From 50eb252003a8f4a77161ed6eed71a4006aeba5d4 Mon Sep 17 00:00:00 2001 From: Ettore Di Giacinto Date: Sat, 27 Jun 2026 07:05:25 +0000 Subject: [PATCH] fix(syncstate): annotate gosec G118 false positive on lifeCtx gosec flagged the WithCancel in Start as "cancellation function not called" because the returned cancel is stored on the struct rather than called/deferred in scope. It is invoked in Close (covered by tests), and lifeCtx must outlive Start to drive the reconnect/reconcile goroutines. Suppress the verified false positive with a justified #nosec G118. Signed-off-by: Ettore Di Giacinto Assisted-by: Claude:claude-opus-4-8 [Claude Code] --- core/services/syncstate/syncstate.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/core/services/syncstate/syncstate.go b/core/services/syncstate/syncstate.go index 8c3e673c3..809177d40 100644 --- a/core/services/syncstate/syncstate.go +++ b/core/services/syncstate/syncstate.go @@ -96,7 +96,10 @@ func (m *SyncedMap[K, V]) Start(ctx context.Context) error { return err } - m.lifeCtx, m.cancel = context.WithCancel(context.Background()) + // The cancel func is stored on the struct and invoked in Close (covered by + // tests); lifeCtx must outlive Start to drive the reconnect/reconcile + // goroutines, so it cannot be cancelled or deferred within this scope. + m.lifeCtx, m.cancel = context.WithCancel(context.Background()) // #nosec G118 -- cancel is invoked in Close() if m.cfg.Nats != nil { sub, err := messaging.SubscribeJSON(m.cfg.Nats, m.subject(), m.apply)