fix more linter warnings

JAORMX · JAORMX · commit 8d767f74e4da · 2025-08-20T13:10:37.000+03:00
Signed-off-by: Juan Antonio Osorio &lt;ozz@stacklok.com&gt;
diff --git a/cmd/import-from-toolhive/main.go b/cmd/import-from-toolhive/main.go
@@ -63,7 +63,7 @@ func runImport(cmd *cobra.Command, args []string) error {
 		if verbose {
 			log.Printf("Loading registry from file: %s", sourceFile)
 		}
-		registryData, err = os.ReadFile(sourceFile)
+		registryData, err = os.ReadFile(sourceFile) // #nosec G304 - file path comes from command line flag
 		if err != nil {
 			return fmt.Errorf("failed to read file: %w", err)
 		}
@@ -72,7 +72,7 @@ func runImport(cmd *cobra.Command, args []string) error {
 		if verbose {
 			log.Printf("Fetching registry from URL: %s", sourceURL)
 		}
-		resp, err := http.Get(sourceURL)
+		resp, err := http.Get(sourceURL) // #nosec G107 - URL comes from command line flag
 		if err != nil {
 			return fmt.Errorf("failed to fetch registry: %w", err)
 		}
@@ -153,7 +153,7 @@ func importEntry(name string, server *toolhiveRegistry.ImageMetadata, outputDir
 	}
 
 	// Create the directory
-	if err := os.MkdirAll(entryDir, 0755); err != nil {
+	if err := os.MkdirAll(entryDir, 0750); err != nil {
 		return fmt.Errorf("failed to create directory: %w", err)
 	}
 
@@ -180,15 +180,15 @@ func importEntry(name string, server *toolhiveRegistry.ImageMetadata, outputDir
 	finalContent := header + string(yamlData)
 
 	// Write the spec.yaml file
-	if err := os.WriteFile(specPath, []byte(finalContent), 0644); err != nil {
+	if err := os.WriteFile(specPath, []byte(finalContent), 0600); err != nil {
 		return fmt.Errorf("failed to write spec.yaml: %w", err)
 	}
 
 	// Optionally create a README for complex entries
 	if shouldCreateReadme(server) {
 		readmePath := filepath.Join(entryDir, "README.md")
 		readmeContent := generateReadme(name, server)
-		if err := os.WriteFile(readmePath, []byte(readmeContent), 0644); err != nil {
+		if err := os.WriteFile(readmePath, []byte(readmeContent), 0600); err != nil {
 			// Non-fatal error
 			if verbose {
 				log.Printf("Warning: Failed to write README for %s: %v", name, err)
diff --git a/cmd/registry-builder/main.go b/cmd/registry-builder/main.go
@@ -188,7 +188,7 @@ func buildToolhiveFormat(loader *registry.Loader, outputDir string) error {
 	}
 
 	// Ensure output directory exists
-	if err := os.MkdirAll(outputDir, 0755); err != nil {
+	if err := os.MkdirAll(outputDir, 0750); err != nil {
 		return fmt.Errorf("failed to create output directory: %w", err)
 	}
 
diff --git a/cmd/regup/main.go b/cmd/regup/main.go
@@ -113,7 +113,7 @@ func loadSpec(path string) (serverWithName, error) {
 	}
 
 	// Read the spec file
-	data, err := os.ReadFile(path)
+	data, err := os.ReadFile(path) // #nosec G304 - file path is constructed from known directory
 	if err != nil {
 		return serverWithName{}, fmt.Errorf("failed to read spec file: %w", err)
 	}
@@ -236,7 +236,7 @@ func updateServerInfo(server serverWithName) error {
 // updateYAMLPreservingStructure updates the YAML file while preserving comments and structure
 func updateYAMLPreservingStructure(path string, stars, pulls int) error {
 	// Read the original file
-	data, err := os.ReadFile(path)
+	data, err := os.ReadFile(path) // #nosec G304 - file path is constructed from known directory
 	if err != nil {
 		return fmt.Errorf("failed to read file: %w", err)
 	}
@@ -261,7 +261,7 @@ func updateYAMLPreservingStructure(path string, stars, pulls int) error {
 	}
 
 	// Write back to file
-	return os.WriteFile(path, buf.Bytes(), 0644)
+	return os.WriteFile(path, buf.Bytes(), 0600)
 }
 
 // updateMetadataInNode updates metadata fields in the YAML node tree
diff --git a/pkg/registry/loader.go b/pkg/registry/loader.go
@@ -86,7 +86,7 @@ func (l *Loader) LoadAll() error {
 
 // LoadEntry loads a single registry entry from a YAML file
 func (l *Loader) LoadEntry(path string) (*types.RegistryEntry, error) {
-	file, err := os.Open(path)
+	file, err := os.Open(path) // #nosec G304 - path is constructed from known directory structure
 	if err != nil {
 		return nil, fmt.Errorf("failed to open file: %w", err)
 	}
@@ -410,7 +410,7 @@ func (b *Builder) WriteJSON(path string) error {
 
 	// Create the directory if it doesn't exist
 	dir := filepath.Dir(path)
-	if err := os.MkdirAll(dir, 0755); err != nil {
+	if err := os.MkdirAll(dir, 0750); err != nil {
 		return fmt.Errorf("failed to create directory: %w", err)
 	}
 
@@ -433,7 +433,7 @@ func (b *Builder) WriteJSON(path string) error {
 	}
 
 	// Write to file
-	if err := os.WriteFile(path, data, 0644); err != nil {
+	if err := os.WriteFile(path, data, 0600); err != nil {
 		return fmt.Errorf("failed to write file: %w", err)
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -63,7 +63,7 @@ func runImport(cmd *cobra.Command, args []string) error {`
`63`	`63`	`if verbose {`
`64`	`64`	`log.Printf("Loading registry from file: %s", sourceFile)`
`65`	`65`	`}`
`66`		`- registryData, err = os.ReadFile(sourceFile)`
	`66`	`+ registryData, err = os.ReadFile(sourceFile) // #nosec G304 - file path comes from command line flag`
`67`	`67`	`if err != nil {`
`68`	`68`	`return fmt.Errorf("failed to read file: %w", err)`
`69`	`69`	`}`
`@@ -72,7 +72,7 @@ func runImport(cmd *cobra.Command, args []string) error {`
`72`	`72`	`if verbose {`
`73`	`73`	`log.Printf("Fetching registry from URL: %s", sourceURL)`
`74`	`74`	`}`
`75`		`- resp, err := http.Get(sourceURL)`
	`75`	`+ resp, err := http.Get(sourceURL) // #nosec G107 - URL comes from command line flag`
`76`	`76`	`if err != nil {`
`77`	`77`	`return fmt.Errorf("failed to fetch registry: %w", err)`
`78`	`78`	`}`
`@@ -153,7 +153,7 @@ func importEntry(name string, server *toolhiveRegistry.ImageMetadata, outputDir`
`153`	`153`	`}`
`154`	`154`
`155`	`155`	`// Create the directory`
`156`		`- if err := os.MkdirAll(entryDir, 0755); err != nil {`
	`156`	`+ if err := os.MkdirAll(entryDir, 0750); err != nil {`
`157`	`157`	`return fmt.Errorf("failed to create directory: %w", err)`
`158`	`158`	`}`
`159`	`159`
`@@ -180,15 +180,15 @@ func importEntry(name string, server *toolhiveRegistry.ImageMetadata, outputDir`
`180`	`180`	`finalContent := header + string(yamlData)`
`181`	`181`
`182`	`182`	`// Write the spec.yaml file`
`183`		`- if err := os.WriteFile(specPath, []byte(finalContent), 0644); err != nil {`
	`183`	`+ if err := os.WriteFile(specPath, []byte(finalContent), 0600); err != nil {`
`184`	`184`	`return fmt.Errorf("failed to write spec.yaml: %w", err)`
`185`	`185`	`}`
`186`	`186`
`187`	`187`	`// Optionally create a README for complex entries`
`188`	`188`	`if shouldCreateReadme(server) {`
`189`	`189`	`readmePath := filepath.Join(entryDir, "README.md")`
`190`	`190`	`readmeContent := generateReadme(name, server)`
`191`		`- if err := os.WriteFile(readmePath, []byte(readmeContent), 0644); err != nil {`
