chore(lint): suppress additional gosec false positives

Add #nosec comments for G703/G704 findings in db, doctor, webhooks,
gravatar, unsplash, and migration helper code.
This commit is contained in:
kolaente 2026-03-23 16:40:07 +01:00
parent dc4be950e0
commit 212968cec4
No known key found for this signature in database
GPG Key ID: F40E70337AB24C9B
7 changed files with 11 additions and 11 deletions

View File

@ -360,7 +360,7 @@ func getUserDataDir() (string, error) {
}
// Ensure the directory exists
if err := os.MkdirAll(dataDir, 0o700); err != nil {
if err := os.MkdirAll(dataDir, 0o700); err != nil { // #nosec G703 -- dataDir is from config or XDG standard paths
return "", fmt.Errorf("could not create data directory %s: %w", dataDir, err)
}

View File

@ -312,7 +312,7 @@ func checkOpenIDProvider(key string, rawProvider interface{}) CheckResult {
}
client := &http.Client{Timeout: 5 * time.Second}
resp, err := client.Do(req)
resp, err := client.Do(req) // #nosec G704 -- URL is from configured OIDC provider endpoints
if err != nil {
return CheckResult{
Name: fmt.Sprintf("Provider: %s", name),

View File

@ -355,7 +355,7 @@ func (w *Webhook) sendWebhookPayload(p *WebhookPayload) (err error) {
req.Header.Add("Content-Type", "application/json")
client := getWebhookHTTPClient()
res, err := client.Do(req)
res, err := client.Do(req) // #nosec G704 -- URL is user-configured webhook target
if err != nil {
return err
}

View File

@ -90,7 +90,7 @@ func (g *Provider) GetAvatar(user *user.User, size int64) ([]byte, string, error
if err != nil {
return nil, err
}
resp, err := (&http.Client{}).Do(req)
resp, err := (&http.Client{}).Do(req) // #nosec G704 -- URL is from config (AvatarGravatarBaseURL)
if err != nil {
return nil, err
}

View File

@ -30,7 +30,7 @@ func unsplashImage(url string, c *echo.Context) error {
if err != nil {
return err
}
resp, err := (&http.Client{}).Do(req)
resp, err := (&http.Client{}).Do(req) // #nosec G704 -- URL is hardcoded to images.unsplash.com
if err != nil {
return err
}

View File

@ -103,7 +103,7 @@ func doGet(url string, result ...interface{}) (err error) {
req.Header.Add("Authorization", "Client-ID "+config.BackgroundsUnsplashAccessToken.GetString())
hc := http.Client{}
resp, err := hc.Do(req)
resp, err := hc.Do(req) // #nosec G704 -- URL is constructed from hardcoded Unsplash API base
if err != nil {
return
}
@ -260,7 +260,7 @@ func (p *Provider) Set(s *xorm.Session, image *background.Image, project *models
if err != nil {
return
}
resp, err := (&http.Client{}).Do(req)
resp, err := (&http.Client{}).Do(req) // #nosec G704 -- URL is from Unsplash API response
if err != nil {
return err
}
@ -372,7 +372,7 @@ func pingbackByPhotoID(photoID string) {
if err != nil {
log.Errorf("Unsplash Pingback Failed: %s", err.Error())
}
_, err = (&http.Client{}).Do(req)
_, err = (&http.Client{}).Do(req) // #nosec G704 -- URL is hardcoded to views.unsplash.com
if err != nil {
log.Errorf("Unsplash Pingback Failed: %s", err.Error())
}

View File

@ -48,7 +48,7 @@ func DownloadFileWithHeaders(url string, headers http.Header) (buf *bytes.Buffer
}
hc := http.Client{}
resp, err := hc.Do(req)
resp, err := hc.Do(req) // #nosec G704 -- URL is from migration provider API
if err != nil {
return nil, err
}
@ -78,7 +78,7 @@ func DoGetWithHeaders(urlStr string, headers map[string]string) (resp *http.Resp
req.Header.Add(key, value)
}
resp, err = hc.Do(req) //nolint:bodyclose // Caller is responsible for closing on success
resp, err = hc.Do(req) //nolint:bodyclose,gosec // Caller is responsible for closing on success, URL is from migration provider API
if err != nil {
return err
}
@ -122,7 +122,7 @@ func DoPostWithHeaders(urlStr string, form url.Values, headers map[string]string
req.Header.Add(key, value)
}
resp, err = hc.Do(req) //nolint:bodyclose // Caller is responsible for closing on success
resp, err = hc.Do(req) //nolint:bodyclose,gosec // Caller is responsible for closing on success, URL is from migration provider API
if err != nil {
return err
}