general code clean

Author: andrzej-janczak

.codacy/codacy.yaml

@@ -1,9 +1,7 @@
 runtimes:
     - node@22.2.0
-    - python@3.11.11
 tools:
-    - eslint@9.3.0
     - trivy@0.59.1
-    - pylint@3.3.6
     - pmd@6.55.0
-    - semgrep@1.78.0
+    - semgrep@1.78.0
+    - eslint@8.57.0

cmd/init.go

@@ -18,7 +18,6 @@ import (
 	"time"
 
 	"github.com/spf13/cobra"
-	"gopkg.in/yaml.v3"
 )
 
 const CodacyApiBase = "https://app.codacy.com"
@@ -459,119 +458,50 @@ type SemgrepRulesFile struct {
 
 // createSemgrepConfigFile creates a semgrep.yaml configuration file based on the API configuration
 func createSemgrepConfigFile(config []domain.PatternConfiguration, toolsConfigDir string) error {
-	// When specific patterns are configured, filter rules from rules.yaml
-	if len(config) > 0 {
-		// First try to read the rules.yaml file
-		rulesFile := filepath.Join("plugins", "tools", "semgrep", "rules.yaml")
-		if _, err := os.Stat(rulesFile); err == nil {
-			// Read and parse the rules.yaml file
-			data, err := os.ReadFile(rulesFile)
-			if err != nil {
-				fmt.Printf("Warning: Failed to read rules.yaml: %v\n", err)
-				// Fall back to the old method
-				semgrepConfigurationString := tools.CreateSemgrepConfig(config)
-				return os.WriteFile(filepath.Join(toolsConfigDir, "semgrep.yaml"), []byte(semgrepConfigurationString), utils.DefaultFilePerms)
-			}
-
-			// Parse the YAML file just enough to get the rules array
-			var allRules SemgrepRulesFile
-			if err := yaml.Unmarshal(data, &allRules); err != nil {
-				fmt.Printf("Warning: Failed to parse rules.yaml: %v\n", err)
-				// Fall back to the old method
-				semgrepConfigurationString := tools.CreateSemgrepConfig(config)
-				return os.WriteFile(filepath.Join(toolsConfigDir, "semgrep.yaml"), []byte(semgrepConfigurationString), utils.DefaultFilePerms)
-			}
-
-			// Create a map of enabled pattern IDs for faster lookup
-			enabledPatterns := make(map[string]bool)
-			for _, pattern := range config {
-				if pattern.Enabled && pattern.PatternDefinition.Enabled {
-					// Extract rule ID from pattern ID
-					parts := strings.SplitN(pattern.PatternDefinition.Id, "_", 2)
-					if len(parts) == 2 {
-						ruleID := parts[1]
-						enabledPatterns[ruleID] = true
-					}
-				}
-			}
-
-			// Filter the rules based on enabled patterns
-			var filteredRules SemgrepRulesFile
-			filteredRules.Rules = []map[string]interface{}{}
-
-			for _, rule := range allRules.Rules {
-				// Get the rule ID
-				if ruleID, ok := rule["id"].(string); ok && enabledPatterns[ruleID] {
-					// If this rule is enabled, include it
-					filteredRules.Rules = append(filteredRules.Rules, rule)
-				}
-			}
-
-			// If no rules match, use the old method
-			if len(filteredRules.Rules) == 0 {
-				fmt.Println("Warning: No matching rules found in rules.yaml")
-				semgrepConfigurationString := tools.CreateSemgrepConfig(config)
-				return os.WriteFile(filepath.Join(toolsConfigDir, "semgrep.yaml"), []byte(semgrepConfigurationString), utils.DefaultFilePerms)
-			}
-
-			// Marshal the filtered rules back to YAML
-			filteredData, err := yaml.Marshal(filteredRules)
-			if err != nil {
-				fmt.Printf("Warning: Failed to marshal filtered rules: %v\n", err)
-				// Fall back to the old method
-				semgrepConfigurationString := tools.CreateSemgrepConfig(config)
-				return os.WriteFile(filepath.Join(toolsConfigDir, "semgrep.yaml"), []byte(semgrepConfigurationString), utils.DefaultFilePerms)
-			}
-
-			// Write the filtered rules to semgrep.yaml
-			return os.WriteFile(filepath.Join(toolsConfigDir, "semgrep.yaml"), filteredData, utils.DefaultFilePerms)
-		}
-
-		// If rules.yaml doesn't exist, fall back to the old method
-		semgrepConfigurationString := tools.CreateSemgrepConfig(config)
-		return os.WriteFile(filepath.Join(toolsConfigDir, "semgrep.yaml"), []byte(semgrepConfigurationString), utils.DefaultFilePerms)
-	}
-
-	// For default case with no specific patterns, use the entire rules.yaml
-	rulesFile := filepath.Join("plugins", "tools", "semgrep", "rules.yaml")
-	if _, err := os.Stat(rulesFile); err == nil {
-		data, err := os.ReadFile(rulesFile)
-		if err != nil {
-			fmt.Printf("Warning: Failed to read rules.yaml: %v\n", err)
-			// Fall back to the old method for default config
-			emptyConfig := []domain.PatternConfiguration{}
-			content := tools.CreateSemgrepConfig(emptyConfig)
-			return os.WriteFile(filepath.Join(toolsConfigDir, "semgrep.yaml"), []byte(content), utils.DefaultFilePerms)
-		}
-		return os.WriteFile(filepath.Join(toolsConfigDir, "semgrep.yaml"), data, utils.DefaultFilePerms)
+	// Use the refactored function from tools package
+	configData, err := tools.GetSemgrepConfig(config)
+	if err != nil {
+		// Log the error but continue with a minimal configuration
+		fmt.Printf("Warning: %v. Creating a minimal configuration.\n", err)
+
+		// Create a minimal configuration
+		minimalConfig := []byte(`rules:
+  - id: all
+    pattern: |
+      $X
+    message: "Semgrep analysis"
+    languages: [generic]
+    severity: INFO
+`)
+		return os.WriteFile(filepath.Join(toolsConfigDir, "semgrep.yaml"), minimalConfig, utils.DefaultFilePerms)
 	}
 
