fix: resolve critical security vulnerabilities in debug logging and command execution

- Remove sensitive data from debug logs (vault/secrets.go, secret/version.go) - Add input validation for GPG key IDs and keychain item names - Resolve GPG key IDs to full fingerprints before storing in metadata - Add comprehensive test coverage for validation functions - Add golangci-lint configuration with additional linters Security improvements: - Debug logs no longer expose decrypted secret values or private keys - GPG and keychain commands now validate input to prevent injection attacks - All validation uses precompiled regex patterns for performance
2025-06-20 07:50:26 -07:00
parent 004dce5472
commit 985d79d3c0
8 changed files with 529 additions and 28 deletions
--- a/pkg/bip85/bip85_test.go
+++ b/pkg/bip85/bip85_test.go
@@ -1,5 +1,7 @@
 package bip85

+//nolint:gosec,revive,unparam // Test file with hardcoded test vectors
+
 import (
 	"bytes"
 	"encoding/hex"