diff --git a/internal/cephfs/nodeserver.go b/internal/cephfs/nodeserver.go index 52d9b39fd..9f1fdf368 100644 --- a/internal/cephfs/nodeserver.go +++ b/internal/cephfs/nodeserver.go @@ -432,6 +432,7 @@ func getBackingSnapshotRoot( snapshotsBase := path.Join(stagingTargetPath, ".snap") + //nolint:gosec // intended use of a variable for the path dir, err := os.Open(snapshotsBase) if err != nil { log.ErrorLog(ctx, "failed to open %s when searching for snapshot root: %v", snapshotsBase, err) diff --git a/internal/health-checker/manager.go b/internal/health-checker/manager.go index 6a08e6b3d..3d6b71fce 100644 --- a/internal/health-checker/manager.go +++ b/internal/health-checker/manager.go @@ -115,7 +115,7 @@ func (hcm *healthCheckManager) createChecker(volumeID, path string, ct CheckerTy // startFileChecker initializes the fileChecker and starts it. func (hcm *healthCheckManager) startFileChecker(volumeID, path string, shared bool) error { workdir := filepath.Join(path, ".csi") - err := os.Mkdir(workdir, 0o755) + err := os.Mkdir(workdir, 0o750) if err != nil && !os.IsExist(err) { return fmt.Errorf("failed to created workdir %q for health-checker: %w", workdir, err) } diff --git a/internal/util/pidlimit.go b/internal/util/pidlimit.go index d1d1325f9..fd93603e6 100644 --- a/internal/util/pidlimit.go +++ b/internal/util/pidlimit.go @@ -120,6 +120,7 @@ func SetPIDLimit(limit int) error { return err } + //nolint:gosec // pidsMax is the intended file to use f, err := os.Create(pidsMax) if err != nil { return err diff --git a/tools/yamlgen/main.go b/tools/yamlgen/main.go index de54a5138..662d03711 100644 --- a/tools/yamlgen/main.go +++ b/tools/yamlgen/main.go @@ -98,6 +98,7 @@ func writeArtifact(artifact deploymentArtifact) { dir := path.Dir(artifact.filename) _, err := os.Stat(dir) if os.IsNotExist(err) { + //nolint:gosec // 0o750 is recommended, but the contents should be public err = os.MkdirAll(dir, 0o775) if err != nil { panic(fmt.Sprintf("failed to create directory %q: %v", dir, err))