JGC-449 - Add gosec suppressions for static analysis (#1524)

RemiBou · Remi Bourgarel · cursoragent · web-flow · commit 2ce1543fc0fb · 2026-02-17T16:40:00.000+02:00
* JGC-449 - Add gosec suppressions for static analysis

Co-authored-by: Cursor &lt;cursoragent@cursor.com&gt;

* JGC-449 - Fix staticcheck QF1012 use fmt.Fprintf instead of WriteString(fmt.Sprintf)

Co-authored-by: Cursor &lt;cursoragent@cursor.com&gt;

---------

Co-authored-by: Remi Bourgarel &lt;remib@jfrog.com&gt;
Co-authored-by: Cursor &lt;cursoragent@cursor.com&gt;
diff --git a/artifactory/commands/transferfiles/utils_test.go b/artifactory/commands/transferfiles/utils_test.go
@@ -186,7 +186,7 @@ func TestGetMaxUniqueSnapshots(t *testing.T) {
 		default:
 			assert.Fail(t, "tried to get the Max Unique Snapshots setting of a repository of an unsupported package type")
 		}
-		_, err := w.Write([]byte(response))
+		_, err := w.Write([]byte(response)) // #nosec G705 -- test server response, not user input
 		assert.NoError(t, err)
 	})
 	defer testServer.Close()
diff --git a/artifactory/commands/utils/precheckrunner/remoteurlchecker.go b/artifactory/commands/utils/precheckrunner/remoteurlchecker.go
@@ -32,7 +32,7 @@ type remoteRepoSettings struct {
 	Url         string `json:"url,omitempty"`
 	RepoType    string `json:"repo_type,omitempty"`
 	Username    string `json:"username,omitempty"`
-	Password    string `json:"password,omitempty"`
+	Password    string `json:"password,omitempty"` // #nosec G117 -- API struct for remote repo settings
 	QueryParams string `json:"query_params,omitempty"`
 }
 
diff --git a/artifactory/utils/commandsummary/buildinfosummary.go b/artifactory/utils/commandsummary/buildinfosummary.go
@@ -156,7 +156,7 @@ func (bis *BuildInfoSummary) generateModuleArtifactTree(rootModuleID string, nes
 
 	markdownBuilder.WriteString(generateModuleHeader(rootModuleID))
 	if !StaticMarkdownConfig.IsExtendedSummary() {
-		markdownBuilder.WriteString(fmt.Sprintf(basicSummaryUpgradeNotice, StaticMarkdownConfig.GetExtendedSummaryLangPage()))
+		fmt.Fprintf(&markdownBuilder, basicSummaryUpgradeNotice, StaticMarkdownConfig.GetExtendedSummaryLangPage())
 	}
 	for _, module := range nestedModules {
 		if isMultiModule && rootModuleID == module.Id {
@@ -166,7 +166,7 @@ func (bis *BuildInfoSummary) generateModuleArtifactTree(rootModuleID string, nes
 		if err != nil {
 			return "", err
 		}
-		markdownBuilder.WriteString(fmt.Sprintf("\n\n<pre>%s</pre>\n\n", tree))
+		fmt.Fprintf(&markdownBuilder, "\n\n<pre>%s</pre>\n\n", tree)
 	}
 	return markdownBuilder.String(), nil
 }
@@ -193,7 +193,7 @@ func (bis *BuildInfoSummary) generateTableModuleMarkdown(nestedModules []buildIn
 
 	if !StaticMarkdownConfig.IsExtendedSummary() {
 		nestedModuleMarkdownTree.WriteString("|")
-		nestedModuleMarkdownTree.WriteString(fmt.Sprintf(basicSummaryUpgradeNotice, StaticMarkdownConfig.GetExtendedSummaryLangPage()))
+		fmt.Fprintf(&nestedModuleMarkdownTree, basicSummaryUpgradeNotice, StaticMarkdownConfig.GetExtendedSummaryLangPage())
 		nestedModuleMarkdownTree.WriteString("<pre>")
 	} else {
 		nestedModuleMarkdownTree.WriteString("|<pre>")
diff --git a/general/token/oidctokenexchange.go b/general/token/oidctokenexchange.go
@@ -79,7 +79,7 @@ type OidcParams struct {
 }
 
