johno/beads
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: suppress gosec lint warnings for file operations

Browse Source 
All file reads/writes are from controlled paths (.beads/, .git/, or git root).
Add #nosec comments to suppress G304 and G204 warnings.

- cmd/bd/doctor.go:664 - ReadFile from .beads/config.yaml
- cmd/bd/main.go:645 - ReadFile from .beads/{issues,beads}.jsonl
- cmd/bd/doctor/fix/database_config.go:166 - ReadFile from git root .gitattributes
- cmd/bd/doctor/fix/untracked.go:61 - exec Command with whitelisted JSONL files
This commit is contained in:
matt wilkie
2025-11-29 00:44:23 -07:00
parent f134a3d658
commit dee16db0c0
6 changed files with 62 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
cmd/bd/doctor.go
View File

@@ -661,6 +661,7 @@ func checkDatabaseVersion(path string) doctorCheck {
// Check config.yaml for no-db: true
configPath := filepath.Join(beadsDir, "config.yaml")
isNoDbMode := false
// #nosec G304 -- configPath is constructed from beadsDir which is in .beads/
if configData, err := os.ReadFile(configPath); err == nil {
// Simple check for no-db: true in config.yaml
isNoDbMode = strings.Contains(string(configData), "no-db: true")