fix(quality): clear SonarCloud Quality Gate on main#73
Merged
Conversation
Three-part cleanup to clear the 21 security hotspots blocking the
SonarCloud Quality Gate on main after the design-system + storage
rebalance merges.
Changes
* internal/ui/ui.go: drop the embedded HTML template machinery.
The four base.html/header.html templates were embedded and parsed
at startup but never executed — the React SPA in dist/ owns every
route. Removing the dead code eliminates 4 LOW Web:S5725 hotspots
(external CDN script/font tags violating rules/build.md). Removed
fields, the html/template import, and the orphaned fmtNum helper.
* internal/ui/templates/: deleted (base.html, header.html and the
two unused partials). Pure dead code surviving the design-system
migration.
* internal/storage/retention.go: drop fmt.Sprintf for the per-table
VACUUM ANALYZE / OPTIMIZE TABLE statements. The table names were
already a hardcoded literal slice but the format pattern triggers
the go:S2077 SQL-injection sniffer. Replaced with a struct slice
holding literal SQL strings — same behavior, no taint flow for
static analysis to follow.
Not changed in this PR (separately marked Safe in SonarCloud)
* 16 MEDIUM go:S2245 hits on test/*/main.go — math/rand calls inside
chaos simulator services. Non-cryptographic context (latency
jitter, failure-mode selection); not a real security finding.
Verification
* go vet ./... clean
* go test ./... — 516 pass / 27 packages
* go build ./... clean
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Clear the 21 security hotspots blocking the SonarCloud Quality Gate on
mainafter PR #71 (UI design-system) and PR #72 (storage rebalance) merged.internal/ui/templates/*.htmlexternal CDN loads (Web:S5725)dist/owns all routes. Pure dead code.internal/storage/retention.gofmt.Sprintf("VACUUM ANALYZE %s", t)(go:S2077)[]struct{table, sql string}literal so the SQL is a static string with no taint flow. Same behaviour.test/*/main.gomath/rand(go:S2245)math/randfor non-cryptographic latency jitter and failure-mode selection. Test code only.Bonus cleanup: removed
tmplfield,html/templateimport, and the orphanedfmtNumhelper frominternal/ui/ui.gosince they only existed to feed the now-deleted templates.Test plan
go vet ./...— cleango test ./...— 516 pass / 27 packagesgo build ./...— cleanmain(16 test/* hotspots marked Safe via API)🤖 Generated with Claude Code