shithub: furgit

Download patch

ref: 2cb9c32187f0f14f38ab8124466f0ad17f77c5d0
parent: 970f5d2985a7a01e8edb9f3fe2bfc926ebb800e2
author: Runxi Yu <me@runxiyu.org>
date: Sat Feb 21 15:55:37 EST 2026 

*: Fix nosec


--- a/internal/bufpool/buffers.go
+++ b/internal/bufpool/buffers.go
@@ -85,7 +85,7 @@
 		*buf = make([]byte, 0, classCap)
 	}
 	slice := (*buf)[:0]
-	return Buffer{buf: slice, pool: poolIndex(classIdx)} //#nosec:G115
+	return Buffer{buf: slice, pool: poolIndex(classIdx)} //#nosec G115
 }
 
 // FromOwned constructs a Buffer from a caller-owned byte slice. The resulting
@@ -167,7 +167,7 @@
 	buf.returnToPool()
 	buf.buf = newBuf
 	if pooled {
-		buf.pool = poolIndex(classIdx) //#nosec:G115
+		buf.pool = poolIndex(classIdx) //#nosec G115
 	} else {
 		buf.pool = unpooled
 	}
--- a/internal/bufpool/buffers_test.go
+++ b/internal/bufpool/buffers_test.go
@@ -55,7 +55,8 @@
 	}
 
 	b := Borrow(request)
-	if b.pool != poolIndex(classIdx) { //#nosec:G115
+	//#nosec G115
+	if b.pool != poolIndex(classIdx) {
 		t.Fatalf("expected pooled buffer in class %d, got %d", classIdx, b.pool)
 	}
 	if cap(b.buf) != classCap {
@@ -65,7 +66,8 @@
 
 	b2 := Borrow(request)
 	defer b2.Release()
-	if b2.pool != poolIndex(classIdx) { //#nosec:G115
+	//#nosec G115
+	if b2.pool != poolIndex(classIdx) {
 		t.Fatalf("expected pooled buffer in class %d on reuse, got %d", classIdx, b2.pool)
 	}
 	if cap(b2.buf) != classCap {
--- a/internal/zlib/reader.go
+++ b/internal/zlib/reader.go
@@ -131,7 +131,7 @@
 	return n, io.EOF
 }
 
-// Calling Close does not close the wrapped [io.Reader] originally passed to [NewReader].
+// Close does not close the wrapped [io.Reader] originally passed to [NewReader].
 // In order for the ZLIB checksum to be verified, the reader must be
 // fully consumed until the [io.EOF].
 func (z *reader) Close() error {
--- a/internal/zlib/writer.go
+++ b/internal/zlib/writer.go
@@ -206,7 +206,7 @@
 	if z.dict != nil {
 		z.scratch[1] |= 1 << 5
 	}
-	z.scratch[1] += uint8(31 - binary.BigEndian.Uint16(z.scratch[:2])%31)
+	z.scratch[1] += uint8(31 - binary.BigEndian.Uint16(z.scratch[:2])%31) //#nosec G115
 	if _, err = z.w.Write(z.scratch[0:2]); err != nil {
 		return err
 	}
--- a/repository/traversal_test.go
+++ b/repository/traversal_test.go
@@ -54,7 +54,7 @@
 		t.Fatalf("%q is neither a directory nor a regular file", gitPath)
 	}
 
-	content, err := os.ReadFile(gitPath) //#nosec:G304
+	content, err := os.ReadFile(gitPath) //#nosec G304
 	if err != nil {
 		t.Fatalf("read %q: %v", gitPath, err)
 	}
@@ -73,7 +73,7 @@
 		gitdirPath = filepath.Join(worktreeRoot, gitdirPath)
 	}
 	commondirPath := filepath.Join(gitdirPath, "commondir")
-	commondirContent, err := os.ReadFile(commondirPath) //#nosec:G304
+	commondirContent, err := os.ReadFile(commondirPath) //#nosec G304
 	if err != nil {
 		t.Fatalf("read %q: %v", commondirPath, err)
 	}
--