diff --git a/database.go b/database.go
index 61b3674a9d1c443795524e45eea4b0f0bdcbb33a..5b22a8730d698bc52bce7657f53d167fd8495244 100644
--- a/database.go
+++ b/database.go
@@ -111,9 +111,9 @@ func (s *DBSaver) Start() error {
tx.Model(&permJob.Stats).Updates(permJob.Stats)
}
- for _, log := range memLogs {
- log.LogID = 0
- _ = tx.Create(&log)
+ for i, _ := range memLogs {
+ memLogs[i].LogID = 0
+ _ = tx.Create(&memLogs[i])
// no error handling, if it fails, it fails
}
diff --git a/devenv.nix b/devenv.nix
index da8f4c789e89b01a8804ac3855b99e913743480d..7d8af9a71bae8350aad9fef10026123207be46da 100644
--- a/devenv.nix
+++ b/devenv.nix
@@ -9,12 +9,14 @@
blackbox-terminal
coreutils-full
dbeaver
+ dbeaver
delve
dialog
drill
exa
fd
fd
+ feh
gcc12
gdlv
git
@@ -23,6 +25,7 @@
gnumake
gnused
go-licenses
+ gosec
go-task
gum
httpie
@@ -34,18 +37,15 @@
memcached
netcat
nixfmt
+ nodePackages.mermaid-cli
+ openssh
procps
ranger
unixtools.xxd
- dbeaver
unzip
util-linux
wget
zlib
- nodePackages.mermaid-cli
- feh
- openssh
-
];
# https://devenv.sh/languages/
diff --git a/persistence.go b/persistence.go
index 33660016dad80d65e9d25461821b7fa5196ba14c..1f2b283b0981dc74c51d18ab79e40129c4aaff7f 100644
--- a/persistence.go
+++ b/persistence.go
@@ -73,6 +73,7 @@ func ReadJSON(r io.Reader) ([]JobPersistence, error) {
}
func ReadYAMLFile(filePath string) ([]JobPersistence, error) {
+ // #nosec
file, err := os.Open(filePath)
if err != nil {
return nil, err
@@ -82,6 +83,7 @@ func ReadYAMLFile(filePath string) ([]JobPersistence, error) {
}
func ReadJsonFile(filePath string) ([]JobPersistence, error) {
+ // #nosec
file, err := os.Open(filePath)
if err != nil {
return nil, err
diff --git a/runnable-fileoperation.go b/runnable-fileoperation.go
index 09d39408e8ed1399dd7f91f0f6842f9e7f7b5ac2..600fc6d3d8e47e4c410ff65a894b7a4e82c96497 100644
--- a/runnable-fileoperation.go
+++ b/runnable-fileoperation.go
@@ -62,7 +62,7 @@ func (f *FileOperationRunnable) Run() (RunResult[FileOperationResult], error) {
},
}, nil
case FileOperationWrite:
- err := os.WriteFile(f.FilePath, []byte(f.Content), 0644)
+ err := os.WriteFile(f.FilePath, []byte(f.Content), 0600)
if err != nil {
return RunResult[FileOperationResult]{Status: ResultStatusFailed}, err
}
@@ -85,7 +85,7 @@ func (f *FileOperationRunnable) Run() (RunResult[FileOperationResult], error) {
}, nil
case FileOperationAppend:
- fp, err := os.OpenFile(f.FilePath, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
+ fp, err := os.OpenFile(f.FilePath, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0600)
if err != nil {
return RunResult[FileOperationResult]{Status: ResultStatusFailed}, err
}
diff --git a/runnable-sftp.go b/runnable-sftp.go
index 7c4625fb318ef3014aec9cc96f09c3cfb9363c41..dd2bc3b13c31b97ca6161e4c9704903576b9c214 100644
--- a/runnable-sftp.go
+++ b/runnable-sftp.go
@@ -134,6 +134,7 @@ func (s *SFTPRunnable) Run() (RunResult[SFTPResult], error) {
hkCallback = ssh.FixedHostKey(hostKey)
} else {
if s.Insecure {
+ // #nosec
hkCallback = ssh.InsecureIgnoreHostKey()
} else {
hkCallback = ssh.FixedHostKey(nil)
@@ -235,7 +236,7 @@ func (s *SFTPRunnable) copyRemoteToLocal(sftpClient *sftp.Client) ([]string, err
var filesCopied []string
// create destination directory
- err := os.MkdirAll(s.DstDir, 0755)
+ err := os.MkdirAll(s.DstDir, 0700)
if err != nil {
return nil, err
}
diff --git a/runnable-shell.go b/runnable-shell.go
index a3762898a21da8b84e9010358b6f6e13617bbac6..62977494d9a99023f8b62f1ba2254c6c914967e0 100644
--- a/runnable-shell.go
+++ b/runnable-shell.go
@@ -74,6 +74,7 @@ func (s *ShellRunnable) Run() (RunResult[ShellResult], error) {
}
+ // #nosec
cmd := exec.Command("sh", scriptPath)
output, err := cmd.Output()