From 7fe0895429cb0fb8bf5283e9c875434b1e810e7e Mon Sep 17 00:00:00 2001 From: "Harper, Jason M" Date: Wed, 4 Mar 2026 14:06:42 -0800 Subject: [PATCH 1/3] chore: address static analysis findings Signed-off-by: Harper, Jason M --- cmd/config/config.go | 1 + cmd/config/restore.go | 2 +- cmd/config/set.go | 3 --- cmd/metrics/metadata.go | 1 + cmd/metrics/metric.go | 1 + cmd/metrics/print.go | 4 ++++ cmd/metrics/summary.go | 2 ++ cmd/root.go | 1 + cmd/telemetry/telemetry_tables.go | 1 + internal/script/script.go | 2 +- internal/workflow/reports.go | 1 + internal/workflow/targets.go | 2 ++ 12 files changed, 16 insertions(+), 5 deletions(-) diff --git a/cmd/config/config.go b/cmd/config/config.go index f36d6ef8..8ab39e0a 100644 --- a/cmd/config/config.go +++ b/cmd/config/config.go @@ -360,6 +360,7 @@ func printConfig(reports map[string][]byte, toStdout bool, toFile bool, outputDi } if toFile { outputFilePath := fmt.Sprintf("%s/%s_config.txt", outputDir, targetName) + // coverity[INSECURE_FILE_PERMISSIONS:FALSE] - file permissions are set to 0644 to allow user read/write and group/other read, which is appropriate for the output files err := os.WriteFile(outputFilePath, reportBytes, 0644) // #nosec G306 if err != nil { err = fmt.Errorf("failed to write configuration report to file: %v", err) diff --git a/cmd/config/restore.go b/cmd/config/restore.go index f12729a1..29c50a3d 100644 --- a/cmd/config/restore.go +++ b/cmd/config/restore.go @@ -214,7 +214,7 @@ func runRestoreCmd(cmd *cobra.Command, args []string) error { // execute the command slog.Info("executing perfspect config", slog.String("command", executable), slog.String("args", strings.Join(cmdArgs, " "))) - execCmd := exec.Command(executable, cmdArgs...) + execCmd := exec.Command(executable, cmdArgs...) // nosemgrep execCmd.Stdin = os.Stdin // capture stdout and stderr (don't display in real-time to avoid interfering with spinner) diff --git a/cmd/config/set.go b/cmd/config/set.go index b9f0aa4e..e060fc98 100644 --- a/cmd/config/set.go +++ b/cmd/config/set.go @@ -401,9 +401,6 @@ func setSSEFrequencies(sseFrequencies string, myTarget target.Target, localTempD } else { archMultiplier = 1 } - if archMultiplier == 0 { - return fmt.Errorf("unsupported microarchitecture for SSE frequency setting: %s", uarch) - } adjustedBucketSizes := make([]int, len(bucketSizes)) for i, size := range bucketSizes { adjustedBucketSizes[i] = size * archMultiplier diff --git a/cmd/metrics/metadata.go b/cmd/metrics/metadata.go index 87ac4461..a1612073 100644 --- a/cmd/metrics/metadata.go +++ b/cmd/metrics/metadata.go @@ -334,6 +334,7 @@ func (md Metadata) JSON() (out []byte, err error) { // WriteJSONToFile writes the metadata structure to the filename provided. // Note that the file will be truncated. func (md Metadata) WriteJSONToFile(path string) (err error) { + // coverity[INSECURE_FILE_PERMISSIONS:FALSE] - file permissions are set to 0644 to allow user read/write and group/other read, which is appropriate for the output files rawFile, err := os.OpenFile(path, os.O_CREATE|os.O_TRUNC|os.O_WRONLY, 0644) // #nosec G304 G302 if err != nil { slog.Error("failed to open raw file for writing", slog.String("error", err.Error())) diff --git a/cmd/metrics/metric.go b/cmd/metrics/metric.go index 019d3e9d..1e16e3ae 100644 --- a/cmd/metrics/metric.go +++ b/cmd/metrics/metric.go @@ -201,6 +201,7 @@ func evaluateExpression(metric MetricDefinition, variables map[string]any) (resu // write json formatted events to raw file func writeEventsToFile(path string, events [][]byte) (err error) { + // coverity[INSECURE_FILE_PERMISSIONS:FALSE] - file permissions are set to 0644 to allow user read/write and group/other