From ddc18014efebd82fe46bbdc148cabfa3fa8e0505 Mon Sep 17 00:00:00 2001
From: Stephen Braverman <stephen.braverman@armis.com>
Date: Mon, 23 Mar 2026 14:39:48 -0400
Subject: [PATCH] [PPSC-602] fix: document intentionally discarded stderr write
 (CWE-252)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 internal/cmd/context.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/internal/cmd/context.go b/internal/cmd/context.go
index 75871d6..1dd2664 100644
--- a/internal/cmd/context.go
+++ b/internal/cmd/context.go
@@ -33,7 +33,9 @@ func NewSignalContext() (context.Context, context.CancelFunc) {
 func handleScanError(ctx context.Context, err error) error {
 	_ = ctx // unused but kept for API consistency
 	if errors.Is(err, context.Canceled) {
-		_, _ = fmt.Fprintln(os.Stderr, "") // newline before warning; ignore write errors
+		// CWE-252 false positive: write errors for stderr formatting are intentionally
+		// discarded - no meaningful recovery for failed terminal writes.
+		_, _ = fmt.Fprintln(os.Stderr, "")
 		cli.PrintWarning("Scan cancelled")
 		return ErrScanCancelled
 	}