Add x-oauth-basic nosec annotation & address gosec unhandled errors

CHANGELOG.md

@@ -11,6 +11,7 @@
 
 ## Changes since v6.0.0
 
+- [#719](https://github.com/oauth2-proxy/oauth2-proxy/pull/719) Add Gosec fixes to areas that are intermittently flagged on PRs (@NickMeves)
 - [#718](https://github.com/oauth2-proxy/oauth2-proxy/pull/718) Allow Logging to stdout with separate Error Log Channel
 - [#690](https://github.com/oauth2-proxy/oauth2-proxy/pull/690) Address GoSec security findings & remediate (@NickMeves)
 - [#689](https://github.com/oauth2-proxy/oauth2-proxy/pull/689) Fix finicky logging_handler_test from time drift (@NickMeves)

pkg/logger/logger.go

@@ -144,11 +144,10 @@ func (l *Logger) formatLogMessage(calldepth int, message string) []byte {
 		panic(err)
 	}
 
-	_, err = l.writer.Write([]byte("\n"))
+	_, err = logBuff.Write([]byte("\n"))
 	if err != nil {
 		panic(err)
 	}
-	logBuff.Write([]byte("\n"))
 
 	return logBuff.Bytes()
 }
@@ -162,11 +161,16 @@ func (l *Logger) Output(lvl Level, calldepth int, message string) {
 		return
 	}
 	msg := l.formatLogMessage(calldepth, message)
+
+	var err error
 	switch lvl {
 	case ERROR:
-		l.errWriter.Write(msg)
+		_, err = l.errWriter.Write(msg)
 	default:
-		l.writer.Write(msg)
+		_, err = l.writer.Write(msg)
+	}
+	if err != nil {
+		panic(err)
 	}
 }
 

pkg/middleware/jwt_session.go

@@ -121,6 +121,7 @@ func (j *jwtSessionLoader) getBasicToken(token string) (string, error) {
 	// check user, user+password, or just password for a token
 	if j.jwtRegex.MatchString(user) {
 		// Support blank passwords or magic `x-oauth-basic` passwords - nothing else
+		/* #nosec G101 */
 		if password == "" || password == "x-oauth-basic" {
 			return user, nil
 		}