read, which is appropriate for the output files rawFile, err := os.OpenFile(path, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644) // #nosec G304 G302 if err != nil { slog.Error("failed to open raw file for writing", slog.String("error", err.Error())) diff --git a/cmd/metrics/print.go b/cmd/metrics/print.go index dc7e9482..bdfb798c 100644 --- a/cmd/metrics/print.go +++ b/cmd/metrics/print.go @@ -141,6 +141,7 @@ func printMetricsJSON(metricFrames []MetricFrame, metricDefinitions []MetricDefi } if printToFile { var file *os.File + // coverity[INSECURE_FILE_PERMISSIONS:FALSE] - file permissions are set to 0644 to allow user read/write and group/other read, which is appropriate for the output files file, err = os.OpenFile(filename, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644) // #nosec G304 G302 if err != nil { return @@ -164,6 +165,7 @@ func printMetricsCSV(metricFrames []MetricFrame, frameCount int, metricDefinitio var file *os.File if printToFile { // open file for writing/appending + // coverity[INSECURE_FILE_PERMISSIONS:FALSE] - file permissions are set to 0644 to allow user read/write and group/other read, which is appropriate for the output files file, err = os.OpenFile(filename, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644) // #nosec G304 G302 if err != nil { return @@ -226,6 +228,7 @@ func printMetricsWide(metricFrames []MetricFrame, frameCount int, metricDefiniti var file *os.File if printToFile { // open file for writing/appending + // coverity[INSECURE_FILE_PERMISSIONS:FALSE] - file permissions are set to 0644 to allow user read/write and group/other read, which is appropriate for the output files file, err = os.OpenFile(filename, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644) // #nosec G304 G302 if err != nil { return @@ -379,6 +382,7 @@ func printMetricsTxt(metricFrames []MetricFrame, metricDefinitions []MetricDefin if printToFile { // open file for writing/appending var file *os.File + // coverity[INSECURE_FILE_PERMISSIONS:FALSE] - file permissions are set to 0644 to allow user read/write and group/other read, which is appropriate for the output files file, err = os.OpenFile(outputDir+"/"+targetName+"_"+"metrics.txt", os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644) // #nosec G304 G302 if err != nil { return diff --git a/cmd/metrics/summary.go b/cmd/metrics/summary.go index fafbd686..d88eb1a5 100644 --- a/cmd/metrics/summary.go +++ b/cmd/metrics/summary.go @@ -55,6 +55,7 @@ func summarizeMetricsWithTrim(localInputDir, localOutputDir, targetName string, return filesCreated, err } csvSummaryFile := filepath.Join(localOutputDir, targetName+"_metrics_summary.csv") + // coverity[INSECURE_FILE_PERMISSIONS:FALSE] - file permissions are set to 0644 to allow user read/write and group/other read, which is appropriate for the output files err = os.WriteFile(csvSummaryFile, []byte(out), 0644) // #nosec G306 if err != nil { err = fmt.Errorf("failed to write summary to file: %w", err) @@ -68,6 +69,7 @@ func summarizeMetricsWithTrim(localInputDir, localOutputDir, targetName string, return filesCreated, err } htmlSummaryFile := filepath.Join(localOutputDir, targetName+"_metrics_summary.html") + // coverity[INSECURE_FILE_PERMISSIONS:FALSE] - file permissions are set to 0644 to allow user read/write and group/other read, which is appropriate for the output files err = os.WriteFile(htmlSummaryFile, []byte(out), 0644) // #nosec G306 if err != nil { err = fmt.Errorf("failed to write HTML summary to file: %w", err) diff --git a/cmd/root.go b/cmd/root.go index 2aa5a5c5..ae7dc095 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -188,6 +188,7 @@ func initializeApplication(cmd *cobra.Command, args []string) error { } else { // log to file // open log file in current directory var err error + // coverity[INSECURE_FILE_PERMISSIONS:FALSE] - file permissions are set to 0644 to allow user read/write and group/other read, which is appropriate for the output files gLogFile, err = os.OpenFile(app.Name+".log", os.O_CREATE|os.O_APPEND|os.O_WRONLY, 0644) // #nosec G302 if err != nil { fmt.Printf("Error: failed to open log file: %v\n", err) diff --git a/cmd/telemetry/telemetry_tables.go b/cmd/telemetry/telemetry_tables.go index 5a68093a..65f0668f 100644 --- a/cmd/telemetry/telemetry_tables.go +++ b/cmd/telemetry/telemetry_tables.go @@ -823,6 +823,7 @@ func kernelTelemetryTableValues(outputs map[string]script.ScriptOutput) []table. } } for i := range fields { + // coverity[INFINITE_LOOP:FALSE] - false positive, loop will terminate when len(fields[i].Values) >= maxLen for len(fields[i].Values) < maxLen { fields[i].Values = append(fields[i].Values, "") } diff --git a/internal/script/script.go b/internal/script/script.go index d280086e..a3767c15 100644 --- a/internal/script/script.go +++ b/internal/script/script.go @@ -13,7 +13,7 @@ import ( "path" "strconv" "strings" - "text/template" + "text/template" // nosemgrep "perfspect/internal/progress" "perfspect/internal/target" diff --git a/internal/workflow/reports.go b/internal/workflow/reports.go index 4f6bc643..7cdc699c 100644 --- a/internal/workflow/reports.go +++ b/internal/workflow/reports.go @@ -45,6 +45,7 @@ func (rc *ReportingCommand) createRawReports(appContext app.Context, orderedTarg // writeReport writes the report bytes to the specified path. func writeReport(reportBytes []byte, reportPath string) error { + // coverity[INSECURE_FILE_PERMISSIONS:FALSE] - file permissions are set to 0644 to allow user read/write and group/other read, which is appropriate for the output files err := os.WriteFile(reportPath, reportBytes, 0644) // #nosec G306 if err != nil { err = fmt.Errorf("failed to write report file: %v", err) diff --git a/internal/workflow/targets.go b/internal/workflow/targets.go index 64a60375..95dd93c7 100644 --- a/internal/workflow/targets.go +++ b/internal/workflow/targets.go @@ -411,8 +411,10 @@ func getHostArchitecture() (string, error) { switch runtime.GOARCH { case "amd64": return cpus.X86Architecture, nil + // coverity[DEADCODE:FALSE] - coverity is not recognizing that this case is valid when running on ARM architecture case "arm64": return cpus.ARMArchitecture, nil + // coverity[DEADCODE:FALSE] - coverity is not recognizing that this case is valid when running on an architecture other than x86 or ARM default: slog.Error("unsupported architecture", slog.String("architecture", runtime.GOARCH)) err := fmt.Errorf("unsupported architecture: %s", runtime.GOARCH) From b7a952f43c57b6025b4b2c88c6b79b8e058bb352 Mon Sep 17 00:00:00 2001 From: "Harper, Jason M" Date: Wed, 4 Mar 2026 14:46:46 -0800 Subject: [PATCH 2/3] try alternate coverity suppression style Signed-off-by: Harper, Jason M --- cmd/config/config.go | 2 +- cmd/metrics/metadata.go | 2 +- cmd/metrics/metric.go | 2 +- cmd/metrics/print.go | 8 ++++---- cmd/metrics/summary.go | 4 ++-- cmd/root.go | 2 +- cmd/telemetry/telemetry_tables.go | 2 +- internal/workflow/reports.go | 2 +- internal/workflow/targets.go | 4 ++-- 9 files changed, 14 insertions(+), 14 deletions(-) diff --git a/cmd/config/config.go b/cmd/config/config.go index 8ab39e0a..96ed0756 100644 --- a/cmd/config/config.go +++ b/cmd/config/config.go @@ -360,7 +360,7 @@ func printConfig(reports map[string][]byte, toStdout bool, toFile bool, outputDi } if toFile { outputFilePath := fmt.Sprintf("%s/%s_config.txt", outputDir, targetName) - // coverity[INSECURE_FILE_PERMISSIONS:FALSE] - file permissions are set to 0644 to allow user read/write and group/other read, which is appropriate for the output files + //coverity[INSECURE_FILE_PERMISSIONS] - file permissions are set to 0644 to allow user read/write and group/other read, which is appropriate for the output files err := os.WriteFile(outputFilePath, reportBytes, 0644) // #nosec G306 if err != nil { err = fmt.Errorf("failed to write configuration report to file: %v", err) diff --git a/cmd/metrics/metadata.go b/cmd/metrics/metadata.go index a1612073..66c73e80 100644 --- a/cmd/metrics/metadata.go +++ b/cmd/metrics/metadata.go @@ -334,7 +334,7 @@ func (md Metadata) JSON() (out []byte, err error) { // WriteJSONToFile writes the metadata structure to the filename provided. // Note that the file will be truncated. func (md Metadata) WriteJSONToFile(path string) (err error) { - // coverity[INSECURE_FILE_PERMISSIONS:FALSE] - file permissions are set to 0644 to allow user read/write and group/other read, which is appropriate for the output files + //coverity[INSECURE_FILE_PERMISSIONS] - file permissions are set to 0644 to allow user read/write and group/other read, which is appropriate for the output files rawFile, err := os.OpenFile(path, os.O_CREATE|os.O_TRUNC|os.O_WRONLY, 0644) // #nosec G304 G302 if err != nil { slog.Error("failed to open raw file for writing", slog.String("error", err.Error())) diff --git a/cmd/metrics/metric.go b/cmd/metrics/metric.go index 1e16e3ae..a05d546d 100644 --- a/cmd/metrics/metric.go +++ b/cmd/metrics/metric.go @@ -201,7 +201,7 @@ func evaluateExpression(metric MetricDefinition, variables map[string]any) (resu // write json formatted events to raw file func writeEventsToFile(path string, events [][]byte) (err error) { - // coverity[INSECURE_FILE_PERMISSIONS:FALSE] - file permissions are set to 0644 to allow user read/write and group/other read, which is appropriate for the output files + //coverity[INSECURE_FILE_PERMISSIONS] - file permissions are set to 0644 to allow user read/write and group/other read, which is appropriate for the output files rawFile, err := os.OpenFile(path, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644) // #nosec G304 G302 if err != nil { slog.Error("failed to open raw file for writing", slog.String("error", err.Error())) diff --git a/cmd/metrics/print.go b/cmd/metrics/print.go index bdfb798c..b53b23e2 100644 --- a/cmd/metrics/print.go +++ b/cmd/metrics/print.go @@ -141,7 +141,7 @@ func printMetricsJSON(metricFrames []MetricFrame, metricDefinitions []MetricDefi } if printToFile { var file *os.File - // coverity[INSECURE_FILE_PERMISSIONS:FALSE] - file permissions are set to 0644 to allow user read/write and group/other read, which is appropriate for the output files + //coverity[INSECURE_FILE_PERMISSIONS] - file permissions are set to 0644 to allow user read/write and group/other read, which is appropriate for the output files file, err = os.OpenFile(filename, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644) // #nosec G304 G302 if err != nil { return @@ -165,7 +165,7 @@ func printMetricsCSV(metricFrames []MetricFrame, frameCount int, metricDefinitio var file *os.File if printToFile { // open file for writing/appending - // coverity[INSECURE_FILE_PERMISSIONS:FALSE] - file permissions are set to 0644 to allow user read/write and group/other read, which is appropriate for the output files + //coverity[INSECURE_FILE_PERMISSIONS] - file permissions are set to 0644 to allow user read/write and group/other read, which is appropriate for the output files file, err = os.OpenFile(filename, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644) // #nosec