From d673d59bafee35e706eb0df395a13426d1a39fbc Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 25 Feb 2026 10:39:44 +0000 Subject: [PATCH 1/2] Initial plan From cba62fc3e7cdf78dc92bf4d7152e86312abcfa25 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 25 Feb 2026 10:43:22 +0000 Subject: [PATCH 2/2] Fix gosec lint issues: G115, G706, G703 and update stale proto files Co-authored-by: pjbgf <5452977+pjbgf@users.noreply.github.com> --- internal/profiles/profiles.go | 8 ++-- internal/runners/docker/run.go | 2 +- internal/runners/podman/run.go | 2 +- pkg/inception/proto/host.pb.go | 62 ++++++++++------------------- pkg/inception/proto/host_grpc.pb.go | 12 +++--- 5 files changed, 32 insertions(+), 54 deletions(-) diff --git a/internal/profiles/profiles.go b/internal/profiles/profiles.go index a27911a..a5145ef 100644 --- a/internal/profiles/profiles.go +++ b/internal/profiles/profiles.go @@ -249,7 +249,7 @@ func Start(runner string, profile *types.Profile, cfg *types.Config, interactive } } - if len(imgs) > 1 && term.IsTerminal(int(os.Stdout.Fd())) { + if len(imgs) > 1 && term.IsTerminal(int(os.Stdout.Fd())) { //nolint:gosec // G115: fd values fit in int if proceed("Not all workload images are present. Start loading them on the background?") { go images.PreemptWorkloadImages(binary, cfg) } @@ -417,8 +417,8 @@ func createMagicCookie(profile *types.Profile) error { xauthority = os.ExpandEnv("${HOME}/.XAUTHORITY") } - slog.Debug("opening parent xauthority", "path", xauthority) - parent, err := os.Open(xauthority) + slog.Debug("opening parent xauthority", "path", xauthority) //nolint:gosec // G706: path is from trusted env var + parent, err := os.Open(xauthority) //nolint:gosec // G703: path is from trusted env var if err != nil { slog.Debug("failed to open parent xauthority", "error", err) return err @@ -670,7 +670,7 @@ func createNewDisplay(bin string, ca, cert, key []byte, profile *types.Profile, grabberShortcut()) } - slog.Debug("exec: "+bin, "args", dockerArgs) + slog.Debug("exec", "binary", bin, "args", dockerArgs) //nolint:gosec // G706: binary path is from trusted config cmd := execabs.Command(bin, dockerArgs...) cmd.Env = append(cmd.Env, os.Environ()...) diff --git a/internal/runners/docker/run.go b/internal/runners/docker/run.go index 9879059..9ae908b 100644 --- a/internal/runners/docker/run.go +++ b/internal/runners/docker/run.go @@ -263,7 +263,7 @@ func Run(ew types.EffectiveWorkload) error { args = append(args, wl.Command) args = append(args, wl.Args...) - slog.Debug(fmt.Sprintf("exec: %s", runnerBinary), "args", args) + slog.Debug("exec", "binary", runnerBinary, "args", args) //nolint:gosec // G706: binary path is from trusted config cmd := execabs.Command(runnerBinary, args...) if ew.Workload.HostAccess.Mime { diff --git a/internal/runners/podman/run.go b/internal/runners/podman/run.go index 7de40c9..dbbab84 100644 --- a/internal/runners/podman/run.go +++ b/internal/runners/podman/run.go @@ -251,7 +251,7 @@ func Run(ew types.EffectiveWorkload) error { args = append(args, wl.Command) args = append(args, wl.Args...) - slog.Debug(fmt.Sprintf("exec: %s", runnerBinary), "args", args) + slog.Debug("exec", "binary", runnerBinary, "args", args) //nolint:gosec // G706: binary path is from trusted config cmd := execabs.Command(runnerBinary, args...) if ew.Workload.HostAccess.Mime { diff --git a/pkg/inception/proto/host.pb.go b/pkg/inception/proto/host.pb.go index 821bb1c..924f3cf 100644 --- a/pkg/inception/proto/host.pb.go +++ b/pkg/inception/proto/host.