Conditions | 11 |
Total Lines | 79 |
Code Lines | 51 |
Lines | 0 |
Ratio | 0 % |
Changes | 0 |
Small methods make your code easier to understand, in particular if combined with a good name. Besides, if your method is small, finding a good name is usually much easier.
For example, if you find yourself adding comments to a method's body, this is usually a good sign to extract the commented part to a new method, and use the comment as a starting point when coming up with a good name for this new method.
Commonly applied refactorings include:
If many parameters/temporary variables are present:
Complex classes like github.FillGitHubSecurityAlerts often do a lot of different things. To break such a class down, we need to identify a cohesive component within that class. A common approach to find such a component is to look for fields/methods that share the same prefixes, or suffixes.
Once you have determined the fields that belong together, you can apply the Extract Class refactoring. If the component makes sense as a sub-class, Extract Subclass is also a candidate, and is often faster.
1 | /* Vuls - Vulnerability Scanner |
||
37 | func FillGitHubSecurityAlerts(r *models.ScanResult, owner, repo, token string) (nCVEs int, err error) { |
||
38 | src := oauth2.StaticTokenSource( |
||
39 | &oauth2.Token{AccessToken: token}, |
||
40 | ) |
||
41 | httpClient := oauth2.NewClient(context.Background(), src) |
||
42 | |||
43 | // TODO Use `https://github.com/shurcooL/githubv4` if the tool supports vulnerabilityAlerts Endpoint |
||
44 | const jsonfmt = `{"query": |
||
45 | "query { repository(owner:\"%s\", name:\"%s\") { url, vulnerabilityAlerts(first: %d, %s) { pageInfo{ endCursor, hasNextPage, startCursor}, edges { node { id, externalIdentifier, externalReference, fixedIn, packageName, dismissReason, dismissedAt } } } } }"}` |
||
46 | after := "" |
||
47 | |||
48 | for { |
||
49 | jsonStr := fmt.Sprintf(jsonfmt, owner, repo, 100, after) |
||
50 | req, err := http.NewRequest("POST", |
||
51 | "https://api.github.com/graphql", |
||
52 | bytes.NewBuffer([]byte(jsonStr)), |
||
53 | ) |
||
54 | if err != nil { |
||
55 | return 0, err |
||
56 | } |
||
57 | |||
58 | // https://developer.github.com/v4/previews/#repository-vulnerability-alerts |
||
59 | // To toggle this preview and access data, need to provide a custom media type in the Accept header: |
||
60 | // MEMO: I tried to get the affected version via GitHub API. Bit it seems difficult to determin the affected version if there are multiple dependency files such as package.json. |
||
61 | // TODO remove this header if it is no longer preview status in the future. |
||
62 | req.Header.Set("Accept", "application/vnd.github.vixen-preview+json") |
||
63 | req.Header.Set("Content-Type", "application/json") |
||
64 | |||
65 | resp, err := httpClient.Do(req) |
||
66 | if err != nil { |
||
67 | return 0, err |
||
68 | } |
||
69 | defer resp.Body.Close() |
||
70 | alerts := SecurityAlerts{} |
||
71 | if json.NewDecoder(resp.Body).Decode(&alerts); err != nil { |
||
72 | return 0, err |
||
73 | } |
||
74 | |||
75 | util.Log.Debugf("%s", pp.Sprint(alerts)) |
||
76 | |||
77 | for _, v := range alerts.Data.Repository.VulnerabilityAlerts.Edges { |
||
78 | if config.Conf.IgnoreGitHubDismissed && v.Node.DismissReason != "" { |
||
79 | continue |
||
80 | } |
||
81 | |||
82 | pkgName := fmt.Sprintf("%s %s", |
||
83 | alerts.Data.Repository.URL, v.Node.PackageName) |
||
84 | |||
85 | m := models.GitHubSecurityAlert{ |
||
86 | PackageName: pkgName, |
||
87 | FixedIn: v.Node.FixedIn, |
||
88 | AffectedRange: v.Node.AffectedRange, |
||
89 | Dismissed: len(v.Node.DismissReason) != 0, |
||
90 | DismissedAt: v.Node.DismissedAt, |
||
91 | DismissReason: v.Node.DismissReason, |
||
92 | } |
||
93 | |||
94 | cveID := v.Node.ExternalIdentifier |
||
95 | |||
96 | if val, ok := r.ScannedCves[cveID]; ok { |
||
97 | val.GitHubSecurityAlerts = val.GitHubSecurityAlerts.Add(m) |
||
98 | r.ScannedCves[cveID] = val |
||
99 | nCVEs++ |
||
100 | } else { |
||
101 | v := models.VulnInfo{ |
||
102 | CveID: cveID, |
||
103 | Confidences: models.Confidences{models.GitHubMatch}, |
||
104 | GitHubSecurityAlerts: models.GitHubSecurityAlerts{m}, |
||
105 | } |
||
106 | r.ScannedCves[cveID] = v |
||
107 | nCVEs++ |
||
108 | } |
||
109 | } |
||
110 | if !alerts.Data.Repository.VulnerabilityAlerts.PageInfo.HasNextPage { |
||
111 | break |
||
112 | } |
||
113 | after = fmt.Sprintf(`after: \"%s\"`, alerts.Data.Repository.VulnerabilityAlerts.PageInfo.EndCursor) |
||
114 | } |
||
115 | return nCVEs, err |
||
116 | } |
||
145 |