G304 G302 if err != nil { return @@ -228,7 +228,7 @@ func printMetricsWide(metricFrames []MetricFrame, frameCount int, metricDefiniti var file *os.File if printToFile { // open file for writing/appending - // coverity[INSECURE_FILE_PERMISSIONS:FALSE] - file permissions are set to 0644 to allow user read/write and group/other read, which is appropriate for the output files + //coverity[INSECURE_FILE_PERMISSIONS] - file permissions are set to 0644 to allow user read/write and group/other read, which is appropriate for the output files file, err = os.OpenFile(filename, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644) // #nosec G304 G302 if err != nil { return @@ -382,7 +382,7 @@ func printMetricsTxt(metricFrames []MetricFrame, metricDefinitions []MetricDefin if printToFile { // open file for writing/appending var file *os.File - // coverity[INSECURE_FILE_PERMISSIONS:FALSE] - file permissions are set to 0644 to allow user read/write and group/other read, which is appropriate for the output files + //coverity[INSECURE_FILE_PERMISSIONS] - file permissions are set to 0644 to allow user read/write and group/other read, which is appropriate for the output files file, err = os.OpenFile(outputDir+"/"+targetName+"_"+"metrics.txt", os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644) // #nosec G304 G302 if err != nil { return diff --git a/cmd/metrics/summary.go b/cmd/metrics/summary.go index d88eb1a5..08872408 100644 --- a/cmd/metrics/summary.go +++ b/cmd/metrics/summary.go @@ -55,7 +55,7 @@ func summarizeMetricsWithTrim(localInputDir, localOutputDir, targetName string, return filesCreated, err } csvSummaryFile := filepath.Join(localOutputDir, targetName+"_metrics_summary.csv") - // coverity[INSECURE_FILE_PERMISSIONS:FALSE] - file permissions are set to 0644 to allow user read/write and group/other read, which is appropriate for the output files + //coverity[INSECURE_FILE_PERMISSIONS] - file permissions are set to 0644 to allow user read/write and group/other read, which is appropriate for the output files err = os.WriteFile(csvSummaryFile, []byte(out), 0644) // #nosec G306 if err != nil { err = fmt.Errorf("failed to write summary to file: %w", err) @@ -69,7 +69,7 @@ func summarizeMetricsWithTrim(localInputDir, localOutputDir, targetName string, return filesCreated, err } htmlSummaryFile := filepath.Join(localOutputDir, targetName+"_metrics_summary.html") - // coverity[INSECURE_FILE_PERMISSIONS:FALSE] - file permissions are set to 0644 to allow user read/write and group/other read, which is appropriate for the output files + //coverity[INSECURE_FILE_PERMISSIONS] - file permissions are set to 0644 to allow user read/write and group/other read, which is appropriate for the output files err = os.WriteFile(htmlSummaryFile, []byte(out), 0644) // #nosec G306 if err != nil { err = fmt.Errorf("failed to write HTML summary to file: %w", err) diff --git a/cmd/root.go b/cmd/root.go index ae7dc095..602963a7 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -188,7 +188,7 @@ func initializeApplication(cmd *cobra.Command, args []string) error { } else { // log to file // open log file in current directory var err error - // coverity[INSECURE_FILE_PERMISSIONS:FALSE] - file permissions are set to 0644 to allow user read/write and group/other read, which is appropriate for the output files + //coverity[INSECURE_FILE_PERMISSIONS] - file permissions are set to 0644 to allow user read/write and group/other read, which is appropriate for the output files gLogFile, err = os.OpenFile(app.Name+".log", os.O_CREATE|os.O_APPEND|os.O_WRONLY, 0644) // #nosec G302 if err != nil { fmt.Printf("Error: failed