Skip to content
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/codecov.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ jobs:
persist-credentials: false

- name: Setup Go
uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c
uses: actions/setup-go@924ae3a1cded613372ab5595356fb5720e22ba16
with:
go-version-file: 'go.mod'
cache: false
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/codeql.yml
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ jobs:
persist-credentials: false

- name: Set up Go (from go.mod)
uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c
uses: actions/setup-go@924ae3a1cded613372ab5595356fb5720e22ba16
with:
go-version-file: 'go.mod'
cache: false
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/race.yml
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ jobs:
persist-credentials: false

- name: Setup Go
uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c
uses: actions/setup-go@924ae3a1cded613372ab5595356fb5720e22ba16
with:
go-version-file: go.mod
cache: true
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -83,7 +83,7 @@ jobs:
# SETUP GO
########################################
- name: Set up Go
uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c
uses: actions/setup-go@924ae3a1cded613372ab5595356fb5720e22ba16
with:
go-version-file: 'go.mod'

Expand Down Expand Up @@ -195,6 +195,6 @@ jobs:
# BUILD PROVENANCE ATTESTATION
########################################
- name: Attest Build Provenance
uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32
uses: actions/attest-build-provenance@0f67c3f4856b2e3261c31976d6725780e5e4c373
with:
subject-path: build/proxsave_*
2 changes: 1 addition & 1 deletion .github/workflows/security-ultimate.yml
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ jobs:
# GO 1.25 — MAIN TOOLCHAIN
########################################
- name: Set up Go (from go.mod)
uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c
uses: actions/setup-go@924ae3a1cded613372ab5595356fb5720e22ba16
with:
go-version-file: 'go.mod'
cache: false
Expand Down
10 changes: 5 additions & 5 deletions internal/security/security.go
Original file line number Diff line number Diff line change
Expand Up @@ -130,7 +130,7 @@ func Run(ctx context.Context, logger *logging.Logger, cfg *config.Config, config
checker.verifyBinaryIntegrity()
checker.verifyConfigFile()
checker.verifySensitiveFiles()
checker.verifyDirectories()
checker.verifyDirectories(ctx)
checker.verifySecureAccountFiles()
checker.detectPrivateAgeKeys()

Expand Down Expand Up @@ -491,7 +491,7 @@ func (c *Checker) verifySecureAccountFiles() {
}
}

func (c *Checker) verifyDirectories() {
func (c *Checker) verifyDirectories(ctx context.Context) {
dirs := []struct {
path string
perm os.FileMode
Expand Down Expand Up @@ -528,7 +528,7 @@ func (c *Checker) verifyDirectories() {
continue
}

if dir.allowBackup && c.shouldSkipPOSIXDirectoryChecks(dir.path) {
if dir.allowBackup && c.shouldSkipPOSIXDirectoryChecks(ctx, dir.path) {
continue
}

Expand Down Expand Up @@ -848,13 +848,13 @@ func (c *Checker) shouldSkipOwnershipChecks(path string) bool {
return false
}

func (c *Checker) shouldSkipPOSIXDirectoryChecks(path string) bool {
func (c *Checker) shouldSkipPOSIXDirectoryChecks(ctx context.Context, path string) bool {
path = strings.TrimSpace(path)
if path == "" {
return false
}

fsInfo, err := c.detectFilesystemInfo(context.Background(), path)
fsInfo, err := c.detectFilesystemInfo(ctx, path)
if err != nil {
if c.logger != nil {
c.logger.Debug("Security check: filesystem detection failed for %s; continuing with POSIX permission checks: %v", path, err)
Expand Down
16 changes: 8 additions & 8 deletions internal/security/security_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -311,7 +311,7 @@ func TestVerifyDirectoriesCreatesMissing(t *testing.T) {
SecureAccount: filepath.Join(baseDir, "secure_account"),
}
checker := newChecker(t, cfg)
checker.verifyDirectories()
checker.verifyDirectories(context.Background())

paths := []string{
cfg.BackupPath,
Expand Down Expand Up @@ -1721,7 +1721,7 @@ func TestVerifyDirectoriesSkipOwnership(t *testing.T) {
result: &Result{},
}

checker.verifyDirectories()
checker.verifyDirectories(context.Background())

// Should not have ownership warnings for backup dir when SetBackupPermissions=true
// The function should skip ownership checks for this path
Expand All @@ -1742,7 +1742,7 @@ func TestVerifyDirectoriesEmptyPath(t *testing.T) {
result: &Result{},
}

checker.verifyDirectories()
checker.verifyDirectories(context.Background())

// Should not create directories for empty paths
// Only identity dirs should be checked
Expand Down Expand Up @@ -2083,7 +2083,7 @@ func TestVerifyDirectoriesWithAllPaths(t *testing.T) {
result: &Result{},
}

checker.verifyDirectories()
checker.verifyDirectories(context.Background())

// All directories should be created
paths := []string{
Expand Down Expand Up @@ -2337,7 +2337,7 @@ func TestVerifyDirectoriesWithExistingDir(t *testing.T) {
result: &Result{},
}

checker.verifyDirectories()
checker.verifyDirectories(context.Background())

// Should have warning about wrong permissions
hasPermWarning := false
Expand Down Expand Up @@ -2369,7 +2369,7 @@ func TestVerifyDirectoriesSkipOwnershipForBackup(t *testing.T) {
result: &Result{},
}

checker.verifyDirectories()
checker.verifyDirectories(context.Background())

// The backup directory should have ownership check skipped
// Ownership warnings for backup path should not appear
Expand Down Expand Up @@ -2412,7 +2412,7 @@ func TestVerifyDirectoriesSkipsPOSIXChecksOnCIFSBackupPath(t *testing.T) {
},
}

checker.verifyDirectories()
checker.verifyDirectories(context.Background())

for _, issue := range checker.result.Issues {
if strings.Contains(issue.Message, backupDir) &&
Expand Down Expand Up @@ -2647,7 +2647,7 @@ func TestVerifyDirectoriesStatOtherError(t *testing.T) {
result: &Result{},
}

checker.verifyDirectories()
checker.verifyDirectories(context.Background())

// The function should handle this case (file exists but is not a directory)
}
Expand Down
Loading