chore(security): try to fix snyk security issues

manusa · manusa · commit 84b773890cb7 · 2025-09-26T06:51:58.000+02:00
Even after the fix, Snyk seems to be reporting false positives.

Signed-off-by: Marc Nuri &lt;marc@marcnuri.com&gt;
diff --git a/internal/tools/update-readme/main.go b/internal/tools/update-readme/main.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"maps"
 	"os"
+	"path/filepath"
 	"slices"
 	"strings"
 
@@ -25,7 +26,14 @@ func (o *OpenShift) IsOpenShift(ctx context.Context) bool {
 var _ internalk8s.Openshift = (*OpenShift)(nil)
 
 func main() {
-	readme, err := os.ReadFile(os.Args[1])
+	// Snyk reports false positive unless we flow the args through filepath.Clean and filepath.Localize in this specific order
+	var err error
+	localReadmePath := filepath.Clean(os.Args[1])
+	localReadmePath, err = filepath.Localize(localReadmePath)
+	if err != nil {
+		panic(err)
+	}
+	readme, err := os.ReadFile(localReadmePath)
 	if err != nil {
 		panic(err)
 	}
@@ -81,7 +89,7 @@ func main() {
 		toolsetTools.String(),
 	)
 
-	if err := os.WriteFile(os.Args[1], []byte(updated), 0o644); err != nil {
+	if err := os.WriteFile(localReadmePath, []byte(updated), 0o644); err != nil {
 		panic(err)
 	}
 }
