From 8dde99010d4f012186d9c7ef5d2e37857063b359 Mon Sep 17 00:00:00 2001
From: Hau Nguyen <hauvipapro@gmail.com>
Date: Wed, 4 Sep 2024 22:25:39 +0700
Subject: [PATCH] chore: gosec

---
 internal/config/config.go | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/internal/config/config.go b/internal/config/config.go
index 34652ec..9100b45 100644
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -45,13 +45,13 @@ type cfg struct {
 
 // LoadConfig return config, configDemo
 func LoadConfig(path string, isDryRun bool) (Config, error) {
-	configPathJSON := filepath.Join(path, configDirPath, configFileJSON)
+	configPathJSON := filepath.Clean(filepath.Join(path, configDirPath, configFileJSON))
 	bytes, err := os.ReadFile(configPathJSON)
 	if err == nil {
 		return loadConfig(bytes, isDryRun, json.Unmarshal)
 	}
 
-	configPathTOML := filepath.Join(path, configDirPath, configFileTOML)
+	configPathTOML := filepath.Clean(filepath.Join(path, configDirPath, configFileTOML))
 	bytes, err = os.ReadFile(configPathTOML)
 	if err == nil {
 		return loadConfig(bytes, isDryRun, toml.Unmarshal)
@@ -219,7 +219,7 @@ func (c *cfg) Download(appNames ...string) error {
 				// Copy from github.com/make-go-great/copy-go
 				// Make sure nested dir is exist before copying file
 				dstDir := filepath.Dir(p.Internal)
-				if err := os.MkdirAll(dstDir, os.ModePerm); err != nil {
+				if err := os.MkdirAll(dstDir, 0o750); err != nil {
 					return fmt.Errorf("os: failed to mkdir all [%s]: %w", dstDir, err)
 				}
 
@@ -227,7 +227,9 @@ func (c *cfg) Download(appNames ...string) error {
 					return fmt.Errorf("os: failed to write file: %w", err)
 				}
 
-				httpRsp.Body.Close()
+				if err := httpRsp.Body.Close(); err != nil {
+					return fmt.Errorf("http client: failed to close body: %w", err)
+				}
 
 				return nil
 			})