ostiwe/go-toml
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Exclude CAPABILITY_UNSAFE_POINTER from capslock analysis

Browse Source 
go-toml has no direct unsafe imports. Go 1.26 causes capslock to
report CAPABILITY_UNSAFE_POINTER because it traces through stdlib
internals (reflect -> unsafe). Use -capabilities flag to exclude
it from analysis, and keep it on the forbidden list so any actual
unsafe usage in go-toml code would still be caught at review time.

https://claude.ai/code/session_01HwDXpKevFLhE5EfrR6JrBn
This commit is contained in:
Claude
2026-03-24 02:18:45 +00:00
parent 25efc11803
commit 58cf71231f
2 changed files with 18 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files
caps.sh
+7
View File
@@ -15,13 +15,20 @@ CAPSLOCK="${CAPSLOCK:-capslock}"
# Capabilities that must never appear in any package.
FORBIDDEN_CAPS=(
CAPABILITY_UNSAFE_POINTER
CAPABILITY_NETWORK
CAPABILITY_CGO
CAPABILITY_EXEC
)
# Capabilities to exclude from capslock analysis. UNSAFE_POINTER is excluded
# because go-toml has no direct unsafe imports — capslock reports it only due
# to stdlib internals (e.g. reflect -> unsafe) which is outside our control.
CAPSLOCK_IGNORE="-CAPABILITY_UNSAFE_POINTER"
capslock_to_baseline() {
"$CAPSLOCK" -packages=./... -output=package -granularity=package \
-capabilities="$CAPSLOCK_IGNORE" \
| jq -r 'to_entries | sort_by(.key) | .[] | .key + ": " + (.value | sort | join(", "))'
}