fix: security issues and use gitleaks (#163)

* fix(tests): remove unused test constants and helpers Delete dead test code that caused 41 staticcheck U1000 violations: - cli/test_constants.go (25 unused constants) - cli/terminal_test_helpers.go (unused type, method, 7 variables) - fileproc/test_constants.go (5 unused constants) - fileproc/processor_test.go (2 unused helper functions) * fix(security): replace custom secret detection with gitleaks The hand-rolled check_secrets regex patterns produced false positives on configKey test values, causing make security-full to fail. Replace with gitleaks via go run for proper secret detection with built-in rules and allowlist support for generated report files. * chore(deps): update dependencies and fix install-tools Update Go module dependencies to latest versions. Fix checkmake install path and remove yamllint go install (yamllint is a Python tool, not installable via go install). * docs: add design document for gitleaks integration * feat: update go to 1.25.6
2026-02-21 18:52:19 +00:00 · 2026-02-01 22:09:24 +02:00
parent 7a99534252
commit 994099137a
12 changed files with 100 additions and 233 deletions
--- a/cli/terminal_test_helpers.go
+++ b/cli/terminal_test_helpers.go
@@ -1,68 +0,0 @@
-package cli
-
-import "testing"
-
-// terminalEnvSetup defines environment variables for terminal detection tests.
-type terminalEnvSetup struct {
-	Term          string
-	CI            string
-	GitHubActions string
-	NoColor       string
-	ForceColor    string
-}
-
-// apply sets up the environment variables using t.Setenv.
-func (e terminalEnvSetup) apply(t *testing.T) {
-	t.Helper()
-
-	// Always set all environment variables to ensure isolation
-	// Empty string explicitly unsets the variable in the test environment
-	t.Setenv("TERM", e.Term)
-	t.Setenv("CI", e.CI)
-	t.Setenv("GITHUB_ACTIONS", e.GitHubActions)
-	t.Setenv("NO_COLOR", e.NoColor)
-	t.Setenv("FORCE_COLOR", e.ForceColor)
-}
-
-// Common terminal environment setups for reuse across tests.
-var (
-	envDefaultTerminal = terminalEnvSetup{
-		Term:       "xterm-256color",
-		CI:         "",
-		NoColor:    "",
-		ForceColor: "",
-	}
-
-	envDumbTerminal = terminalEnvSetup{
-		Term: "dumb",
-	}
-
-	envCIWithoutGitHub = terminalEnvSetup{
-		Term:          "xterm",
-		CI:            "true",
-		GitHubActions: "",
-	}
-
-	envGitHubActions = terminalEnvSetup{
-		Term:          "xterm",
-		CI:            "true",
-		GitHubActions: "true",
-		NoColor:       "",
-	}
-
-	envNoColor = terminalEnvSetup{
-		Term:       "xterm-256color",
-		CI:         "",
-		NoColor:    "1",
-		ForceColor: "",
-	}
-
-	envForceColor = terminalEnvSetup{
-		Term:       "dumb",
-		ForceColor: "1",
-	}
-
-	envEmptyTerm = terminalEnvSetup{
-		Term: "",
-	}
-)
--- a/cli/test_constants.go
+++ b/cli/test_constants.go
@@ -1,42 +0,0 @@
-package cli
-
-// Test constants to avoid duplication in test files.
-// These constants are used across multiple test files in the cli package.
-const (
-	// Error messages
-	testErrFileNotFound     = "file not found"
-	testErrPermissionDenied = "permission denied"
-	testErrInvalidFormat    = "invalid format"
-	testErrOther            = "other error"
-	testErrEncoding         = "encoding error"
-	testErrSourceRequired   = "source directory is required"
-	testErrPathTraversal    = "path traversal attempt detected"
-	testPathTraversalPath   = "../../../etc/passwd"
-
-	// Suggestion messages
-	testSuggestionsHeader   = "Suggestions:"
-	testSuggestCheckPerms   = "Check file/directory permissions"
-	testSuggestVerifyPath   = "Verify the path is correct"
-	testSuggestFormat       = "Use a supported format: markdown, json, yaml"
-	testSuggestFormatEx     = "Example: -format markdown"
-	testSuggestCheckArgs    = "Check your command line arguments"
-	testSuggestHelp         = "Run with --help for usage information"
-	testSuggestDiskSpace    = "Verify available disk space"
-	testSuggestReduceConcur = "Try with -concurrency 1 to reduce resource usage"
-
-	// UI test strings
-	testWithColors    = "with colors"
-	testWithoutColors = "without colors"
-	testProcessingMsg = "Processing files"
-
-	// Flag names
-	testFlagSource      = "-source"
-	testFlagConcurrency = "-concurrency"
-
-	// Test file paths
-	testFilePath1 = "/test/file1.go"
-	testFilePath2 = "/test/file2.go"
-
-	// Output markers
-	testErrorSuffix = " Error"
-)