Error when using gosec.

[eoinmcq]

Hi (great fork by the way) - our build uses go sec if we auto generate code then this causes a problem with the line io.Copy(&buf, gz) in release.go. Gosec flags this as I think an explosion issue.

I don't mind the act of doing the copy(unless it was easy to fix) as we are pretty controlled over what file we run this on but would it be possible to have the #nosec directive.

I am happy enough to raise a PR if needbe. It is perhaps something that would require a deeper look but I thought it worth raising as we incorporate on a pretty stringent CI lint/ sec etc etc setup and it works perfectly but for this one issue.

Thanks Eoin

[kevinburke]

Can you provide a little more context on what specifically the problem is?

[davidschlachter]

Since https://github.com/securego/gosec/commit/62db81342ea288f774b901eca957e0df5d693f0d, gosec supports ignore generated files. The original issue that caused the warning to be raised is explained here, but I'm not sure that it makes sense to fix it.