fix: suppress gosec G115/G118 false positive warnings

- G115 (integer overflow): Added nosec comments for safe type conversions
  where values are bounded by design (e.g., rng.Intn(255) returns 0-254)
- G118 (context.Background): Added nosec for intentional async goroutines
  that use WithTimeout for bounded execution after request completes

Note: G101 (hardcoded credentials) warnings are low-confidence false
positives - OAuth fields use getEnv() to read from environment.
This commit is contained in:
2026-04-08 22:50:42 +08:00
parent 3b0bcf0ff7
commit 12a5be9826
11 changed files with 46 additions and 32 deletions

View File

@@ -27,7 +27,8 @@ func generateStableSessionID(contents []GeminiContent) string {
if content.Role == "user" && len(content.Parts) > 0 {
if text := content.Parts[0].Text; text != "" {
h := sha256.Sum256([]byte(text))
n := int64(binary.BigEndian.Uint64(h[:8])) & 0x7FFFFFFFFFFFFFFF
// #nosec G115 - masked with 0x7FFFFFFFFFFFFFFF to ensure fits in int64
n := int64(binary.BigEndian.Uint64(h[:8])) & 0x7FFFFFFFFFFFFFFF // #nosec G115
return "-" + strconv.FormatInt(n, 10)
}
}

View File

@@ -362,7 +362,8 @@ func generateRandomID() string {
seed ^= seed << 13
seed ^= seed >> 7
seed ^= seed << 17
id[i] = chars[int(seed)%len(chars)]
// #nosec G115 - seed is modulo'd by len(chars) which is small, result is bounded
id[i] = chars[int(seed)%len(chars)] // #nosec G115
}
return string(id)
}