	defer func() {
+		if err := destDir.Close(); err != nil {
+			log.Warnf("failed to close dir: %v", err)
+		}
+	}()
 
 	//download the zip file from the provided url
 	download, err := http.Get(hubDetails.RepoURL)
@@ -175,7 +180,11 @@ func DownloadRemoteHub(hubDetails model.CreateRemoteChaosHub, projectID string)
 		return err
 	}
 
-	defer download.Body.Close()
+	defer func() {
+		if err := download.Body.Close(); err != nil {
+			log.Warnf("failed to close body: %v", err)
+		}
+	}()
 
 	if download.StatusCode != http.StatusOK {
 		return fmt.Errorf("err: " + download.Status)
@@ -189,14 +198,14 @@ func DownloadRemoteHub(hubDetails model.CreateRemoteChaosHub, projectID string)
 	contentLength := download.Header.Get("content-length")
 	length, err := strconv.Atoi(contentLength)
 	if length > maxSize {
-		_ = os.Remove(hubpath)
+		_ = os.Remove(path.Clean(hubPath))
 		return fmt.Errorf("err: File size exceeded the threshold %d", length)
 	}
 
 	//validate the content-type
 	contentType := download.Header.Get("content-type")
 	if contentType != "application/zip" {
-		_ = os.Remove(hubpath)
+		_ = os.Remove(path.Clean(hubPath))
 		return fmt.Errorf("err: Invalid file type %s", contentType)
 	}
 
@@ -208,30 +217,38 @@ func DownloadRemoteHub(hubDetails model.CreateRemoteChaosHub, projectID string)
 	}
 
 	//unzip the ChaosHub to the default hub directory
-	err = UnzipRemoteHub(hubpath, hubDetails, projectID)
+	err = UnzipRemoteHub(hubPath, projectID)
 	if err != nil {
 		return err
 	}
 
 	//remove the redundant zip file
-	err = os.Remove(hubpath)
+	err = os.Remove(path.Clean(hubPath))
 	if err != nil {
 		return err
 	}
 	return nil
 }
 
 // UnzipRemoteHub is used to unzip the zip file
-func UnzipRemoteHub(zipPath string, hubDetails model.CreateRemoteChaosHub, projectID string) error {
+func UnzipRemoteHub(zipPath string, projectID string) error {
 	extractPath := DefaultPath + projectID
 	zipReader, err := zip.OpenReader(zipPath)
 	if err != nil {
 		log.Error(err)
 		return err
 	}
-	defer zipReader.Close()
+	defer func() {
+		if err := zipReader.Close(); err != nil {
+			log.Warnf("failed to close reader: %v", err)
+		}
+	}()
+
 	for _, file := range zipReader.File {
-		CopyZipItems(file, extractPath, file.Name)
+		err := CopyZipItems(file, extractPath, file.Name)
+		if err != nil {
+			return err
+		}
 	}
 	return nil
 }
@@ -260,9 +277,18 @@ func CopyZipItems(file *zip.File, extractPath string, chartsPath string) error {
 		if err != nil {
 			log.Error(err)
 		}
-		fileCopy.Close()
+		defer func() {
+			if err := fileCopy.Close(); err != nil {
+				log.Warnf("failed to close file: %v", err)
+			}
+		}()
+
 	}
-	fileReader.Close()
+	defer func() {
+		if err := fileReader.Close(); err != nil {
+			log.Warnf("failed to close file: %v", err)
+		}
+	}()
 
 	return nil
 }

chaoscenter/graphql/server/pkg/chaoshub/handler/handler_test.go

@@ -1,26 +1,24 @@
 package handler_test
 
 import (
-	"github.com/litmuschaos/litmus/chaoscenter/graphql/server/graph/model"
-	"github.com/litmuschaos/litmus/chaoscenter/graphql/server/pkg/chaoshub/handler"
-	chaosHubOps "github.com/litmuschaos/litmus/chaoscenter/graphql/server/pkg/chaoshub/ops"
-	"github.com/litmuschaos/litmus/chaoscenter/graphql/server/utils"
-
-	"io/ioutil"
+	"io"
 	"os"
 	"testing"
 
 	"github.com/gin-gonic/gin"
 	"github.com/google/uuid"
-
+	"github.com/litmuschaos/litmus/chaoscenter/graphql/server/graph/model"
+	"github.com/litmuschaos/litmus/chaoscenter/graphql/server/pkg/chaoshub/handler"
+	chaosHubOps "github.com/litmuschaos/litmus/chaoscenter/graphql/server/pkg/chaoshub/ops"
+	"github.com/litmuschaos/litmus/chaoscenter/graphql/server/utils"
 	log "github.com/sirupsen/logrus"
 	"github.com/stretchr/testify/assert"
 )
 
 // TestMain is the entry point for testing
 func TestMain(m *testing.M) {
 	gin.SetMode(gin.TestMode)
-	log.SetOutput(ioutil.Discard)
+	log.SetOutput(io.Discard)
 	os.Exit(m.Run())
 }
 

chaoscenter/graphql/server/pkg/chaoshub/ops/gitops_test.go

@@ -2,7 +2,7 @@ package chaoshubops_test
 
 import (
 	"fmt"
-	"io/ioutil"
+	"io"
 	"os"
 	"testing"
 	"time"
@@ -25,7 +25,7 @@ var (
 // TestMain is the entry point for testing
 func TestMain(m *testing.M) {
 	gin.SetMode(gin.TestMode)
-	log.SetOutput(ioutil.Discard)
+	log.SetOutput(io.Discard)
 	os.Exit(m.Run())
 }