Vet source code using NilAway

Makefile

@@ -79,6 +79,7 @@ vet: ## Vet the source code
 	@go run github.com/tetafro/godot/cmd/godot@v1.4.15 .
 	@go run github.com/tomarrell/wrapcheck/v2/cmd/wrapcheck@v2.8.1 .
 	@go run golang.org/x/tools/go/analysis/passes/shadow/cmd/shadow@2f9d82f .
+	@go run go.uber.org/nilaway/cmd/nilaway@a267567 .
 	@go run honnef.co/go/tools/cmd/staticcheck@v0.4.6 .
 	@go run mvdan.cc/unparam@3ee2d22 .
 

analyze.go

@@ -38,15 +38,19 @@
 var r = regexp.MustCompile(`\$\{\{.*?\}\}`)
 
 func analyzeManifest(manifest *Manifest) []violation {
-	if manifest.Runs.Using == "composite" {
+	if manifest != nil && manifest.Runs.Using == "composite" {
 		return analyzeSteps(manifest.Runs.Steps)
 	} else {
 		return make([]violation, 0)
 	}
 }
 
 func analyzeWorkflow(workflow *Workflow) []violation {
 	violations := make([]violation, 0)
+	if workflow == nil {
+		return violations
+	}
+
 	for id, job := range workflow.Jobs {
 		job := job
 		violations = append(violations, analyzeJob(id, &job)...)
@@ -61,7 +65,7 @@
 		name = id
 	}
 
 	violations := make([]violation, 0)
 	for _, v := range analyzeSteps(job.Steps) {
 		v.jobId = name
 		violations = append(violations, v)
@@ -71,7 +75,7 @@
 }
 
 func analyzeSteps(steps []JobStep) []violation {
 	violations := make([]violation, 0)
 	for i, step := range steps {
 		step := step
 		violations = append(violations, analyzeStep(i, &step)...)
@@ -86,7 +90,7 @@
 		name = fmt.Sprintf("#%d", id)
 	}
 
 	violations := make([]violation, 0)
 	script, kind := extractScript(step)
 	for _, v := range analyzeScript(script) {
 		v.kind = kind
@@ -98,7 +102,7 @@
 }
 
 func analyzeScript(script string) []violation {
 	violations := make([]violation, 0)
 	if matches := r.FindAll([]byte(script), len(script)); matches != nil {
 		for _, problem := range matches {
 			violations = append(violations, violation{

analyze_test.go

@@ -35,6 +35,12 @@ func TestAnalyzeManifest(t *testing.T) {
 			manifest: Manifest{
 				Runs: ManifestRuns{
 					Using: "node16",
+					Steps: []JobStep{
+						{
+							Name: "Example unsafe",
+							Run:  "echo ${{ inputs.value }}",
+						},
+					},
 				},
 			},
 			want: 0,
@@ -123,6 +129,13 @@ func TestAnalyzeManifest(t *testing.T) {
 			}
 		})
 	}
+
+	t.Run("nil pointer", func(t *testing.T) {
+		violations := analyzeManifest(nil)
+		if got, want := len(violations), 0; got != want {
+			t.Fatalf("Unexpected number of violations (got %d, want %d)", got, want)
+		}
+	})
 }
 
 func TestAnalyzeWorkflow(t *testing.T) {
@@ -244,6 +257,13 @@ func TestAnalyzeWorkflow(t *testing.T) {
 			}
 		})
 	}
+
+	t.Run("nil pointer", func(t *testing.T) {
+		violations := analyzeWorkflow(nil)
+		if got, want := len(violations), 0; got != want {
+			t.Fatalf("Unexpected number of violations (got %d, want %d)", got, want)
+		}
+	})
 }
 
 func TestAnalyzeJob(t *testing.T) {

main.go

@@ -93,11 +93,13 @@
 
 			for file, fileViolations := range targetViolations {
 				if len(fileViolations) > 0 {
-					if _, ok := violations[target]; !ok {
-						violations[target] = make(map[string][]violation)
+					targetViolations, ok := violations[target]
+					if !ok {
+						targetViolations = make(map[string][]violation)
+						violations[target] = targetViolations
 					}
 
-					violations[target][file] = fileViolations
+					targetViolations[file] = fileViolations
 				}
 			}
 		} else {
@@ -253,7 +255,7 @@
 }
 
 func printJson(rawViolations map[string]map[string][]violation) {
 	violations := make([]jsonViolation, 0)
 	for target, targetViolations := range rawViolations {
 		for file, fileViolations := range targetViolations {
 			for _, fileViolation := range fileViolations {
@@ -310,8 +312,8 @@
 }
 
 func getVariableNameForExpression(expression string) (name string) {
-	parts := strings.Split(expression, ".")
-	name = strings.TrimRight(parts[len(parts)-1], "}")
+	name = expression[strings.LastIndex(expression, ".")+1:]
+	name = strings.TrimRight(name, "}")
 	name = strings.TrimSpace(name)
 	return strings.ToUpper(name)
 }