fix: suppress gosec lint warnings for file operations
All file reads/writes are from controlled paths (.beads/, .git/, or git root).
Add #nosec comments to suppress G304 and G204 warnings.
- cmd/bd/doctor.go:664 - ReadFile from .beads/config.yaml
- cmd/bd/main.go:645 - ReadFile from .beads/{issues,beads}.jsonl
- cmd/bd/doctor/fix/database_config.go:166 - ReadFile from git root .gitattributes
- cmd/bd/doctor/fix/untracked.go:61 - exec Command with whitelisted JSONL files
This commit is contained in:
matt wilkie
@@ -678,6 +678,7 @@ func handleFreshCloneError(err error, beadsDir string) bool {
|
||||
if info, statErr := os.Stat(candidate); statErr == nil && !info.IsDir() {
|
||||
jsonlPath = candidate
|
||||
// Count lines (approximately = issue count)
|
||||
// #nosec G304 -- candidate is constructed from beadsDir which is .beads/
|
||||
if data, readErr := os.ReadFile(candidate); readErr == nil {
|
||||
for _, line := range strings.Split(string(data), "\n") {
|
||||
if strings.TrimSpace(line) != "" {
|
||||
|
||||
Reference in New Issue
Block a user