johno/beads
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(lint): address gosec, misspell, and unparam warnings

Browse Source 
- gate.go: fix "cancelled" → "canceled" misspelling, add #nosec for
  validated GitHub IDs in exec.Command, mark checkTimer escalated as
  intentionally false, rename unused ctx param
- sync_divergence.go: add #nosec for git commands with validated paths,
  mark unused path param
- sync_branch.go: add #nosec for .git/info/exclude permissions
- setup.go: add #nosec for config file permissions
- recipes.go: add #nosec for validated config file paths
- external_deps.go: add #nosec for SQL with generated placeholders

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
beads/crew/fang
2026-01-05 22:06:52 -08:00
committed by Steve Yegge
parent ee179f5b6d
commit 7b0f398f11
6 changed files with 19 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
cmd/bd/doctor/sync_divergence.go
View File

@@ -124,7 +124,7 @@ func checkJSONLGitDivergence(path, beadsDir string) *SyncDivergenceIssue {
}
// Check if file is tracked by git
cmd := exec.Command("git", "ls-files", "--error-unmatch", relPath)
cmd := exec.Command("git", "ls-files", "--error-unmatch", relPath) // #nosec G204 -- relPath is derived from validated file path
cmd.Dir = path
if err := cmd.Run(); err != nil {
// File not tracked by git
@@ -132,7 +132,7 @@ func checkJSONLGitDivergence(path, beadsDir string) *SyncDivergenceIssue {
}
// Compare current file with HEAD
cmd = exec.Command("git", "diff", "--quiet", "HEAD", "--", relPath)
cmd = exec.Command("git", "diff", "--quiet", "HEAD", "--", relPath) // #nosec G204 -- relPath is derived from validated file path
cmd.Dir = path
if err := cmd.Run(); err != nil {
// Exit code non-zero means there are differences
@@ -147,7 +147,7 @@ func checkJSONLGitDivergence(path, beadsDir string) *SyncDivergenceIssue {
}
// checkSQLiteMtimeDivergence checks if SQLite last_import_time matches JSONL mtime.
func checkSQLiteMtimeDivergence(path, beadsDir string) *SyncDivergenceIssue {
func checkSQLiteMtimeDivergence(_, beadsDir string) *SyncDivergenceIssue { //nolint:unparam // path reserved for future use
// Get database path
dbPath := filepath.Join(beadsDir, beads.CanonicalDatabaseName)
if cfg, err := configfile.Load(beadsDir); err == nil && cfg != nil && cfg.Database != "" {
@@ -235,7 +235,7 @@ func checkUncommittedBeadsChanges(path, beadsDir string) *SyncDivergenceIssue {
}
// Check for uncommitted changes in .beads/
cmd := exec.Command("git", "status", "--porcelain", "--", relBeadsDir)
cmd := exec.Command("git", "status", "--porcelain", "--", relBeadsDir) // #nosec G204 -- relBeadsDir is derived from validated path
cmd.Dir = path
out, err := cmd.Output()
if err != nil {