	`191`	`+ if err := os.WriteFile(readmePath, []byte(readmeContent), 0600); err != nil {`
`192`	`192`	`// Non-fatal error`
`193`	`193`	`if verbose {`
`194`	`194`	`log.Printf("Warning: Failed to write README for %s: %v", name, err)`
Original file line number	Diff line number	Diff line change
`@@ -188,7 +188,7 @@ func buildToolhiveFormat(loader *registry.Loader, outputDir string) error {`
`188`	`188`	`}`
`189`	`189`
`190`	`190`	`// Ensure output directory exists`
`191`		`- if err := os.MkdirAll(outputDir, 0755); err != nil {`
	`191`	`+ if err := os.MkdirAll(outputDir, 0750); err != nil {`
`192`	`192`	`return fmt.Errorf("failed to create output directory: %w", err)`
`193`	`193`	`}`
`194`	`194`
Original file line number	Diff line number	Diff line change
`@@ -113,7 +113,7 @@ func loadSpec(path string) (serverWithName, error) {`
`113`	`113`	`}`
`114`	`114`
`115`	`115`	`// Read the spec file`
`116`		`- data, err := os.ReadFile(path)`
	`116`	`+ data, err := os.ReadFile(path) // #nosec G304 - file path is constructed from known directory`
`117`	`117`	`if err != nil {`
`118`	`118`	`return serverWithName{}, fmt.Errorf("failed to read spec file: %w", err)`
`119`	`119`	`}`
`@@ -236,7 +236,7 @@ func updateServerInfo(server serverWithName) error {`
`236`	`236`	`// updateYAMLPreservingStructure updates the YAML file while preserving comments and structure`
`237`	`237`	`func updateYAMLPreservingStructure(path string, stars, pulls int) error {`
`238`	`238`	`// Read the original file`
`239`		`- data, err := os.ReadFile(path)`
	`239`	`+ data, err := os.ReadFile(path) // #nosec G304 - file path is constructed from known directory`
`240`	`240`	`if err != nil {`
`241`	`241`	`return fmt.Errorf("failed to read file: %w", err)`
`242`	`242`	`}`
`@@ -261,7 +261,7 @@ func updateYAMLPreservingStructure(path string, stars, pulls int) error {`
`261`	`261`	`}`
`262`	`262`
`263`	`263`	`// Write back to file`
`264`		`- return os.WriteFile(path, buf.Bytes(), 0644)`
	`264`	`+ return os.WriteFile(path, buf.Bytes(), 0600)`
`265`	`265`	`}`
`266`	`266`
`267`	`267`	`// updateMetadataInNode updates metadata fields in the YAML node tree`
Original file line number	Diff line number	Diff line change
`@@ -86,7 +86,7 @@ func (l *Loader) LoadAll() error {`
`86`	`86`
`87`	`87`	`// LoadEntry loads a single registry entry from a YAML file`
`88`	`88`	`func (l Loader) LoadEntry(path string) (types.RegistryEntry, error) {`
`89`		`- file, err := os.Open(path)`
	`89`	`+ file, err := os.Open(path) // #nosec G304 - path is constructed from known directory structure`
`90`	`90`	`if err != nil {`
`91`	`91`	`return nil, fmt.Errorf("failed to open file: %w", err)`
`92`	`92`	`}`
`@@ -410,7 +410,7 @@ func (b *Builder) WriteJSON(path string) error {`
`410`	`410`
`411`	`411`	`// Create the directory if it doesn't exist`
`412`	`412`	`dir := filepath.Dir(path)`
`413`		`- if err := os.MkdirAll(dir, 0755); err != nil {`
	`413`	`+ if err := os.MkdirAll(dir, 0750); err != nil {`
`414`	`414`	`return fmt.Errorf("failed to create directory: %w", err)`
`415`	`415`	`}`
`416`	`416`
`@@ -433,7 +433,7 @@ func (b *Builder) WriteJSON(path string) error {`
`433`	`433`	`}`
`434`	`434`
`435`	`435`	`// Write to file`
`436`		`- if err := os.WriteFile(path, data, 0644); err != nil {`
	`436`	`+ if err := os.WriteFile(path, data, 0600); err != nil {`
`437`	`437`	`return fmt.Errorf("failed to write file: %w", err)`
`438`	`438`	`}`
`439`	`439`