johno/beads
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Address gosec security warnings (bd-102)

Browse Source 
- Enable gosec linter in .golangci.yml
- Tighten file permissions: 0755→0750 for directories, 0644→0600 for configs
- Git hooks remain 0700 (executable, user-only access)
- Add #nosec comments for safe cases with justifications:
  - G204: Safe subprocess launches (git show, bd daemon)
  - G304: File inclusions with controlled paths
  - G201: SQL formatting with controlled column names
  - G115: Integer conversions with controlled values

All gosec warnings resolved (20→0). All tests passing.

Amp-Thread-ID: https://ampcode.com/threads/T-d7166b9e-cbbe-4c7b-9e48-3df36b20f0d0
Co-authored-by: Amp <amp@ampcode.com>
This commit is contained in:
Steve Yegge
2025-10-26 22:48:19 -07:00
parent 4ea347e08a
commit 648ecfafe7
21 changed files with 67 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
internal/storage/sqlite/ready.go
View File

@@ -56,6 +56,7 @@ func (s *SQLiteStorage) GetReadyWork(ctx context.Context, filter types.WorkFilte
// 1. Find issues directly blocked by 'blocks' dependencies
// 2. Recursively propagate blockage to all descendants via 'parent-child' links
// 3. Exclude all blocked issues (both direct and transitive) from ready work
// #nosec G201 - safe SQL with controlled formatting
query := fmt.Sprintf(`
WITH RECURSIVE
-- Step 1: Find issues blocked directly by dependencies