Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove unnecessary blank (_) identifier #551

Merged
merged 2 commits into from
Feb 16, 2021
Merged

Remove unnecessary blank (_) identifier #551

merged 2 commits into from
Feb 16, 2021

Conversation

withshubh
Copy link
Contributor

@withshubh withshubh commented Feb 1, 2021
edited
Loading

Hi 👋
I ran the DeepSource static analyzer on the forked copy of this repo and found some interesting code quality issues. This PR fixed a few of them.

Summary of changes

  • Remove unnecessary blank (_) identifier
  • Added .deepsource.toml

stevenh
stevenh requested changes Feb 2, 2021
View reviewed changes
.deepsource.toml Outdated
@@ -0,0 +1,10 @@
version = 1
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like a local file which shouldn't be included?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a configuration file required to activate analysis in the repo. Apart from finding issues in Go, You can use DeepSource to track test coverage, detect problems in Dockerfiles.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@stevenh any update on this? 💖

Copy link
Collaborator

@stevenh stevenh Feb 7, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @wricardo sorry I missed your reply there.

I'm happy merge the code fix but would need to do some more research on deepsource as looks like its triggering some false positives in that link.

For other projects I've used golangci-lint which is good so will have a look at adding that here too.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Draft of the golangci-lint is here: #554 if you're interested in helping review as there are lots of fixes.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@stevenh The false-positive rate of the DeepSource analyzer is less than 5%. You can integrate it to track test coverage, Detect problems in Dockerfiles, etc. in addition to detecting issues in Go. Read more about it here.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

5% is pretty high IMO, lets get the fix merged without deepsource then we can look at that later, without blocking the fix.

@withshubh
Copy link
Contributor Author

@stevenh I have removed the configuration file.

I would really appreciate it if you could drop a suggestion on what we can do onboard you(or redigo) on DeepSource in the future. 💖

@stevenh stevenh merged commit e2bc6db into gomodule:master Feb 16, 2021
@withshubh
Copy link
Contributor Author

@stevenh 👋 just want to follow up on this!

@stevenh
Copy link
Collaborator

stevenh commented Feb 19, 2021

Thank you for the PR, new release was cut last night too, which includes a bunch more fixes :)

@withshubh
Copy link
Contributor Author

Can I submit a new PR with the configuration file which I used to configure the analysis?
You can merge the configuration file to activate DeepSource and fix these issues.

@stevenh
Copy link
Collaborator

stevenh commented Feb 19, 2021

I believe all of those are already fixed.

If there are issues which DeepSource detects that aren't I'd like to hear about that.

@withshubh
Copy link
Contributor Author

I updated my forked master and ran the analysis. DeepSource caught security issues that you might want to fix.

@stevenh
Copy link
Collaborator

stevenh commented Feb 20, 2021

Thanks @withshubh.

I had a quick look, the sha1 errors are false positives as its not being used for crypto and the tls one is a fallback when the user doesn't provide a config, hence needs to be permissive for usability. It could be argued that this should just return an error but that wouldn't be backwards compatible :(

@withshubh
Copy link
Contributor Author

Got it.
Thanks! @stevenh

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stevenh stevenh stevenh requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@withshubh @stevenh