-	// Fall back to default config
-	emptyConfig := []domain.PatternConfiguration{}
-	content := tools.CreateSemgrepConfig(emptyConfig)
-	return os.WriteFile(filepath.Join(toolsConfigDir, "semgrep.yaml"), []byte(content), utils.DefaultFilePerms)
+	// Write to file
+	return os.WriteFile(filepath.Join(toolsConfigDir, "semgrep.yaml"), configData, utils.DefaultFilePerms)
 }
 
 // createDefaultSemgrepConfigFile creates a default semgrep.yaml configuration file
 func createDefaultSemgrepConfigFile(toolsConfigDir string) error {
-	// Use rules.yaml as the default
-	rulesFile := filepath.Join("plugins", "tools", "semgrep", "rules.yaml")
-	if _, err := os.Stat(rulesFile); err == nil {
-		data, err := os.ReadFile(rulesFile)
-		if err != nil {
-			fmt.Printf("Warning: Failed to read rules.yaml: %v\n", err)
-			// Fall back to the old method
-			emptyConfig := []domain.PatternConfiguration{}
-			content := tools.CreateSemgrepConfig(emptyConfig)
-			return os.WriteFile(filepath.Join(toolsConfigDir, "semgrep.yaml"), []byte(content), utils.DefaultFilePerms)
-		}
-		return os.WriteFile(filepath.Join(toolsConfigDir, "semgrep.yaml"), data, utils.DefaultFilePerms)
+	// Use the refactored function from tools package
+	configData, err := tools.GetDefaultSemgrepConfig()
+	if err != nil {
+		// Log the error but continue with a minimal configuration
+		fmt.Printf("Warning: %v. Creating a minimal configuration.\n", err)
+
+		// Create a minimal configuration
+		minimalConfig := []byte(`rules:
+  - id: all
+    pattern: |
+      $X
+    message: "Semgrep analysis"
+    languages: [generic]
+    severity: INFO
+`)
+		return os.WriteFile(filepath.Join(toolsConfigDir, "semgrep.yaml"), minimalConfig, utils.DefaultFilePerms)
 	}
 
