fix semgrep issues for dgryski.semgrep-go ruleset (#3541)

* fix semgrep issues dgryski.semgrep-go ruleset

Signed-off-by: Dmitry S <dsavints@gmail.com>

* golangci-lint: check error value of out.Write()

Signed-off-by: Dmitry S <dsavints@gmail.com>

---------

Signed-off-by: Dmitry S <dsavints@gmail.com>

Author: dmitris

cmd/cosign/cli/download/sbom.go

@@ -100,7 +100,9 @@ func SBOMCmd(
 	}
 
 	sboms = append(sboms, string(sbom))
-	fmt.Fprint(out, string(sbom))
+	if _, err := out.Write(sbom); err != nil {
+		return nil, err
+	}
 
 	return sboms, nil
 }

cmd/cosign/cli/generate/generate.go

@@ -17,7 +17,6 @@ package generate
 
 import (
 	"context"
-	"fmt"
 	"io"
 
 	"github.com/google/go-containerregistry/pkg/name"
@@ -49,6 +48,6 @@ func GenerateCmd(ctx context.Context, regOpts options.RegistryOptions, imageRef
 	if err != nil {
 		return err
 	}
-	fmt.Fprint(w, string(json))
+	w.Write(json)
 	return nil
 }

cmd/cosign/cli/verify/verify_blob.go

@@ -24,6 +24,7 @@ import (
 	"errors"
 	"fmt"
 	"io"
+	"io/fs"
 	"os"
 	"path/filepath"
 
@@ -313,7 +314,7 @@ func base64signature(sigRef, bundlePath string) (string, error) {
 	case sigRef != "":
 		targetSig, err = blob.LoadFileOrURL(sigRef)
 		if err != nil {
-			if !os.IsNotExist(err) {
+			if !errors.Is(err, fs.ErrNotExist) {
 				// ignore if file does not exist, it can be a base64 encoded string as well
 				return "", err
 			}

internal/pkg/cosign/common.go

@@ -18,6 +18,7 @@ import (
 	"errors"
 	"hash"
 	"io"
+	"io/fs"
 	"os"
 )
 
@@ -27,7 +28,7 @@ const (
 
 func FileExists(filename string) (bool, error) {
 	info, err := os.Stat(filename)
-	if os.IsNotExist(err) {
+	if errors.Is(err, fs.ErrNotExist) {
 		return false, nil
 	}
 	if err != nil {

pkg/cosign/verify.go

@@ -27,6 +27,7 @@ import (
 	"encoding/json"
 	"encoding/pem"
 	"fmt"
+	"io/fs"
 	"net/http"
 	"os"
 	"regexp"
@@ -834,7 +835,7 @@ func loadSignatureFromFile(ctx context.Context, sigRef string, signedImgRef name
 	var b64sig string
 	targetSig, err := blob.LoadFileOrURL(sigRef)
 	if err != nil {
-		if !os.IsNotExist(err) {
+		if !errors.Is(err, fs.ErrNotExist) {
 			return nil, err
 		}
 		targetSig = []byte(sigRef)

pkg/providers/interface.go

@@ -80,7 +80,7 @@ func Provide(ctx context.Context, audience string) (string, error) {
 		}
 		id, err = provider.p.Provide(ctx, audience)
 		if err == nil {
-			return id, err
+			return id, nil
 		}
 	}
 	// return the last id/err combo, unless there wasn't an error in