lukaszraczylo/gohoarder
1
0
Fork 0
mirror of https://github.com/lukaszraczylo/gohoarder.git synced 2026-06-10 23:29:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

fixes

Browse Source
This commit is contained in:
Lukasz Raczylo
2026-01-02 18:20:15 +00:00
parent 0f7c29c3ef
commit ce5a8fbffd
37 changed files with 323 additions and 178 deletions
Download Patch File Download Diff File Expand all files Collapse all files
pkg/metadata/file/file.go
+14 -14
View File
@@ -31,7 +31,7 @@ func New(cfg Config) (*Store, error) {
}
// Create directory if it doesn't exist
if err := os.MkdirAll(cfg.Path, 0755); err != nil {
if err := os.MkdirAll(cfg.Path, 0750); err != nil {
return nil, fmt.Errorf("failed to create metadata directory: %w", err)
}
@@ -51,7 +51,7 @@ func (s *Store) SavePackage(ctx context.Context, pkg *metadata.Package) error {
// Create registry directory
regDir := filepath.Join(s.basePath, pkg.Registry)
if err := os.MkdirAll(regDir, 0755); err != nil {
if err := os.MkdirAll(regDir, 0750); err != nil {
return err
}
@@ -62,7 +62,7 @@ func (s *Store) SavePackage(ctx context.Context, pkg *metadata.Package) error {
return err
}
return os.WriteFile(filename, data, 0644)
return os.WriteFile(filename, data, 0600)
}
// GetPackage retrieves package metadata
@@ -71,7 +71,7 @@ func (s *Store) GetPackage(ctx context.Context, registry, name, version string)
defer s.mu.RUnlock()
filename := filepath.Join(s.basePath, registry, fmt.Sprintf("%s-%s.json", name, version))
data, err := os.ReadFile(filename)
data, err := os.ReadFile(filename) // #nosec G304 -- Filename is from internal registry structure
if err != nil {
if os.IsNotExist(err) {
return nil, nil
@@ -104,7 +104,7 @@ func (s *Store) ListPackages(ctx context.Context, opts *metadata.ListOptions) ([
return nil
}
data, err := os.ReadFile(path)
data, err := os.ReadFile(path) // #nosec G304 -- Path from internal file structure
if err != nil {
return nil // Skip files we can't read
}
@@ -159,7 +159,7 @@ func (s *Store) SaveScanResult(ctx context.Context, result *metadata.ScanResult)
// Create scans directory
scanDir := filepath.Join(s.basePath, "scans", result.Registry, result.PackageName)
if err := os.MkdirAll(scanDir, 0755); err != nil {
if err := os.MkdirAll(scanDir, 0750); err != nil {
return err
}
@@ -171,7 +171,7 @@ func (s *Store) SaveScanResult(ctx context.Context, result *metadata.ScanResult)
return err
}
return os.WriteFile(filename, data, 0644)
return os.WriteFile(filename, data, 0600)
}
// UpdateDownloadCount increments download counter
@@ -213,7 +213,7 @@ func (s *Store) GetStats(ctx context.Context, registry string) (*metadata.Stats,
return nil
}
data, err := os.ReadFile(path)
data, err := os.ReadFile(path) // #nosec G304 -- Path from internal file structure
if err != nil {
return nil
}
@@ -265,7 +265,7 @@ func (s *Store) GetScanResult(ctx context.Context, registry, name, version strin
// Get the latest file
latestFile := matches[len(matches)-1]
data, err := os.ReadFile(latestFile)
data, err := os.ReadFile(latestFile) // #nosec G304 -- Path from glob match on internal structure
if err != nil {
return nil, err
}
@@ -317,7 +317,7 @@ func (s *Store) SaveCVEBypass(ctx context.Context, bypass *metadata.CVEBypass) e
// Create bypasses directory
bypassesDir := filepath.Join(s.basePath, "bypasses")
if err := os.MkdirAll(bypassesDir, 0755); err != nil {
if err := os.MkdirAll(bypassesDir, 0750); err != nil {
return err
}
@@ -328,7 +328,7 @@ func (s *Store) SaveCVEBypass(ctx context.Context, bypass *metadata.CVEBypass) e
return err
}
return os.WriteFile(filename, data, 0644)
return os.WriteFile(filename, data, 0600)
}
// GetActiveCVEBypasses retrieves all active (non-expired) CVE bypasses
@@ -353,7 +353,7 @@ func (s *Store) GetActiveCVEBypasses(ctx context.Context) ([]*metadata.CVEBypass
return nil
}
data, err := os.ReadFile(path)
data, err := os.ReadFile(path) // #nosec G304 -- Path from internal file structure
if err != nil {
return err
}