-	// Fall back to the old method if rules.yaml doesn't exist
-	emptyConfig := []domain.PatternConfiguration{}
-	content := tools.CreateSemgrepConfig(emptyConfig)
-	return os.WriteFile(filepath.Join(toolsConfigDir, "semgrep.yaml"), []byte(content), utils.DefaultFilePerms)
+	// Write to file
+	return os.WriteFile(filepath.Join(toolsConfigDir, "semgrep.yaml"), configData, utils.DefaultFilePerms)
 }
 
 // cleanConfigDirectory removes all previous configuration files in the tools-configs directory

plugins/tools/semgrep/rules.yaml

@@ -100813,7 +100813,7 @@ rules:
       - "A01:2021-Broken Access Control"
     cwe: "CWE-22"
     shortDescription: "Improper limitation of a pathname to a restricted directory 
-    ('Path Traversal')"    
+      ('Path Traversal')"    
     references:
       - "https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11.1-Testing_for_Local_File_Inclusion"
       - "https://github.com/semgrep/semgrep-rules/blob/develop/ruby/rails/security/brakeman/check-render-local-file-include.yaml"

tools/semgrepConfigCreator.go

@@ -3,127 +3,91 @@ package tools
 import (
 	"codacy/cli-v2/domain"
 	"fmt"
+	"os"
+	"path/filepath"
 	"strings"
+
+	"gopkg.in/yaml.v3"
 )
 
-// supportedLanguages is a list of all languages supported by Semgrep
-var supportedLanguages = []string{
-	"apex", "bash", "c", "c#", "c++", "cairo",
-	"clojure", "cpp", "csharp", "dart", "docker",
-	"dockerfile", "elixir", "ex", "generic", "go",
-	"golang", "hack", "hcl", "html", "java",
-	"javascript", "js", "json", "jsonnet", "julia",
-	"kotlin", "kt", "lisp", "lua", "move_on_aptos",
-	"none", "ocaml", "php", "promql", "proto",
-	"proto3", "protobuf", "py", "python", "python2",
-	"python3", "ql", "r", "regex", "ruby",
-	"rust", "scala", "scheme", "sh", "sol",
-	"solidity", "swift", "terraform", "tf", "ts",
-	"typescript", "vue", "xml", "yaml",
+// semgrepRulesFile represents the structure of the rules.yaml file
+type semgrepRulesFile struct {
+	Rules []map[string]interface{} `yaml:"rules"`
 }
 
-// CreateSemgrepConfig generates a Semgrep configuration based on the tool configuration
-func CreateSemgrepConfig(config []domain.PatternConfiguration) string {
-	// Build the rules list
-	var rules []string
-
-	// Process each pattern from the API
-	for _, pattern := range config {
+// FilterRulesFromFile extracts enabled rules from a rules.yaml file based on configuration
+func FilterRulesFromFile(rulesFilePath string, config []domain.PatternConfiguration) ([]byte, error) {
+	// Read the rules.yaml file
+	data, err := os.ReadFile(rulesFilePath)
+	if err != nil {
+		return nil, fmt.Errorf("failed to read rules file: %w", err)
+	}
 
-		// Skip if pattern is not enabled
-		if !pattern.Enabled || !pattern.PatternDefinition.Enabled {
-			continue
-		}
+	// Parse the YAML file
+	var allRules semgrepRulesFile
+	if err := yaml.Unmarshal(data, &allRules); err != nil {
+		return nil, fmt.Errorf("failed to parse rules file: %w", err)
+	}
 
-		// Skip if no languages defined
-		if len(pattern.PatternDefinition.Languages) == 0 {
-			continue
+	// Create a map of enabled pattern IDs for faster lookup
+	enabledPatterns := make(map[string]bool)
+	for _, pattern := range config {
+		if pattern.Enabled && pattern.PatternDefinition.Enabled {
+			// Extract rule ID from pattern ID
+			parts := strings.SplitN(pattern.PatternDefinition.Id, "_", 2)
+			if len(parts) == 2 {
+				ruleID := parts[1]
+				enabledPatterns[ruleID] = true
+			}
 		}
+	}
 
