Add Golangci-lint static code analysis and fix found issues (#326)

jfrog · May 4, 2023 · 6939acb · 6939acb
1 parent 24b1bdb
commit 6939acb
Show file tree

Hide file tree

Showing 6 changed files with 18 additions and 14 deletions.
diff --git a/.github/workflows/analysis.yml b/.github/workflows/analysis.yml
@@ -16,9 +16,11 @@ jobs:
         run: go generate ./...
 
       - name: Static Code Analysis
-        uses: dominikh/staticcheck-action@v1
+        uses: golangci/golangci-lint-action@v3
         with:
-          install-go: false
+          args: |
+            --timeout 5m --out-${NO_FUTURE}format colored-line-number --enable errcheck,gosimple,govet,ineffassign,staticcheck,typecheck,unused,gocritic,asasalint,asciicheck,errchkjson,exportloopref,forcetypeassert,makezero,nilerr,unparam,unconvert,wastedassign,usestdlibvars 
+
   Go-Sec:
     runs-on: ubuntu-latest
     steps:
@@ -28,8 +30,8 @@ jobs:
         uses: actions/setup-go@v3
         with:
           go-version: 1.19.x
-      - name: Install gosec
-        run: curl -sfL https://raw.githubusercontent.com/securego/gosec/master/install.sh | sh -s -- -b $(go env GOPATH)/bin
-      - name: Run gosec
-        # Temporary ignoring G301,G302,G306
-        run: gosec -exclude=G204,G301,G302,G304,G306 -exclude-dir=\.*test\.* ./...
+
+      - name: Run Gosec Security Scanner
+        uses: securego/gosec@master
+        with:
+          args: -exclude=G204,G301,G302,G304,G306 -exclude-dir=\.*test\.* ./...
diff --git a/commands/createfixpullrequests_test.go b/commands/createfixpullrequests_test.go
@@ -169,7 +169,7 @@ func TestFixPackageVersion(t *testing.T) {
 func getTestDataDir(t *testing.T) (string, string) {
 	currentDir, err := os.Getwd()
 	assert.NoError(t, err)
-	testdataDir, err := filepath.Abs(filepath.Join("testdata/projects"))
+	testdataDir, err := filepath.Abs("testdata/projects")
 	assert.NoError(t, err)
 	return currentDir, testdataDir
 }

diff --git a/commands/scanandfixrepos_test.go b/commands/scanandfixrepos_test.go
@@ -238,7 +238,7 @@ func createHttpHandler(t *testing.T, port *string, projectNames ...string) http.
 				return
 			}
 			if r.RequestURI == fmt.Sprintf("/repos/jfrog/%s/pulls", projectName) {
-				w.WriteHeader(200)
+				w.WriteHeader(http.StatusOK)
 				return
 			}
 			if r.RequestURI == fmt.Sprintf("/%s", projectName) {

diff --git a/commands/scanpullrequest_test.go b/commands/scanpullrequest_test.go
@@ -577,11 +577,12 @@ func createGitLabHandler(t *testing.T, projectName string) http.HandlerFunc {
 			assert.NotEmpty(t, buf.String())
 
 			var expectedResponse []byte
-			if strings.Contains(projectName, "multi-dir") {
+			switch {
+			case strings.Contains(projectName, "multi-dir"):
 				expectedResponse, err = os.ReadFile(filepath.Join("..", "expectedResponseMultiDir.json"))
-			} else if strings.Contains(projectName, "pip") {
+			case strings.Contains(projectName, "pip"):
 				expectedResponse, err = os.ReadFile(filepath.Join("..", "expectedResponsePip.json"))
-			} else {
+			default:
 				expectedResponse, err = os.ReadFile(filepath.Join("..", "expectedResponse.json"))
 			}
 			assert.NoError(t, err)

diff --git a/commands/scanpullrequests_test.go b/commands/scanpullrequests_test.go
@@ -217,7 +217,7 @@ func fakeRepoDownload(_ context.Context, _, _, testProject, targetDir string) er
 	// This project will be used in the source auditing phase - mimic a PR with a new vulnerable dependency.
 	// Second "download" will occur inside the first temp dir. Therefor the "test-proj" will be found and will
 	// be copied to the second (random) temp dir and will be used in the target auditing phase.
-	err := fileutils.CopyDir(filepath.Join(testProject), targetDir, true, []string{})
+	err := fileutils.CopyDir(testProject, targetDir, true, []string{})
 	if err != nil {
 		return err
 	}

diff --git a/schema/schemas_test.go b/schema/schemas_test.go
@@ -1,6 +1,7 @@
 package schema
 
 import (
+	"fmt"
 	"io"
 	"net/http"
 	"os"
@@ -135,7 +136,7 @@ func convertYamlToJson(yamlValue interface{}) interface{} {
 				// "on" is considered a true value for the Yaml Unmarshaler. To work around it, we set the true to be "on".
 				key = "on"
 			}
-			jsonMapping[key.(string)] = convertYamlToJson(value)
+			jsonMapping[fmt.Sprint(key)] = convertYamlToJson(value)
 		}
 		return jsonMapping
 	case []interface{}: