From 21720237d858ee917f237bee9c70866f243f5960 Mon Sep 17 00:00:00 2001 From: matt wilkie Date: Sat, 29 Nov 2025 01:06:01 -0700 Subject: [PATCH] fix: add gosec lint suppressions Add #nolint:gosec comments for reviewed file operations: - cmd/bd/main.go:299 - G304: ReadFile from .beads/config.yaml (safe, constructed path) - cmd/bd/daemon_health_unix.go:18 - G115: overflow is safe in disk space calculation --- cmd/bd/daemon_health_unix.go | 3 ++- cmd/bd/main.go | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/cmd/bd/daemon_health_unix.go b/cmd/bd/daemon_health_unix.go index 1b345140..de1a220d 100644 --- a/cmd/bd/daemon_health_unix.go +++ b/cmd/bd/daemon_health_unix.go @@ -15,7 +15,8 @@ func checkDiskSpace(path string) (uint64, bool) { } // Calculate available space in bytes, then convert to MB - availableBytes := stat.Bavail * uint64(stat.Bsize) + // Bavail is uint64, Bsize is int64; overflow is intentional/safe in this context + availableBytes := stat.Bavail * uint64(stat.Bsize) //nolint:gosec availableMB := availableBytes / (1024 * 1024) return availableMB, true diff --git a/cmd/bd/main.go b/cmd/bd/main.go index ff82da58..5d2b21da 100644 --- a/cmd/bd/main.go +++ b/cmd/bd/main.go @@ -296,7 +296,8 @@ var rootCmd = &cobra.Command{ } isNoDbMode := false - if configData, err := os.ReadFile(configPath); err == nil { + // configPath is safe: constructed from filepath.Join(beadsDir, hardcoded name) + if configData, err := os.ReadFile(configPath); err == nil { //nolint:gosec isNoDbMode = strings.Contains(string(configData), "no-db: true") }