15633973488

Committed 13 Jun 2025 11:57AM UTC coverage: 95.318%. Remained the same

Build # 15633973488

Build Type

Pull #45

github

Committed by

byo

Commit Message

fixup

Pull Request Pull Request #45: Fix github action issues

Run Details

3013 of 3161 relevant lines covered (95.32%)

1.07 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

81.71

/pkg/internal/utilities/securefifo/secure_fifo.go

/*
Copyright © 2022 Bartłomiej Święcki (byo)

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package securefifo

import (
        "crypto/cipher"
        "crypto/rand"
        "io"
        "os"

        "golang.org/x/crypto/chacha20"
)

type Reader interface {
        io.ReadCloser

        // Reset closes current reader and opens a new one that starts at the beginning of the data
        Reset() (Reader, error)
}

type Writer interface {
        io.WriteCloser

        // Done closes current writer and opens SecureFifoReader stream for reading
        Done() (Reader, error)
}

type secureFifo struct {
        fl *os.File

        key   []byte
        nonce []byte
}

func (f *secureFifo) Close() error {
        return f.fl.Close()
}

func (f *secureFifo) getStream() cipher.Stream {
        stream, _ := chacha20.NewUnauthenticatedCipher(f.key, f.nonce)
        return stream
}

func (f *secureFifo) openReader() (*reader, error) {
        _, err := f.fl.Seek(0, io.SeekStart)
        if err != nil {
                return nil, err
        }

        return &reader{
                sf: f,
                r:  cipher.StreamReader{S: f.getStream(), R: f.fl},
        }, nil
}

type writer struct {
        sf *secureFifo
        w  io.Writer
}

func (w *writer) Write(b []byte) (int, error) {
        return w.w.Write(b)
}

func (w *writer) Close() error {
        if w.sf == nil {
                return nil
        }
        defer func() { w.sf = nil; w.w = nil }()
        return w.sf.Close()
}

func (w *writer) Done() (Reader, error) {
        ret, err := w.sf.openReader()
        if err != nil {
                return nil, err
        }

        w.sf = nil
        w.w = nil

        return ret, nil
}

type reader struct {
        sf *secureFifo
        r  io.Reader
}

func (r *reader) Read(b []byte) (int, error) {
        return r.r.Read(b)
}

func (r *reader) Close() error {
        if r.sf == nil {
                return nil
        }
        defer func() { r.sf = nil; r.r = nil }()
        return r.sf.Close()
}

func (r *reader) Reset() (Reader, error) {
        ret, err := r.sf.openReader()
        if err != nil {
                return nil, err
        }

        r.sf = nil
        r.r = nil

        return ret, nil
}

// New creates new secure fifo pipe. That pipe may handle large amounts of data by using a temporary storage
// but ensures that even if the data can be accessed from disk, it can not be decrypted.
func New() (wr Writer, err error) {

        var randData [chacha20.KeySize + chacha20.NonceSize]byte
        _, err = rand.Read(randData[:])
        if err != nil {
                return nil, err
        }

        tempFile, err := os.CreateTemp("", "secure-fifo")
        if err != nil {
                return nil, err
        }
        defer func() {
                if err != nil {
                        tempFile.Close()
                        os.Remove(tempFile.Name())
                }
        }()

        // Supported on Linux (to check on Mac OSX) - unlinking already opened file
        // will still allow reading / writing that file by using already opened handles
        err = os.Remove(tempFile.Name())
        if err != nil {
                return nil, err
        }

        sf := &secureFifo{
                key:   randData[:chacha20.KeySize],
                nonce: randData[chacha20.KeySize:],
                fl:    tempFile,
        }

        return &writer{
                sf: sf,
                w:  cipher.StreamWriter{S: sf.getStream(), W: tempFile},
        }, nil
}

