diff --git a/beads_test.go b/beads_test.go index 5bae9828..31f91e88 100644 --- a/beads_test.go +++ b/beads_test.go @@ -49,7 +49,7 @@ func TestFindJSONLPath(t *testing.T) { } jsonlPath := beads.FindJSONLPath(dbPath) - expectedPath := filepath.Join(tmpDir, ".beads", "issues.jsonl") + expectedPath := filepath.Join(tmpDir, ".beads", "beads.jsonl") if jsonlPath != expectedPath { t.Errorf("FindJSONLPath returned %s, expected %s", jsonlPath, expectedPath) diff --git a/cmd/bd/doctor/fix/sync_branch.go b/cmd/bd/doctor/fix/sync_branch.go index 354d4a7c..b7058203 100644 --- a/cmd/bd/doctor/fix/sync_branch.go +++ b/cmd/bd/doctor/fix/sync_branch.go @@ -32,6 +32,7 @@ func SyncBranchConfig(path string) error { } // Set sync.branch using bd config set + // #nosec G204 - bdBinary is controlled by getBdBinary() which returns os.Executable() setCmd := exec.Command(bdBinary, "config", "set", "sync.branch", currentBranch) setCmd.Dir = path if output, err := setCmd.CombinedOutput(); err != nil { diff --git a/cmd/bd/main_test.go b/cmd/bd/main_test.go index 11e0ce1a..675cca15 100644 --- a/cmd/bd/main_test.go +++ b/cmd/bd/main_test.go @@ -178,7 +178,7 @@ func TestAutoFlushJSONLContent(t *testing.T) { dbPath = filepath.Join(tmpDir, "test.db") // The actual JSONL path - findJSONLPath() will determine this // but in tests it appears to be issues.jsonl in the same directory as the db - expectedJSONLPath := filepath.Join(tmpDir, "issues.jsonl") + expectedJSONLPath := filepath.Join(tmpDir, "beads.jsonl") // Create store testStore := newTestStore(t, dbPath) diff --git a/cmd/bd/onboard.go b/cmd/bd/onboard.go index bd954dde..1b96fec5 100644 --- a/cmd/bd/onboard.go +++ b/cmd/bd/onboard.go @@ -434,6 +434,7 @@ It is auto-generated and version-stamped to track bd upgrades. // generateBDGuide creates a version-stamped BD_GUIDE.md file func generateBDGuide(outputPath string) error { // Create output file + // #nosec G304 - outputPath is a user-provided flag value for file generation f, err := os.Create(outputPath) if err != nil { return fmt.Errorf("failed to create output file: %w", err) @@ -496,7 +497,7 @@ with bd upgrades) from project-specific instructions in AGENTS.md.`, if outputPath != "" { // Generate BD_GUIDE.md instead of onboarding instructions if err := generateBDGuide(outputPath); err != nil { - fmt.Fprintf(cmd.ErrOrStderr(), "Error generating BD_GUIDE.md: %v\n", err) + _, _ = fmt.Fprintf(cmd.ErrOrStderr(), "Error generating BD_GUIDE.md: %v\n", err) os.Exit(1) } fmt.Printf("✓ Generated %s (bd v%s)\n", outputPath, Version) diff --git a/cmd/bd/test_wait_helper.go b/cmd/bd/test_wait_helper.go index 347d58d7..78d965c5 100644 --- a/cmd/bd/test_wait_helper.go +++ b/cmd/bd/test_wait_helper.go @@ -39,27 +39,27 @@ func setupGitRepo(t *testing.T) (repoPath string, cleanup func()) { // Initialize git repo if err := exec.Command("git", "init").Run(); err != nil { - os.Chdir(originalWd) + _ = os.Chdir(originalWd) t.Fatalf("failed to init git repo: %v", err) } // Configure git - exec.Command("git", "config", "user.email", "test@test.com").Run() - exec.Command("git", "config", "user.name", "Test User").Run() + _ = exec.Command("git", "config", "user.email", "test@test.com").Run() + _ = exec.Command("git", "config", "user.name", "Test User").Run() // Create initial commit - if err := os.WriteFile("test.txt", []byte("test"), 0644); err != nil { - os.Chdir(originalWd) + if err := os.WriteFile("test.txt", []byte("test"), 