@@ -401,7 +401,7 @@ func (s *Store) ListCVEBypasses(ctx context.Context, opts *metadata.BypassListOp
return nil
}
data, err := os.ReadFile(path)
data, err := os.ReadFile(path) // #nosec G304 -- Path from internal file structure
if err != nil {
return err
}
@@ -491,7 +491,7 @@ func (s *Store) CleanupExpiredBypasses(ctx context.Context) (int, error) {
return nil
}
data, err := os.ReadFile(path)
data, err := os.ReadFile(path) // #nosec G304 -- Path from internal file structure
if err != nil {
return err
}
pkg/metadata/sqlite/sqlite.go
+11 -11
View File
@@ -147,13 +147,13 @@ func New(cfg Config) (*SQLiteStore, error) {
// Create schema
if _, err := db.Exec(schema); err != nil {
db.Close()
db.Close() // #nosec G104 -- Cleanup, error not critical
return nil, errors.Wrap(err, errors.ErrCodeStorageFailure, "failed to create SQLite schema")
}
// Run migrations for existing databases
if err := runMigrations(db); err != nil {
db.Close()
db.Close() // #nosec G104 -- Cleanup, error not critical
return nil, errors.Wrap(err, errors.ErrCodeStorageFailure, "failed to run database migrations")
}
@@ -383,7 +383,7 @@ func (s *SQLiteStore) ListPackages(ctx context.Context, opts *metadata.ListOptio
if err != nil {
return nil, errors.Wrap(err, errors.ErrCodeStorageFailure, "failed to list packages")
}
defer rows.Close()
defer rows.Close() // #nosec G104 -- Cleanup, error not critical
var packages []*metadata.Package
for rows.Next() {
@@ -407,7 +407,7 @@ func (s *SQLiteStore) ListPackages(ctx context.Context, opts *metadata.ListOptio
}
if metadataJSON != "" {
goccy_json.Unmarshal([]byte(metadataJSON), &pkg.Metadata)
_ = goccy_json.Unmarshal([]byte(metadataJSON), &pkg.Metadata) // #nosec G104 -- Best-effort unmarshal
}
packages = append(packages, &pkg)
@@ -504,7 +504,7 @@ func (s *SQLiteStore) GetStats(ctx context.Context, registry string) (*metadata.
vulnArgs = append(vulnArgs, registry)
}
s.db.QueryRowContext(ctx, vulnQuery, vulnArgs...).Scan(&stats.VulnerablePackages)
_ = s.db.QueryRowContext(ctx, vulnQuery, vulnArgs...).Scan(&stats.VulnerablePackages) // #nosec G104 -- Optional query
return &stats, nil
}
@@ -607,7 +607,7 @@ func (s *SQLiteStore) GetTimeSeriesStats(ctx context.Context, period string, reg
if err != nil {
return nil, errors.Wrap(err, errors.ErrCodeStorageFailure, "failed to query time-series stats")
}
defer rows.Close()
defer rows.Close() // #nosec G104 -- Cleanup, error not critical
// Collect data points
dataMap := make(map[string]int64)
@@ -869,11 +869,11 @@ func (s *SQLiteStore) GetScanResult(ctx context.Context, registry, name, version
// Deserialize
if vulnJSON != "" {
goccy_json.Unmarshal([]byte(vulnJSON), &result.Vulnerabilities)
_ = goccy_json.Unmarshal([]byte(vulnJSON), &result.Vulnerabilities) // #nosec G104 -- Best-effort unmarshal
}
if detailsJSON != "" {
goccy_json.Unmarshal([]byte(detailsJSON), &result.Details)
_ = goccy_json.Unmarshal([]byte(detailsJSON), &result.Details) // #nosec G104 -- Best-effort unmarshal
}
return &result, nil
@@ -950,7 +950,7 @@ func (s *SQLiteStore) GetActiveCVEBypasses(ctx context.Context) ([]*metadata.CVE
if err != nil {
return nil, errors.Wrap(err, errors.ErrCodeStorageFailure, "failed to get active CVE bypasses")
}
defer rows.Close()
defer rows.Close() // #nosec G104 -- Cleanup, error not critical
var bypasses []*metadata.CVEBypass
for rows.Next() {
@@ -1022,7 +1022,7 @@ func (s *SQLiteStore) ListCVEBypasses(ctx context.Context, opts *metadata.Bypass
if err != nil {
return nil, errors.Wrap(err, errors.ErrCodeStorageFailure, "failed to list CVE bypasses")
}
defer rows.Close()
defer rows.Close() // #nosec G104 -- Cleanup, error not critical
var bypasses []*metadata.CVEBypass
for rows.Next() {
@@ -1085,5 +1085,5 @@ func (s *SQLiteStore) CleanupExpiredBypasses(ctx context.Context) (int, error) {
// Close closes the metadata store
func (s *SQLiteStore) Close() error {
return s.db.Close()
return s.db.Close() // #nosec G104 -- Cleanup, error not critical
}