johno/beads
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: add gosec annotations to doctor/gitignore.go (GH#832)

Browse Source 
Adds #nosec G204 annotations to exec.Command calls that use
hardcoded paths. Fixes pre-existing lint failure exposed by PR #832.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Executed-By: beads/crew/dave
Rig: beads
Role: crew
This commit is contained in:
beads/crew/dave
2026-01-01 10:49:33 -08:00
committed by Steve Yegge
parent 9801102aa2
commit 00d0eb0192
1 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
cmd/bd/doctor/gitignore.go
View File

@@ -146,13 +146,13 @@ func CheckIssuesTracking() DoctorCheck {
// Check if git considers this file ignored // Check if git considers this file ignored
// git check-ignore exits 0 if ignored, 1 if not ignored, 128 if error // git check-ignore exits 0 if ignored, 1 if not ignored, 128 if error
cmd := exec.Command("git", "check-ignore", "-q", issuesPath) cmd := exec.Command("git", "check-ignore", "-q", issuesPath) // #nosec G204 - args are hardcoded paths
err := cmd.Run() err := cmd.Run()
if err == nil { if err == nil {
// Exit code 0 means the file IS ignored - this is bad // Exit code 0 means the file IS ignored - this is bad
// Get details about what's ignoring it // Get details about what's ignoring it
detailCmd := exec.Command("git", "check-ignore", "-v", issuesPath) detailCmd := exec.Command("git", "check-ignore", "-v", issuesPath) // #nosec G204 - args are hardcoded paths
output, _ := detailCmd.Output() output, _ := detailCmd.Output()
detail := strings.TrimSpace(string(output)) detail := strings.TrimSpace(string(output))
@@ -191,7 +191,7 @@ func CheckRedirectNotTracked() DoctorCheck {
// Check if git considers this file tracked // Check if git considers this file tracked
// git ls-files exits 0 and outputs the filename if tracked, empty if untracked // git ls-files exits 0 and outputs the filename if tracked, empty if untracked
cmd := exec.Command("git", "ls-files", redirectPath) cmd := exec.Command("git", "ls-files", redirectPath) // #nosec G204 - args are hardcoded paths
output, err := cmd.Output() output, err := cmd.Output()
if err != nil { if err != nil {
// Not in a git repo or git error - skip check // Not in a git repo or git error - skip check
@@ -227,7 +227,7 @@ func FixRedirectTracking() error {
redirectPath := filepath.Join(".beads", "redirect") redirectPath := filepath.Join(".beads", "redirect")
// Check if file is actually tracked first // Check if file is actually tracked first
cmd := exec.Command("git", "ls-files", redirectPath) cmd := exec.Command("git", "ls-files", redirectPath) // #nosec G204 - args are hardcoded paths
output, err := cmd.Output() output, err := cmd.Output()
if err != nil { if err != nil {
return nil // Not a git repo, nothing to do return nil // Not a git repo, nothing to do
@@ -239,7 +239,7 @@ func FixRedirectTracking() error {
} }
// Untrack the file (keeps the local copy) // Untrack the file (keeps the local copy)
cmd = exec.Command("git", "rm", "--cached", redirectPath) cmd = exec.Command("git", "rm", "--cached", redirectPath) // #nosec G204 - args are hardcoded paths
if err := cmd.Run(); err != nil { if err := cmd.Run(); err != nil {
return fmt.Errorf("failed to untrack redirect file: %w", err) return fmt.Errorf("failed to untrack redirect file: %w", err)
} }