johno/beads
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: add gosec annotations to doctor/gitignore.go (GH#832)

Browse Source 
Adds #nosec G204 annotations to exec.Command calls that use
hardcoded paths. Fixes pre-existing lint failure exposed by PR #832.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Executed-By: beads/crew/dave
Rig: beads
Role: crew
This commit is contained in:
beads/crew/dave
2026-01-01 10:49:33 -08:00
committed by Steve Yegge
parent 9801102aa2
commit 00d0eb0192
1 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
cmd/bd/doctor/gitignore.go
View File

@@ -146,13 +146,13 @@ func CheckIssuesTracking() DoctorCheck {
// Check if git considers this file ignored
// git check-ignore exits 0 if ignored, 1 if not ignored, 128 if error
cmd := exec.Command("git", "check-ignore", "-q", issuesPath)
cmd := exec.Command("git", "check-ignore", "-q", issuesPath) // #nosec G204 - args are hardcoded paths
err := cmd.Run()
if err == nil {
// Exit code 0 means the file IS ignored - this is bad
// Get details about what's ignoring it
detailCmd := exec.Command("git", "check-ignore", "-v", issuesPath)
detailCmd := exec.Command("git", "check-ignore", "-v", issuesPath) // #nosec G204 - args are hardcoded paths
output, _ := detailCmd.Output()
detail := strings.TrimSpace(string(output))
@@ -191,7 +191,7 @@ func CheckRedirectNotTracked() DoctorCheck {
// Check if git considers this file tracked
// git ls-files exits 0 and outputs the filename if tracked, empty if untracked
cmd := exec.Command("git", "ls-files", redirectPath)
cmd := exec.Command("git", "ls-files", redirectPath) // #nosec G204 - args are hardcoded paths
output, err := cmd.Output()
if err != nil {
// Not in a git repo or git error - skip check
@@ -227,7 +227,7 @@ func FixRedirectTracking() error {
redirectPath := filepath.Join(".beads", "redirect")
// Check if file is actually tracked first
cmd := exec.Command("git", "ls-files", redirectPath)
cmd := exec.Command("git", "ls-files", redirectPath) // #nosec G204 - args are hardcoded paths
output, err := cmd.Output()
if err != nil {
return nil // Not a git repo, nothing to do
@@ -239,7 +239,7 @@ func FixRedirectTracking() error {
}
// Untrack the file (keeps the local copy)
cmd = exec.Command("git", "rm", "--cached", redirectPath)
cmd = exec.Command("git", "rm", "--cached", redirectPath) // #nosec G204 - args are hardcoded paths
if err := cmd.Run(); err != nil {
return fmt.Errorf("failed to untrack redirect file: %w", err)
}