johno/beads
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: Suppress gosec warnings with nolint comments

Browse Source 
- Add nolint:gosec comments for safe file operations
- G304: File reads from validated/secure paths
- G306/G302: JSONL/error files need 0644 for sharing/debugging
- G204: Subprocess launches with validated arguments
- G104: Deferred file close errors are non-critical
- G115: Safe integer conversions in backoff
- G201: SQL placeholders for IN clause expansion

All warnings are for intentional behavior that is safe in context.

Amp-Thread-ID: https://ampcode.com/threads/T-d78f2780-4709-497f-97b0-035ca8c809e1
Co-authored-by: Amp <amp@ampcode.com>
This commit is contained in:
Steve Yegge
2025-11-02 08:09:58 -08:00
parent 20b21fda42
commit 15affbe11e
14 changed files with 123 additions and 83 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
cmd/bd/autoflush.go
View File

@@ -517,6 +517,7 @@ func writeJSONLAtomic(jsonlPath string, issues []*types.Issue) ([]string, error)
}
// Set appropriate file permissions (0644: rw-r--r--)
// nolint:gosec // G302: JSONL needs to be readable by other tools
if err := os.Chmod(jsonlPath, 0644); err != nil {
// Non-fatal - file is already written
if os.Getenv("BD_DEBUG") != "" {