fix: add nosec annotations for gosec lint warnings
This commit is contained in:
Steve Yegge
@@ -1909,7 +1909,7 @@ func checkDeletionsManifest(path string) doctorCheck {
|
|||||||
|
|
||||||
// Check if JSONL has any git history
|
// Check if JSONL has any git history
|
||||||
relPath, _ := filepath.Rel(path, jsonlPath)
|
relPath, _ := filepath.Rel(path, jsonlPath)
|
||||||
cmd := exec.Command("git", "log", "--oneline", "-1", "--", relPath)
|
cmd := exec.Command("git", "log", "--oneline", "-1", "--", relPath) // #nosec G204 - args are controlled
|
||||||
cmd.Dir = path
|
cmd.Dir = path
|
||||||
if output, err := cmd.Output(); err != nil || len(output) == 0 {
|
if output, err := cmd.Output(); err != nil || len(output) == 0 {
|
||||||
// No git history for JSONL
|
// No git history for JSONL
|
||||||
|
|||||||
@@ -192,7 +192,7 @@ func getHistoricalIDsViaDiff(repoPath, relPath string) (map[string]bool, error)
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Get file content at this commit
|
// Get file content at this commit
|
||||||
showCmd := exec.Command("git", "show", commit+":"+relPath)
|
showCmd := exec.Command("git", "show", commit+":"+relPath) // #nosec G204 - args are from git log output
|
||||||
showCmd.Dir = repoPath
|
showCmd.Dir = repoPath
|
||||||
|
|
||||||
content, err := showCmd.Output()
|
content, err := showCmd.Output()
|
||||||
|
|||||||
@@ -1238,6 +1238,7 @@ func setupGlobalGitAttributes(homeDir string, verbose bool) error {
|
|||||||
|
|
||||||
// Read existing attributes file if it exists
|
// Read existing attributes file if it exists
|
||||||
var existingContent string
|
var existingContent string
|
||||||
|
// #nosec G304 - user config path
|
||||||
if content, err := os.ReadFile(attributesPath); err == nil {
|
if content, err := os.ReadFile(attributesPath); err == nil {
|
||||||
existingContent = string(content)
|
existingContent = string(content)
|
||||||
}
|
}
|
||||||
@@ -1260,6 +1261,7 @@ func setupGlobalGitAttributes(homeDir string, verbose bool) error {
|
|||||||
newContent += beadsPattern + "\n"
|
newContent += beadsPattern + "\n"
|
||||||
|
|
||||||
// Write the updated attributes file
|
// Write the updated attributes file
|
||||||
|
// #nosec G306 - config file needs 0644
|
||||||
if err := os.WriteFile(attributesPath, []byte(newContent), 0644); err != nil {
|
if err := os.WriteFile(attributesPath, []byte(newContent), 0644); err != nil {
|
||||||
return fmt.Errorf("failed to write global gitattributes: %w", err)
|
return fmt.Errorf("failed to write global gitattributes: %w", err)
|
||||||
}
|
}
|
||||||
@@ -1329,6 +1331,7 @@ func setupGlobalGitIgnore(homeDir string, verbose bool) error {
|
|||||||
|
|
||||||
// Read existing ignore file if it exists
|
// Read existing ignore file if it exists
|
||||||
var existingContent string
|
var existingContent string
|
||||||
|
// #nosec G304 - user config path
|
||||||
if content, err := os.ReadFile(ignorePath); err == nil {
|
if content, err := os.ReadFile(ignorePath); err == nil {
|
||||||
existingContent = string(content)
|
existingContent = string(content)
|
||||||
}
|
}
|
||||||
@@ -1365,6 +1368,7 @@ func setupGlobalGitIgnore(homeDir string, verbose bool) error {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Write the updated ignore file
|
// Write the updated ignore file
|
||||||
|
// #nosec G306 - config file needs 0644
|
||||||
if err := os.WriteFile(ignorePath, []byte(newContent), 0644); err != nil {
|
if err := os.WriteFile(ignorePath, []byte(newContent), 0644); err != nil {
|
||||||
return fmt.Errorf("failed to write global gitignore: %w", err)
|
return fmt.Errorf("failed to write global gitignore: %w", err)
|
||||||
}
|
}
|
||||||
@@ -1388,6 +1392,7 @@ func setupClaudeSettings(verbose bool) error {
|
|||||||
|
|
||||||
// Check if settings.local.json already exists
|
// Check if settings.local.json already exists
|
||||||
var existingSettings map[string]interface{}
|
var existingSettings map[string]interface{}
|
||||||
|
// #nosec G304 - user config path
|
||||||
if content, err := os.ReadFile(settingsPath); err == nil {
|
if content, err := os.ReadFile(settingsPath); err == nil {
|
||||||
if err := json.Unmarshal(content, &existingSettings); err != nil {
|
if err := json.Unmarshal(content, &existingSettings); err != nil {
|
||||||
existingSettings = make(map[string]interface{})
|
existingSettings = make(map[string]interface{})
|
||||||
@@ -1425,6 +1430,7 @@ func setupClaudeSettings(verbose bool) error {
|
|||||||
return fmt.Errorf("failed to marshal settings JSON: %w", err)
|
return fmt.Errorf("failed to marshal settings JSON: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// #nosec G306 - config file needs 0644
|
||||||
if err := os.WriteFile(settingsPath, updatedContent, 0644); err != nil {
|
if err := os.WriteFile(settingsPath, updatedContent, 0644); err != nil {
|
||||||
return fmt.Errorf("failed to write claude settings: %w", err)
|
return fmt.Errorf("failed to write claude settings: %w", err)
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -104,7 +104,7 @@ func AppendDeletion(path string, record DeletionRecord) error {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Open file for appending (create if not exists)
|
// Open file for appending (create if not exists)
|
||||||
f, err := os.OpenFile(path, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644) // #nosec G304 - controlled path
|
f, err := os.OpenFile(path, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644) // #nosec G302,G304 - controlled path, 0644 needed for git
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("failed to open deletions file for append: %w", err)
|
return fmt.Errorf("failed to open deletions file for append: %w", err)
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user