 type ExchangeCommandOutputStruct struct {
-	AccessToken string `json:"AccessToken"`
+	AccessToken string `json:"AccessToken"` // #nosec G117 -- CLI output struct for OIDC exchange
 	Username    string `json:"Username"`
 }
 
diff --git a/utils/config/config.go b/utils/config/config.go
@@ -590,11 +590,11 @@ type ServerDetails struct {
 	OnemodelUrl                     string `json:"-"`
 	ApptrustUrl                     string `json:"-"`
 	User                            string `json:"user,omitempty"`
-	Password                        string `json:"password,omitempty"`
+	Password                        string `json:"password,omitempty"`             // #nosec G117 -- config struct for auth
 	SshKeyPath                      string `json:"sshKeyPath,omitempty"`
 	SshPassphrase                   string `json:"sshPassphrase,omitempty"`
-	AccessToken                     string `json:"accessToken,omitempty"`
-	RefreshToken                    string `json:"refreshToken,omitempty"`
+	AccessToken                     string `json:"accessToken,omitempty"`          // #nosec G117 -- config struct for auth
+	RefreshToken                    string `json:"refreshToken,omitempty"`         // #nosec G117 -- config struct for auth
 	ArtifactoryRefreshToken         string `json:"artifactoryRefreshToken,omitempty"`
 	ArtifactoryTokenRefreshInterval int    `json:"tokenRefreshInterval,omitempty"`
 	ClientCertPath                  string `json:"clientCertPath,omitempty"`
@@ -609,7 +609,7 @@ type ServerDetails struct {
 // Deprecated
 type MissionControlDetails struct {
 	Url         string `json:"url,omitempty"`
-	AccessToken string `json:"accessToken,omitempty"`
+	AccessToken string `json:"accessToken,omitempty"` // #nosec G117 -- config struct for auth
 }
 
 func (serverDetails *ServerDetails) IsEmpty() bool {
diff --git a/utils/config/config_test.go b/utils/config/config_test.go
@@ -246,9 +246,9 @@ func createEncryptionTestConfig() *Config {
 			ServerId:      "test-server",
 			Url:           "http://acme.jfrog.io",
 			User:          "elmar",
-			Password:      "Wabbit",
-			AccessToken:   "DewiciousWegOfWamb",
-			SshPassphrase: "KiwwTheWabbit",
+			Password:      "Wabbit",           // #nosec G101 -- test data only
+			AccessToken:   "DewiciousWegOfWamb", // #nosec G101 -- test data only
+			SshPassphrase: "KiwwTheWabbit",    // #nosec G101 -- test data only
 		}}},
 	}}
 }
@@ -479,10 +479,10 @@ func TestCreateAuthConfigAppendPreRequestFunctionBehavior(t *testing.T) {
 			name: "DisableTokenRefreshTrue_WithArtifactoryRefreshToken",
 			serverDetails: &ServerDetails{
 				ServerId:                "test-server",
-				AccessToken:             "access-token-123",
-				ArtifactoryRefreshToken: "artifactory-refresh-token-789",
+				AccessToken:             "access-token-123",             // #nosec G101 -- test data only
+				ArtifactoryRefreshToken: "artifactory-refresh-token-789", // #nosec G101 -- test data only
 				User:                    "testuser",
-				Password:                "testpass",
+				Password:                "testpass", // #nosec G101 -- test data only
 				DisableTokenRefresh:     true,
 			},
 			shouldCallAppendPreRequest: true,
@@ -491,10 +491,10 @@ func TestCreateAuthConfigAppendPreRequestFunctionBehavior(t *testing.T) {
 			name: "DisableTokenRefreshFalse_WithArtifactoryRefreshToken",
 			serverDetails: &ServerDetails{
 				ServerId:                "test-server",
-				AccessToken:             "access-token-123",
-				ArtifactoryRefreshToken: "artifactory-refresh-token-789",
+				AccessToken:             "access-token-123",             // #nosec G101 -- test data only
+				ArtifactoryRefreshToken: "artifactory-refresh-token-789", // #nosec G101 -- test data only
 				User:                    "testuser",
-				Password:                "testpass",
+				Password:                "testpass", // #nosec G101 -- test data only
 				DisableTokenRefresh:     false,
 			},
 			shouldCallAppendPreRequest: true,
diff --git a/utils/config/configtoken.go b/utils/config/configtoken.go
@@ -18,11 +18,11 @@ type configToken struct {
 	MissionControlUrl    string `json:"missionControlUrl,omitempty"`
 	PipelinesUrl         string `json:"pipelinesUrl,omitempty"`
 	User                 string `json:"user,omitempty"`
-	Password             string `json:"password,omitempty"`
+	Password             string `json:"password,omitempty"`             // #nosec G117 -- config struct for auth
 	SshKeyPath           string `json:"sshKeyPath,omitempty"`
 	SshPassphrase        string `json:"sshPassphrase,omitempty"`
-	AccessToken          string `json:"accessToken,omitempty"`
-	RefreshToken         string `json:"refreshToken,omitempty"`
+	AccessToken          string `json:"accessToken,omitempty"`          // #nosec G117 -- config struct for auth
+	RefreshToken         string `json:"refreshToken,omitempty"`         // #nosec G117 -- config struct for auth
 	TokenRefreshInterval int    `json:"tokenRefreshInterval,omitempty"`
 	ClientCertPath       string `json:"clientCertPath,omitempty"`
 	ClientCertKeyPath    string `json:"clientCertKeyPath,omitempty"`
diff --git a/utils/coreutils/tableutils.go b/utils/coreutils/tableutils.go
@@ -314,7 +314,7 @@ func setColMaxWidth(columnConfigs []table.ColumnConfig, fieldsProperties []field
 }
 
