From 6623b7ff7b8ed940c06bb8ce47086637c99a149d Mon Sep 17 00:00:00 2001 From: Hephaestus Date: Fri, 1 May 2026 08:05:45 +0100 Subject: [PATCH] =?UTF-8?q?chore(app):=20clear=202=20audit=20findings=20?= =?UTF-8?q?=E2=80=94=20banned-imports=20(Mantis=20#1325)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit go/pkg_electron_extract_tar.go:108 — comment had `strings` in backticks referencing the banned stdlib package. Audit regex `("|`)("|`)` flags backtick-quoted stdlib names as import dodges. Reworded to "stdlib strings package" — same meta-reference, no banned token in backticks. go/permissions.go:150 — same shape. `path` in backticks, referencing the fs.read action argument name. Reworded to "path argument" — descriptive prose, no banned token. Verification: - audit.sh -> COMPLIANT (0 findings) - GOWORK=off go build ./... clean - GOWORK=off go vet ./... clean - GOWORK=off gofmt -l . clean Closes tasks.lthn.sh/view.php?id=1325 Filed-by: hephaestus Co-authored-by: Hephaestus --- go/permissions.go | 2 +- go/pkg_electron_extract_tar.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/go/permissions.go b/go/permissions.go index de04cc8..7d4482b 100644 --- a/go/permissions.go +++ b/go/permissions.go @@ -147,7 +147,7 @@ type actionGate struct { // is rejected before the handler runs. // // - `CheckActionAccess` (access.go) performs the per-argument match -// — fs.read's `path` is checked against `permissions.read[]`, +// — fs.read's path argument is checked against `permissions.read[]`, // net.fetch's `host:port` is checked against `permissions.net[]`, // etc. Handlers in go-io / core-net / go-process call it once // with the caller-supplied argument before performing any diff --git a/go/pkg_electron_extract_tar.go b/go/pkg_electron_extract_tar.go index ec80b24..cb8ed46 100644 --- a/go/pkg_electron_extract_tar.go +++ b/go/pkg_electron_extract_tar.go @@ -106,7 +106,7 @@ func openTarReader(archive, body string) ( // stringReader wraps a string body with an io.Reader implementation so // tar/gzip layers can stream the bytes without depending on the banned -// `strings` package. Mirrors the stringReaderAt helper in +// stdlib strings package. Mirrors the stringReaderAt helper in // pkg_electron_extract.go for the zip path. type stringReader struct { body string