From 5248097f9060067ea75d21c9a4192b7464c0a7a4 Mon Sep 17 00:00:00 2001 From: shaw Date: Fri, 13 Feb 2026 20:12:50 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8D=20gosec=20=E9=85=8D?= =?UTF-8?q?=E7=BD=AE=E6=96=87=E4=BB=B6=E6=A0=BC=E5=BC=8F=E9=94=99=E8=AF=AF?= =?UTF-8?q?=E5=AF=BC=E8=87=B4=20CI=20=E5=A4=B1=E8=B4=A5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit gosec -conf 只支持 JSON 格式,将 .gosec.yaml 转换为 .gosec.json --- .github/workflows/security-scan.yml | 2 +- backend/.gosec.json | 5 +++++ backend/.gosec.yaml | 7 ------- 3 files changed, 6 insertions(+), 8 deletions(-) create mode 100644 backend/.gosec.json delete mode 100644 backend/.gosec.yaml diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml index 781446dd..fd0c7a41 100644 --- a/.github/workflows/security-scan.yml +++ b/.github/workflows/security-scan.yml @@ -32,7 +32,7 @@ jobs: working-directory: backend run: | go install github.com/securego/gosec/v2/cmd/gosec@latest - gosec -conf .gosec.yaml -severity high -confidence high ./... + gosec -conf .gosec.json -severity high -confidence high ./... frontend-security: runs-on: ubuntu-latest diff --git a/backend/.gosec.json b/backend/.gosec.json new file mode 100644 index 00000000..b34e140c --- /dev/null +++ b/backend/.gosec.json @@ -0,0 +1,5 @@ +{ + "global": { + "exclude": "G704" + } +} diff --git a/backend/.gosec.yaml b/backend/.gosec.yaml deleted file mode 100644 index 8d27715a..00000000 --- a/backend/.gosec.yaml +++ /dev/null @@ -1,7 +0,0 @@ -global: - # Exclude G704 (SSRF via taint analysis) - this is an API gateway platform - # that by design proxies requests to configurable upstream services. - # All upstream URLs are sourced from admin-configured settings or known - # third-party API endpoints, not from end-user input. - exclude: - - G704