Prevent Usage of Stdlib File/Dir Writing With Static Analysis (#7685)

* write file and mkdirall analyzers * include analyzer in build bazel * comments to the single entrypoint and fix validator references * enforce 600 for files, 700 for dirs * pass validator tests * add to nogo * remove references * beaconfuzz * docker img * fix up kv issue * mkdir if not exists * radek comments * final comments * Try to fix file problem Co-authored-by: Ivan Martinez <ivanthegreatdev@gmail.com>
2026-01-08 23:18:15 -05:00 · 2020-11-09 14:27:03 -06:00
parent 15706a36cb
commit d4c954648c
47 changed files with 432 additions and 68 deletions
--- a/tools/interop/export-genesis/BUILD.bazel
+++ b/tools/interop/export-genesis/BUILD.bazel
@@ -9,6 +9,7 @@ go_library(
    deps = [
        "//beacon-chain/cache:go_default_library",
        "//beacon-chain/db:go_default_library",
+        "//shared/fileutil:go_default_library",
    ],
 )

--- a/tools/interop/export-genesis/main.go
+++ b/tools/interop/export-genesis/main.go
@@ -3,11 +3,11 @@ package main
 import (
 	"context"
 	"fmt"
-	"io/ioutil"
 	"os"

 	"github.com/prysmaticlabs/prysm/beacon-chain/cache"
 	"github.com/prysmaticlabs/prysm/beacon-chain/db"
+	"github.com/prysmaticlabs/prysm/shared/fileutil"
 )

 // A basic tool to extract genesis.ssz from existing beaconchain.db.
@@ -41,7 +41,7 @@ func main() {
 	if err != nil {
 		panic(err)
 	}
-	if err := ioutil.WriteFile(os.Args[2], b, 0644); err != nil {
+	if err := fileutil.WriteFile(os.Args[2], b); err != nil {
 		panic(err)
 	}
 	fmt.Println("done")