From 1b89f86d516b0d0a62572b0ca8eac3b91dbaa109 Mon Sep 17 00:00:00 2001
From: Niels de Vos <ndevos@redhat.com>
Date: Tue, 30 Jun 2020 12:15:23 +0200
Subject: [PATCH] util: handle Close() errors in pidlimit

A new version of gosec insists on handling errors returned by Close():

    [/go/src/github.com/ceph/ceph-csi/internal/util/pidlimit.go:44] - G307 (CWE-): Deferring unsafe method "*os.File" on type "Close" (Confidence: HIGH, Severity: MEDIUM)
      > defer cgroup.Close()

    [/go/src/github.com/ceph/ceph-csi/internal/util/pidlimit.go:78] - G307 (CWE-): Deferring unsafe method "*os.File" on type "Close" (Confidence: HIGH, Severity: MEDIUM)
      > defer f.Close()

    [/go/src/github.com/ceph/ceph-csi/internal/util/pidlimit.go:113] - G307 (CWE-): Deferring unsafe method "*os.File" on type "Close" (Confidence: HIGH, Severity: MEDIUM)
      > defer f.Close()

Signed-off-by: Niels de Vos <ndevos@redhat.com>
---
 internal/util/pidlimit.go | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/internal/util/pidlimit.go b/internal/util/pidlimit.go
index c76cdf63d..e438f0075 100644
--- a/internal/util/pidlimit.go
+++ b/internal/util/pidlimit.go
@@ -41,7 +41,7 @@ func getCgroupPidsFile() (string, error) {
 	if err != nil {
 		return "", err
 	}
-	defer cgroup.Close()
+	defer cgroup.Close() // #nosec: error on close is not critical here
 
 	scanner := bufio.NewScanner(cgroup)
 	var slice string
@@ -75,7 +75,7 @@ func GetPIDLimit() (int, error) {
 	if err != nil {
 		return 0, err
 	}
-	defer f.Close()
+	defer f.Close() // #nosec: error on close is not critical here
 
 	maxPidsStr, err := bufio.NewReader(f).ReadString('\n')
 	if err != nil && err != io.EOF {
@@ -110,12 +110,12 @@ func SetPIDLimit(limit int) error {
 	if err != nil {
 		return err
 	}
-	defer f.Close()
 
 	_, err = f.WriteString(limitStr)
 	if err != nil {
+		f.Close() // #nosec: a write error will be more useful to return
 		return err
 	}
 
-	return nil
+	return f.Close()
 }