Skip to content

Commit

Permalink
Exclude file permissions line from gosec linting
Browse files Browse the repository at this point in the history
The [gosec linter](https://github.com/securego/gosec) warns
[by default on file permissions above 0600](securego/gosec#107).
We need the permissions to be 0644 for this line (because it has to be
written to), so we exclude it from linting.
  • Loading branch information
johnboyes authored Feb 10, 2024
1 parent fd816d3 commit 0b628aa
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion internal/github/action.go
Original file line number Diff line number Diff line change
Expand Up @@ -127,7 +127,7 @@ func (a *Action) pullRequestNumber() int {
func (a *Action) outputResult(result string) {
labelCheckOutput := fmt.Sprintf("label_check=%s", result)
gitHubOutputFileName := filepath.Clean(os.Getenv("GITHUB_OUTPUT"))
githubOutputFile, err := os.OpenFile(gitHubOutputFileName, os.O_APPEND|os.O_WRONLY, 0o644)
githubOutputFile, err := os.OpenFile(gitHubOutputFileName, os.O_APPEND|os.O_WRONLY, 0o644) //nolint:gosec

Check failure on line 130 in internal/github/action.go

View workflow job for this annotation

GitHub Actions / golangci

[golangci] internal/github/action.go#L130

mnd: Magic number: 0o644, in <argument> detected (gomnd)
Raw output
internal/github/action.go:130:86: mnd: Magic number: 0o644, in <argument> detected (gomnd)
	githubOutputFile, err := os.OpenFile(gitHubOutputFileName, os.O_APPEND|os.O_WRONLY, 0o644) //nolint:gosec
	                                                                                    ^
panic.IfError(err)
_, err = githubOutputFile.WriteString(labelCheckOutput)
if err != nil {

Check failure on line 133 in internal/github/action.go

View workflow job for this annotation

GitHub Actions / golangci

[golangci] internal/github/action.go#L133

only one cuddle assignment allowed before if statement (wsl)
Raw output
internal/github/action.go:133:2: only one cuddle assignment allowed before if statement (wsl)
	if err != nil {
	^
Expand Down

0 comments on commit 0b628aa

Please sign in to comment.