0600); err != nil { + _ = os.Chdir(originalWd) t.Fatalf("failed to write test file: %v", err) } - exec.Command("git", "add", "test.txt").Run() + _ = exec.Command("git", "add", "test.txt").Run() if err := exec.Command("git", "commit", "-m", "initial").Run(); err != nil { - os.Chdir(originalWd) + _ = os.Chdir(originalWd) t.Fatalf("failed to create initial commit: %v", err) } cleanup = func() { - os.Chdir(originalWd) + _ = os.Chdir(originalWd) } return tmpDir, cleanup @@ -82,27 +82,27 @@ func setupGitRepoWithBranch(t *testing.T, branch string) (repoPath string, clean // Initialize git repo with specific branch if err := exec.Command("git", "init", "-b", branch).Run(); err != nil { - os.Chdir(originalWd) + _ = os.Chdir(originalWd) t.Fatalf("failed to init git repo: %v", err) } // Configure git - exec.Command("git", "config", "user.email", "test@test.com").Run() - exec.Command("git", "config", "user.name", "Test User").Run() + _ = exec.Command("git", "config", "user.email", "test@test.com").Run() + _ = exec.Command("git", "config", "user.name", "Test User").Run() // Create initial commit - if err := os.WriteFile("test.txt", []byte("test"), 0644); err != nil { - os.Chdir(originalWd) + if err := os.WriteFile("test.txt", []byte("test"), 0600); err != nil { + _ = os.Chdir(originalWd) t.Fatalf("failed to write test file: %v", err) } - exec.Command("git", "add", "test.txt").Run() + _ = exec.Command("git", "add", "test.txt").Run() if err := exec.Command("git", "commit", "-m", "initial").Run(); err != nil { - os.Chdir(originalWd) + _ = os.Chdir(originalWd) t.Fatalf("failed to create initial commit: %v", err) } cleanup = func() { - os.Chdir(originalWd) + _ = os.Chdir(originalWd) } return tmpDir, cleanup @@ -125,16 +125,16 @@ func setupMinimalGitRepo(t *testing.T) (repoPath string, cleanup func()) { // Initialize git repo if err := exec.Command("git", "init").Run(); err != nil { - os.Chdir(originalWd) + _ = os.Chdir(originalWd) t.Fatalf("failed to init git repo: %v", err) } // Configure git - exec.Command("git", "config", "user.email", "test@test.com").Run() - exec.Command("git", "config", "user.name", "Test User").Run() + _ = exec.Command("git", "config", "user.email", "test@test.com").Run() + _ = exec.Command("git", "config", "user.name", "Test User").Run() cleanup = func() { - os.Chdir(originalWd) + _ = os.Chdir(originalWd) } return tmpDir, cleanup diff --git a/cmd/bd/version_tracking.go b/cmd/bd/version_tracking.go index 815c4b2d..804db314 100644 --- a/cmd/bd/version_tracking.go +++ b/cmd/bd/version_tracking.go @@ -146,6 +146,7 @@ func checkAndSuggestBDGuideUpdate() { } // Read first few lines to check version stamp + // #nosec G304 - guidePath is constructed from beadsDir + constant string content, err := os.ReadFile(guidePath) if err != nil { return // Silent failure diff --git a/internal/beads/beads_test.go b/internal/beads/beads_test.go index c538a597..4432086c 100644 --- a/internal/beads/beads_test.go +++ b/internal/beads/beads_test.go @@ -168,9 +168,9 @@ func TestFindJSONLPathDefault(t *testing.T) { // Create a fake database path (no .jsonl files exist) dbPath := filepath.Join(tmpDir, "test.db") - // Should return default issues.jsonl + // Should return default beads.jsonl result := FindJSONLPath(dbPath) - expected := filepath.Join(tmpDir, "issues.jsonl") + expected := filepath.Join(tmpDir, "beads.jsonl") if result != expected { t.Errorf("Expected '%s', got '%s'", expected, result) }