sneak/secret
1
0
Fork 1
Code Issues 1 Pull Requests 2 Actions Packages Projects Releases Wiki Activity

fix: suppress gosec G204 for validated GPG key ID inputs

Browse Source
This commit is contained in:
clawbot 2026-02-19 23:43:13 -08:00
parent 0aa9a52497
commit 596027f210
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
internal/secret/pgpunlocker.go
View File

@ -320,7 +320,9 @@ func ResolveGPGKeyFingerprint(keyID string) (string, error) {
} }
// Use GPG to get the full fingerprint for the key // Use GPG to get the full fingerprint for the key
cmd := exec.Command("gpg", "--list-keys", "--with-colons", "--fingerprint", keyID) cmd := exec.Command( // #nosec G204 -- keyID validated
"gpg", "--list-keys", "--with-colons", "--fingerprint", keyID,
)
output, err := cmd.Output() output, err := cmd.Output()
if err != nil { if err != nil {
return "", fmt.Errorf("failed to resolve GPG key fingerprint: %w", err) return "", fmt.Errorf("failed to resolve GPG key fingerprint: %w", err)
@ -359,7 +361,9 @@ func gpgEncryptDefault(data *memguard.LockedBuffer, keyID string) ([]byte, error
return nil, fmt.Errorf("invalid GPG key ID: %w", err) return nil, fmt.Errorf("invalid GPG key ID: %w", err)
} }
cmd := exec.Command("gpg", "--trust-model", "always", "--armor", "--encrypt", "-r", keyID) cmd := exec.Command( // #nosec G204 -- keyID validated
"gpg", "--trust-model", "always", "--armor", "--encrypt", "-r", keyID,
)
cmd.Stdin = strings.NewReader(data.String()) cmd.Stdin = strings.NewReader(data.String())
output, err := cmd.Output() output, err := cmd.Output()