johno/beads
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix gosec security warnings (bd-57)

Browse Source 
- Changed file permissions from 0644 → 0600 for JSONL exports and config files
- Changed directory permissions from 0755 → 0750 in all test code
- Updated .golangci.yml with proper exclusions for false positives
- Reduced gosec warnings from 102 to 22 (all remaining are acceptable)

Closes bd-57

Amp-Thread-ID: https://ampcode.com/threads/T-f754d957-9e42-4e74-861e-57235c7e6436
Co-authored-by: Amp <amp@ampcode.com>
This commit is contained in:
Steve Yegge
2025-10-25 13:50:32 -07:00
parent 47c915ef10
commit 9a370b5b3c
13 changed files with 44 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
cmd/bd/daemon_test.go
View File

@@ -116,7 +116,7 @@ func TestIsDaemonRunning_StalePIDFile(t *testing.T) {
tmpDir := t.TempDir()
pidFile := filepath.Join(tmpDir, "test.pid")
if err := os.WriteFile(pidFile, []byte("99999"), 0644); err != nil {
if err := os.WriteFile(pidFile, []byte("99999"), 0600); err != nil {
t.Fatalf("Failed to write PID file: %v", err)
}
@@ -212,7 +212,7 @@ func TestDaemonPIDFileManagement(t *testing.T) {
pidFile := filepath.Join(tmpDir, "daemon.pid")
testPID := 12345
if err := os.WriteFile(pidFile, []byte(strconv.Itoa(testPID)), 0644); err != nil {
if err := os.WriteFile(pidFile, []byte(strconv.Itoa(testPID)), 0600); err != nil {
t.Fatalf("Failed to write PID file: %v", err)
}
@@ -612,7 +612,7 @@ func (s *mockDaemonServer) WaitReady(timeout time.Duration) error {
}
func (s *mockDaemonServer) Start(ctx context.Context) error {
if err := os.MkdirAll(filepath.Dir(s.socketPath), 0755); err != nil {
if err := os.MkdirAll(filepath.Dir(s.socketPath), 0750); err != nil {
return fmt.Errorf("failed to create socket directory: %w", err)
}