to open log file: %v\n", err) diff --git a/cmd/telemetry/telemetry_tables.go b/cmd/telemetry/telemetry_tables.go index 65f0668f..412fcd02 100644 --- a/cmd/telemetry/telemetry_tables.go +++ b/cmd/telemetry/telemetry_tables.go @@ -823,7 +823,7 @@ func kernelTelemetryTableValues(outputs map[string]script.ScriptOutput) []table. } } for i := range fields { - // coverity[INFINITE_LOOP:FALSE] - false positive, loop will terminate when len(fields[i].Values) >= maxLen + //coverity[INFINITE_LOOP] - false positive, loop will terminate when len(fields[i].Values) >= maxLen for len(fields[i].Values) < maxLen { fields[i].Values = append(fields[i].Values, "") } diff --git a/internal/workflow/reports.go b/internal/workflow/reports.go index 7cdc699c..b8cc94d2 100644 --- a/internal/workflow/reports.go +++ b/internal/workflow/reports.go @@ -45,7 +45,7 @@ func (rc *ReportingCommand) createRawReports(appContext app.Context, orderedTarg // writeReport writes the report bytes to the specified path. func writeReport(reportBytes []byte, reportPath string) error { - // coverity[INSECURE_FILE_PERMISSIONS:FALSE] - file permissions are set to 0644 to allow user read/write and group/other read, which is appropriate for the output files + //coverity[INSECURE_FILE_PERMISSIONS] - file permissions are set to 0644 to allow user read/write and group/other read, which is appropriate for the output files err := os.WriteFile(reportPath, reportBytes, 0644) // #nosec G306 if err != nil { err = fmt.Errorf("failed to write report file: %v", err) diff --git a/internal/workflow/targets.go b/internal/workflow/targets.go index 95dd93c7..7060bf13 100644 --- a/internal/workflow/targets.go +++ b/internal/workflow/targets.go @@ -411,10 +411,10 @@ func getHostArchitecture() (string, error) { switch runtime.GOARCH { case "amd64": return cpus.X86Architecture, nil - // coverity[DEADCODE:FALSE] - coverity is not recognizing that this case is valid when running on ARM architecture + //coverity[DEADCODE] - coverity is not recognizing that this case is valid when running on ARM architecture case "arm64": return cpus.ARMArchitecture, nil - // coverity[DEADCODE:FALSE] - coverity is not recognizing that this case is valid when running on an architecture other than x86 or ARM + //coverity[DEADCODE] - coverity is not recognizing that this case is valid when running on an architecture other than x86 or ARM default: slog.Error("unsupported architecture", slog.String("architecture", runtime.GOARCH)) err := fmt.Errorf("unsupported architecture: %s", runtime.GOARCH) From df45d684ef87c72a4ce9ccb2f912013f8c4dc35d Mon Sep 17 00:00:00 2001 From: "Harper, Jason M" Date: Wed, 4 Mar 2026 16:41:38 -0800 Subject: [PATCH 3/3] revert coverity annotations Signed-off-by: Harper, Jason M --- cmd/config/config.go | 1 - cmd/metrics/metadata.go | 1 - cmd/metrics/metric.go | 1 - cmd/metrics/print.go | 4 ---- cmd/metrics/summary.go | 2 -- cmd/root.go | 1 - cmd/telemetry/telemetry_tables.go | 1 - internal/workflow/reports.go | 1 - internal/workflow/targets.go | 2 -- 9 files changed, 14 deletions(-) diff --git a/cmd/config/config.go b/cmd/config/config.go index 96ed0756..f36d6ef8 100644 --- a/cmd/config/config.go +++ b/cmd/config/config.go @@ -360,7 +360,6 @@ func printConfig(reports map[string][]byte, toStdout bool, toFile bool, outputDi } if toFile { outputFilePath := fmt.Sprintf("%s/%s_config.txt", outputDir, targetName) - //coverity[INSECURE_FILE_PERMISSIONS] - file permissions are set to 0644 to allow user read/write and group/other read, which is appropriate for the output files err := os.WriteFile(outputFilePath, reportBytes, 0644) // #nosec G306 if err != nil { err = fmt.Errorf("failed to