feat/IDE-1066_new-sast-scanner #326
Draft
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This commit implements a code scanner that provides comprehensive, type-safe, and flexible handling of code scanning results. Key features implemented: 1. Core Scanner Implementation: - Support for multiple input formats (SARIF and local findings) - Robust error handling with proper context through error wrapping - Null-safety through careful nil reference checking - Consistent processing of various payload types - Safe logger access with robust nil detection 2. Issue Wrapper Implementation: - Comprehensive FindingIssueWrapper to convert local findings to types.Issue - Support for all required Issue interface methods - Proper severity mapping from finding ratings to standard severities - Handling for CWE information extraction - Flexible metadata access through GetAdditionalData 3. Test Coverage and Validation: - Comprehensive test suite with ~80% code coverage - Tests for all edge cases including empty results, nil payloads, and malformed data - Tests for severity mapping across all possible levels - Validation of error propagation and context preservation - Mock logger implementation for testing log output 4. Code Quality Enhancements: - Documentation for all public functions and methods - Consistent coding style with standardized naming - Clear separation of concerns for data conversion - Proper resource cleanup and error handling - Fully compliant with project linting standards This implementation provides a complete code scanning solution that efficiently converts both local findings and SARIF data into a standardized issue format while maintaining high standards for error handling, type safety, and code quality.
- Fix nil reference handling with robust isNilInterface helper function - Replace deprecated configuration.NewInMemory() with recommended NewWithOpts approach - Improve error handling by treating empty results as normal rather than errors - Add proper error wrapping with context using fmt.Errorf and %w verb - Fix potential nil pointer dereferences in GetRuleID - Add tests for previously untested code paths - Improve test coverage from 79.9% to 83.9% - Fix all linting issues identified by gofmt and golangci-lint
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.