 func getTerminalAllowedWidth(colNum int) (int, error) {
-	width, _, err := term.GetSize(int(os.Stdout.Fd()))
+	width, _, err := term.GetSize(int(os.Stdout.Fd())) // #nosec G115 -- fd from process stdout, safe on all supported platforms
 	if err != nil {
 		return 0, err
 	}
diff --git a/utils/progressbar/progressbarmng.go b/utils/progressbar/progressbarmng.go
@@ -343,7 +343,7 @@ var ShouldInitProgressBar = func() (bool, error) {
 }
 
 func setTerminalWidth() error {
-	width, _, err := term.GetSize(int(os.Stderr.Fd()))
+	width, _, err := term.GetSize(int(os.Stderr.Fd())) // #nosec G115 -- fd from process stderr, safe on all supported platforms
 	if err != nil {
 		return errorutils.CheckError(err)
 	}

Original file line number	Diff line number	Diff line change
`@@ -186,7 +186,7 @@ func TestGetMaxUniqueSnapshots(t *testing.T) {`
`186`	`186`	`default:`
`187`	`187`	`assert.Fail(t, "tried to get the Max Unique Snapshots setting of a repository of an unsupported package type")`
`188`	`188`	`}`
`189`		`- _, err := w.Write([]byte(response))`
	`189`	`+ _, err := w.Write([]byte(response)) // #nosec G705 -- test server response, not user input`
`190`	`190`	`assert.NoError(t, err)`
`191`	`191`	`})`
`192`	`192`	`defer testServer.Close()`
Original file line number	Diff line number	Diff line change
`@@ -32,7 +32,7 @@ type remoteRepoSettings struct {`
`32`	`32`	Url string `json:"url,omitempty"`
`33`	`33`	RepoType string `json:"repo_type,omitempty"`
`34`	`34`	Username string `json:"username,omitempty"`
`35`		- Password string `json:"password,omitempty"`
	`35`	+ Password string `json:"password,omitempty"` // #nosec G117 -- API struct for remote repo settings
`36`	`36`	QueryParams string `json:"query_params,omitempty"`
`37`	`37`	`}`
`38`	`38`
Original file line number	Diff line number	Diff line change
`@@ -156,7 +156,7 @@ func (bis *BuildInfoSummary) generateModuleArtifactTree(rootModuleID string, nes`
`156`	`156`
`157`	`157`	`markdownBuilder.WriteString(generateModuleHeader(rootModuleID))`
`158`	`158`	`if !StaticMarkdownConfig.IsExtendedSummary() {`
`159`		`- markdownBuilder.WriteString(fmt.Sprintf(basicSummaryUpgradeNotice, StaticMarkdownConfig.GetExtendedSummaryLangPage()))`
	`159`	`+ fmt.Fprintf(&markdownBuilder, basicSummaryUpgradeNotice, StaticMarkdownConfig.GetExtendedSummaryLangPage())`
`160`	`160`	`}`
`161`	`161`	`for _, module := range nestedModules {`
`162`	`162`	`if isMultiModule && rootModuleID == module.Id {`
