Skip to content

fix(security): remediate SonarQube vulnerabilities#78

Open
devin-ai-integration[bot] wants to merge 1 commit intomainfrom
devin/1770236371-sonarqube-remediation
Open

fix(security): remediate SonarQube vulnerabilities#78
devin-ai-integration[bot] wants to merge 1 commit intomainfrom
devin/1770236371-sonarqube-remediation

Conversation

@devin-ai-integration
Copy link

@devin-ai-integration devin-ai-integration bot commented Feb 4, 2026

Closes: N/A (SonarQube remediation task)

Summary

This PR addresses 5 CRITICAL severity SonarQube issues in pkg/github/issues.go:

S1192 - Duplicated String Literals (3 issues):

  • Defined errFailedToGetGitHubClient constant for error message duplicated 7 times
  • Defined descRepositoryOwner constant for description duplicated 6 times
  • Defined descRepositoryName constant for description duplicated 6 times

S3776 - Cognitive Complexity (2 issues):

  • Extracted parseListIssuesOptions() helper from ListIssues handler
  • Extracted findCopilotBotAssignee() and getIssueAssignees() helpers from AssignCopilotToIssue handler
  • Moved copilotBotAssignee, suggestedActorsQuery, and issueAssigneesQuery types to package level

Human Review Checklist

  • Error message change: parseListIssuesOptions now returns "invalid since timestamp: %w" instead of "failed to list issues: %s" - verify this is acceptable
  • Type visibility: Types moved from function-local to package-level - confirm no naming conflicts
  • Behavior preservation: Verify extracted helper functions maintain identical behavior

Testing

  • All existing tests pass
  • Lint checks pass

Link to Devin run: https://app.devin.ai/sessions/ea91faa87d69422893b4da1d0029adc9
Requested by: @parkerduff

@devin-ai-integration @parkerduff
fix(security): remediate SonarQube issues in issues.go
4abc50b 
- S1192: Define constants for duplicated string literals:
  - errFailedToGetGitHubClient for error message (7 occurrences)
  - descRepositoryOwner for 'Repository owner' description (6 occurrences)
  - descRepositoryName for 'Repository name' description (6 occurrences)

- S3776: Reduce cognitive complexity in ListIssues (line 324):
  - Extract parseListIssuesOptions helper function to parse request options

- S3776: Reduce cognitive complexity in AssignCopilotToIssue (line 704):
  - Extract copilotBotAssignee and suggestedActorsQuery types to package level
  - Extract issueAssigneesQuery type to package level
  - Extract findCopilotBotAssignee helper function
  - Extract getIssueAssignees helper function
  - Add copilotBotLogin constant

Co-Authored-By: parker.duff@codeium.com <pwjduff@gmail.com>
@devin-ai-integration
Copy link
Author

devin-ai-integration bot commented Feb 4, 2026

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

  • Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
  • Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

  • Disable automatic comment and CI monitoring

@sonarqubecloud
Copy link

sonarqubecloud bot commented Feb 4, 2026

Quality Gate Passed Quality Gate passed

Issues
4 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
2.5% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants