fix(security): remediate SonarQube vulnerabilities (S1192, S3776)#84
Open
devin-ai-integration[bot] wants to merge 1 commit intomainfrom
Open
fix(security): remediate SonarQube vulnerabilities (S1192, S3776)#84devin-ai-integration[bot] wants to merge 1 commit intomainfrom
devin-ai-integration[bot] wants to merge 1 commit intomainfrom
Conversation
- Define constants for duplicated string literals (S1192): - errMsgGetGitHubClient for 'failed to get GitHub client: %w' (12 occurrences) - errMsgGetCommit for 'failed to get commit: %s' (3 occurrences) - resourceURISchemePrefix for 'repo://' (3 occurrences) - errMsgCreateResourceURI for 'failed to create resource URI: %w' (3 occurrences) - Refactor ListCommits to reduce cognitive complexity (S3776): - Extract listCommitsParams struct for parameter handling - Extract extractListCommitsParams helper function - Extract buildListCommitsOptions helper function - Refactor GetFileContents to reduce cognitive complexity from 86 to 15 (S3776): - Extract fileContentsParams struct for parameter handling - Extract extractFileContentsParams helper function - Extract resolvePRRef helper function for PR reference resolution - Extract buildResourceURI helper function for URI construction - Extract createFileContentResult helper function for content type handling - Extract handleRawContentResponse helper function - Extract handleDirectoryContent helper function - Extract fetchRawFileContent helper function Affected file: pkg/github/repositories.go Co-Authored-By: parker.duff@codeium.com <pwjduff@gmail.com>
Author
🤖 Devin AI EngineerI'll be helping with this pull request! Here's what you should know: ✅ I will automatically:
Note: I can only respond to comments from users who have write access to this repository. ⚙️ Control Options:
|
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes: N/A (SonarQube remediation task)
Summary
This PR addresses 6 SonarQube issues in
pkg/github/repositories.go:S1192 - Duplicated String Literals (4 issues):
S3776 - Cognitive Complexity (2 issues):
ListCommitsby extracting parameter handling into helper functionsGetFileContents(complexity 86 → ~15) by extracting multiple helper functions for parameter extraction, PR ref resolution, URI building, and content handlingChanges
errMsgGetGitHubClientconstant (12 occurrences)errMsgGetCommitconstant (3 occurrences)resourceURISchemePrefixconstant (3 occurrences)errMsgCreateResourceURIconstant (3 occurrences)extractListCommitsParams,buildListCommitsOptionsGetFileContentsHuman Review Checklist
handleRawContentResponsereturning(nil, nil)to signal fallback is handled correctly in the callerGetFileContentsis equivalent to originalTradeoffs
Link to Devin run: https://app.devin.ai/sessions/c8da3bd78b8e4a9faf853258b9183e82
Requested by: @parkerduff