Commit 23ab958
fix(gosec): resolve install.json/install.sh aux paths via resolveUnder (G304)
Mirror the binary-copy containment pattern: resolveUnder cleans the join and
verifies the path stays under the bundle/staging root, clearing the two gosec
'path traversal via taint analysis' (G304) alerts on the aux-file carry.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>1 parent ae47074 commit 23ab958
1 file changed
Lines changed: 10 additions & 2 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1190 | 1190 | | |
1191 | 1191 | | |
1192 | 1192 | | |
1193 | | - | |
| 1193 | + | |
| 1194 | + | |
| 1195 | + | |
| 1196 | + | |
| 1197 | + | |
| 1198 | + | |
| 1199 | + | |
| 1200 | + | |
| 1201 | + | |
1194 | 1202 | | |
1195 | 1203 | | |
1196 | 1204 | | |
1197 | 1205 | | |
1198 | 1206 | | |
1199 | 1207 | | |
1200 | 1208 | | |
1201 | | - | |
| 1209 | + | |
1202 | 1210 | | |
1203 | 1211 | | |
1204 | 1212 | | |
| |||
0 commit comments