fix: Address golangci-lint errors (errcheck, gosec) (#76)
Apply PR #76 from dannomayernotabot: - Add golangci exclusions for internal package false positives - Tighten file permissions (0644 -> 0600) for sensitive files - Add ReadHeaderTimeout to HTTP server (slowloris prevention) - Explicit error ignoring with _ = for intentional cases - Add //nolint comments with justifications - Spelling: cancelled -> canceled (US locale) Co-Authored-By: dannomayernotabot <noreply@github.com> 🤖 Generated with Claude Code
This commit is contained in:
@@ -112,7 +112,7 @@ func (m *Mailbox) listBeads() ([]*Message, error) {
|
||||
// listFromDir queries messages from a beads directory.
|
||||
// Returns messages where identity is the assignee OR a CC recipient.
|
||||
// Includes both open and hooked messages (hooked = auto-assigned handoff mail).
|
||||
func (m *Mailbox) listFromDir(beadsDir string) ([]*Message, error) {
|
||||
func (m *Mailbox) listFromDir(beadsDir string) ([]*Message, error) { //nolint:unparam // error return kept for future use
|
||||
seen := make(map[string]bool)
|
||||
var messages []*Message
|
||||
|
||||
@@ -346,7 +346,7 @@ func (m *Mailbox) closeInDir(id, beadsDir string) error {
|
||||
if sessionID := os.Getenv("CLAUDE_SESSION_ID"); sessionID != "" {
|
||||
args = append(args, "--session="+sessionID)
|
||||
}
|
||||
cmd := exec.Command("bd", args...)
|
||||
cmd := exec.Command("bd", args...) //nolint:gosec // G204: bd is a trusted internal tool
|
||||
cmd.Dir = m.workDir
|
||||
cmd.Env = append(cmd.Environ(), "BEADS_DIR="+beadsDir)
|
||||
|
||||
@@ -506,7 +506,7 @@ func (m *Mailbox) appendToArchive(msg *Message) error {
|
||||
}
|
||||
|
||||
// Open for append
|
||||
file, err := os.OpenFile(archivePath, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
|
||||
file, err := os.OpenFile(archivePath, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644) //nolint:gosec // G302: archive is non-sensitive operational data
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@@ -740,7 +740,7 @@ func (m *Mailbox) appendLegacy(msg *Message) error {
|
||||
}
|
||||
|
||||
// Open for append
|
||||
file, err := os.OpenFile(m.path, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
|
||||
file, err := os.OpenFile(m.path, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0600)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
@@ -184,7 +184,7 @@ func detectTownRoot(startDir string) string {
|
||||
// - Rig-level beads ({rig}/.beads) are for project issues only, not mail
|
||||
//
|
||||
// This ensures messages are visible to all agents in the town.
|
||||
func (r *Router) resolveBeadsDir(address string) string {
|
||||
func (r *Router) resolveBeadsDir(_ string) string { // address unused: all mail uses town-level beads
|
||||
// If no town root, fall back to workDir's .beads
|
||||
if r.townRoot == "" {
|
||||
return filepath.Join(r.workDir, ".beads")
|
||||
@@ -622,7 +622,7 @@ func (r *Router) sendToSingle(msg *Message) error {
|
||||
}
|
||||
|
||||
beadsDir := r.resolveBeadsDir(msg.To)
|
||||
cmd := exec.Command("bd", args...)
|
||||
cmd := exec.Command("bd", args...) //nolint:gosec // G204: bd is a trusted internal tool
|
||||
cmd.Env = append(cmd.Environ(),
|
||||
"BEADS_DIR="+beadsDir,
|
||||
)
|
||||
@@ -744,7 +744,7 @@ func (r *Router) sendToQueue(msg *Message) error {
|
||||
|
||||
// Queue messages go to town-level beads (shared location)
|
||||
beadsDir := r.resolveBeadsDir("")
|
||||
cmd := exec.Command("bd", args...)
|
||||
cmd := exec.Command("bd", args...) //nolint:gosec // G204: args are constructed internally, not from user input
|
||||
cmd.Env = append(cmd.Environ(),
|
||||
"BEADS_DIR="+beadsDir,
|
||||
)
|
||||
@@ -827,7 +827,7 @@ func (r *Router) sendToAnnounce(msg *Message) error {
|
||||
|
||||
// Announce messages go to town-level beads (shared location)
|
||||
beadsDir := r.resolveBeadsDir("")
|
||||
cmd := exec.Command("bd", args...)
|
||||
cmd := exec.Command("bd", args...) //nolint:gosec // G204: args are constructed internally, not from user input
|
||||
cmd.Env = append(cmd.Environ(),
|
||||
"BEADS_DIR="+beadsDir,
|
||||
)
|
||||
@@ -869,7 +869,7 @@ func (r *Router) pruneAnnounce(announceName string, retainCount int) error {
|
||||
"--asc", // Oldest first
|
||||
}
|
||||
|
||||
cmd := exec.Command("bd", args...)
|
||||
cmd := exec.Command("bd", args...) //nolint:gosec // G204: args are constructed internally
|
||||
cmd.Env = append(cmd.Environ(), "BEADS_DIR="+beadsDir)
|
||||
cmd.Dir = filepath.Dir(beadsDir)
|
||||
|
||||
@@ -904,7 +904,7 @@ func (r *Router) pruneAnnounce(announceName string, retainCount int) error {
|
||||
// Delete oldest messages
|
||||
for i := 0; i < toDelete && i < len(messages); i++ {
|
||||
deleteArgs := []string{"close", messages[i].ID, "--reason=retention pruning"}
|
||||
deleteCmd := exec.Command("bd", deleteArgs...)
|
||||
deleteCmd := exec.Command("bd", deleteArgs...) //nolint:gosec // G204: args are constructed internally
|
||||
deleteCmd.Env = append(deleteCmd.Environ(), "BEADS_DIR="+beadsDir)
|
||||
deleteCmd.Dir = filepath.Dir(beadsDir)
|
||||
|
||||
|
||||
Reference in New Issue
Block a user