johno/gastown
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix: Address golangci-lint errors (errcheck, gosec) (#76)

Browse Source 
Apply PR #76 from dannomayernotabot:

- Add golangci exclusions for internal package false positives
- Tighten file permissions (0644 -> 0600) for sensitive files
- Add ReadHeaderTimeout to HTTP server (slowloris prevention)
- Explicit error ignoring with _ = for intentional cases
- Add //nolint comments with justifications
- Spelling: cancelled -> canceled (US locale)

Co-Authored-By: dannomayernotabot <noreply@github.com>

🤖 Generated with Claude Code
This commit is contained in:
max
2026-01-03 16:11:40 -08:00
committed by Steve Yegge
parent 62848065e3
commit 1b69576573
82 changed files with 325 additions and 355 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
internal/tui/convoy/model.go
View File

@@ -142,7 +142,7 @@ func loadTrackedIssues(townBeads, convoyID string) ([]IssueItem, int, int) {
WHERE d.issue_id = '%s' AND d.type = 'tracks'
`, convoyID)
cmd := exec.CommandContext(ctx, "sqlite3", "-json", dbPath, query)
cmd := exec.CommandContext(ctx, "sqlite3", "-json", dbPath, query) //nolint:gosec // G204: sqlite3 with controlled query
var stdout bytes.Buffer
cmd.Stdout = &stdout
@@ -210,7 +210,7 @@ func getIssueDetailsBatch(townBeads string, issueIDs []string) map[string]IssueI
args := append([]string{"show"}, issueIDs...)
args = append(args, "--json")
cmd := exec.CommandContext(ctx, "bd", args...)
cmd := exec.CommandContext(ctx, "bd", args...) //nolint:gosec // G204: bd is a trusted internal tool
cmd.Dir = townBeads
var stdout bytes.Buffer
cmd.Stdout = &stdout

4
internal/tui/feed/convoy.go
View File

@@ -93,7 +93,7 @@ func listConvoys(beadsDir, status string) ([]convoyListItem, error) {
ctx, cancel := context.WithTimeout(context.Background(), convoySubprocessTimeout)
defer cancel()
cmd := exec.CommandContext(ctx, "bd", listArgs...)
cmd := exec.CommandContext(ctx, "bd", listArgs...) //nolint:gosec // G204: args are constructed internally
cmd.Dir = beadsDir
var stdout bytes.Buffer
cmd.Stdout = &stdout
@@ -169,7 +169,7 @@ func getTrackedIssueStatus(beadsDir, convoyID string) []trackedStatus {
// Query tracked dependencies from SQLite
// convoyID is validated above to match ^hq-[a-zA-Z0-9-]+$
cmd := exec.CommandContext(ctx, "sqlite3", "-json", dbPath,
cmd := exec.CommandContext(ctx, "sqlite3", "-json", dbPath, //nolint:gosec // G204: convoyID is validated against strict pattern
fmt.Sprintf(`SELECT depends_on_id FROM dependencies WHERE issue_id = '%s' AND type = 'tracks'`, convoyID))
var stdout bytes.Buffer

2
internal/tui/feed/events.go
View File

@@ -255,7 +255,7 @@ func (s *GtEventsSource) tail(ctx context.Context) {
defer close(s.events)
// Seek to end for live tailing
s.file.Seek(0, 2)
_, _ = s.file.Seek(0, 2)
scanner := bufio.NewScanner(s.file)
ticker := time.NewTicker(100 * time.Millisecond)

4
internal/tui/feed/mq_source.go
View File

@@ -35,7 +35,7 @@ func NewMQEventSource(beadsDir string) (*MQEventSource, error) {
if err != nil {
return nil, err
}
f.Close()
_ = f.Close() //nolint:gosec // G104: best-effort close on file creation
}
file, err := os.Open(logPath)
@@ -71,7 +71,7 @@ func (s *MQEventSource) tail(ctx context.Context) {
defer close(s.events)
// Seek to end for live tailing
s.file.Seek(0, 2)
_, _ = s.file.Seek(0, 2)
scanner := bufio.NewScanner(s.file)
ticker := time.NewTicker(100 * time.Millisecond)