engine:refactor - improving engine code and performance (ZupIT#60)

This commit contains a complete engine refactoring and includes some breaking changes. The use of the engine has been simplified to just one function called Run, this function will receive a context, project path that must be analyzed and a slice of rules. These rules are defined by a generic interface and each one have your own implementation, that will make it easy to add other types of analysis in the future, such as semantic. Various performance and code improvements have also been made, which dramatically improved code quality and analysis time. Signed-off-by: Nathan Martins <nathan.martins@zup.com.br>
ne0z · Jun 23, 2022 · ed43df6 · ed43df6
1 parent bc59273
commit ed43df6
Show file tree

Hide file tree

Showing 28 changed files with 915 additions and 2,355 deletions.
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -1,3 +1,3 @@
 # GitHub code owners
 # See https://github.com/blog/2392-introducing-code-owners
-* @wiliansilvazup @nathannascimentozup @igorreiszup @lucasbrunozup @nathanmartinszup
+* @wiliansilvazup @matheusalcantarazup @lucasbrunozup @nathanmartinszup @iancardosozup
diff --git a/.golangci.yml b/.golangci.yml
@@ -12,7 +12,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-
 linters-settings:
   depguard:
     list-type: blacklist
@@ -46,8 +45,6 @@ linters-settings:
     min-complexity: 5
   goimports:
     local-prefixes: github.com/ZupIT/horusec-engine
-  golint:
-    min-confidence: 0
   gomnd:
     settings:
       mnd:
@@ -71,7 +68,7 @@ linters-settings:
   nolintlint:
     allow-leading-space: true # don't require machine-readable nolint directives (i.e. with no leading space)
     allow-unused: false # report any unused nolint directives
-    require-explanation: false # don't require an explanation for nolint directives
+    require-explanation: true # don't require an explanation for nolint directives
     require-specific: false # don't require nolint directives to be specific about which linter is being skipped
 
 linters:
@@ -94,7 +91,6 @@ linters:
     - gocyclo
     - gofmt
     - goimports
-    - golint
     - gomnd
     - goprintffuncname
     - gosec
@@ -116,22 +112,26 @@ linters:
     - unused
     - varcheck
     - whitespace
+    - gci
+    - gofumpt
+    - testpackage
+    - wsl
+    - nlreturn
+    - nestif
+    - gocognit
+    - errorlint
+    - revive
 
   # don't enable:
   # - asciicheck
   # - scopelint
   # - gochecknoglobals
-  # - gocognit
   # - godot
   # - godox
-  # - goerr113
   # - interfacer
   # - maligned
-  # - nestif
   # - prealloc
-  # - testpackage
-  # - revive
-  # - wsl
+  # - goerr113
 
 issues:
 exclude-rules:
@@ -140,11 +140,13 @@ exclude-rules:
     source: "^// "
 
 run:
+  skip-dirs-use-default: true
   skip-dirs:
     - vendor/
-    - text/examples/
-    - tmp
+    - tmp/
     - e2e/
+    - examples/
   skip-files:
     - .*_test.go
-    - .*_mock.go
+    - .*_mock.go
+    - ".*tmp.*"
diff --git a/Makefile b/Makefile
@@ -1,23 +1,18 @@
 GO ?= go
 GOFMT ?= gofmt
-GO_FILES ?= $$(find . -name '*.go' | grep -v vendor)
-GOLANG_CI_LINT ?= ./bin/golangci-lint
+GO_FILES ?= $$(find . -name '*.go' | grep -v vendor | grep -v /examples/)
+GOLANG_CI_LINT ?= golangci-lint
 GO_IMPORTS ?= goimports
 GO_IMPORTS_LOCAL ?= github.com/ZupIT/horusec-engine
 HORUSEC ?= horusec
+GO_FUMPT ?= gofumpt
+GO_GCI ?= gci
 ADDLICENSE ?= addlicense
 GO_LIST_TO_TEST ?= $$(go list ./... | grep -v /text/examples/)
 
-fmt:
-	$(GOFMT) -w $(GO_FILES)
-
 lint:
-    ifeq ($(wildcard $(GOLANG_CI_LINT)), $(GOLANG_CI_LINT))
-		$(GOLANG_CI_LINT) run -v --timeout=5m -c .golangci.yml ./...
-    else
-		curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s latest
-		$(GOLANG_CI_LINT) run -v --timeout=5m -c .golangci.yml ./...
-    endif
+	$(GO) install github.com/golangci/golangci-lint/cmd/golangci-lint@latest
+	$(GOLANG_CI_LINT) run -v --timeout=5m -c .golangci.yml ./...
 
 coverage:
 	curl -fsSL https://raw.githubusercontent.com/ZupIT/horusec-devkit/main/scripts/coverage.sh | bash -s 66.3 .
@@ -26,13 +21,16 @@ test:
 	$(GO) clean -testcache
 	$(GO) test -v $(GO_LIST_TO_TEST) -race -timeout=5m -parallel=1 -failfast -short
 
-fix-imports:
-    ifeq (, $(shell which $(GO_IMPORTS)))
-		$(GO) get -u golang.org/x/tools/cmd/goimports
-		$(GO_IMPORTS) -local $(GO_IMPORTS_LOCAL) -w $(GO_FILES)
-    else
-		$(GO_IMPORTS) -local $(GO_IMPORTS_LOCAL) -w $(GO_FILES)
-    endif
+format: install-format-dependencies
+	$(GOFMT) -s -l -w $(GO_FILES)
+	$(GO_IMPORTS) -w -local $(GO_IMPORTS_LOCAL) $(GO_FILES)
+	$(GO_FUMPT) -l -w $(GO_FILES)
+	$(GO_GCI) -w -local $(GO_IMPORTS_LOCAL) $(GO_FILES)
+
+install-format-dependencies:
+	$(GO) install golang.org/x/tools/cmd/goimports@latest
+	$(GO) install mvdan.cc/gofumpt@latest
+	$(GO) install github.com/daixiang0/gci@latest
 
 security:
     ifeq (, $(shell which $(HORUSEC)))
@@ -42,12 +40,12 @@ security:
 		$(HORUSEC) start -p="./" -e="true"
     endif
 
-pipeline: fmt fix-imports lint test coverage security
-
 license:
-	$(GO) get -u github.com/google/addlicense
+	$(GO) install github.com/google/addlicense@latest
 	@$(ADDLICENSE) -check -f ./copyright.txt $(shell find -regex '.*\.\(go\|js\|ts\|yml\|yaml\|sh\|dockerfile\)')
 
 license-fix:
-	$(GO) get -u github.com/google/addlicense
+	$(GO) install github.com/google/addlicense@latest
 	@$(ADDLICENSE) -f ./copyright.txt $(shell find -regex '.*\.\(go\|js\|ts\|yml\|yaml\|sh\|dockerfile\)')
+
+pipeline: format license-fix lint test coverage security
diff --git a/copyright.txt b/copyright.txt
@@ -1,4 +1,4 @@
-Copyright 2020 ZUP IT SERVICOS EM TECNOLOGIA E INOVACAO SA
+Copyright 2022 ZUP IT SERVICOS EM TECNOLOGIA E INOVACAO SA
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.