-		// Get the first language (Semgrep only supports one language per rule)
-		language := strings.ToLower(pattern.PatternDefinition.Languages[0])
-
-		// Map language names to Semgrep supported languages
-		switch language {
-		case "csharp":
-			language = "c#"
-		case "cpp":
-			language = "c++"
-		case "golang":
-			language = "go"
-		case "js":
-			language = "javascript"
-		case "kt":
-			language = "kotlin"
-		case "py":
-			language = "python"
-		case "sh":
-			language = "bash"
-		case "tf":
-			language = "terraform"
-		case "ts":
-			language = "typescript"
-		}
+	// Filter the rules based on enabled patterns
+	var filteredRules semgrepRulesFile
+	filteredRules.Rules = []map[string]interface{}{}
 
-		// Skip if language is not supported by Semgrep
-		isSupported := false
-		for _, supportedLang := range supportedLanguages {
-			if language == supportedLang {
-				isSupported = true
-				break
-			}
-		}
-		if !isSupported {
-			continue
+	for _, rule := range allRules.Rules {
+		// Get the rule ID
+		if ruleID, ok := rule["id"].(string); ok && enabledPatterns[ruleID] {
+			// If this rule is enabled, include it
+			filteredRules.Rules = append(filteredRules.Rules, rule)
 		}
+	}
 
-		// Extract rule ID from pattern ID
-		parts := strings.SplitN(pattern.PatternDefinition.Id, "_", 2)
-		if len(parts) != 2 {
-			continue // Skip invalid pattern IDs
-		}
+	// If no rules match, return an error
+	if len(filteredRules.Rules) == 0 {
+		return nil, fmt.Errorf("no matching rules found")
+	}
 
-		// The rest is the rule path
-		rulePath := parts[1]
+	// Marshal the filtered rules back to YAML
+	return yaml.Marshal(filteredRules)
+}
 
-		// Ensure we have a valid ID
-		if rulePath == "" {
-			rulePath = "default_rule"
-		}
+// GetSemgrepConfig gets the Semgrep configuration based on the pattern configuration
+func GetSemgrepConfig(config []domain.PatternConfiguration) ([]byte, error) {
+	// Get the default rules file location
+	rulesFile := filepath.Join("plugins", "tools", "semgrep", "rules.yaml")
 
-		// Create rule entry
-		rule := fmt.Sprintf(`  - id: %s
-    pattern: |
-      $X
-    message: "Semgrep rule: %s"
-    languages: [%s]
-    severity: %s`,
-			strings.ReplaceAll(rulePath, ".", "_"), // Replace dots with underscores in ID
-			rulePath,
-			language,
-			strings.ToUpper(pattern.PatternDefinition.SeverityLevel))
-
-		rules = append(rules, rule)
+	// Check if it exists and config is not empty
+	if _, err := os.Stat(rulesFile); err == nil && len(config) > 0 {
+		// Try to filter rules from the file
+		return FilterRulesFromFile(rulesFile, config)
 	}
 
-	// If no rules were added, use a default configuration
-	if len(rules) == 0 {
-		return `rules:
-  - id: default_rule
-    pattern: |
-      $X
-    message: "Semgrep analysis"
-    languages: [generic]
-    severity: INFO
-`
-	}
+	// If rules.yaml doesn't exist or config is empty, return an error
+	return nil, fmt.Errorf("rules.yaml not found or empty configuration")
+}
+
+// GetDefaultSemgrepConfig gets the default Semgrep configuration
+func GetDefaultSemgrepConfig() ([]byte, error) {
+	// Get the default rules file location
+	rulesFile := filepath.Join("plugins", "tools", "semgrep", "rules.yaml")
 
-	// Generate semgrep.yaml content
-	var contentBuilder strings.Builder
-	contentBuilder.WriteString("rules:\n")
-	for _, rule := range rules {
-		contentBuilder.WriteString(rule + "\n")
+	// If the file exists, return its contents
+	if _, err := os.Stat(rulesFile); err == nil {
+		return os.ReadFile(rulesFile)
 	}
 
-	return contentBuilder.String()
+	// Return an error if rules.yaml doesn't exist
+	return nil, fmt.Errorf("rules.yaml not found")
 }