diff --git a/.github/workflows/eslint-check.yml b/.github/workflows/eslint-check.yml deleted file mode 100644 index dbef3d3..0000000 --- a/.github/workflows/eslint-check.yml +++ /dev/null @@ -1,120 +0,0 @@ -name: ESLint Check - -on: - pull_request: - branches: [ '*' ] - paths: - - 'PROJECTS/api-security-scanner/frontend/**/*.ts' - - 'PROJECTS/api-security-scanner/frontend/**/*.tsx' - - 'PROJECTS/api-security-scanner/frontend/eslint.config.js' - - 'PROJECTS/api-security-scanner/frontend/tsconfig*.json' - - 'PROJECTS/api-security-scanner/frontend/package.json' - - '.github/workflows/eslint-check.yml' - -jobs: - eslint-check: - name: ESLint TypeScript Check - runs-on: ubuntu-latest - - permissions: - pull-requests: write - contents: read - - defaults: - run: - working-directory: PROJECTS/api-security-scanner/frontend - - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: Setup Node.js - uses: actions/setup-node@v4 - with: - node-version: '20' - cache: 'npm' - cache-dependency-path: PROJECTS/api-security-scanner/frontend/package-lock.json - - - name: Install dependencies - run: npm install - - - name: Run ESLint - id: eslint_check - run: | - echo "Running ESLint on TypeScript/React files..." - if npm run lint:eslint > eslint-output.txt 2>&1; then - echo "ESLINT_PASSED=true" >> $GITHUB_ENV - echo "✅ No ESLint errors found!" - echo "ERROR_COUNT=0" >> $GITHUB_ENV - else - echo "ESLINT_PASSED=false" >> $GITHUB_ENV - # Count error lines (lines that contain file paths with problems) - error_count=$(grep -c "^/" eslint-output.txt || echo "0") - echo "ERROR_COUNT=$error_count" >> $GITHUB_ENV - echo "⚠️ ESLint found issues in $error_count files!" - fi - cat eslint-output.txt - continue-on-error: true - - - name: Create ESLint Summary - id: create_summary - if: github.event_name == 'pull_request' - run: | - { - echo '## 🔍 ESLint Results' - echo '' - - if [[ "${{ env.ESLINT_PASSED }}" == "true" ]]; then - echo '### ✅ **Perfect! No ESLint issues found** 🎉' - echo '' - echo 'Your TypeScript and React code follows all the coding standards perfectly!' - echo '' - echo '**What was checked:**' - echo '- TypeScript strict type checking and stylistic rules' - echo '- React component patterns and hooks usage' - echo '- Code complexity, naming conventions, and best practices' - echo '- Accessibility (jsx-a11y) and React Refresh compatibility' - else - echo '### ❌ **ESLint found issues in ${{ env.ERROR_COUNT }} files**' - echo '' - echo 'Please review and fix the TypeScript/React issues below:' - echo '' - echo '
📋 View detailed ESLint output' - echo '' - echo '```' - head -100 eslint-output.txt - echo '```' - echo '
' - echo '' - echo '**How to fix:**' - echo '1. Run `cd frontend && npm run lint:eslint` locally to see the issues' - echo '2. Fix the reported TypeScript, React, and code quality problems' - echo '3. For auto-fixable issues: `cd frontend && npx eslint . --ext .ts,.tsx --fix`' - echo '4. Push your changes to update this PR' - fi - echo '' - echo '**Commands:**' - echo '- `cd frontend && npm run lint:eslint` - Run ESLint' - echo '- `cd frontend && npx eslint . --ext .ts,.tsx --fix` - Auto-fix issues' - echo '- ESLint config: `frontend/eslint.config.js`' - echo '' - echo '' - } > eslint-report.md - - - name: Post PR Comment - if: github.event_name == 'pull_request' - uses: peter-evans/create-or-update-comment@v4 - with: - issue-number: ${{ github.event.pull_request.number }} - body-path: PROJECTS/api-security-scanner/frontend/eslint-report.md - edit-mode: replace - - - name: Exit with proper code - run: | - if [[ "${{ env.ESLINT_PASSED }}" == "false" ]]; then - echo "❌ ESLint checks failed. Please fix the issues above." - exit 1 - else - echo "✅ All ESLint checks passed!" - exit 0 - fi diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 79d47a7..88ea38a 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -63,10 +63,6 @@ jobs: - name: ai-threat-detection-backend type: ruff path: PROJECTS/advanced/ai-threat-detection/backend - # Python (ruff) - Templates - - name: fullstack-template-backend - type: ruff - path: TEMPLATES/fullstack-template/backend # Biome (frontend) - name: bug-bounty-platform-frontend type: biome @@ -83,9 +79,6 @@ jobs: - name: encrypted-p2p-chat-frontend type: biome path: PROJECTS/advanced/encrypted-p2p-chat/frontend - - name: fullstack-template-frontend - type: biome - path: TEMPLATES/fullstack-template/frontend # Go - name: simple-vulnerability-scanner type: go diff --git a/.github/workflows/typescript-check.yml b/.github/workflows/typescript-check.yml deleted file mode 100644 index fe81c40..0000000 --- a/.github/workflows/typescript-check.yml +++ /dev/null @@ -1,129 +0,0 @@ -name: TypeScript Type Check - -on: - pull_request: - branches: [ '*' ] - paths: - - 'PROJECTS/api-security-scanner/frontend/**/*.ts' - - 'PROJECTS/api-security-scanner/frontend/**/*.tsx' - - 'PROJECTS/api-security-scanner/frontend/tsconfig*.json' - - 'PROJECTS/api-security-scanner/frontend/package.json' - - '.github/workflows/typescript-check.yml' - -jobs: - typescript-check: - name: TypeScript Type Check - runs-on: ubuntu-latest - - permissions: - pull-requests: write - contents: read - - defaults: - run: - working-directory: PROJECTS/api-security-scanner/frontend - - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: Setup Node.js - uses: actions/setup-node@v4 - with: - node-version: '20' - cache: 'npm' - cache-dependency-path: PROJECTS/api-security-scanner/frontend/package-lock.json - - - name: Install dependencies - run: | - for i in {1..3}; do - echo "Attempt $i of 3..." - if npm install; then - echo "✅ npm install succeeded" - break - else - echo "⚠️ npm install failed, retrying in 10 seconds..." - sleep 10 - fi - done - - - name: Run TypeScript type checking - id: typescript_check - run: | - echo "Running TypeScript type checking..." - if npm run lint:types > typescript-output.txt 2>&1; then - echo "TYPESCRIPT_PASSED=true" >> $GITHUB_ENV - echo "✅ No TypeScript type errors found!" - echo "ERROR_COUNT=0" >> $GITHUB_ENV - else - echo "TYPESCRIPT_PASSED=false" >> $GITHUB_ENV - # Count error lines (lines that contain errors) - error_count=$(grep -c "error TS" typescript-output.txt || echo "0") - echo "ERROR_COUNT=$error_count" >> $GITHUB_ENV - echo "⚠️ TypeScript found $error_count type errors!" - fi - cat typescript-output.txt - continue-on-error: true - - - name: Create TypeScript Summary - id: create_summary - if: github.event_name == 'pull_request' - run: | - { - echo '## 📝 TypeScript Type Check Results' - echo '' - - if [[ "${{ env.TYPESCRIPT_PASSED }}" == "true" ]]; then - echo '### ✅ **Perfect! No TypeScript type errors found** 🎉' - echo '' - echo 'Your TypeScript code passes all strict type checking requirements!' - echo '' - echo '**What was checked:**' - echo '- Strict type checking with `exactOptionalPropertyTypes`' - echo '- No unused locals or parameters' - echo '- Proper return types and void expressions' - echo '- Module resolution and import/export syntax' - else - echo '### ❌ **TypeScript found ${{ env.ERROR_COUNT }} type errors**' - echo '' - echo 'Please review and fix the TypeScript type errors below:' - echo '' - echo '
