JGC-449 - Add G101 and G703 nosec suppressions for CI

Co-authored-by: Cursor <cursoragent@cursor.com>

Author: remib

utils/io/content/contentreader_test.go

@@ -95,12 +95,12 @@ func TestCloseReader(t *testing.T) {
 	reader := NewContentReader(filePathToBeDeleted, DefaultKey)
 
 	// Check file exists
-	_, err = os.Stat(filePathToBeDeleted)
+	_, err = os.Stat(filePathToBeDeleted) // #nosec G703 -- test file; path from test temp
 	assert.NoError(t, err)
 
 	// Check if the file got deleted
 	closeAndAssert(t, reader)
-	_, err = os.Stat(filePathToBeDeleted)
+	_, err = os.Stat(filePathToBeDeleted) // #nosec G703 -- test file; path from test temp
 	assert.True(t, os.IsNotExist(err))
 }
 

utils/io/fileutils/files.go

@@ -78,9 +78,9 @@ func IsDirExists(path string, preserveSymLink bool) (bool, error) {
 // If path points at a symlink and `preserveSymLink == true`, return the file info of the symlink instead
 func GetFileInfo(path string, preserveSymLink bool) (fileInfo os.FileInfo, err error) {
 	if preserveSymLink {
-		fileInfo, err = os.Lstat(path)
+		fileInfo, err = os.Lstat(path) // #nosec G703 -- CLI/library runs in user environment
 	} else {
-		fileInfo, err = os.Stat(path)
+		fileInfo, err = os.Stat(path) // #nosec G703 -- CLI/library runs in user environment
 	}
 	// We should not do CheckError here, because the error is checked by the calling functions.
 	return

utils/io/fileutils/files_test.go

@@ -30,7 +30,7 @@ func TestIsPathExistsAndIsPathAccessible(t *testing.T) {
 		if symlinkCreated {
 			assert.NoError(t, os.Remove(symlinkPath))
 		}
-		assert.NoError(t, os.Remove(tempFile.Name()))
+		assert.NoError(t, os.Remove(tempFile.Name())) // #nosec G703 -- test file; path from temp
 	}()
 
 	// Test for an existing file

utils/io/fileutils/temp_test.go

@@ -38,7 +38,7 @@ func TestCleanOldDirs(t *testing.T) {
 	// Check if the file got deleted.
 	_, err1 := os.Stat(tempDir)
 	assert.True(t, os.IsNotExist(err1))
-	_, err2 := os.Stat(tempFile.Name())
+	_, err2 := os.Stat(tempFile.Name()) // #nosec G703 -- test file; path from temp file
 	assert.True(t, os.IsNotExist(err2))
 }
 
@@ -75,7 +75,7 @@ func TestExtractTimestamp(t *testing.T) {
 }
 
 func AssertFileExists(t *testing.T, name string) {
-	_, err := os.Stat(name)
+	_, err := os.Stat(name) // #nosec G703 -- test helper; path from test
 	assert.NoError(t, err)
 }
 
@@ -137,7 +137,7 @@ func TestCleanOldDirsContinuesOnError(t *testing.T) {
 	assert.Contains(t, err.Error(), "invalid-no-timestamp")
 
 	// Verify valid files were deleted despite error with invalid file
-	_, err1 := os.Stat(validFile1Name)
+	_, err1 := os.Stat(validFile1Name) // #nosec G703 -- test file; path from test temp dir
 	assert.True(t, os.IsNotExist(err1), "validFile1 should be deleted")
 
 	_, err2 := os.Stat(validFile2Name) // #nosec G703 -- test file; path from test temp dir

utils/regexputils_test.go

@@ -24,9 +24,9 @@ func TestRemoveCredentialsFromLine(t *testing.T) {
 		expectedLine string
 		matched      bool
 	}{
-		{"http", gofrogio.CmdOutputPattern{RegExp: regExpProtocol, Line: "This is an example line http://user:password@127.0.0.1:8081/artifactory/path/to/repo"}, "This is an example line http://127.0.0.1:8081/artifactory/path/to/repo", true},
-		{"https", gofrogio.CmdOutputPattern{RegExp: regExpProtocol, Line: "This is an example line https://user:password@127.0.0.1:8081/artifactory/path/to/repo"}, "This is an example line https://127.0.0.1:8081/artifactory/path/to/repo", true},
-		{"git", gofrogio.CmdOutputPattern{RegExp: regExpProtocol, Line: "This is an example line git://user:password@127.0.0.1:8081/artifactory/path/to/repo"}, "This is an example line git://127.0.0.1:8081/artifactory/path/to/repo", true},
+		{"http", gofrogio.CmdOutputPattern{RegExp: regExpProtocol, Line: "This is an example line http://user:password@127.0.0.1:8081/artifactory/path/to/repo"}, "This is an example line http://127.0.0.1:8081/artifactory/path/to/repo", true},   // #nosec G101 -- test data: fake URL for regex matching
+		{"https", gofrogio.CmdOutputPattern{RegExp: regExpProtocol, Line: "This is an example line https://user:password@127.0.0.1:8081/artifactory/path/to/repo"}, "This is an example line https://127.0.0.1:8081/artifactory/path/to/repo", true},  // #nosec G101 -- test data: fake URL for regex matching
+		{"git", gofrogio.CmdOutputPattern{RegExp: regExpProtocol, Line: "This is an example line git://user:password@127.0.0.1:8081/artifactory/path/to/repo"}, "This is an example line git://127.0.0.1:8081/artifactory/path/to/repo", true},    // #nosec G101 -- test data: fake URL for regex matching
 		{"Special characters 1", gofrogio.CmdOutputPattern{RegExp: regExpProtocol, Line: "This is an example line https://u-s!<e>_r:!p-a&%%s%sword@127.0.0.1:8081/artifactory/path/to/repo"}, "This is an example line https://127.0.0.1:8081/artifactory/path/to/repo", true},
 		{"Special characters 2", gofrogio.CmdOutputPattern{RegExp: regExpProtocol, Line: "This is an example line https://!user:[p]a(s)sword@127.0.0.1:8081/artifactory/path/to/repo"}, "This is an example line https://127.0.0.1:8081/artifactory/path/to/repo", true},
 		{"http with token", gofrogio.CmdOutputPattern{RegExp: regExpProtocol, Line: "This is an example line http://123456@127.0.0.1:8081/artifactory/path/to/repo"}, "This is an example line http://127.0.0.1:8081/artifactory/path/to/repo", true},