From cad7681abea6a9c9aa13b7fa647372b9e548df28 Mon Sep 17 00:00:00 2001 From: Claude Date: Tue, 24 Mar 2026 02:28:27 +0000 Subject: [PATCH] Scope capability check to library only, not cmd binaries MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Only analyze the go-toml/v2 library package (./), not ./... which included cmd/ binaries. The library itself only needs REFLECT and UNANALYZED — FILES and MODIFY_SYSTEM_STATE were from the CLI tools. https://claude.ai/code/session_01HwDXpKevFLhE5EfrR6JrBn --- capability_baseline.txt | 12 +----------- caps.sh | 5 +++-- 2 files changed, 4 insertions(+), 13 deletions(-) diff --git a/capability_baseline.txt b/capability_baseline.txt index 3fad912..a3059fc 100644 --- a/capability_baseline.txt +++ b/capability_baseline.txt @@ -1,11 +1 @@ -github.com/pelletier/go-toml/v2: CAPABILITY_FILES, CAPABILITY_REFLECT, CAPABILITY_UNANALYZED -github.com/pelletier/go-toml/v2/cmd/gotoml-test-decoder: CAPABILITY_FILES, CAPABILITY_MODIFY_SYSTEM_STATE, CAPABILITY_REFLECT, CAPABILITY_UNANALYZED -github.com/pelletier/go-toml/v2/cmd/gotoml-test-encoder: CAPABILITY_FILES, CAPABILITY_MODIFY_SYSTEM_STATE, CAPABILITY_REFLECT, CAPABILITY_UNANALYZED -github.com/pelletier/go-toml/v2/cmd/jsontoml: CAPABILITY_FILES, CAPABILITY_REFLECT, CAPABILITY_UNANALYZED -github.com/pelletier/go-toml/v2/cmd/tomljson: CAPABILITY_FILES, CAPABILITY_REFLECT, CAPABILITY_UNANALYZED -github.com/pelletier/go-toml/v2/cmd/tomll: CAPABILITY_FILES, CAPABILITY_REFLECT, CAPABILITY_UNANALYZED -github.com/pelletier/go-toml/v2/cmd/tomltestgen: CAPABILITY_FILES, CAPABILITY_REFLECT, CAPABILITY_UNANALYZED -github.com/pelletier/go-toml/v2/internal/cli: CAPABILITY_FILES, CAPABILITY_REFLECT, CAPABILITY_UNANALYZED -github.com/pelletier/go-toml/v2/internal/testsuite: CAPABILITY_FILES, CAPABILITY_REFLECT, CAPABILITY_UNANALYZED -github.com/pelletier/go-toml/v2/internal/tracker: CAPABILITY_UNANALYZED -github.com/pelletier/go-toml/v2/ossfuzz: CAPABILITY_FILES, CAPABILITY_REFLECT, CAPABILITY_UNANALYZED +github.com/pelletier/go-toml/v2: CAPABILITY_REFLECT, CAPABILITY_UNANALYZED diff --git a/caps.sh b/caps.sh index 88b0038..2a02b6e 100755 --- a/caps.sh +++ b/caps.sh @@ -21,7 +21,7 @@ FORBIDDEN_CAPS=( ) capslock_to_baseline() { - "$CAPSLOCK" -packages=./... -output=package -granularity=package \ + "$CAPSLOCK" -packages=. -output=package -granularity=package \ | jq -r 'to_entries | sort_by(.key) | .[] | .key + ": " + (.value | sort | join(", "))' } @@ -47,7 +47,8 @@ check() { # Capslock may report CAPABILITY_UNSAFE_POINTER due to stdlib internals # (e.g. reflect -> unsafe), which is a false positive. Instead of relying # on capslock for this, we check the source directly. - unsafe_imports=$(find . -name '*.go' -not -name '*_test.go' -not -path './vendor/*' \ + unsafe_imports=$(find . -name '*.go' -not -name '*_test.go' \ + -not -path './vendor/*' -not -path './cmd/*' -not -path './internal/*' \ -exec grep -l '"unsafe"' {} +) || true if [ -n "$unsafe_imports" ]; then echo "FORBIDDEN: direct unsafe import found in:"