Skip to content

Fix gosec security alerts#36

Merged
eshaffer321 merged 4 commits into
mainfrom
codex/fix-gosec-security-alerts
Jun 21, 2026
Merged

Fix gosec security alerts#36
eshaffer321 merged 4 commits into
mainfrom
codex/fix-gosec-security-alerts

Conversation

@eshaffer321

@eshaffer321 eshaffer321 commented Jun 21, 2026

Copy link
Copy Markdown
Owner

Summary

  • restrict config loading with validated YAML paths and scoped os.Root reads
  • harden Amazon CLI execution with allow-listed commands and validated args without #nosec suppressions
  • tighten log file permissions and guard terminal fd conversion

Verification

  • go test ./...
  • go run github.com/securego/gosec/v2/cmd/gosec@latest ./internal/... -> Issues: 0, Nosec: 0
  • stash before/after reproduction: before fixes, targeted gosec reproduced 6 issues; after fixes, targeted gosec reported 0 issues

github-advanced-security[bot]
github-advanced-security AI found potential problems Jun 21, 2026
View reviewed changes
Comment thread token.json Fixed
@eshaffer321 eshaffer321 force-pushed the codex/fix-gosec-security-alerts branch from 044e5f1 to 1178e28 Compare June 21, 2026 02:38
@codecov

codecov Bot commented Jun 21, 2026
edited
Loading

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 88.73239% with 8 lines in your changes missing coverage. Please review.
✅ Project coverage is 61.48%. Comparing base (1bfcad7) to head (576cb86).

Files with missing lines Patch % Lines
internal/adapters/providers/amazon/provider.go 88.57% 2 Missing and 2 partials ⚠️
internal/infrastructure/config/config.go 93.54% 1 Missing and 1 partial ⚠️
internal/infrastructure/logging/maven_handler.go 50.00% 1 Missing and 1 partial ⚠️
Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##             main      #36      +/-   ##
==========================================
+ Coverage   58.07%   61.48%   +3.40%     
==========================================
  Files          44       44              
  Lines        4995     5045      +50     
==========================================
+ Hits         2901     3102     +201     
+ Misses       1918     1763     -155     
- Partials      176      180       +4
Flag Coverage Δ
unittests 61.48% <88.73%> (+3.40%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines Coverage Δ
internal/infrastructure/logging/logger.go 75.00% <100.00%> (+75.00%) ⬆️
internal/infrastructure/config/config.go 81.08% <93.54%> (+2.06%) ⬆️
internal/infrastructure/logging/maven_handler.go 80.00% <50.00%> (+80.00%) ⬆️
internal/adapters/providers/amazon/provider.go 73.52% <88.57%> (+32.35%) ⬆️
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

github-advanced-security[bot]
github-advanced-security AI found potential problems Jun 21, 2026
View reviewed changes
Comment thread internal/infrastructure/logging/maven_handler.go Fixed
@eshaffer321 eshaffer321 force-pushed the codex/fix-gosec-security-alerts branch from 9b86251 to 40c9cd5 Compare June 21, 2026 03:03
@eshaffer321 eshaffer321 merged commit 1824c74 into main Jun 21, 2026
14 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer
@github-advanced-security github-advanced-security[bot] github-advanced-security[bot] left review comments
Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@eshaffer321 @github-advanced-security