1	/*
2	Copyright © 2022 Bartłomiej Święcki (byo)
3
4	Licensed under the Apache License, Version 2.0 (the "License");
5	you may not use this file except in compliance with the License.
6	You may obtain a copy of the License at
7
8	http://www.apache.org/licenses/LICENSE-2.0
9
10	Unless required by applicable law or agreed to in writing, software
11	distributed under the License is distributed on an "AS IS" BASIS,
12	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13	See the License for the specific language governing permissions and
14	limitations under the License.
15	*/
16
17	package securefifo
18
19	import (
20	"crypto/cipher"
21	"crypto/rand"
22	"io"
23	"os"
24
25	"golang.org/x/crypto/chacha20"
26	)
27
28	type Reader interface {
29	io.ReadCloser
30
31	// Reset closes current reader and opens a new one that starts at the beginning of the data
32	Reset() (Reader, error)
33	}
34
35	type Writer interface {
36	io.WriteCloser
37
38	// Done closes current writer and opens SecureFifoReader stream for reading
39	Done() (Reader, error)
40	}
41
42	type secureFifo struct {
43	fl *os.File
44
45	key []byte
46	nonce []byte
47	}
48
49	func (f *secureFifo) Close() error {	1✔
50	return f.fl.Close()	1✔
51	}	1✔
52
53	func (f *secureFifo) getStream() cipher.Stream {	1✔
54	stream, _ := chacha20.NewUnauthenticatedCipher(f.key, f.nonce)	1✔
55	return stream	1✔
56	}	1✔
57
58	func (f secureFifo) openReader() (reader, error) {	1✔
59	_, err := f.fl.Seek(0, io.SeekStart)	1✔
60	if err != nil {	1✔
61	return nil, err	×
62	}	×
63
64	return &reader{	1✔
65	sf: f,	1✔
66	r: cipher.StreamReader{S: f.getStream(), R: f.fl},	1✔
67	}, nil	1✔
68	}
69
70	type writer struct {
71	sf *secureFifo
72	w io.Writer
73	}
74
75	func (w *writer) Write(b []byte) (int, error) {	1✔
76	return w.w.Write(b)	1✔
77	}	1✔
78
79	func (w *writer) Close() error {	1✔
80	if w.sf == nil {	2✔
81	return nil	1✔
82	}	1✔
83	defer func() { w.sf = nil; w.w = nil }()	2✔
84	return w.sf.Close()	1✔
85	}
86
87	func (w *writer) Done() (Reader, error) {	1✔
88	ret, err := w.sf.openReader()	1✔
89	if err != nil {	1✔
90	return nil, err	×
91	}	×
92
93	w.sf = nil	1✔
94	w.w = nil	1✔
95		1✔
96	return ret, nil	1✔
97	}
98
99	type reader struct {
100	sf *secureFifo
101	r io.Reader
102	}
103
104	func (r *reader) Read(b []byte) (int, error) {	1✔
105	return r.r.Read(b)	1✔
106	}	1✔
107
108	func (r *reader) Close() error {	1✔
109	if r.sf == nil {	2✔
110	return nil	1✔
111	}	1✔
112	defer func() { r.sf = nil; r.r = nil }()	2✔
113	return r.sf.Close()	1✔
114	}
115
116	func (r *reader) Reset() (Reader, error) {	1✔
117	ret, err := r.sf.openReader()	1✔
118	if err != nil {	1✔
119	return nil, err	×
120	}	×
121
122	r.sf = nil	1✔
123	r.r = nil	1✔
124		1✔
125	return ret, nil	1✔
126	}
127
128	// New creates new secure fifo pipe. That pipe may handle large amounts of data by using a temporary storage
129	// but ensures that even if the data can be accessed from disk, it can not be decrypted.
130	func New() (wr Writer, err error) {	1✔
131		1✔
132	var randData [chacha20.KeySize + chacha20.NonceSize]byte	1✔
133	_, err = rand.Read(randData[:])	1✔
134	if err != nil {	1✔
135	return nil, err	×
136	}	×
137
138	tempFile, err := os.CreateTemp("", "secure-fifo")	1✔
139	if err != nil {	1✔
140	return nil, err	×
141	}	×
142	defer func() {	2✔
143	if err != nil {	1✔
144	tempFile.Close()	×
145	os.Remove(tempFile.Name())	×
146	}	×
147	}()
148
149	// Supported on Linux (to check on Mac OSX) - unlinking already opened file
150	// will still allow reading / writing that file by using already opened handles
151	err = os.Remove(tempFile.Name())	1✔
152	if err != nil {	1✔
153	return nil, err	×
154	}	×
155
156	sf := &secureFifo{	1✔
157	key: randData[:chacha20.KeySize],	1✔
158	nonce: randData[chacha20.KeySize:],	1✔
159	fl: tempFile,	1✔
160	}	1✔
161		1✔
162	return &writer{	1✔
163	sf: sf,	1✔
164	w: cipher.StreamWriter{S: sf.getStream(), W: tempFile},	1✔
165	}, nil	1✔
166	}

cinode / go / 15633973488

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous