Minor cleanup to error handling and logging (gitleaks#985)

* silence warning about unchecked errors

* go-fmt change to add newline

* Zerolog requires you to always call .Msg()

When logging with zerolog, you need to always end with .Msg(), even if
you just pass an empty string.

If you read the README on https://github.com/rs/zerolog, they write:

> It is very important to note that when using the zerolog
> chaining API, as shown above (log.Info().Msg("hello world"), the
> chain must have either the Msg or Msgf method call. If you
> forget to add either of these, the log will not occur and there
> is no compile time error to alert you of this.

* Create empty slice without literal

* Fix variable / package name collision with literal

instead of having a variable named "config", which collides with the
package name "config", just pass a literal config.Config{} struct to the
function

* Replace call to deprecated ioutil.ReadAll()

Use io.ReadAll() instead

* Check error when closing jsonFile

Make it a warning and log error

cmd/detect.go

@@ -51,11 +51,11 @@ func runDetect(cmd *cobra.Command, args []string) {
 	detector := detect.NewDetector(cfg)
 	detector.Config.Path, err = cmd.Flags().GetString("config")
 	if err != nil {
-		log.Fatal().Err(err)
+		log.Fatal().Err(err).Msg("")
 	}
 	source, err := cmd.Flags().GetString("source")
 	if err != nil {
-		log.Fatal().Err(err)
+		log.Fatal().Err(err).Msg("")
 	}
 	// if config path is not set, then use the {source}/.gitleaks.toml path.
 	// note that there may not be a `{source}/.gitleaks.toml` file, this is ok.
@@ -64,15 +64,17 @@ func runDetect(cmd *cobra.Command, args []string) {
 	}
 	// set verbose flag
 	if detector.Verbose, err = cmd.Flags().GetBool("verbose"); err != nil {
-		log.Fatal().Err(err)
+		log.Fatal().Err(err).Msg("")
 	}
 	// set redact flag
 	if detector.Redact, err = cmd.Flags().GetBool("redact"); err != nil {
-		log.Fatal().Err(err)
+		log.Fatal().Err(err).Msg("")
 	}
 
 	if fileExists(filepath.Join(source, ".gitleaksignore")) {
-		detector.AddGitleaksIgnore(filepath.Join(source, ".gitleaksignore"))
+		if err = detector.AddGitleaksIgnore(filepath.Join(source, ".gitleaksignore")); err != nil {
+			log.Fatal().Err(err).Msg("could not call AddGitleaksIgnore")
+		}
 	}
 
 	// ignore findings from the baseline (an existing report in json format generated earlier)
@@ -87,35 +89,35 @@ func runDetect(cmd *cobra.Command, args []string) {
 	// set exit code
 	exitCode, err := cmd.Flags().GetInt("exit-code")
 	if err != nil {
-		log.Fatal().Err(err)
+		log.Fatal().Err(err).Msg("could not get exit code")
 	}
 
 	// determine what type of scan:
 	// - git: scan the history of the repo
 	// - no-git: scan files by treating the repo as a plain directory
 	noGit, err := cmd.Flags().GetBool("no-git")
 	if err != nil {
-		log.Fatal().Err(err)
+		log.Fatal().Err(err).Msg("could not call GetBool() for no-git")
 	}
 
 	// start the detector scan
 	if noGit {
 		findings, err = detector.DetectFiles(source)
 		if err != nil {
 			// don't exit on error, just log it
-			log.Error().Msg(err.Error())
+			log.Error().Err(err).Msg("")
 		}
 
 	} else {
 		var logOpts string
 		logOpts, err = cmd.Flags().GetString("log-opts")
 		if err != nil {
-			log.Fatal().Err(err)
+			log.Fatal().Err(err).Msg("")
 		}
 		findings, err = detector.DetectGit(source, logOpts, detect.DetectType)
 		if err != nil {
 			// don't exit on error, just log it
-			log.Error().Msg(err.Error())
+			log.Error().Err(err).Msg("")
 		}
 	}
 
@@ -141,7 +143,7 @@ func runDetect(cmd *cobra.Command, args []string) {
 	ext, _ := cmd.Flags().GetString("report-format")
 	if reportPath != "" {
 		if err := report.Write(findings, cfg, ext, reportPath); err != nil {
-			log.Fatal().Err(err)
+			log.Fatal().Err(err).Msg("could not write")
 		}
 	}
 

cmd/generate/config/main.go

@@ -15,7 +15,7 @@ const (
 )
 
 func main() {
-	configRules := []*config.Rule{}
+	var configRules []*config.Rule
 	configRules = append(configRules, rules.AdafruitAPIKey())
 	configRules = append(configRules, rules.AdobeClientID())
 	configRules = append(configRules, rules.AdobeClientSecret())
@@ -171,9 +171,7 @@ func main() {
 		// nasty dereferencing.
 		ruleLookUp[rule.RuleID] = *rule
 	}
-	config := config.Config{
-		Rules: ruleLookUp,
-	}
+
 	tmpl, err := template.ParseFiles(templatePath)
 	if err != nil {
 		log.Fatal().Err(err).Msg("Failed to parse template")
@@ -183,6 +181,9 @@ func main() {
 	if err != nil {
 		log.Fatal().Err(err).Msg("Failed to create rules.toml")
 	}
-	tmpl.Execute(f, config)
+
+	if err = tmpl.Execute(f, config.Config{Rules: ruleLookUp}); err != nil {
+		log.Fatal().Err(err).Msg("could not execute template")
+	}
 
 }

cmd/generate/config/rules/teams.go

@@ -26,4 +26,4 @@ func TeamsWebhook() *config.Rule {
 		"https://mycompany.webhook.office.com/webhookb2/" + secrets.NewSecret(`[a-z0-9]{8}-([a-z0-9]{4}-){3}[a-z0-9]{12}@[a-z0-9]{8}-([a-z0-9]{4}-){3}[a-z0-9]{12}\/IncomingWebhook\/[a-z0-9]{32}\/[a-z0-9]{8}-([a-z0-9]{4}-){3}[a-z0-9]{12}`), // gitleaks:allow
 	}
 	return validate(r, tps, nil)
-}
+}

cmd/protect.go

@@ -46,11 +46,11 @@ func runProtect(cmd *cobra.Command, args []string) {
 	detector := detect.NewDetector(cfg)
 	detector.Config.Path, err = cmd.Flags().GetString("config")
 	if err != nil {
-		log.Fatal().Err(err)
+		log.Fatal().Err(err).Msg("")
 	}
 	source, err := cmd.Flags().GetString("source")
 	if err != nil {
-		log.Fatal().Err(err)
+		log.Fatal().Err(err).Msg("")
 	}
 	// if config path is not set, then use the {source}/.gitleaks.toml path.
 	// note that there may not be a `{source}/.gitleaks.toml` file, this is ok.
@@ -59,17 +59,17 @@ func runProtect(cmd *cobra.Command, args []string) {
 	}
 	// set verbose flag
 	if detector.Verbose, err = cmd.Flags().GetBool("verbose"); err != nil {
-		log.Fatal().Err(err)
+		log.Fatal().Err(err).Msg("")
 	}
 	// set redact flag
 	if detector.Redact, err = cmd.Flags().GetBool("redact"); err != nil {
-		log.Fatal().Err(err)
+		log.Fatal().Err(err).Msg("")
 	}
 
 	// get log options for git scan
 	logOpts, err := cmd.Flags().GetString("log-opts")
 	if err != nil {
-		log.Fatal().Err(err)
+		log.Fatal().Err(err).Msg("")
 	}
 
 	// start git scan
@@ -81,7 +81,7 @@ func runProtect(cmd *cobra.Command, args []string) {
 	}
 	if err != nil {
 		// don't exit on error, just log it
-		log.Error().Err(err)
+		log.Error().Err(err).Msg("")
 	}
 
 	// log info about the scan
@@ -96,7 +96,7 @@ func runProtect(cmd *cobra.Command, args []string) {
 	ext, _ := cmd.Flags().GetString("report-format")
 	if reportPath != "" {
 		if err = report.Write(findings, cfg, ext, reportPath); err != nil {
-			log.Fatal().Err(err)
+			log.Fatal().Err(err).Msg("")
 		}
 	}
 	if len(findings) != 0 {

cmd/root.go

@@ -79,8 +79,11 @@ func initLog() {
 
 func initConfig() {
 	hideBanner, err := rootCmd.Flags().GetBool("no-banner")
+	if err != nil {
+		log.Fatal().Msg(err.Error())
+	}
 	if !hideBanner {
-		fmt.Fprint(os.Stderr, banner)
+		_, _ = fmt.Fprint(os.Stderr, banner)
 	}
 	cfgPath, err := rootCmd.Flags().GetString("config")
 	if err != nil {

detect/baseline.go

@@ -3,9 +3,11 @@ package detect
 import (
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"os"
 
+	"github.com/rs/zerolog/log"
+
 	"github.com/zricethezav/gitleaks/v8/report"
 )
 
@@ -43,8 +45,13 @@ func LoadBaseline(baselinePath string) ([]report.Finding, error) {
 		return nil, fmt.Errorf("could not open %s", baselinePath)
 	}
 
-	bytes, err := ioutil.ReadAll(jsonFile)
-	jsonFile.Close()
+	defer func() {
+		if cerr := jsonFile.Close(); cerr != nil {
+			log.Warn().Err(cerr).Msg("problem closing jsonFile handle")
+		}
+	}()
+
+	bytes, err := io.ReadAll(jsonFile)
 	if err != nil {
 		return nil, fmt.Errorf("could not read data from the file %s", baselinePath)
 	}