(Hi, it's Tv. I'm too lazy to create a bitbucket account for this.)
- nrsc the shell script writes to "/tmp/nrsc-$(date +%s).zip". Other users on the same machine can create symlinks by that name for the upcoming seconds, and either DoS you, or make you write to locations you didn't expect to write to. This behavior is generally considered a security vulnerability.
Suggested workarounds: use mktemp, or tmp="$exe.$PID.tmp", or as you had planned, rewrite in Go
nrsc_test.go writes to /tmp/nsrc-test. Same as above, even easier to trigger accidentally. Use http://golang.org/pkg/io/ioutil/#TempDir
nrsc_test.go always binds to port 9888. It should bind to port 0, and then see what port it got.
and always uses port 9888