Feature additional golang support#189
Draft
RyanJarv wants to merge 8 commits intopeteromallet:mainfrom
Draft
Conversation
Follow-up to 385a7527f5df921622ae8987012ae94993e945b3. Keep make_finding/show signature behavior unchanged while fixing the source of the mismatch: tree-sitter responsibility cohesion now emits dict detail, with tests asserting the new fields.
Implement 5 missing Go detectors to bring Go support in line with Python and TypeScript: code smell detection (15 patterns), unused symbol detection via staticcheck, regex-based security checks (7 rules), god struct detection, and a real dependency graph builder replacing the previous stub. Includes 90 tests and mypy coverage. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add InsecureSkipVerify security check (high severity)
- Add fmt.Errorf %v-instead-of-%w error wrapping smell (medium)
- Add json.Unmarshal into interface{}/any smell (medium)
- Align monster_function threshold to 150 LOC (matches TS/Python)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Skip tree-sitter unused imports phase: Go compiler already enforces unused imports as a compile error, and the generic name extractor mishandles Go versioned import paths (e.g. constructs/v10 → "v10") - Add same-package implicit edges in dep graph: Go files sharing a package declaration in the same directory are implicitly linked, preventing them from being flagged as orphaned Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Remove unused colorize/print_table imports from commands.py. Merge same-package edge detection into the main file-reading loop in deps.py to avoid reading every Go file twice. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The regex-based detector can't distinguish interpolated table/column names (safe) from user values (unsafe). Lower confidence to medium and guide users to annotate intentional cases with a SECURITY comment. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- deps.py: Normalize file paths to absolute before matching — fixes cross-package import edges being silently dropped (find_go_files returns relative, resolve_go_import returns absolute) - smells.py: Remove string_int_conv check (100% false positive rate, go vet already handles this) - smells.py: Fix unreachable_code to handle closure braces (}), etc.) and multi-line return statements (198 → 13 findings) - smells.py: Rewrite global_var as dedicated detector that only flags top-level declarations and skips idiomatic patterns like cobra commands, compiled regexes, sync primitives (468 → 59 findings) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
RyanJarv
force-pushed
the
feature-additional-golang-support
branch
from
1738823 to
fa5838a
Compare
Owner
|
This is hugely appreciated — Go support is something people have been asking about. Let me know when it's ready to go and I'll take a proper look. Thanks for putting the time into this! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
wip additional support for golang