📋 View detailed TypeScript output' - echo '' - echo '```' - head -100 typescript-output.txt - echo '```' - echo '
' - echo '' - echo '**How to fix:**' - echo '1. Run `cd frontend && npm run lint:types` locally to see the type errors' - echo '2. Fix the reported TypeScript type issues' - echo '3. Ensure all variables have proper types and return types are explicit' - echo '4. Push your changes to update this PR' - fi - echo '' - echo '**Commands:**' - echo '- `cd frontend && npm run lint:types` - Run TypeScript type checking' - echo '- `cd frontend && npm run build` - Run full build with type checking' - echo '- TypeScript config: `frontend/tsconfig.app.json`' - echo '' - echo '' - } > typescript-report.md - - - name: Post PR Comment - if: github.event_name == 'pull_request' - uses: peter-evans/create-or-update-comment@v4 - with: - issue-number: ${{ github.event.pull_request.number }} - body-path: PROJECTS/api-security-scanner/frontend/typescript-report.md - edit-mode: replace - - - name: Exit with proper code - run: | - if [[ "${{ env.TYPESCRIPT_PASSED }}" == "false" ]]; then - echo "❌ TypeScript type checking failed. Please fix the type errors above." - exit 1 - else - echo "✅ All TypeScript type checks passed!" - exit 0 - fi diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 3d079ca..84bc250 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -84,13 +84,6 @@ repos: files: ^PROJECTS/advanced/ai-threat-detection/backend/ exclude: (\.venv|__pycache__|\.pytest_cache)/ - # Templates - - id: ruff - name: ruff check (fullstack-template backend) - args: [--fix, --exit-non-zero-on-fix] - files: ^TEMPLATES/fullstack-template/backend/ - exclude: (\.venv|__pycache__|\.pytest_cache)/ - # Go golangci-lint Checks - repo: local @@ -149,13 +142,6 @@ repos: files: ^PROJECTS/advanced/encrypted-p2p-chat/frontend/src/ pass_filenames: false - - id: biome-fullstack-template - name: biome check (fullstack-template frontend) - entry: bash -c 'cd TEMPLATES/fullstack-template/frontend && npx @biomejs/biome check .' - language: system - files: ^TEMPLATES/fullstack-template/frontend/src/ - pass_filenames: false - - repo: https://github.com/pre-commit/pre-commit-hooks rev: v6.0.0 hooks: diff --git a/PROJECTS/advanced/bug-bounty-platform/backend/app/core/enums.py b/PROJECTS/advanced/bug-bounty-platform/backend/app/core/enums.py index 1b56a8a..0c151ad 100644 --- a/PROJECTS/advanced/bug-bounty-platform/backend/app/core/enums.py +++ b/PROJECTS/advanced/bug-bounty-platform/backend/app/core/enums.py @@ -3,7 +3,7 @@ enums.py """ -from enum import Enum +from enum import Enum, StrEnum from typing import Any import sqlalchemy as sa @@ -46,7 +46,7 @@ def _object_value_for_elem(self, elem: str) -> Enum: raise -class Environment(str, Enum): +class Environment(StrEnum): """ Application environment. """ @@ -55,7 +55,7 @@ class Environment(str, Enum): PRODUCTION = "production" -class UserRole(str, Enum): +class UserRole(StrEnum): """ User roles for