From 300df26831da2fc3ef415f14a53ab26e0a400ec1 Mon Sep 17 00:00:00 2001
From: Geoff Franks <geoff.franks@broadcom.com>
Date: Mon, 16 Sep 2024 15:12:07 +0000
Subject: [PATCH] Ignore G110 for app asset decompression as it's bounded by
 container FS quota

---
 depot/steps/upload_step.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/depot/steps/upload_step.go b/depot/steps/upload_step.go
index e1b2e01e..3f3b5907 100644
--- a/depot/steps/upload_step.go
+++ b/depot/steps/upload_step.go
@@ -128,6 +128,7 @@ func (step *uploadStep) Run(signals <-chan os.Signal, ready chan<- struct{}) (er
 		os.Remove(finalFileLocation)
 	}()
 
+	// #nosec - G110 - We're fine with unbounded file decompression here as we have container filesystem quotas that will prevent this from eating up the entire diego cell disk space
 	_, err = io.Copy(tempFile, tarStream)
 	if err != nil {
 		step.logger.Error("failed-to-copy-stream", err)