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.5 -// protoc v5.28.3 +// protoc-gen-go v1.36.11 +// protoc v6.33.5 // source: pkg/inception/proto/host.proto package proto @@ -279,46 +279,24 @@ func (*FlatpakRunWorkloadReply) Descriptor() ([]byte, []int) { var File_pkg_inception_proto_host_proto protoreflect.FileDescriptor -var file_pkg_inception_proto_host_proto_rawDesc = string([]byte{ - 0x0a, 0x1e, 0x70, 0x6b, 0x67, 0x2f, 0x69, 0x6e, 0x63, 0x65, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x2f, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x68, 0x6f, 0x73, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x12, 0x08, 0x71, 0x75, 0x62, 0x65, 0x73, 0x6f, 0x6d, 0x65, 0x22, 0x22, 0x0a, 0x0e, 0x58, 0x64, - 0x67, 0x4f, 0x70, 0x65, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x10, 0x0a, 0x03, - 0x75, 0x72, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x75, 0x72, 0x6c, 0x22, 0x0e, - 0x0a, 0x0c, 0x58, 0x64, 0x67, 0x4f, 0x70, 0x65, 0x6e, 0x52, 0x65, 0x70, 0x6c, 0x79, 0x22, 0x44, - 0x0a, 0x12, 0x52, 0x75, 0x6e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x52, 0x65, 0x71, - 0x75, 0x65, 0x73, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, - 0x12, 0x12, 0x0a, 0x04, 0x61, 0x72, 0x67, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, - 0x61, 0x72, 0x67, 0x73, 0x22, 0x12, 0x0a, 0x10, 0x52, 0x75, 0x6e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, - 0x6f, 0x61, 0x64, 0x52, 0x65, 0x70, 0x6c, 0x79, 0x22, 0x4b, 0x0a, 0x19, 0x46, 0x6c, 0x61, 0x74, - 0x70, 0x61, 0x6b, 0x52, 0x75, 0x6e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x52, 0x65, - 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, - 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, - 0x64, 0x12, 0x12, 0x0a, 0x04, 0x61, 0x72, 0x67, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x04, 0x61, 0x72, 0x67, 0x73, 0x22, 0x19, 0x0a, 0x17, 0x46, 0x6c, 0x61, 0x74, 0x70, 0x61, 0x6b, - 0x52, 0x75, 0x6e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x52, 0x65, 0x70, 0x6c, 0x79, - 0x32, 0xf8, 0x01, 0x0a, 0x0c, 0x51, 0x75, 0x62, 0x65, 0x73, 0x6f, 0x6d, 0x65, 0x48, 0x6f, 0x73, - 0x74, 0x12, 0x3d, 0x0a, 0x07, 0x58, 0x64, 0x67, 0x4f, 0x70, 0x65, 0x6e, 0x12, 0x18, 0x2e, 0x71, - 0x75, 0x62, 0x65, 0x73, 0x6f, 0x6d, 0x65, 0x2e, 0x58, 0x64, 0x67, 0x4f, 0x70, 0x65, 0x6e, 0x52, - 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x71, 0x75, 0x62, 0x65, 0x73, 0x6f, 0x6d, - 0x65, 0x2e, 0x58, 0x64, 0x67, 0x4f, 0x70, 0x65, 0x6e, 0x52, 0x65, 0x70, 0x6c, 0x79, 0x22, 0x00, - 0x12, 0x49, 0x0a, 0x0b, 0x52, 0x75, 0x6e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x12, - 0x1c, 0x2e, 0x71, 0x75, 0x62, 0x65, 0x73, 0x6f, 0x6d, 0x65, 0x2e, 0x52, 0x75, 0x6e, 0x57, 0x6f, - 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1a, 0x2e, - 0x71, 0x75, 0x62, 0x65, 0x73, 0x6f, 0x6d, 0x65, 0x2e, 0x52, 0x75, 0x6e, 0x57, 0x6f, 0x72, 0x6b, - 0x6c, 0x6f, 0x61, 0x64, 0x52, 0x65, 0x70, 0x6c, 0x79, 0x22, 0x00, 0x12, 0x5e, 0x0a, 0x12, 0x46, - 0x6c, 0x61, 0x74, 0x70, 0x61, 0x6b, 0x52, 0x75, 0x6e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, - 0x64, 0x12, 0x23, 0x2e, 0x71, 0x75, 0x62, 0x65, 0x73, 0x6f, 0x6d, 0x65, 0x2e, 0x46, 0x6c, 0x61, - 0x74, 0x70, 0x61, 0x6b, 0x52, 0x75, 0x6e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x52, - 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x21, 0x2e, 0x71, 0x75, 0x62, 0x65, 0x73, 0x6f, 0x6d, - 0x65, 0x2e, 0x46, 0x6c, 0x61, 0x74, 0x70, 0x61, 0x6b, 0x52, 0x75, 0x6e, 0x57, 0x6f, 0x72, 0x6b, - 