authorization. """ @@ -65,7 +65,7 @@ class UserRole(str, Enum): ADMIN = "admin" -class TokenType(str, Enum): +class TokenType(StrEnum): """ JWT token types. """ @@ -73,7 +73,7 @@ class TokenType(str, Enum): REFRESH = "refresh" -class HealthStatus(str, Enum): +class HealthStatus(StrEnum): """ Health check status values. """ @@ -82,7 +82,7 @@ class HealthStatus(str, Enum): DEGRADED = "degraded" -class ProgramStatus(str, Enum): +class ProgramStatus(StrEnum): """ Bug bounty program lifecycle status. """ @@ -92,7 +92,7 @@ class ProgramStatus(str, Enum): CLOSED = "closed" -class ProgramVisibility(str, Enum): +class ProgramVisibility(StrEnum): """ Bug bounty program visibility level. """ @@ -101,7 +101,7 @@ class ProgramVisibility(str, Enum): INVITE_ONLY = "invite_only" -class AssetType(str, Enum): +class AssetType(StrEnum): """ Type of asset in a bug bounty program scope. """ @@ -113,7 +113,7 @@ class AssetType(str, Enum): OTHER = "other" -class Severity(str, Enum): +class Severity(StrEnum): """ Vulnerability severity levels aligned with CVSS. """ @@ -124,7 +124,7 @@ class Severity(str, Enum): INFORMATIONAL = "informational" -class ReportStatus(str, Enum): +class ReportStatus(StrEnum): """ Vulnerability report lifecycle status. """ diff --git a/PROJECTS/advanced/encrypted-p2p-chat/backend/app/core/enums.py b/PROJECTS/advanced/encrypted-p2p-chat/backend/app/core/enums.py index b4270c8..013a04a 100644 --- a/PROJECTS/advanced/encrypted-p2p-chat/backend/app/core/enums.py +++ b/PROJECTS/advanced/encrypted-p2p-chat/backend/app/core/enums.py @@ -3,10 +3,10 @@ Application enums for type safety """ -from enum import Enum +from enum import StrEnum -class MessageStatus(str, Enum): +class MessageStatus(StrEnum): """ Message delivery status """ @@ -17,7 +17,7 @@ class MessageStatus(str, Enum): FAILED = "failed" -class PresenceStatus(str, Enum): +class PresenceStatus(StrEnum): """ User presence status """ @@ -26,7 +26,7 @@ class PresenceStatus(str, Enum): OFFLINE = "offline" -class RoomType(str, Enum): +class RoomType(StrEnum): """ Chat room types """ diff --git a/PROJECTS/beginner/simple-vulnerability-scanner/internal/osv/client.go b/PROJECTS/beginner/simple-vulnerability-scanner/internal/osv/client.go index f0383cf..522e76b 100644 --- a/PROJECTS/beginner/simple-vulnerability-scanner/internal/osv/client.go +++ b/PROJECTS/beginner/simple-vulnerability-scanner/internal/osv/client.go @@ -162,7 +162,7 @@ func (c *Client) queryBatch( req.Header.Set("Content-Type", "application/json") req.Header.Set("User-Agent", userAgent) - resp, err := c.http.Do(req) + resp, err := c.http.Do(req) //nolint:gosec // hardcoded OSV API endpoint if err != nil { return nil, err } @@ -191,7 +191,7 @@ func (c *Client) fetchVuln( } req.Header.Set("User-Agent", userAgent) - resp, err := c.http.Do(req) + resp, err := c.http.Do(req) //nolint:gosec // hardcoded OSV API endpoint if err != nil { return nil, err } diff --git a/PROJECTS/beginner/simple-vulnerability-scanner/internal/pypi/cache.go b/PROJECTS/beginner/simple-vulnerability-scanner/internal/pypi/cache.go index a589cc1..6f7e51b 100644 --- a/PROJECTS/beginner/simple-vulnerability-scanner/internal/pypi/cache.go +++ b/PROJECTS/beginner/simple-vulnerability-scanner/internal/pypi/cache.go @@ -67,12 +67,12 @@ func (c *Cache) Set(key string, entry *CacheEntry) error { if _, writeErr := tmp.Write(data); writeErr != nil { _ = tmp.Close() //nolint:errcheck - _ = os.Remove(tmp.Name()) //nolint:errcheck + _ = os.Remove(tmp.Name()) //nolint:errcheck,gosec return writeErr } _ = tmp.Close() //nolint:errcheck - return os.Rename(tmp.Name(), c.path(key)) + return os.Rename(tmp.Name(), c.path(key)) //nolint:gosec } // Touch refreshes the CachedAt timestamp without changing stored data diff --git a/PROJECTS/beginner/simple-vulnerability-scanner/internal/pypi/client.go b/PROJECTS/beginner/simple-vulnerability-scanner/internal/pypi/client.go index 6205d9b..bab7725 100644 --- a/PROJECTS/beginner/simple-vulnerability-scanner/internal/pypi/client.go +++ b/PROJECTS/beginner/simple-vulnerability-scanner/internal/pypi/client.go @@ -202,7 +202,7 @@ func (c *Client) doWithRetry( } } - resp, err := c.http.Do(req) + resp, err := c.http.Do(req) //nolint:gosec if err != nil { lastErr = err continue diff --git a/PROJECTS/intermediate/api-security-scanner/backend/core/enums.py b/PROJECTS/intermediate/api-security-scanner/backend/core/enums.py index 4101d79..7882a85 100644 --- a/PROJECTS/intermediate/api-security-scanner/backend/core/enums.py +++ b/PROJECTS/intermediate/api-security-scanner/backend/core/enums.py @@ -2,10 +2,10 @@ Enum definitions for the application for type safety """ -from enum import Enum +from enum import StrEnum -class ScanStatus(str, Enum): +class ScanStatus(StrEnum): """ Enum for scan result status """ @@ -15,7 +15,7 @@ class ScanStatus(str, Enum): ERROR = "error" -class Severity(str, Enum): +class Severity(StrEnum): """ Enum for vulnerability severity levels """ @@ -27,7 +27,7 @@ class Severity(str, Enum): INFO = "info" -class TestType(str, Enum): +class TestType(StrEnum): """ Enum for available security test types """ diff --git a/PROJECTS/intermediate/docker-security-audit/internal/analyzer/compose.go b/PROJECTS/intermediate/docker-security-audit/internal/analyzer/compose.go index 49dd44b..04b96b1 100644 --- a/PROJECTS/intermediate/docker-security-audit/internal/analyzer/compose.go +++ b/PROJECTS/intermediate/docker-security-audit/internal/analyzer/compose.go @@ -448,7 +448,10 @@ func (a *ComposeAnalyzer) checkEnvironment( if rules.IsSensitiveEnvName(varName) && varValue != "" { if !isVariableReference(varValue) { - loc := &finding.Location{Path: a.path, Line: itemNode.Line} + loc := &finding.Location{ + Path: a.path, + Line: itemNode.Line, + } f := finding.New("CIS-4.10", "Service '"+serviceName+"' has sensitive variable '"+varName+"' with hardcoded value", finding.SeverityHigh, target). WithDescription("Hardcoding secrets in compose files exposes them in version control."). WithCategory(string(CategoryCompose)). diff --git a/PROJECTS/intermediate/docker-security-audit/tests/integration/compose_test.go b/PROJECTS/intermediate/docker-security-audit/tests/integration/compose_test.go index 5f0fd85..497b2e1 100644 --- a/PROJECTS/intermediate/docker-security-audit/tests/integration/compose_test.go +++ b/PROJECTS/intermediate/docker-security-audit/tests/integration/compose_test.go @@ -632,8 +632,11 @@ func TestComposeAnalyzer_AllFiles(t *testing.T) { "Should have CRITICAL findings", ) } else { - assert.False(t, findings.HasSeverityAtOrAbove(finding.SeverityCritical), - "Should NOT have CRITICAL findings") + assert.False( + t, + findings.HasSeverityAtOrAbove(finding.SeverityCritical), + "Should NOT have CRITICAL findings", + ) } if tc.wantHigh {