search

flashmob / go-guerrilla

Mini SMTP server written in golang
MIT License
2.77k stars 365 forks source link

Potential code quality issues found #211

Open ghost opened 4 years ago

ghost commented 4 years ago

I forked this repo a while ago and ran a DeepSource analysis on it. DeepSource found a variety of different issues categorized based on their types and severity which you can view here.

Brief description - Anti-Patterns: 62 Bug Risks: 80 Performance issues: 1 Security Issues: 9

You can find a detailed description and fixes for some of them here.

Please let me know what issues you'd like to focus on fixing and I'd be happy to take a look into it. Also, you can choose to hide certain types of issues too (if you wish to ignore them or you believe it is a false positive). I'd also be happy to send a patch with the DeepSource configuration file with the required fixes.

flashmob commented 4 years ago

Great!

Please note that the tool caught a lot of false positives. Eg. https://deepsource.io/gh/chsatyap/go-guerrilla/issue/SCC-SA4006/occurrences The vars are overwritten and we don't care about them normally, but these are helpful for me sometimes when stepping through the debugger - the value can be observed with each step. (there's no need to print it) Anyhow, nice tool - would be good to try it out on the "stream" branch later.

On Tue, 28 Jul 2020 at 17:57, Satya Pawan notifications@github.com wrote:

I forked this repo a while ago and ran a DeepSource analysis on it. DeepSource found a variety of different issues categorized based on their types and severity which you can view here https://deepsource.io/gh/chsatyap/go-guerrilla/.

Brief description - Anti-Patterns: 62 Bug Risks: 80 Performance issues: 1 Security Issues: 9

You can find a detailed description and fixes for some of them here https://deepsource.io/gh/chsatyap/go-guerrilla/issues/?category=recommended .

Please let me know what issues you'd like to focus on fixing and I'd be happy to take a look into it. Also, you can choose to hide certain types of issues too (if you wish to ignore them or you believe it is a false positive). I'd also be happy to send a patch with the DeepSource configuration file with the required fixes.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/flashmob/go-guerrilla/issues/211, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAE6MP4G3RLCFNUA7PKLYSDR52HJNANCNFSM4PKJJICQ .

ghost commented 4 years ago

False positives can be ignored. The analyzer shouldn't bring it up again. There are multiple options through which you can change the behaviour and the type of issues to be tracked.

Let me know whenever you'd like to try it out on the "stream" branch! :)