fix: security issues and use gitleaks (#163)

* fix(tests): remove unused test constants and helpers

Delete dead test code that caused 41 staticcheck U1000 violations:
- cli/test_constants.go (25 unused constants)
- cli/terminal_test_helpers.go (unused type, method, 7 variables)
- fileproc/test_constants.go (5 unused constants)
- fileproc/processor_test.go (2 unused helper functions)

* fix(security): replace custom secret detection with gitleaks

The hand-rolled check_secrets regex patterns produced false positives
on configKey test values, causing make security-full to fail.

Replace with gitleaks via go run for proper secret detection with
built-in rules and allowlist support for generated report files.

* chore(deps): update dependencies and fix install-tools

Update Go module dependencies to latest versions.
Fix checkmake install path and remove yamllint go install
(yamllint is a Python tool, not installable via go install).

* docs: add design document for gitleaks integration

* feat: update go to 1.25.6
This commit is contained in:
2026-02-01 22:09:24 +02:00
committed by GitHub
parent 7a99534252
commit 994099137a
12 changed files with 100 additions and 233 deletions

View File

@@ -1,68 +0,0 @@
package cli
import "testing"
// terminalEnvSetup defines environment variables for terminal detection tests.
type terminalEnvSetup struct {
Term string
CI string
GitHubActions string
NoColor string
ForceColor string
}
// apply sets up the environment variables using t.Setenv.
func (e terminalEnvSetup) apply(t *testing.T) {
t.Helper()
// Always set all environment variables to ensure isolation
// Empty string explicitly unsets the variable in the test environment
t.Setenv("TERM", e.Term)
t.Setenv("CI", e.CI)
t.Setenv("GITHUB_ACTIONS", e.GitHubActions)
t.Setenv("NO_COLOR", e.NoColor)
t.Setenv("FORCE_COLOR", e.ForceColor)
}
// Common terminal environment setups for reuse across tests.
var (
envDefaultTerminal = terminalEnvSetup{
Term: "xterm-256color",
CI: "",
NoColor: "",
ForceColor: "",
}
envDumbTerminal = terminalEnvSetup{
Term: "dumb",
}
envCIWithoutGitHub = terminalEnvSetup{
Term: "xterm",
CI: "true",
GitHubActions: "",
}
envGitHubActions = terminalEnvSetup{
Term: "xterm",
CI: "true",
GitHubActions: "true",
NoColor: "",
}
envNoColor = terminalEnvSetup{
Term: "xterm-256color",
CI: "",
NoColor: "1",
ForceColor: "",
}
envForceColor = terminalEnvSetup{
Term: "dumb",
ForceColor: "1",
}
envEmptyTerm = terminalEnvSetup{
Term: "",
}
)

View File

@@ -1,42 +0,0 @@
package cli
// Test constants to avoid duplication in test files.
// These constants are used across multiple test files in the cli package.
const (
// Error messages
testErrFileNotFound = "file not found"
testErrPermissionDenied = "permission denied"
testErrInvalidFormat = "invalid format"
testErrOther = "other error"
testErrEncoding = "encoding error"
testErrSourceRequired = "source directory is required"
testErrPathTraversal = "path traversal attempt detected"
testPathTraversalPath = "../../../etc/passwd"
// Suggestion messages
testSuggestionsHeader = "Suggestions:"
testSuggestCheckPerms = "Check file/directory permissions"
testSuggestVerifyPath = "Verify the path is correct"
testSuggestFormat = "Use a supported format: markdown, json, yaml"
testSuggestFormatEx = "Example: -format markdown"
testSuggestCheckArgs = "Check your command line arguments"
testSuggestHelp = "Run with --help for usage information"
testSuggestDiskSpace = "Verify available disk space"
testSuggestReduceConcur = "Try with -concurrency 1 to reduce resource usage"
// UI test strings
testWithColors = "with colors"
testWithoutColors = "without colors"
testProcessingMsg = "Processing files"
// Flag names
testFlagSource = "-source"
testFlagConcurrency = "-concurrency"
// Test file paths
testFilePath1 = "/test/file1.go"
testFilePath2 = "/test/file2.go"
// Output markers
testErrorSuffix = " Error"
)