fix: suppress gosec lint warnings for file operations
All file reads/writes are from controlled paths (.beads/, .git/, or git root).
Add #nosec comments to suppress G304 and G204 warnings.
- cmd/bd/doctor.go:664 - ReadFile from .beads/config.yaml
- cmd/bd/main.go:645 - ReadFile from .beads/{issues,beads}.jsonl
- cmd/bd/doctor/fix/database_config.go:166 - ReadFile from git root .gitattributes
- cmd/bd/doctor/fix/untracked.go:61 - exec Command with whitelisted JSONL files
This commit is contained in:
matt wilkie
@@ -163,6 +163,7 @@ func LegacyJSONLConfig(path string) error {
|
||||
|
||||
// Update .gitattributes if it references beads.jsonl
|
||||
gitattrsPath := filepath.Join(path, ".gitattributes")
|
||||
// #nosec G304 -- gitattrsPath is constructed from path which is the git root
|
||||
if content, err := os.ReadFile(gitattrsPath); err == nil {
|
||||
if strings.Contains(string(content), ".beads/beads.jsonl") {
|
||||
newContent := strings.ReplaceAll(string(content), ".beads/beads.jsonl", ".beads/issues.jsonl")
|
||||
|
||||
@@ -58,6 +58,7 @@ func UntrackedJSONL(path string) error {
|
||||
continue
|
||||
}
|
||||
|
||||
// #nosec G204 -- file is validated against a whitelist of JSONL files
|
||||
addCmd := exec.Command("git", "add", file)
|
||||
addCmd.Dir = path
|
||||
if err := addCmd.Run(); err != nil {
|
||||
|
||||
Reference in New Issue
Block a user