johno/beads
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix gosec security warnings (bd-57)

Browse Source 
- Changed file permissions from 0644 → 0600 for JSONL exports and config files
- Changed directory permissions from 0755 → 0750 in all test code
- Updated .golangci.yml with proper exclusions for false positives
- Reduced gosec warnings from 102 to 22 (all remaining are acceptable)

Closes bd-57

Amp-Thread-ID: https://ampcode.com/threads/T-f754d957-9e42-4e74-861e-57235c7e6436
Co-authored-by: Amp <amp@ampcode.com>
This commit is contained in:
Steve Yegge
2025-10-25 13:50:32 -07:00
parent 47c915ef10
commit 9a370b5b3c
13 changed files with 44 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files
beads_multidb_test.go
+7 -7
View File
@@ -30,28 +30,28 @@ func TestFindAllDatabases(t *testing.T) {
// Root .beads
rootBeads := filepath.Join(tmpDir, ".beads")
if err := os.MkdirAll(rootBeads, 0755); err != nil {
if err := os.MkdirAll(rootBeads, 0750); err != nil {
t.Fatal(err)
}
rootDB := filepath.Join(rootBeads, "test.db")
if err := os.WriteFile(rootDB, []byte("fake db"), 0644); err != nil {
if err := os.WriteFile(rootDB, []byte("fake db"), 0600); err != nil {
t.Fatal(err)
}
// Project1 .beads
project1Dir := filepath.Join(tmpDir, "project1")
project1Beads := filepath.Join(project1Dir, ".beads")
if err := os.MkdirAll(project1Beads, 0755); err != nil {
if err := os.MkdirAll(project1Beads, 0750); err != nil {
t.Fatal(err)
}
project1DB := filepath.Join(project1Beads, "project1.db")
if err := os.WriteFile(project1DB, []byte("fake db"), 0644); err != nil {
if err := os.WriteFile(project1DB, []byte("fake db"), 0600); err != nil {
t.Fatal(err)
}
// Subdir for working directory
subdir := filepath.Join(project1Dir, "subdir")
if err := os.MkdirAll(subdir, 0755); err != nil {
if err := os.MkdirAll(subdir, 0750); err != nil {
t.Fatal(err)
}
@@ -107,11 +107,11 @@ func TestFindAllDatabases_Single(t *testing.T) {
// Create .beads directory with database
beadsDir := filepath.Join(tmpDir, ".beads")
if err := os.MkdirAll(beadsDir, 0755); err != nil {
if err := os.MkdirAll(beadsDir, 0750); err != nil {
t.Fatal(err)
}
dbPath := filepath.Join(beadsDir, "test.db")
if err := os.WriteFile(dbPath, []byte("fake db"), 0644); err != nil {
if err := os.WriteFile(dbPath, []byte("fake db"), 0600); err != nil {
t.Fatal(err)
}