johno/gastown
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix: Address golangci-lint errors (errcheck, gosec) (#76)

Browse Source 
Apply PR #76 from dannomayernotabot:

- Add golangci exclusions for internal package false positives
- Tighten file permissions (0644 -> 0600) for sensitive files
- Add ReadHeaderTimeout to HTTP server (slowloris prevention)
- Explicit error ignoring with _ = for intentional cases
- Add //nolint comments with justifications
- Spelling: cancelled -> canceled (US locale)

Co-Authored-By: dannomayernotabot <noreply@github.com>

🤖 Generated with Claude Code
This commit is contained in:
max
2026-01-03 16:11:40 -08:00
committed by Steve Yegge
parent 62848065e3
commit 1b69576573
82 changed files with 325 additions and 355 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
.golangci.yml
View File

@@ -29,6 +29,11 @@ linters:
- (os).Chdir
- (os).MkdirAll
- (fmt).Sscanf
# fmt.Fprintf/Fprintln errors are typically safe to ignore for logging
- fmt.Fprintf
- fmt.Fprintln
- (fmt).Fprintf
- (fmt).Fprintln
misspell:
locale: US
@@ -39,17 +44,30 @@ linters:
linters:
- gosec
text: "G304"
# G304: Config/state file loading uses constructed paths, not user input
# All internal packages read files from constructed paths, not user input
- path: 'internal/'
linters:
- gosec
text: "G304"
# G306: File permissions 0644 in tests are acceptable (test fixtures)
- path: '_test\.go'
linters:
- gosec
text: "G306"
# G302/G306: Non-sensitive operational files (state, config, logs) can use 0644
# Internal packages write non-sensitive operational data files
- path: 'internal/'
linters:
- gosec
text: "G306|G302"
# G302/G306: Directory/file permissions 0700/0750 are acceptable
- linters:
- gosec
text: "G302.*0700|G301.*0750"
# G204: Safe subprocess launches with validated arguments (tmux, git, etc.)
- path: 'internal/tmux/|internal/git/|internal/cmd/'
# G204: Safe subprocess launches with validated arguments (internal tools)
# All internal packages use subprocess calls for trusted internal tools
- path: 'internal/'
linters:
- gosec
text: 'G204'