johno/beads
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix gosec security warnings (bd-57)

Browse Source 
- Changed file permissions from 0644 → 0600 for JSONL exports and config files
- Changed directory permissions from 0755 → 0750 in all test code
- Updated .golangci.yml with proper exclusions for false positives
- Reduced gosec warnings from 102 to 22 (all remaining are acceptable)

Closes bd-57

Amp-Thread-ID: https://ampcode.com/threads/T-f754d957-9e42-4e74-861e-57235c7e6436
Co-authored-by: Amp <amp@ampcode.com>
This commit is contained in:
Steve Yegge
2025-10-25 13:50:32 -07:00
parent 47c915ef10
commit 9a370b5b3c
13 changed files with 44 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
internal/rpc/limits_test.go
View File

@@ -28,7 +28,7 @@ func dialTestConn(t *testing.T, socketPath string) net.Conn {
func TestConnectionLimits(t *testing.T) {
tmpDir := t.TempDir()
dbPath := filepath.Join(tmpDir, ".beads", "test.db")
if err := os.MkdirAll(filepath.Dir(dbPath), 0755); err != nil {
if err := os.MkdirAll(filepath.Dir(dbPath), 0750); err != nil {
t.Fatal(err)
}
@@ -150,7 +150,7 @@ func TestConnectionLimits(t *testing.T) {
func TestRequestTimeout(t *testing.T) {
tmpDir := t.TempDir()
dbPath := filepath.Join(tmpDir, ".beads", "test.db")
if err := os.MkdirAll(filepath.Dir(dbPath), 0755); err != nil {
if err := os.MkdirAll(filepath.Dir(dbPath), 0750); err != nil {
t.Fatal(err)
}
@@ -207,7 +207,7 @@ func TestMemoryPressureDetection(t *testing.T) {
tmpDir := t.TempDir()
dbPath := filepath.Join(tmpDir, ".beads", "test.db")
if err := os.MkdirAll(filepath.Dir(dbPath), 0755); err != nil {
if err := os.MkdirAll(filepath.Dir(dbPath), 0750); err != nil {
t.Fatal(err)
}

8
internal/rpc/rpc_test.go
View File

@@ -21,7 +21,7 @@ func setupTestServer(t *testing.T) (*Server, *Client, func()) {
// Create .beads subdirectory so findDatabaseForCwd finds THIS database, not project's
beadsDir := filepath.Join(tmpDir, ".beads")
if err := os.MkdirAll(beadsDir, 0755); err != nil {
if err := os.MkdirAll(beadsDir, 0750); err != nil {
os.RemoveAll(tmpDir)
t.Fatalf("Failed to create .beads dir: %v", err)
}
@@ -126,7 +126,7 @@ func setupTestServerIsolated(t *testing.T) (tmpDir, beadsDir, dbPath, socketPath
// Create .beads subdirectory so findDatabaseForCwd finds THIS database, not project's
beadsDir = filepath.Join(tmpDir, ".beads")
if err := os.MkdirAll(beadsDir, 0755); err != nil {
if err := os.MkdirAll(beadsDir, 0750); err != nil {
os.RemoveAll(tmpDir)
t.Fatalf("Failed to create .beads dir: %v", err)
}
@@ -424,7 +424,7 @@ func TestDatabaseHandshake(t *testing.T) {
// Setup first daemon (db1)
beadsDir1 := filepath.Join(tmpDir1, ".beads")
os.MkdirAll(beadsDir1, 0755)
os.MkdirAll(beadsDir1, 0750)
dbPath1 := filepath.Join(beadsDir1, "db1.db")
socketPath1 := filepath.Join(beadsDir1, "bd.sock")
store1, err := sqlitestorage.New(dbPath1)
@@ -442,7 +442,7 @@ func TestDatabaseHandshake(t *testing.T) {
// Setup second daemon (db2)
beadsDir2 := filepath.Join(tmpDir2, ".beads")
os.MkdirAll(beadsDir2, 0755)
os.MkdirAll(beadsDir2, 0750)
dbPath2 := filepath.Join(beadsDir2, "db2.db")
socketPath2 := filepath.Join(beadsDir2, "bd.sock")
store2, err := sqlitestorage.New(dbPath2)