fix: gosec lint issues for the pkg

src/pkg/bundle/common.go

@@ -280,7 +280,8 @@ func validateOverrides(pkg types.Package, zarfYAML zarfTypes.ZarfPackage) error
 		var foundComponent *zarfTypes.ZarfComponent
 		for _, component := range zarfYAML.Components {
 			if component.Name == componentName {
-				foundComponent = &component
+				componentCopy := component // Create a copy of the component
+				foundComponent = &componentCopy
 				break
 			}
 		}
@@ -292,7 +293,8 @@ func validateOverrides(pkg types.Package, zarfYAML zarfTypes.ZarfPackage) error
 			var foundChart *zarfTypes.ZarfChart
 			for _, chart := range foundComponent.Charts {
 				if chart.Name == chartName {
-					foundChart = &chart
+					chartCopy := chart // Create a copy of the chart
+					foundChart = &chartCopy
 					break
 				}
 			}

src/pkg/bundle/deploy.go

@@ -282,11 +282,12 @@ func (b *Bundle) loadChartOverrides(pkg types.Package) (ZarfOverrideMap, error)
 	// Loop through each package component's charts and process overrides
 	for componentName, component := range pkg.Overrides {
 		for chartName, chart := range component {
-			err := b.processOverrideValues(&overrideMap, &chart.Values, componentName, chartName)
+			chartCopy := chart // Create a copy of the chart
+			err := b.processOverrideValues(&overrideMap, &chartCopy.Values, componentName, chartName)
 			if err != nil {
 				return nil, err
 			}
-			err = b.processOverrideVariables(&overrideMap, pkg.Name, &chart.Variables, componentName, chartName)
+			err = b.processOverrideVariables(&overrideMap, pkg.Name, &chartCopy.Variables, componentName, chartName)
 			if err != nil {
 				return nil, err
 			}

src/pkg/bundler/fetcher/local.go

@@ -68,12 +68,7 @@ func (f *localFetcher) GetPkgMetadata() (zarfTypes.ZarfPackage, error) {
 	if err != nil {
 		return zarfTypes.ZarfPackage{}, err
 	}
-	defer func(path string) {
-		err := os.RemoveAll(path)
-		if err != nil {
-
-		}
-	}(tmpDir)
+	defer os.RemoveAll(tmpDir) //nolint:errcheck
 
 	zarfTarball, err := os.Open(f.cfg.Bundle.Packages[f.cfg.PkgIter].Path)
 	if err != nil {

src/pkg/sources/remote.go

@@ -111,7 +111,7 @@ func (r *RemoteBundle) LoadPackageMetadata(dst *layout.PackagePaths, _ bool, _ b
 	if err = goyaml.Unmarshal(zarfYAMLBytes, &zarfYAML); err != nil {
 		return err
 	}
-	err = zarfUtils.WriteYaml(filepath.Join(dst.Base, config.ZarfYAML), zarfYAML, 0644)
+	err = zarfUtils.WriteYaml(filepath.Join(dst.Base, config.ZarfYAML), zarfYAML, 0600)
 	if err != nil {
 		return err
 	}
@@ -124,7 +124,7 @@ func (r *RemoteBundle) LoadPackageMetadata(dst *layout.PackagePaths, _ bool, _ b
 			if err != nil {
 				return err
 			}
-			err = os.WriteFile(filepath.Join(dst.Base, config.ChecksumsTxt), checksumBytes, 0644)
+			err = os.WriteFile(filepath.Join(dst.Base, config.ChecksumsTxt), checksumBytes, 0600)
 			if err != nil {
 				return err
 			}

src/pkg/utils/sbom.go

@@ -45,7 +45,7 @@
 
 // SBOMExtractor is the extraction fn for extracting HTML and JSON files from an sboms.tar archive
 func SBOMExtractor(dst string, SBOMArtifactPathMap map[string]string) func(ctx context.Context, f archiver.File) error {
 	extractor := func(ctx context.Context, f archiver.File) error {
 		open, err := f.Open()
 		if err != nil {
 			return err
@@ -63,7 +63,7 @@
 			}
 			path := filepath.Join(dst, config.BundleSBOM, f.NameInArchive)
 			// todo: handle collisions? especially for zarf-component SBOM files?
-			err = os.WriteFile(path, buffer, 0644)
+			err = os.WriteFile(path, buffer, 0600)
 			if err != nil {
 				return err
 			}