Skip to content

Commit a6e0f63

Browse files
author
Alex Godoroja
committed
fix(gosec): suppress G703 taint false-positives on aux-file carry
The aux paths are resolveUnder-confined (bundle/staging roots) and aux is a constant allow-list ('install.json'/'install.sh'), so no traversal is possible. gosec's SSA taint analyzer can't see resolveUnder as a sanitizer, so annotate the file ops + the new staging-cleanup with #nosec G703 (the same pattern this file already uses for the binary copy).
1 parent 23ab958 commit a6e0f63

1 file changed

Lines changed: 4 additions & 4 deletions

File tree

cmd/pilotctl/appstore.go

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1196,18 +1196,18 @@ func cmdAppStoreInstall(args []string) {
11961196
src, serr := resolveUnder(bundleDir, aux)
11971197
dst, derr := resolveUnder(stagingDir, aux)
11981198
if serr != nil || derr != nil {
1199-
_ = os.RemoveAll(stagingDir)
1199+
_ = os.RemoveAll(stagingDir) // #nosec G703 -- stagingDir is appStoreRoot()/<m.ID>.staging (m.ID reverse-DNS validated), confined to the install root; cleanup of our own dir
12001200
fatalHint("internal_error", "aux install file path escaped the bundle/staging root", "resolve %s: %v / %v", aux, serr, derr)
12011201
}
1202-
if _, err := os.Stat(src); err != nil {
1202+
if _, err := os.Stat(src); err != nil { // #nosec G703 -- src is resolveUnder(bundleDir, <const aux>), proven to stay under the bundle root above; no traversal
12031203
continue // not an asset-delivering app
12041204
}
12051205
mode := os.FileMode(0o644)
12061206
if aux == "install.sh" {
12071207
mode = 0o755
12081208
}
1209-
if err := copyFile(src, dst, mode); err != nil {
1210-
_ = os.RemoveAll(stagingDir)
1209+
if err := copyFile(src, dst, mode); err != nil { // #nosec G703 -- src/dst are resolveUnder-confined (bundle/staging roots); aux is a constant allow-list entry, so neither can escape
1210+
_ = os.RemoveAll(stagingDir) // #nosec G703 -- stagingDir is the confined install-root staging dir; cleanup of our own dir
12111211
fatalHint("io_error", "check install root permissions", "copy %s: %v", aux, err)
12121212
}
12131213
}

0 commit comments

Comments
 (0)