Skip to content

fix(security): remediate SonarQube vulnerabilities#77

Open
devin-ai-integration[bot] wants to merge 1 commit intomainfrom
devin/1769799550-sonarqube-remediation
Open

fix(security): remediate SonarQube vulnerabilities#77
devin-ai-integration[bot] wants to merge 1 commit intomainfrom
devin/1769799550-sonarqube-remediation

Conversation

@devin-ai-integration
Copy link

@devin-ai-integration devin-ai-integration bot commented Jan 30, 2026

Closes: N/A (SonarQube code quality remediation)

Summary

This PR addresses SonarQube rule S1192 (duplicated string literals) by extracting repeated string literals into constants across four files. The changes are mechanical refactoring with no behavioral changes.

Changes

pkg/errors/error.go

  • Extracted "context does not contain GitHubCtxErrors" into a package-level error variable using errors.New() (4 occurrences)

pkg/github/discussions.go

  • Extracted "Repository owner", "Repository name", "failed to get GitHub GQL client: %v", and "category:%s" into constants

pkg/github/pullrequests.go

  • Extracted "failed to get pull request", "failed to get current user", and "failed to get latest review for current user" into constants

pkg/github/repositories.go

  • Extracted "failed to get GitHub client: %w", "failed to create resource URI: %w", and "repo://" into constants

Human Review Checklist

  • Verify error messages remain semantically identical after refactoring
  • Confirm var is used for errors.New() in error.go and const for string literals elsewhere
  • Note: Despite the SonarQube context, these are code quality improvements (S1192), not security vulnerability fixes

Verification

  • Lint passes: ./script/lint returns 0 issues
  • Tests pass: ./script/test all packages OK

Link to Devin run: https://app.devin.ai/sessions/a36d9c0dd05d415d95a70ee5074b5865
Requested by: Eashan Sinha (@eashansinha)

@devin-ai-integration @eashansinha
fix(security): remediate SonarQube S1192 duplicated string literals
bd59bde 
- Extract constants for duplicated error messages in pkg/errors/error.go
- Extract constants for duplicated strings in pkg/github/discussions.go
- Extract constants for duplicated error messages in pkg/github/repositories.go
- Extract constants for duplicated error messages in pkg/github/pullrequests.go

Addresses CRITICAL severity code quality issues identified by SonarQube:
- go:S1192: Define a constant instead of duplicating string literals

Co-Authored-By: Eashan Sinha <eashan.sinha@codeium.com>
@devin-ai-integration
Copy link
Author

devin-ai-integration bot commented Jan 30, 2026

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

  • Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
  • Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

  • Disable automatic comment and CI monitoring

@sonarqubecloud
Copy link

sonarqubecloud bot commented Jan 30, 2026

Quality Gate Failed Quality Gate failed

Failed conditions
20.3% Duplication on New Code (required ≤ 3%)
B Maintainability Rating on New Code (required ≥ A)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants