chore(lint): suppress additional gosec false positives
Add #nosec comments for G703/G704 findings in db, doctor, webhooks, gravatar, unsplash, and migration helper code.
This commit is contained in:
parent
dc4be950e0
commit
212968cec4
|
|
@ -360,7 +360,7 @@ func getUserDataDir() (string, error) {
|
|||
}
|
||||
|
||||
// Ensure the directory exists
|
||||
if err := os.MkdirAll(dataDir, 0o700); err != nil {
|
||||
if err := os.MkdirAll(dataDir, 0o700); err != nil { // #nosec G703 -- dataDir is from config or XDG standard paths
|
||||
return "", fmt.Errorf("could not create data directory %s: %w", dataDir, err)
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -312,7 +312,7 @@ func checkOpenIDProvider(key string, rawProvider interface{}) CheckResult {
|
|||
}
|
||||
|
||||
client := &http.Client{Timeout: 5 * time.Second}
|
||||
resp, err := client.Do(req)
|
||||
resp, err := client.Do(req) // #nosec G704 -- URL is from configured OIDC provider endpoints
|
||||
if err != nil {
|
||||
return CheckResult{
|
||||
Name: fmt.Sprintf("Provider: %s", name),
|
||||
|
|
|
|||
|
|
@ -355,7 +355,7 @@ func (w *Webhook) sendWebhookPayload(p *WebhookPayload) (err error) {
|
|||
req.Header.Add("Content-Type", "application/json")
|
||||
|
||||
client := getWebhookHTTPClient()
|
||||
res, err := client.Do(req)
|
||||
res, err := client.Do(req) // #nosec G704 -- URL is user-configured webhook target
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
|
|
|||
|
|
@ -90,7 +90,7 @@ func (g *Provider) GetAvatar(user *user.User, size int64) ([]byte, string, error
|
|||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
resp, err := (&http.Client{}).Do(req)
|
||||
resp, err := (&http.Client{}).Do(req) // #nosec G704 -- URL is from config (AvatarGravatarBaseURL)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
|
|||
|
|
@ -30,7 +30,7 @@ func unsplashImage(url string, c *echo.Context) error {
|
|||
if err != nil {
|
||||
return err
|
||||
}
|
||||
resp, err := (&http.Client{}).Do(req)
|
||||
resp, err := (&http.Client{}).Do(req) // #nosec G704 -- URL is hardcoded to images.unsplash.com
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
|
|
|||
|
|
@ -103,7 +103,7 @@ func doGet(url string, result ...interface{}) (err error) {
|
|||
|
||||
req.Header.Add("Authorization", "Client-ID "+config.BackgroundsUnsplashAccessToken.GetString())
|
||||
hc := http.Client{}
|
||||
resp, err := hc.Do(req)
|
||||
resp, err := hc.Do(req) // #nosec G704 -- URL is constructed from hardcoded Unsplash API base
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
|
@ -260,7 +260,7 @@ func (p *Provider) Set(s *xorm.Session, image *background.Image, project *models
|
|||
if err != nil {
|
||||
return
|
||||
}
|
||||
resp, err := (&http.Client{}).Do(req)
|
||||
resp, err := (&http.Client{}).Do(req) // #nosec G704 -- URL is from Unsplash API response
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
|
@ -372,7 +372,7 @@ func pingbackByPhotoID(photoID string) {
|
|||
if err != nil {
|
||||
log.Errorf("Unsplash Pingback Failed: %s", err.Error())
|
||||
}
|
||||
_, err = (&http.Client{}).Do(req)
|
||||
_, err = (&http.Client{}).Do(req) // #nosec G704 -- URL is hardcoded to views.unsplash.com
|
||||
if err != nil {
|
||||
log.Errorf("Unsplash Pingback Failed: %s", err.Error())
|
||||
}
|
||||
|
|
|
|||
|
|
@ -48,7 +48,7 @@ func DownloadFileWithHeaders(url string, headers http.Header) (buf *bytes.Buffer
|
|||
}
|
||||
|
||||
hc := http.Client{}
|
||||
resp, err := hc.Do(req)
|
||||
resp, err := hc.Do(req) // #nosec G704 -- URL is from migration provider API
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
@ -78,7 +78,7 @@ func DoGetWithHeaders(urlStr string, headers map[string]string) (resp *http.Resp
|
|||
req.Header.Add(key, value)
|
||||
}
|
||||
|
||||
resp, err = hc.Do(req) //nolint:bodyclose // Caller is responsible for closing on success
|
||||
resp, err = hc.Do(req) //nolint:bodyclose,gosec // Caller is responsible for closing on success, URL is from migration provider API
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
|
@ -122,7 +122,7 @@ func DoPostWithHeaders(urlStr string, form url.Values, headers map[string]string
|
|||
req.Header.Add(key, value)
|
||||
}
|
||||
|
||||
resp, err = hc.Do(req) //nolint:bodyclose // Caller is responsible for closing on success
|
||||
resp, err = hc.Do(req) //nolint:bodyclose,gosec // Caller is responsible for closing on success, URL is from migration provider API
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue