fix: add nolint directives for gosec false positives

grokify · claude · grokify · commit d6ae53704aad · 2026-02-21T14:59:52.000-08:00
Silence gosec warnings for expected behavior in an HTTP client library:
- G704 (SSRF): HTTP requests to caller-specified URLs are by design
- G703 (path traversal): CLI tools reading/writing user-specified paths
- G705 (XSS): CLI stderr output and Twilio callback responses

Co-Authored-By: Claude Opus 4.5 &lt;noreply@anthropic.com&gt;
diff --git a/client.go b/client.go
@@ -138,7 +138,7 @@ func (c *authHTTPClient) Do(req *http.Request) (*http.Response, error) {
 	req.Header.Set("X-ElevenLabs-SDK-Version", Version)
 	req.Header.Set("X-ElevenLabs-SDK-Lang", "go")
 
-	return c.client.Do(req)
+	return c.client.Do(req) //nolint:gosec // G704: HTTP client library, URL is caller-controlled by design
 }
 
 // API returns the underlying ogen-generated API client for advanced usage.
diff --git a/cmd/openapi-convert/main.go b/cmd/openapi-convert/main.go
@@ -13,15 +13,15 @@ import (
 
 func main() {
 	if len(os.Args) != 3 {
-		fmt.Fprintf(os.Stderr, "Usage: %s <input-v3.1.json> <output-v3.0.json>\n", os.Args[0])
+		fmt.Fprintf(os.Stderr, "Usage: %s <input-v3.1.json> <output-v3.0.json>\n", os.Args[0]) //nolint:gosec // G705: CLI tool writing to stderr, not browser context
 		os.Exit(1)
 	}
 
 	inputFile := os.Args[1]
 	outputFile := os.Args[2]
 
 	// Read raw JSON
-	data, err := os.ReadFile(inputFile)
+	data, err := os.ReadFile(inputFile) //nolint:gosec // G703: CLI tool, user-specified path is expected
 	if err != nil {
 		fmt.Fprintf(os.Stderr, "Error reading file: %v\n", err)
 		os.Exit(1)
@@ -54,7 +54,7 @@ func main() {
 	}
 
 	// Write output
-	if err := os.WriteFile(outputFile, output, 0600); err != nil {
+	if err := os.WriteFile(outputFile, output, 0600); err != nil { //nolint:gosec // G703: CLI tool, user-specified path is expected
 		fmt.Fprintf(os.Stderr, "Error writing file: %v\n", err)
 		os.Exit(1)
 	}
diff --git a/examples/speech-to-speech/main.go b/examples/speech-to-speech/main.go
@@ -65,7 +65,7 @@ func main() {
 	logInfo(ctx, "Converting to voice", "name", targetVoice.Name, "id", targetVoice.VoiceID)
 
 	// Open input file
-	inputFile, err := os.Open(inputPath)
+	inputFile, err := os.Open(inputPath) //nolint:gosec // G703: Example CLI, user-specified path is expected
 	if err != nil {
 		logError(ctx, "Failed to open input file", err, "path", inputPath)
 		os.Exit(1)
@@ -101,7 +101,7 @@ func main() {
 	}
 
 	// Save output
-	outputFile, err := os.Create(outputPath)
+	outputFile, err := os.Create(outputPath) //nolint:gosec // G703: Example CLI, user-specified path is expected
 	if err != nil {
 		logError(ctx, "Failed to create output file", err, "path", outputPath)
 		os.Exit(1)
diff --git a/examples/twilio/main.go b/examples/twilio/main.go
@@ -154,7 +154,7 @@ func handleIncomingCall(w http.ResponseWriter, r *http.Request) {
 
 	// Return TwiML to Twilio
 	w.Header().Set("Content-Type", "application/xml")
-	if _, err := w.Write([]byte(resp.TwiML)); err != nil {
+	if _, err := w.Write([]byte(resp.TwiML)); err != nil { //nolint:gosec // G705: TwiML XML response to Twilio callback, not browser
 		logError(ctx, "Failed to write TwiML response", err)
 	}
 }
diff --git a/examples/websocket-stt/main.go b/examples/websocket-stt/main.go
@@ -58,7 +58,7 @@ func main() {
 	defer conn.Close()
 
 	// Open audio file
-	audioFile, err := os.Open(audioPath)
+	audioFile, err := os.Open(audioPath) //nolint:gosec // G703: Example CLI, user-specified path is expected
 	if err != nil {
 		logError(ctx, "Failed to open audio file", err, "path", audioPath)
 		os.Exit(1)
diff --git a/speechtospeech.go b/speechtospeech.go
@@ -160,7 +160,7 @@ func (s *SpeechToSpeechService) Convert(ctx context.Context, req *SpeechToSpeech
 	httpReq.Header.Set("Content-Type", writer.FormDataContentType())
 	httpReq.Header.Set("xi-api-key", s.client.apiKey)
 
-	resp, err := http.DefaultClient.Do(httpReq)
+	resp, err := http.DefaultClient.Do(httpReq) //nolint:gosec // G704: API client, URL is fixed ElevenLabs endpoint
 	if err != nil {
 		return nil, fmt.Errorf("request failed: %w", err)
 	}
@@ -255,7 +255,7 @@ func (s *SpeechToSpeechService) ConvertStream(ctx context.Context, req *SpeechTo
 	httpReq.Header.Set("Content-Type", writer.FormDataContentType())
 	httpReq.Header.Set("xi-api-key", s.client.apiKey)
 
-	resp, err := http.DefaultClient.Do(httpReq)
+	resp, err := http.DefaultClient.Do(httpReq) //nolint:gosec // G704: API client, URL is fixed ElevenLabs endpoint
 	if err != nil {
 		return nil, fmt.Errorf("request failed: %w", err)
 	}
diff --git a/twilio.go b/twilio.go
@@ -31,7 +31,7 @@ func (s *TwilioService) postJSON(ctx context.Context, path string, req any, resu
 	httpReq.Header.Set("Content-Type", "application/json")
 	httpReq.Header.Set("xi-api-key", s.client.apiKey)
 
-	resp, err := http.DefaultClient.Do(httpReq)
+	resp, err := http.DefaultClient.Do(httpReq) //nolint:gosec // G704: API client, URL is fixed ElevenLabs endpoint
 	if err != nil {
 		return fmt.Errorf("request failed: %w", err)
 	}
@@ -238,7 +238,7 @@ func (s *PhoneNumberService) List(ctx context.Context) ([]PhoneNumber, error) {
 
 	httpReq.Header.Set("xi-api-key", s.client.apiKey)
 
-	resp, err := http.DefaultClient.Do(httpReq)
+	resp, err := http.DefaultClient.Do(httpReq) //nolint:gosec // G704: API client, URL is fixed ElevenLabs endpoint
 	if err != nil {
 		return nil, fmt.Errorf("request failed: %w", err)
 	}
@@ -275,7 +275,7 @@ func (s *PhoneNumberService) Get(ctx context.Context, phoneNumberID string) (*Ph
 
 	httpReq.Header.Set("xi-api-key", s.client.apiKey)
 
-	resp, err := http.DefaultClient.Do(httpReq)
+	resp, err := http.DefaultClient.Do(httpReq) //nolint:gosec // G704: API client, URL is fixed ElevenLabs endpoint
 	if err != nil {
 		return nil, fmt.Errorf("request failed: %w", err)
 	}
@@ -327,7 +327,7 @@ func (s *PhoneNumberService) Update(ctx context.Context, phoneNumberID string, r
 	httpReq.Header.Set("Content-Type", "application/json")
 	httpReq.Header.Set("xi-api-key", s.client.apiKey)
 
-	resp, err := http.DefaultClient.Do(httpReq)
+	resp, err := http.DefaultClient.Do(httpReq) //nolint:gosec // G704: API client, URL is fixed ElevenLabs endpoint
 	if err != nil {
 		return nil, fmt.Errorf("request failed: %w", err)
 	}
@@ -364,7 +364,7 @@ func (s *PhoneNumberService) Delete(ctx context.Context, phoneNumberID string) e
 
 	httpReq.Header.Set("xi-api-key", s.client.apiKey)
 
-	resp, err := http.DefaultClient.Do(httpReq)
+	resp, err := http.DefaultClient.Do(httpReq) //nolint:gosec // G704: API client, URL is fixed ElevenLabs endpoint
 	if err != nil {
 		return fmt.Errorf("request failed: %w", err)
 	}

Original file line number	Diff line number	Diff line change
`@@ -138,7 +138,7 @@ func (c authHTTPClient) Do(req http.Request) (*http.Response, error) {`
`138`	`138`	`req.Header.Set("X-ElevenLabs-SDK-Version", Version)`
`139`	`139`	`req.Header.Set("X-ElevenLabs-SDK-Lang", "go")`
`140`	`140`
`141`		`- return c.client.Do(req)`
	`141`	`+ return c.client.Do(req) //nolint:gosec // G704: HTTP client library, URL is caller-controlled by design`
`142`	`142`	`}`
`143`	`143`
`144`	`144`	`// API returns the underlying ogen-generated API client for advanced usage.`
Original file line number	Diff line number	Diff line change
`@@ -154,7 +154,7 @@ func handleIncomingCall(w http.ResponseWriter, r *http.Request) {`
`154`	`154`
`155`	`155`	`// Return TwiML to Twilio`
`156`	`156`	`w.Header().Set("Content-Type", "application/xml")`
`157`		`- if _, err := w.Write([]byte(resp.TwiML)); err != nil {`
	`157`	`+ if _, err := w.Write([]byte(resp.TwiML)); err != nil { //nolint:gosec // G705: TwiML XML response to Twilio callback, not browser`
`158`	`158`	`logError(ctx, "Failed to write TwiML response", err)`
`159`	`159`	`}`
`160`	`160`	`}`