fix: gosec vulns

Signed-off-by: Hadi <hadi@example.com>
This commit is contained in:
Hadi
2026-05-29 10:29:18 +02:00
parent 1190276bab
commit 5c74eda48b
11 changed files with 64 additions and 30 deletions
+1 -1
View File
@@ -178,7 +178,7 @@ func (m Model) Update(msg tea.Msg) (tea.Model, tea.Cmd) {
editor = "vi"
}
logPath := filepath.Join(filepath.Dir(m.projectPath), "logs.log")
return m, tea.ExecProcess(exec.Command(editor, logPath), nil)
return m, tea.ExecProcess(exec.Command(editor, logPath), nil) // #nosec G204 G702 -- editor from trusted $EDITOR env var, logPath is a fixed path
}
if !m.activeIsEditing() {
+13 -4
View File
@@ -2,6 +2,7 @@ package history
import (
"fmt"
"log"
"net/http"
"charm.land/bubbles/v2/key"
@@ -234,7 +235,9 @@ func (m Model) Update(msg tea.Msg) (tea.Model, tea.Cmd) {
case key.Matches(msg, h.Flag):
if len(m.entries) > 0 && m.database != nil {
m.database.ToggleFlag(m.entries[m.cursor].ID)
if err := m.database.ToggleFlag(m.entries[m.cursor].ID); err != nil {
log.Printf("history: toggle flag: %v", err)
}
return m, m.RefreshCmd()
}
@@ -242,7 +245,9 @@ func (m Model) Update(msg tea.Msg) (tea.Model, tea.Cmd) {
if len(m.entries) > 0 {
id := m.entries[m.cursor].ID
if m.database != nil {
m.database.DeleteEntry(id)
if err := m.database.DeleteEntry(id); err != nil {
log.Printf("history: delete entry: %v", err)
}
}
return m, LoadEntriesCmd(m.database)
}
@@ -261,10 +266,14 @@ func (m Model) Update(msg tea.Msg) (tea.Model, tea.Cmd) {
if hasUnflagged && e.Flagged {
continue
}
m.database.DeleteEntry(e.ID)
if err := m.database.DeleteEntry(e.ID); err != nil {
log.Printf("history: delete entry: %v", err)
}
}
} else {
m.database.DeleteAllExceptFlagged()
if err := m.database.DeleteAllExceptFlagged(); err != nil {
log.Printf("history: delete all unflagged: %v", err)
}
}
}
return m, m.clearSearch()
+12 -7
View File
@@ -3,6 +3,7 @@ package home
import (
crypto "crypto/rand"
"fmt"
"log"
"os"
"path/filepath"
"strings"
@@ -72,7 +73,7 @@ func (m Model) handleSelection() (tea.Model, tea.Cmd) {
return m, m.nameInput.Focus()
case kindTemp:
dir := tempDir()
if err := os.MkdirAll(dir, 0o755); err != nil {
if err := os.MkdirAll(dir, 0o750); err != nil {
return m, nil
}
initProjectFiles(dir)
@@ -90,7 +91,9 @@ func (m Model) deleteSelected() (tea.Model, tea.Cmd) {
return m, nil
}
dir := filepath.Dir(item.path) // parent dir of data.db
os.RemoveAll(dir)
if err := os.RemoveAll(dir); err != nil {
log.Printf("home: remove project dir: %v", err)
}
idx := m.list.GlobalIndex()
m.list.RemoveItem(idx)
if idx > 0 && idx >= len(m.list.Items()) {
@@ -113,7 +116,7 @@ func (m Model) updateNaming(msg tea.KeyPressMsg) (tea.Model, tea.Cmd) {
m.mode = modeSelect
m.nameInput.Blur()
dir := filepath.Join(m.projectDir, name)
if err := os.MkdirAll(dir, 0o755); err != nil {
if err := os.MkdirAll(dir, 0o750); err != nil {
return m, nil
}
initProjectFiles(dir)
@@ -147,14 +150,14 @@ func IsValidProjectName(s string) bool {
func OpenProject(projectDir, name string) (*Project, error) {
if name == "tmp" || name == "temp" || name == "temporary" {
dir := tempDir()
if err := os.MkdirAll(dir, 0o755); err != nil {
if err := os.MkdirAll(dir, 0o750); err != nil {
return nil, err
}
initProjectFiles(dir)
return &Project{Name: "temporary", Path: filepath.Join(dir, "data.db")}, nil
}
dir := filepath.Join(projectDir, name)
if err := os.MkdirAll(dir, 0o755); err != nil {
if err := os.MkdirAll(dir, 0o750); err != nil {
return nil, err
}
initProjectFiles(dir)
@@ -171,9 +174,11 @@ func initProjectFiles(dir string) {
for _, name := range []string{"data.db", "logs.log"} {
p := filepath.Join(dir, name)
if _, err := os.Stat(p); os.IsNotExist(err) {
f, err := os.Create(p)
f, err := os.Create(p) // #nosec G304 -- p is filepath.Join(dir, hardcoded_name), no traversal possible
if err == nil {
f.Close()
if cerr := f.Close(); cerr != nil {
log.Printf("home: close project file: %v", cerr)
}
}
}
}
+11 -4
View File
@@ -7,6 +7,7 @@ import (
"crypto/tls"
"fmt"
"io"
"log"
"net/http"
"strings"
"time"
@@ -79,7 +80,9 @@ func (m Model) Update(msg tea.Msg) (tea.Model, tea.Cmd) {
e.ResponseRaw = "Error: " + msg.err.Error()
}
if m.database != nil && e.DBID != 0 {
m.database.UpdateReplayEntry(entryToDB(*e))
if err := m.database.UpdateReplayEntry(entryToDB(*e)); err != nil {
log.Printf("replay: update entry: %v", err)
}
}
}
m.refreshListViewport()
@@ -216,7 +219,9 @@ func (m Model) updateNormalMode(msg tea.KeyPressMsg) (tea.Model, tea.Cmd) {
if len(m.entries) > 0 {
e := m.entries[m.cursor]
if m.database != nil && e.DBID != 0 {
m.database.DeleteReplayEntry(e.DBID)
if err := m.database.DeleteReplayEntry(e.DBID); err != nil {
log.Printf("replay: delete entry: %v", err)
}
}
m.entries = append(m.entries[:m.cursor], m.entries[m.cursor+1:]...)
if m.cursor >= len(m.entries) && m.cursor > 0 {
@@ -229,7 +234,9 @@ func (m Model) updateNormalMode(msg tea.KeyPressMsg) (tea.Model, tea.Cmd) {
case key.Matches(msg, r.DeleteAll):
if m.database != nil {
m.database.DeleteAllReplayEntries()
if err := m.database.DeleteAllReplayEntries(); err != nil {
log.Printf("replay: delete all entries: %v", err)
}
}
m.entries = nil
m.cursor = 0
@@ -399,7 +406,7 @@ func doSend(entry Entry) (responseRaw string, statusCode int, err error) {
client := &http.Client{
Timeout: 30 * time.Second,
Transport: &http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, //nolint:gosec
TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, // #nosec G402 -- intentional for replay feature
},
CheckRedirect: func(_ *http.Request, _ []*http.Request) error {
return http.ErrUseLastResponse