0x6c, 0x6f, 0x61, 0x64, 0x52, 0x65, 0x70, 0x6c, 0x79, 0x22, 0x00, 0x42, 0x2d, 0x5a, 0x2b, 0x67, - 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x71, 0x75, 0x62, 0x65, 0x73, 0x6f, - 0x6d, 0x65, 0x2f, 0x63, 0x6c, 0x69, 0x2f, 0x70, 0x6b, 0x67, 0x2f, 0x69, 0x6e, 0x63, 0x65, 0x70, - 0x74, 0x69, 0x6f, 0x6e, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x33, -}) +const file_pkg_inception_proto_host_proto_rawDesc = "" + + "\n" + + "\x1epkg/inception/proto/host.proto\x12\bqubesome\"\"\n" + + "\x0eXdgOpenRequest\x12\x10\n" + + "\x03url\x18\x01 \x01(\tR\x03url\"\x0e\n" + + "\fXdgOpenReply\"D\n" + + "\x12RunWorkloadRequest\x12\x1a\n" + + "\bworkload\x18\x01 \x01(\tR\bworkload\x12\x12\n" + + "\x04args\x18\x02 \x01(\tR\x04args\"\x12\n" + + "\x10RunWorkloadReply\"K\n" + + "\x19FlatpakRunWorkloadRequest\x12\x1a\n" + + "\bworkload\x18\x01 \x01(\tR\bworkload\x12\x12\n" + + "\x04args\x18\x02 \x01(\tR\x04args\"\x19\n" + + "\x17FlatpakRunWorkloadReply2\xf8\x01\n" + + "\fQubesomeHost\x12=\n" + + "\aXdgOpen\x12\x18.qubesome.XdgOpenRequest\x1a\x16.qubesome.XdgOpenReply\"\x00\x12I\n" + + "\vRunWorkload\x12\x1c.qubesome.RunWorkloadRequest\x1a\x1a.qubesome.RunWorkloadReply\"\x00\x12^\n" + + "\x12FlatpakRunWorkload\x12#.qubesome.FlatpakRunWorkloadRequest\x1a!.qubesome.FlatpakRunWorkloadReply\"\x00B-Z+github.com/qubesome/cli/pkg/inception/protob\x06proto3" var ( file_pkg_inception_proto_host_proto_rawDescOnce sync.Once diff --git a/pkg/inception/proto/host_grpc.pb.go b/pkg/inception/proto/host_grpc.pb.go index 4e414ad..efc64f5 100644 --- a/pkg/inception/proto/host_grpc.pb.go +++ b/pkg/inception/proto/host_grpc.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: -// - protoc-gen-go-grpc v1.5.1 -// - protoc v5.28.3 +// - protoc-gen-go-grpc v1.6.1 +// - protoc v6.33.5 // source: pkg/inception/proto/host.proto package proto @@ -89,13 +89,13 @@ type QubesomeHostServer interface { type UnimplementedQubesomeHostServer struct{} func (UnimplementedQubesomeHostServer) XdgOpen(context.Context, *XdgOpenRequest) (*XdgOpenReply, error) { - return nil, status.Errorf(codes.Unimplemented, "method XdgOpen not implemented") + return nil, status.Error(codes.Unimplemented, "method XdgOpen not implemented") } func (UnimplementedQubesomeHostServer) RunWorkload(context.Context, *RunWorkloadRequest) (*RunWorkloadReply, error) { - return nil, status.Errorf(codes.Unimplemented, "method RunWorkload not implemented") + return nil, status.Error(codes.Unimplemented, "method RunWorkload not implemented") } func (UnimplementedQubesomeHostServer) FlatpakRunWorkload(context.Context, *FlatpakRunWorkloadRequest) (*FlatpakRunWorkloadReply, error) { - return nil, status.Errorf(codes.Unimplemented, "method FlatpakRunWorkload not implemented") + return nil, status.Error(codes.Unimplemented, "method FlatpakRunWorkload not implemented") } func (UnimplementedQubesomeHostServer) mustEmbedUnimplementedQubesomeHostServer() {} func (UnimplementedQubesomeHostServer) testEmbeddedByValue() {} @@ -108,7 +108,7 @@ type UnsafeQubesomeHostServer interface { } func RegisterQubesomeHostServer(s grpc.ServiceRegistrar, srv QubesomeHostServer) { - // If the following call pancis, it indicates UnimplementedQubesomeHostServer was + // If the following call panics, it indicates UnimplementedQubesomeHostServer was // embedded by pointer and is nil. This will cause panics if an // unimplemented method is ever invoked, so we test this at initialization // time to prevent it from happening at runtime later due to I/O.