Move inline SAST Analyzer testdata into files

Proposal

The conventional Category:SAST analyzer has a convert function that accepts a reader io.Reader parameter. When testing convert, the majority of the analyzers pass this reader parameter by defining a scanner report inline (within the convert_test.go file). Inlining scanner reports leads to bloated test files which can be difficult to maintain. Instead, we should make use of a testdata folder that contains scanner reports which are passed into convert. See how secret detection does this as an example.

Tasks

Update convert tests to call convert with a file reader. If the scanner report is less than 35 lines you can leave the report defined inline.

sobelow
spotbugs
pmd-apex
eslint
gosec
security-code-scan | gitlab-org/security-products/analyzers/security-code-scan!82 (merged)
phpcs-security-audit
brakeman
bandit
flawfinder

Edited May 25, 2021 by Zach Rice

Assignee Loading

Time tracking Loading