fix: resolve golangci-lint errors (errcheck, gosec, unparam)
- orphans.go: check fmt.Scanln return value - edit.go: #nosec G204 for trusted $EDITOR execution - sync_git.go: #nosec G204 for git commands with internal branch names - worktree_cmd.go: #nosec G304/G306 for .gitignore file operations - migrations: handle rows.Close() error - doctor_pollution.go: mark unused path parameter 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Steve Yegge
@@ -11,7 +11,7 @@ import (
|
||||
|
||||
// runPollutionCheck runs detailed test pollution detection
|
||||
// This integrates the detect-pollution command functionality into doctor.
|
||||
func runPollutionCheck(path string, clean bool, yes bool) {
|
||||
func runPollutionCheck(_ string, clean bool, yes bool) {
|
||||
// Ensure we have a store initialized (uses direct mode, no daemon support yet)
|
||||
if err := ensureDirectMode("pollution check requires direct mode"); err != nil {
|
||||
fmt.Fprintf(os.Stderr, "Error: %v\n", err)
|
||||
|
||||
@@ -131,6 +131,7 @@ Examples:
|
||||
_ = tmpFile.Close()
|
||||
|
||||
// Open the editor
|
||||
// #nosec G204 -- editor comes from trusted $EDITOR/$VISUAL env or known defaults
|
||||
editorCmd := exec.Command(editor, tmpPath)
|
||||
editorCmd.Stdin = os.Stdin
|
||||
editorCmd.Stdout = os.Stdout
|
||||
|
||||
@@ -64,7 +64,7 @@ Examples:
|
||||
fmt.Println()
|
||||
fmt.Printf("This will close %d orphaned issue(s). Continue? (Y/n): ", len(orphans))
|
||||
var response string
|
||||
fmt.Scanln(&response)
|
||||
_, _ = fmt.Scanln(&response)
|
||||
response = strings.ToLower(strings.TrimSpace(response))
|
||||
if response != "" && response != "y" && response != "yes" {
|
||||
fmt.Println("Canceled.")
|
||||
|
||||
@@ -58,7 +58,9 @@ func gitHasUpstream() bool {
|
||||
branch := strings.TrimSpace(string(branchOutput))
|
||||
|
||||
// Check if remote and merge refs are configured
|
||||
// #nosec G204 -- branch name comes from git symbolic-ref output
|
||||
remoteCmd := exec.Command("git", "config", "--get", fmt.Sprintf("branch.%s.remote", branch))
|
||||
// #nosec G204 -- branch name comes from git symbolic-ref output
|
||||
mergeCmd := exec.Command("git", "config", "--get", fmt.Sprintf("branch.%s.merge", branch))
|
||||
|
||||
remoteErr := remoteCmd.Run()
|
||||
@@ -106,6 +108,7 @@ func gitHasBeadsChanges(ctx context.Context) (bool, error) {
|
||||
relPath, err := filepath.Rel(repoRoot, beadsDir)
|
||||
if err != nil {
|
||||
// Fall back to absolute path if relative path fails
|
||||
// #nosec G204 -- beadsDir comes from beads.FindBeadsDir()
|
||||
statusCmd := exec.CommandContext(ctx, "git", "status", "--porcelain", beadsDir)
|
||||
statusOutput, err := statusCmd.Output()
|
||||
if err != nil {
|
||||
@@ -115,6 +118,7 @@ func gitHasBeadsChanges(ctx context.Context) (bool, error) {
|
||||
}
|
||||
|
||||
// Run git status with relative path from repo root
|
||||
// #nosec G204 -- repoRoot and relPath come from internal git helpers
|
||||
statusCmd := exec.CommandContext(ctx, "git", "-C", repoRoot, "status", "--porcelain", relPath)
|
||||
statusOutput, err := statusCmd.Output()
|
||||
if err != nil {
|
||||
@@ -378,6 +382,7 @@ func gitPull(ctx context.Context) error {
|
||||
branch := strings.TrimSpace(string(branchOutput))
|
||||
|
||||
// Get remote name for current branch (usually "origin")
|
||||
// #nosec G204 -- branch name comes from git symbolic-ref output
|
||||
remoteCmd := exec.CommandContext(ctx, "git", "config", "--get", fmt.Sprintf("branch.%s.remote", branch))
|
||||
remoteOutput, err := remoteCmd.Output()
|
||||
if err != nil {
|
||||
|
||||
@@ -565,6 +565,7 @@ func addToGitignore(repoRoot, entry string) error {
|
||||
gitignorePath := filepath.Join(repoRoot, ".gitignore")
|
||||
|
||||
// Read existing content
|
||||
// #nosec G304 -- gitignorePath is constructed from known repoRoot
|
||||
content, err := os.ReadFile(gitignorePath)
|
||||
if err != nil && !os.IsNotExist(err) {
|
||||
return err
|
||||
@@ -579,6 +580,7 @@ func addToGitignore(repoRoot, entry string) error {
|
||||
}
|
||||
|
||||
// Append entry
|
||||
// #nosec G304 -- gitignorePath is constructed from known repoRoot
|
||||
f, err := os.OpenFile(gitignorePath, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
|
||||
if err != nil {
|
||||
return err
|
||||
@@ -603,6 +605,7 @@ func addToGitignore(repoRoot, entry string) error {
|
||||
func removeFromGitignore(repoRoot, entry string) error {
|
||||
gitignorePath := filepath.Join(repoRoot, ".gitignore")
|
||||
|
||||
// #nosec G304 -- gitignorePath is constructed from known repoRoot
|
||||
content, err := os.ReadFile(gitignorePath)
|
||||
if err != nil {
|
||||
if os.IsNotExist(err) {
|
||||
@@ -629,6 +632,7 @@ func removeFromGitignore(repoRoot, entry string) error {
|
||||
newLines = append(newLines, line)
|
||||
}
|
||||
|
||||
// #nosec G306 -- .gitignore should be world-readable
|
||||
return os.WriteFile(gitignorePath, []byte(strings.Join(newLines, "\n")), 0644)
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user