johno/gastown
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix: Address golangci-lint errors (errcheck, gosec) (#76)

Browse Source 
Apply PR #76 from dannomayernotabot:

- Add golangci exclusions for internal package false positives
- Tighten file permissions (0644 -> 0600) for sensitive files
- Add ReadHeaderTimeout to HTTP server (slowloris prevention)
- Explicit error ignoring with _ = for intentional cases
- Add //nolint comments with justifications
- Spelling: cancelled -> canceled (US locale)

Co-Authored-By: dannomayernotabot <noreply@github.com>

🤖 Generated with Claude Code
This commit is contained in:
max
2026-01-03 16:11:40 -08:00
committed by Steve Yegge
parent 62848065e3
commit 1b69576573
82 changed files with 325 additions and 355 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
internal/beads/audit.go
View File

@@ -84,7 +84,7 @@ func (b *Beads) LogDetachAudit(entry DetachAuditEntry) error {
}
// Append to audit log file
f, err := os.OpenFile(auditPath, os.O_CREATE|os.O_APPEND|os.O_WRONLY, 0644)
f, err := os.OpenFile(auditPath, os.O_CREATE|os.O_APPEND|os.O_WRONLY, 0600) //nolint:gosec // G304: path is constructed internally
if err != nil {
return fmt.Errorf("opening audit log: %w", err)
}

4
internal/beads/beads.go
View File

@@ -39,7 +39,7 @@ func ResolveBeadsDir(workDir string) string {
redirectPath := filepath.Join(beadsDir, "redirect")
// Check for redirect file
data, err := os.ReadFile(redirectPath)
data, err := os.ReadFile(redirectPath) //nolint:gosec // G304: path is constructed internally
if err != nil {
// No redirect, use local .beads
return beadsDir
@@ -229,7 +229,7 @@ func (b *Beads) run(args ...string) ([]byte, error) {
// Use --no-daemon for faster read operations (avoids daemon IPC overhead)
// The daemon is primarily useful for write coalescing, not reads
fullArgs := append([]string{"--no-daemon"}, args...)
cmd := exec.Command("bd", fullArgs...)
cmd := exec.Command("bd", fullArgs...) //nolint:gosec // G204: bd is a trusted internal tool
cmd.Dir = b.workDir
// Set BEADS_DIR if specified (enables cross-database access)

2
internal/beads/catalog.go
View File

@@ -113,7 +113,7 @@ func (c *MoleculeCatalog) Count() int {
// Each line should be a JSON object with id, title, and description fields.
// The source parameter is added to each loaded molecule.
func (c *MoleculeCatalog) LoadFromFile(path, source string) error {
file, err := os.Open(path)
file, err := os.Open(path) //nolint:gosec // G304: path is from trusted molecule catalog locations
if err != nil {
return err
}

4
internal/beads/daemon.go
View File

@@ -111,10 +111,10 @@ func EnsureBdDaemonHealth(workDir string) string {
}
// restartBdDaemons restarts all bd daemons.
func restartBdDaemons() error {
func restartBdDaemons() error { //nolint:unparam // error return kept for future use
// Stop all daemons first
stopCmd := exec.Command("bd", "daemon", "killall")
stopCmd.Run() // Ignore errors - daemons might not be running
_ = stopCmd.Run() // Ignore errors - daemons might not be running
// Give time for cleanup
time.Sleep(200 * time.Millisecond)