fix gosec issues

cmd/daemon.go

@@ -62,22 +62,6 @@ jobs:
         uses: {{.ServerURL}}/actions/goscan@main
 `
 
-type OpenPGPEntity struct {
-	*openpgp.Entity
-}
-
-func (e *OpenPGPEntity) Sign(message io.Reader) ([]byte, error) {
-
-	signatureBuffer := bytes.NewBuffer(nil)
-	if err := openpgp.DetachSignText(signatureBuffer, e.Entity, message, nil); err != nil {
-		return nil, err
-	}
-
-	return signatureBuffer.Bytes(), nil
-}
-
-//  Sign(message io.Reader) ([]byte, error)
-
 // daemonCmd represents the daemon command
 var daemonCmd = &cobra.Command{
 	Use:   "daemon",
@@ -100,7 +84,7 @@ var daemonCmd = &cobra.Command{
 			DefaultCipher: packet.CipherAES256,
 		}
 
-		var pgpEntity OpenPGPEntity
+		var pgpEntity *openpgp.Entity
 
 		if _, err := os.Stat(os.Getenv("HOME") + "/keyring.pgp"); err != nil {
 			if errors.Is(err, fs.ErrNotExist) {
@@ -114,14 +98,22 @@ var daemonCmd = &cobra.Command{
 				if err != nil {
 					log.Fatal(err)
 				}
-				defer publicKeyEncoder.Close()
+				defer func(publicKeyEncoder io.WriteCloser) {
+					err := publicKeyEncoder.Close()
+					if err != nil {
+						panic(err)
+					}
+				}(publicKeyEncoder)
 
 				err = entity.Serialize(publicKeyEncoder)
 				if err != nil {
 					log.Fatal(err)
 				}
 
-				publicKeyEncoder.Close()
+				err = publicKeyEncoder.Close()
+				if err != nil {
+					log.Fatal(err)
+				}
 				publicKeyArmor := publicKeyBuffer.String()
 
 				file, err := os.OpenFile("keyring.pgp", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
@@ -129,7 +121,10 @@ var daemonCmd = &cobra.Command{
 					log.Fatal(err)
 				}
 				err = entity.SerializePrivate(file, conf)
-				file.Close()
+				err = file.Close()
+				if err != nil {
+					log.Fatal(err)
+				}
 
 				token, _, err := forgeClient.GetGPGToken()
 				if err != nil {
@@ -146,9 +141,21 @@ var daemonCmd = &cobra.Command{
 				if err != nil {
 					log.Fatal(err)
 				}
-				defer signatureEncoder.Close()
-				signatureEncoder.Write(signatureBuffer.Bytes())
-				signatureEncoder.Close()
+				defer func(signatureEncoder io.WriteCloser) {
+					err := signatureEncoder.Close()
+					if err != nil {
+						panic(err)
+					}
+				}(signatureEncoder)
+
+				if _, err := signatureEncoder.Write(signatureBuffer.Bytes()); err != nil {
+					log.Fatal(err)
+				}
+
+				err = signatureEncoder.Close()
+				if err != nil {
+					log.Fatal(err)
+				}
 
 				if _, _, err := forgeClient.CreateGPGKey(forgejo.CreateGPGKeyOption{
 					ArmoredKey:       publicKeyArmor,
@@ -156,9 +163,7 @@ var daemonCmd = &cobra.Command{
 				}); err != nil {
 					log.Fatal(err)
 				}
-				pgpEntity = OpenPGPEntity{
-					Entity: entity,
-				}
+				pgpEntity = entity
 			} else {
 				log.Fatal(err)
 			}
@@ -177,9 +182,7 @@ var daemonCmd = &cobra.Command{
 				log.Fatal("invalid keyring")
 			}
 
-			pgpEntity = OpenPGPEntity{
-				Entity: el[0],
-			}
+			pgpEntity = el[0]
 		}
 
 		appConfig := fiber.Config{
@@ -297,7 +300,7 @@ func handlePush(c *fiber.Ctx, forgeClient *forgejo.Client, event *interfaces.For
 	return c.SendStatus(fiber.StatusOK)
 }
 
-func handleIssues(c *fiber.Ctx, forgeClient *forgejo.Client, event *interfaces.ForgejoIssueEvent, entity OpenPGPEntity, user *forgejo.User) error {
+func handleIssues(c *fiber.Ctx, forgeClient *forgejo.Client, event *interfaces.ForgejoIssueEvent, entity *openpgp.Entity, user *forgejo.User) error {
 	if event.Action == "opened" && event.Issue.Title == "setup:goscan" {
 		if _, err := forgeClient.CreateRepoActionSecret(event.Issue.Repo.Owner, event.Issue.Repo.Name, forgejo.CreateSecretOption{
 			Name: "goscan_token",
@@ -346,7 +349,7 @@ func handleIssues(c *fiber.Ctx, forgeClient *forgejo.Client, event *interfaces.F
 			return c.SendStatus(fiber.StatusInternalServerError)
 		}
 
-		if err := os.MkdirAll(gitDir+"/.forgejo/workflows", 0775); err != nil {
+		if err := os.MkdirAll(gitDir+"/.forgejo/workflows", 0775); /* #nosec G301 */ err != nil {
 			log.Error(err)
 			return c.SendStatus(fiber.StatusInternalServerError)
 		}
@@ -375,7 +378,7 @@ func handleIssues(c *fiber.Ctx, forgeClient *forgejo.Client, event *interfaces.F
 			return c.SendStatus(fiber.StatusInternalServerError)
 		}
 
-		if err := os.WriteFile(gitDir+"/.forgejo/workflows/gosec.yml", []byte(tmplBuffer.String()), 0666); err != nil {
+		if err := os.WriteFile(gitDir+"/.forgejo/workflows/gosec.yml", []byte(tmplBuffer.String()), 0666); /* #nosec G306 */ err != nil {
 			log.Error(err)
 			return c.SendStatus(fiber.StatusInternalServerError)
 		}
@@ -392,7 +395,7 @@ func handleIssues(c *fiber.Ctx, forgeClient *forgejo.Client, event *interfaces.F
 		}
 
 		if _, err := worktree.Commit("Add GoScan action", &git.CommitOptions{
-			SignKey:   entity.Entity,
+			SignKey:   entity,
 			Author:    signature,
 			Committer: signature,
 		}); err != nil {