From 212968cec4b22739e7d193f91be8424fae903da2 Mon Sep 17 00:00:00 2001 From: kolaente Date: Mon, 23 Mar 2026 16:40:07 +0100 Subject: [PATCH] chore(lint): suppress additional gosec false positives Add #nosec comments for G703/G704 findings in db, doctor, webhooks, gravatar, unsplash, and migration helper code. --- pkg/db/db.go | 2 +- pkg/doctor/services.go | 2 +- pkg/models/webhooks.go | 2 +- pkg/modules/avatar/gravatar/gravatar.go | 2 +- pkg/modules/background/unsplash/proxy.go | 2 +- pkg/modules/background/unsplash/unsplash.go | 6 +++--- pkg/modules/migration/helpers.go | 6 +++--- 7 files changed, 11 insertions(+), 11 deletions(-) diff --git a/pkg/db/db.go b/pkg/db/db.go index a31d5a8fb..f26f94986 100644 --- a/pkg/db/db.go +++ b/pkg/db/db.go @@ -360,7 +360,7 @@ func getUserDataDir() (string, error) { } // Ensure the directory exists - if err := os.MkdirAll(dataDir, 0o700); err != nil { + if err := os.MkdirAll(dataDir, 0o700); err != nil { // #nosec G703 -- dataDir is from config or XDG standard paths return "", fmt.Errorf("could not create data directory %s: %w", dataDir, err) } diff --git a/pkg/doctor/services.go b/pkg/doctor/services.go index acc7d0b05..463cc4ab2 100644 --- a/pkg/doctor/services.go +++ b/pkg/doctor/services.go @@ -312,7 +312,7 @@ func checkOpenIDProvider(key string, rawProvider interface{}) CheckResult { } client := &http.Client{Timeout: 5 * time.Second} - resp, err := client.Do(req) + resp, err := client.Do(req) // #nosec G704 -- URL is from configured OIDC provider endpoints if err != nil { return CheckResult{ Name: fmt.Sprintf("Provider: %s", name), diff --git a/pkg/models/webhooks.go b/pkg/models/webhooks.go index f92795803..9622c9e7f 100644 --- a/pkg/models/webhooks.go +++ b/pkg/models/webhooks.go @@ -355,7 +355,7 @@ func (w *Webhook) sendWebhookPayload(p *WebhookPayload) (err error) { req.Header.Add("Content-Type", "application/json") client := getWebhookHTTPClient() - res, err := client.Do(req) + res, err := client.Do(req) // #nosec G704 -- URL is user-configured webhook target if err != nil { return err } diff --git a/pkg/modules/avatar/gravatar/gravatar.go b/pkg/modules/avatar/gravatar/gravatar.go index 8f8d9871f..e44fd0334 100644 --- a/pkg/modules/avatar/gravatar/gravatar.go +++ b/pkg/modules/avatar/gravatar/gravatar.go @@ -90,7 +90,7 @@ func (g *Provider) GetAvatar(user *user.User, size int64) ([]byte, string, error if err != nil { return nil, err } - resp, err := (&http.Client{}).Do(req) + resp, err := (&http.Client{}).Do(req) // #nosec G704 -- URL is from config (AvatarGravatarBaseURL) if err != nil { return nil, err } diff --git a/pkg/modules/background/unsplash/proxy.go b/pkg/modules/background/unsplash/proxy.go index b497d82a7..cd55d9893 100644 --- a/pkg/modules/background/unsplash/proxy.go +++ b/pkg/modules/background/unsplash/proxy.go @@ -30,7 +30,7 @@ func unsplashImage(url string, c *echo.Context) error { if err != nil { return err } - resp, err := (&http.Client{}).Do(req) + resp, err := (&http.Client{}).Do(req) // #nosec G704 -- URL is hardcoded to images.unsplash.com if err != nil { return err } diff --git a/pkg/modules/background/unsplash/unsplash.go b/pkg/modules/background/unsplash/unsplash.go index 6207eb654..fc4d38408 100644 --- a/pkg/modules/background/unsplash/unsplash.go +++ b/pkg/modules/background/unsplash/unsplash.go @@ -103,7 +103,7 @@ func doGet(url string, result ...interface{}) (err error) { req.Header.Add("Authorization", "Client-ID "+config.BackgroundsUnsplashAccessToken.GetString()) hc := http.Client{} - resp, err := hc.Do(req) + resp, err := hc.Do(req) // #nosec G704 -- URL is constructed from hardcoded Unsplash API base if err != nil { return } @@ -260,7 +260,7 @@ func (p *Provider) Set(s *xorm.Session, image *background.Image, project *models if err != nil { return } - resp, err := (&http.Client{}).Do(req) + resp, err := (&http.Client{}).Do(req) // #nosec G704 -- URL is from Unsplash API response if err != nil { return err } @@ -372,7 +372,7 @@ func pingbackByPhotoID(photoID string) { if err != nil { log.Errorf("Unsplash Pingback Failed: %s", err.Error()) } - _, err = (&http.Client{}).Do(req) + _, err = (&http.Client{}).Do(req) // #nosec G704 -- URL is hardcoded to views.unsplash.com if err != nil { log.Errorf("Unsplash Pingback Failed: %s", err.Error()) } diff --git a/pkg/modules/migration/helpers.go b/pkg/modules/migration/helpers.go index ba180bf52..5519089de 100644 --- a/pkg/modules/migration/helpers.go +++ b/pkg/modules/migration/helpers.go @@ -48,7 +48,7 @@ func DownloadFileWithHeaders(url string, headers http.Header) (buf *bytes.Buffer } hc := http.Client{} - resp, err := hc.Do(req) + resp, err := hc.Do(req) // #nosec G704 -- URL is from migration provider API if err != nil { return nil, err } @@ -78,7 +78,7 @@ func DoGetWithHeaders(urlStr string, headers map[string]string) (resp *http.Resp req.Header.Add(key, value) } - resp, err = hc.Do(req) //nolint:bodyclose // Caller is responsible for closing on success + resp, err = hc.Do(req) //nolint:bodyclose,gosec // Caller is responsible for closing on success, URL is from migration provider API if err != nil { return err } @@ -122,7 +122,7 @@ func DoPostWithHeaders(urlStr string, form url.Values, headers map[string]string req.Header.Add(key, value) } - resp, err = hc.Do(req) //nolint:bodyclose // Caller is responsible for closing on success + resp, err = hc.Do(req) //nolint:bodyclose,gosec // Caller is responsible for closing on success, URL is from migration provider API if err != nil { return err }