johno/beads
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix gosec security warnings (bd-57)

Browse Source 
- Changed file permissions from 0644 → 0600 for JSONL exports and config files
- Changed directory permissions from 0755 → 0750 in all test code
- Updated .golangci.yml with proper exclusions for false positives
- Reduced gosec warnings from 102 to 22 (all remaining are acceptable)

Closes bd-57

Amp-Thread-ID: https://ampcode.com/threads/T-f754d957-9e42-4e74-861e-57235c7e6436
Co-authored-by: Amp <amp@ampcode.com>
This commit is contained in:
Steve Yegge
2025-10-25 13:50:32 -07:00
parent 47c915ef10
commit 9a370b5b3c
13 changed files with 44 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
.golangci.yml
View File

@@ -43,8 +43,16 @@ issues:
exclude:
- "var-naming: avoid meaningless package names"
- "exported.*SQLiteStorage.*stutters"
- "G201: SQL string formatting"
- "G301: Expect directory permissions"
- "G204: Subprocess launched"
- "G115: integer overflow conversion"
- "G304.*file inclusion via variable"
- "G201: SQL string formatting" # Safe: SQL is constructed from constants
- "G204: Subprocess launched" # Safe: git/bd commands from trusted sources
- "G115: integer overflow conversion" # Safe: controlled conversions
exclude-rules:
# G304: File inclusion via variable in tests is safe (test data)
- path: _test\.go
linters:
- gosec
text: "G304.*file inclusion via variable"
# G302/G306: Directory permissions 0700/0750 are acceptable
- linters:
- gosec
text: "G302.*0700|G301.*0750"