fix: gosec vulns

Signed-off-by: Hadi <hadi@example.com>
This commit is contained in:
Hadi
2026-05-29 10:29:18 +02:00
parent 1190276bab
commit 5c74eda48b
11 changed files with 64 additions and 30 deletions
+1 -1
View File
@@ -281,7 +281,7 @@ func registerUtilities(L *lua.LState, mgr *Manager, p *Plugin) {
ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
defer cancel()
c := exec.CommandContext(ctx, "sh", "-c", cmd)
c := exec.CommandContext(ctx, "sh", "-c", cmd) // #nosec G204 -- intentional: shell_pipe is a Lua plugin API for user-written scripts
c.Stdin = strings.NewReader(input)
var stdout, stderr bytes.Buffer
+1 -1
View File
@@ -27,7 +27,7 @@ func OpenPluginsFile(dbPath string) (*PluginsFile, error) {
path: path,
data: pluginsFileData{Plugins: make(map[string]pluginFileEntry)},
}
raw, err := os.ReadFile(path)
raw, err := os.ReadFile(path) // #nosec G304 -- path is filepath.Join(dbDir, "plugins.yaml"), hardcoded filename
if os.IsNotExist(err) {
return pf, nil
}