chore: add nolint annotations for gosec linter

Add //nolint:gosec annotations for intentional code patterns that are safe in context (path traversal in release tool, uintptr conversion for terminals, weak rand in tests, TLS skip verify for user-configured insecure mode). Assisted-by: Kimi-K2.5 via Crush <crush@charm.land>
2026-05-18 13:15:41 +02:00 · 2026-04-13 10:32:09 -03:00
parent b36fcfd8bb
commit 219bf3e5a5
5 changed files with 6 additions and 6 deletions
--- a/cmd/release/main.go
+++ b/cmd/release/main.go
@@ -117,7 +117,7 @@ func changelog(version *semver.Version) error {
 	changelog = changelogReleaseRegex.ReplaceAllString(changelog, fmt.Sprintf("## v%s - %s", version, date))

 	// Write the changelog to the source file
-	if err := os.WriteFile(changelogSource, []byte(changelog), 0o644); err != nil {
+	if err := os.WriteFile(changelogSource, []byte(changelog), 0o644); err != nil { //nolint:gosec
 		return err
 	}

@@ -129,7 +129,7 @@ func changelog(version *semver.Version) error {
 	changelogWithFrontmatter := fmt.Sprintf("---\n%s\n---\n\n%s", frontmatter, changelogWithVPre)

 	// Write the changelog to the target file
-	return os.WriteFile(changelogTarget, []byte(changelogWithFrontmatter), 0o644)
+	return os.WriteFile(changelogTarget, []byte(changelogWithFrontmatter), 0o644) //nolint:gosec
 }

 func setVersionFile(fileName string, version *semver.Version) error {
--- a/internal/term/term.go
+++ b/internal/term/term.go
@@ -7,5 +7,5 @@ import (
 )

 func IsTerminal() bool {
-	return term.IsTerminal(int(os.Stdin.Fd())) && term.IsTerminal(int(os.Stdout.Fd()))
+	return term.IsTerminal(int(os.Stdin.Fd())) && term.IsTerminal(int(os.Stdout.Fd())) //nolint:gosec
 }
--- a/task_test.go
+++ b/task_test.go
@@ -1022,7 +1022,7 @@ func TestIncludesRemote(t *testing.T) {

 					for k, taskCall := range taskCalls {
 						t.Run(taskCall.Task, func(t *testing.T) {
-							expectedContent := fmt.Sprint(rand.Int64())
+							expectedContent := fmt.Sprint(rand.Int64()) //nolint:gosec
 							t.Setenv("CONTENT", expectedContent)

 							outputFile := fmt.Sprintf("%d.%d.txt", i, k)
--- a/taskfile/node_http.go
+++ b/taskfile/node_http.go
@@ -38,7 +38,7 @@ func buildHTTPClient(insecure bool, caCert, cert, certKey string) (*http.Client,
 	}

 	tlsConfig := &tls.Config{
-		InsecureSkipVerify: insecure,
+		InsecureSkipVerify: insecure, //nolint:gosec
 	}

 	// Load custom CA certificate if provided
--- a/taskrc/reader.go
+++ b/taskrc/reader.go
@@ -65,7 +65,7 @@ func (r *Reader) Read(node *Node) (*ast.TaskRC, error) {
 	}

 	// Read the file
-	b, err := os.ReadFile(node.entrypoint)
+	b, err := os.ReadFile(node.entrypoint) //nolint:gosec
 	if err != nil {
 		return nil, err
 	}