write configuration report to file: %v", err) diff --git a/cmd/metrics/metadata.go b/cmd/metrics/metadata.go index 66c73e80..87ac4461 100644 --- a/cmd/metrics/metadata.go +++ b/cmd/metrics/metadata.go @@ -334,7 +334,6 @@ func (md Metadata) JSON() (out []byte, err error) { // WriteJSONToFile writes the metadata structure to the filename provided. // Note that the file will be truncated. func (md Metadata) WriteJSONToFile(path string) (err error) { - //coverity[INSECURE_FILE_PERMISSIONS] - file permissions are set to 0644 to allow user read/write and group/other read, which is appropriate for the output files rawFile, err := os.OpenFile(path, os.O_CREATE|os.O_TRUNC|os.O_WRONLY, 0644) // #nosec G304 G302 if err != nil { slog.Error("failed to open raw file for writing", slog.String("error", err.Error())) diff --git a/cmd/metrics/metric.go b/cmd/metrics/metric.go index a05d546d..019d3e9d 100644 --- a/cmd/metrics/metric.go +++ b/cmd/metrics/metric.go @@ -201,7 +201,6 @@ func evaluateExpression(metric MetricDefinition, variables map[string]any) (resu // write json formatted events to raw file func writeEventsToFile(path string, events [][]byte) (err error) { - //coverity[INSECURE_FILE_PERMISSIONS] - file permissions are set to 0644 to allow user read/write and group/other read, which is appropriate for the output files rawFile, err := os.OpenFile(path, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644) // #nosec G304 G302 if err != nil { slog.Error("failed to open raw file for writing", slog.String("error", err.Error())) diff --git a/cmd/metrics/print.go b/cmd/metrics/print.go index b53b23e2..dc7e9482 100644 --- a/cmd/metrics/print.go +++ b/cmd/metrics/print.go @@ -141,7 +141,6 @@ func printMetricsJSON(metricFrames []MetricFrame, metricDefinitions []MetricDefi } if printToFile { var file *os.File - //coverity[INSECURE_FILE_PERMISSIONS] - file permissions are set to 0644 to allow user read/write and group/other read, which is appropriate for the output files file, err = os.OpenFile(filename, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644) // #nosec G304 G302 if err != nil { return @@ -165,7 +164,6 @@ func printMetricsCSV(metricFrames []MetricFrame, frameCount int, metricDefinitio var file *os.File if printToFile { // open file for writing/appending - //coverity[INSECURE_FILE_PERMISSIONS] - file permissions are set to 0644 to allow user read/write and group/other read, which is appropriate for the output files file, err = os.OpenFile(filename, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644) // #nosec G304 G302 if err != nil { return @@ -228,7 +226,6 @@ func printMetricsWide(metricFrames []MetricFrame, frameCount int, metricDefiniti var file *os.File if printToFile { // open file for writing/appending - //coverity[INSECURE_FILE_PERMISSIONS] - file permissions are set to 0644 to allow user read/write and group/other read, which is appropriate for the output files file, err = os.OpenFile(filename, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644) // #nosec G304 G302 if err != nil { return @@ -382,7 +379,6 @@ func printMetricsTxt(metricFrames []MetricFrame, metricDefinitions []MetricDefin if printToFile { // open file for writing/appending var file *os.File - //coverity[INSECURE_FILE_PERMISSIONS] - file permissions are set to 0644 to allow user read/write and group/other read, which is appropriate for the output files file, err = os.OpenFile(outputDir+"/"+targetName+"_"+"metrics.txt", os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644) // #nosec G304 G302 if err != nil { return diff --git a/cmd/metrics/summary.go b/cmd/metrics/summary.go index 08872408..fafbd686 100644 --- a/cmd/metrics/summary.go +++ b/cmd/metrics/summary.go @@ -55,7 +55,6 @@ func summarizeMetricsWithTrim(localInputDir, localOutputDir, targetName string, return filesCreated, err } csvSummaryFile := filepath.Join(localOutputDir, targetName+"_metrics_summary.csv") - //coverity[INSECURE_FILE_PERMISSIONS] - file permissions are set to 0644 to allow user read/write and group/other read, which is appropriate for the output files err = os.WriteFile(csvSummaryFile, []byte(out), 0644) // #nosec G306 if err != nil { err = fmt.Errorf("failed to write summary to file: %w", err) @@ -69,7 +68,6 @@ func summarizeMetricsWithTrim(localInputDir, localOutputDir, targetName string, return filesCreated, err } htmlSummaryFile := filepath.Join(localOutputDir, targetName+"_metrics_summary.html") - //coverity[INSECURE_FILE_PERMISSIONS] - file permissions are set to 0644 to allow user read/write and group/other read, which is appropriate for the output files err = os.WriteFile(htmlSummaryFile, []byte(out), 0644) // #nosec G306 if err != nil { err = fmt.Errorf("failed to write HTML summary to file: %w", err) diff --git a/cmd/root.go b/cmd/root.go index 602963a7..2aa5a5c5 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -188,7 +188,6 @@ func initializeApplication(cmd *cobra.Command, args []string) error { } else { // log to file // open log file in current directory var err error - //coverity[INSECURE_FILE_PERMISSIONS] - file permissions are set to 0644 to allow user read/write and group/other read, which is appropriate for the output files gLogFile, err = os.OpenFile(app.Name+".log", os.O_CREATE|os.O_APPEND|os.O_WRONLY, 0644) // #nosec G302 if err != nil { fmt.Printf("Error: failed to open log file: %v\n", err) diff --git a/cmd/telemetry/telemetry_tables.go b/cmd/telemetry/telemetry_tables.go index 412fcd02..5a68093a 100644 --- a/cmd/telemetry/telemetry_tables.go +++ b/cmd/telemetry/telemetry_tables.go @@ -823,7 +823,6 @@ func kernelTelemetryTableValues(outputs map[string]script.ScriptOutput) []table. } } for i := range fields { - //coverity[INFINITE_LOOP] - false positive, loop will terminate when len(fields[i].Values) >= maxLen for len(fields[i].Values) < maxLen { fields[i].Values = append(fields[i].Values, "") } diff --git a/internal/workflow/reports.go b/internal/workflow/reports.go index b8cc94d2..4f6bc643 100644 --- a/internal/workflow/reports.go +++ b/internal/workflow/reports.go @@ -45,7 +45,6 @@ func (rc *ReportingCommand) createRawReports(appContext app.Context, orderedTarg // writeReport writes the report bytes to the specified path. func writeReport(reportBytes []byte, reportPath string) error { - //coverity[INSECURE_FILE_PERMISSIONS] - file permissions are set to 0644 to allow user read/write and group/other read, which is appropriate for the output files err := os.WriteFile(reportPath, reportBytes, 0644) // #nosec G306 if err != nil { err = fmt.Errorf("failed to write report file: %v", err) diff --git a/internal/workflow/targets.go b/internal/workflow/targets.go index 7060bf13..64a60375 100644 --- a/internal/workflow/targets.go +++ b/internal/workflow/targets.go @@ -411,10 +411,8 @@ func getHostArchitecture() (string, error) { switch runtime.GOARCH { case "amd64": return cpus.X86Architecture, nil - //coverity[DEADCODE] - coverity is not recognizing that this case is valid when running on ARM architecture case "arm64": return cpus.ARMArchitecture, nil - //coverity[DEADCODE] - coverity is not recognizing that this case is valid when running on an architecture other than x86 or ARM default: slog.Error("unsupported architecture", slog.String("architecture", runtime.GOARCH)) err := fmt.Errorf("unsupported architecture: %s", runtime.GOARCH)