trusty-analyze 0.2.0

Sidecar code-analysis daemon for trusty-search: complexity, smells, quality, facts
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106

//! `StaticcheckTool` — Go diagnostics via `staticcheck`.
//!
//! Why: staticcheck is the de-facto Go static analyzer; its line-delimited
//! JSON output is easy to normalize.
//! What: runs `staticcheck -f json <file>` and parses one JSON object per
//! line into a `ToolDiagnostic`.
//! Test: `parse_staticcheck_json_extracts_diagnostic` parses a captured line.

use std::path::Path;

use anyhow::Result;
use serde_json::Value;

use super::run_command;
use crate::core::tools::{Severity, StaticTool, ToolDiagnostic};

/// Go static-analysis tool backed by `staticcheck`.
pub struct StaticcheckTool;

impl StaticTool for StaticcheckTool {
    fn name(&self) -> &str {
        "staticcheck"
    }

    fn language(&self) -> &str {
        "go"
    }

    fn is_available(&self) -> bool {
        which::which("staticcheck").is_ok()
    }

    fn run(&self, file: &Path, _content: &str) -> Result<Vec<ToolDiagnostic>> {
        let dir = file.parent().unwrap_or_else(|| Path::new("."));
        let path = file.to_string_lossy();
        let out = match run_command("staticcheck", &["-f", "json", &path], dir) {
            Ok(o) => o,
            Err(e) => {
                tracing::debug!("staticcheck invocation failed: {e}");
                return Ok(Vec::new());
            }
        };
        Ok(parse_staticcheck_json(&out.stdout))
    }
}

/// Parse staticcheck's newline-delimited JSON into diagnostics.
fn parse_staticcheck_json(stdout: &str) -> Vec<ToolDiagnostic> {
    let mut diags = Vec::new();
    for line in stdout.lines() {
        let line = line.trim();
        if line.is_empty() {
            continue;
        }
        let Ok(obj) = serde_json::from_str::<Value>(line) else {
            continue;
        };
        if let Some(d) = staticcheck_obj_to_diag(&obj) {
            diags.push(d);
        }
    }
    diags
}

/// Convert a single staticcheck JSON object into a `ToolDiagnostic`.
fn staticcheck_obj_to_diag(obj: &Value) -> Option<ToolDiagnostic> {
    let location = obj.get("location")?;
    let file = location.get("file").and_then(Value::as_str)?.to_string();
    let line = location.get("line").and_then(Value::as_u64).unwrap_or(0) as u32;
    let col = location.get("column").and_then(Value::as_u64).unwrap_or(0) as u32;
    let message = obj
        .get("message")
        .and_then(Value::as_str)
        .unwrap_or("")
        .to_string();
    let code = obj.get("code").and_then(Value::as_str).map(str::to_string);
    Some(ToolDiagnostic {
        tool: "staticcheck".into(),
        file,
        line,
        col,
        severity: Severity::Warning,
        code,
        message,
    })
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn parse_staticcheck_json_extracts_diagnostic() {
        let line = r#"{"code":"SA4006","message":"value never used","location":{"file":"main.go","line":12,"column":3}}"#;
        let diags = parse_staticcheck_json(line);
        assert_eq!(diags.len(), 1);
        assert_eq!(diags[0].line, 12);
        assert_eq!(diags[0].code.as_deref(), Some("SA4006"));
        assert_eq!(diags[0].severity, Severity::Warning);
    }

    #[test]
    fn parse_staticcheck_json_tolerates_garbage() {
        assert!(parse_staticcheck_json("not json\n{}\n").is_empty());
    }
}