`@@ -166,7 +166,7 @@ func (bis *BuildInfoSummary) generateModuleArtifactTree(rootModuleID string, nes`
`166`	`166`	`if err != nil {`
`167`	`167`	`return "", err`
`168`	`168`	`}`
`169`		`- markdownBuilder.WriteString(fmt.Sprintf("\n\n<pre>%s</pre>\n\n", tree))`
	`169`	`+ fmt.Fprintf(&markdownBuilder, "\n\n<pre>%s</pre>\n\n", tree)`
`170`	`170`	`}`
`171`	`171`	`return markdownBuilder.String(), nil`
`172`	`172`	`}`
`@@ -193,7 +193,7 @@ func (bis *BuildInfoSummary) generateTableModuleMarkdown(nestedModules []buildIn`
`193`	`193`
`194`	`194`	`if !StaticMarkdownConfig.IsExtendedSummary() {`
`195`	`195`	`nestedModuleMarkdownTree.WriteString("\|")`
`196`		`- nestedModuleMarkdownTree.WriteString(fmt.Sprintf(basicSummaryUpgradeNotice, StaticMarkdownConfig.GetExtendedSummaryLangPage()))`
	`196`	`+ fmt.Fprintf(&nestedModuleMarkdownTree, basicSummaryUpgradeNotice, StaticMarkdownConfig.GetExtendedSummaryLangPage())`
`197`	`197`	`nestedModuleMarkdownTree.WriteString("<pre>")`
`198`	`198`	`} else {`
`199`	`199`	`nestedModuleMarkdownTree.WriteString("\|<pre>")`
Original file line number	Diff line number	Diff line change
`@@ -79,7 +79,7 @@ type OidcParams struct {`
`79`	`79`	`}`
`80`	`80`
`81`	`81`	`type ExchangeCommandOutputStruct struct {`
`82`		- AccessToken string `json:"AccessToken"`
	`82`	+ AccessToken string `json:"AccessToken"` // #nosec G117 -- CLI output struct for OIDC exchange
`83`	`83`	Username string `json:"Username"`
`84`	`84`	`}`
`85`	`85`
Original file line number	Diff line number	Diff line change
`@@ -314,7 +314,7 @@ func setColMaxWidth(columnConfigs []table.ColumnConfig, fieldsProperties []field`
`314`	`314`	`}`
`315`	`315`
`316`	`316`	`func getTerminalAllowedWidth(colNum int) (int, error) {`
`317`		`- width, _, err := term.GetSize(int(os.Stdout.Fd()))`
	`317`	`+ width, _, err := term.GetSize(int(os.Stdout.Fd())) // #nosec G115 -- fd from process stdout, safe on all supported platforms`
`318`	`318`	`if err != nil {`
`319`	`319`	`return 0, err`
`320`	`320`	`}`
Original file line number	Diff line number	Diff line change
`@@ -343,7 +343,7 @@ var ShouldInitProgressBar = func() (bool, error) {`
`343`	`343`	`}`
`344`	`344`
`345`	`345`	`func setTerminalWidth() error {`
`346`		`- width, _, err := term.GetSize(int(os.Stderr.Fd()))`
	`346`	`+ width, _, err := term.GetSize(int(os.Stderr.Fd())) // #nosec G115 -- fd from process stderr, safe on all supported platforms`
`347`	`347`	`if err != nil {`
`348`	`348`	`return errorutils.CheckError(err)`
`349`	`349`	`}`