scan

package
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 11, 2026 License: MIT Imports: 50 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var BaselineAuditVerb bool

BaselineAuditVerb is set by the verb dispatcher in cmd/krit/main.go when the user invokes `krit baseline-audit`. Run treats this exactly like the --baseline-audit flag.

View Source 
var Version = "dev"

Version is set from cmd/krit/main.go at startup. Goreleaser populates main.version via -X linker flags; main.go propagates that value into scan.Version before the scan path runs.

Functions

func ClearMatrixCache 

func ClearMatrixCache() error

clearMatrixCache removes every cached baseline entry. It is safe to call when the cache directory does not exist.

func CollectFilesCached 

func CollectFilesCached(roots []string, filters FilewalkFilters, cacheDir string) ([]string, error)

CollectFilesCached returns every path under roots whose basename matches filters.Match.

Order of preference, fastest first:

  1. git ls-files for each root that is a git work tree top — one fork per root, dominant cost is the fork itself.
  2. Per-directory mtime cache: when a directory's (mtime, size) are unchanged we replay its cached children list rather than reading.

A nil or empty cacheDir disables the directory-mtime cache (the git fast path still runs). Cache write failures are silently ignored so a read-only filesystem never breaks a scan.

func CollectFilesCachedWithIndex 

func CollectFilesCachedWithIndex(roots []string, filters FilewalkFilters, cacheDir string, index trackedfiles.Index) ([]string, error)

CollectFilesCachedWithIndex is CollectFilesCached with injectable tracked file discovery so multiple scan phases can share one git ls-files result.

func FilterFixesByLevelColumns 

func FilterFixesByLevelColumns(columns *scanner.FindingColumns, registry []*api.Rule, maxLevel rules.FixLevel) (fixableCount, strippedByLevel int)

func ListExperimentsLifecyclePlain 

func ListExperimentsLifecyclePlain() string

listExperimentsLifecyclePlain renders the experiment catalog grouped by lifecycle status (promoted → experimental → deprecated), matching the style used by -list-rules.

func PromoteExperiment 

func PromoteExperiment(name, newStatus string) int

promoteExperiment rewrites the Status field of the named experiment in internal/experiment/experiment.go to "promoted" (or "deprecated" if newStatus == StatusDeprecated). On success it writes the file back and runs `go build ./...`; if the build fails, the original file is restored.

func ResolveBaselineAuditPath 

func ResolveBaselineAuditPath(explicit string, scanPaths []string) (string, error)

func Run 

func Run() int

Run executes the scan default verb. It reads os.Args directly (post-dispatch, so verb tokens have already been stripped). Returns the process exit code; some early-exit flag handlers still call os.Exit directly.

func RunBaselineAuditColumns 

func RunBaselineAuditColumns(columns *scanner.FindingColumns, baseline *scanner.Baseline, baselinePath, basePath string, scanPaths []string, format string) int

func RunDeadCodeRemovalColumns 

func RunDeadCodeRemovalColumns(columns *scanner.FindingColumns, format string, dryRun bool, suffix string) int

func RunExperimentMatrix 

func RunExperimentMatrix(opts MatrixRunOptions) int

func RunNewExperimentScaffold 

func RunNewExperimentScaffold(opts NewExperimentOpts) int

runNewExperimentScaffold creates a new experiment entry and wires an import into the requested rule file. Returns the process exit code.

func RunOracleFilterFingerprint 

func RunOracleFilterFingerprint(paths []string, files []string, activeRules []*api.Rule, allRules bool) int

runOracleFilterFingerprint computes the oracle filter input-set fingerprint for the given corpus and prints it as JSON. Returns a process exit code. The computation does NOT invoke krit-types — it runs only the byte-substring pre-filter, so CI can diff fingerprints without a JVM on the runner.

func RunRuleAuditColumns 

func RunRuleAuditColumns(columns *scanner.FindingColumns, opts RuleAuditOpts) int

runRuleAuditColumns prints a prioritized audit of every rule that fires on the target(s), annotated with whether any experiment in the catalog already targets it and a short "cluster" tag (dominant file extension or file pattern) to help pick the next FP-hunt target. Returns the process exit code.

func RunSampleFindingsColumns 

func RunSampleFindingsColumns(columns *scanner.FindingColumns, ruleName string, count int, contextLines int, basePath string) int

runSampleFindingsColumns prints a deterministic random sample of findings matching ruleName, each accompanied by surrounding source context. It is used by the --sample-rule CLI flag to help with false-positive hunting.

Returns the process exit code:

  • 0 on success (including the "zero matching findings but asked-for rule exists" case where we still want a clean exit so callers can script against it).
  • 2 when no findings at all matched the requested rule name (mirrors the unknown-format error path).

func SortedDefinitionNames 

func SortedDefinitionNames() []string

Types

type DepthPreset 

type DepthPreset string

DepthPreset selects how much compiler-backed analysis krit performs.

Today the dial only toggles the JVM type oracle, but it is the public surface for future precision/cost trade-offs (richer expression facts, expanded class-table coverage, etc). Adding a new preset here should keep the default behavior of `balanced` unchanged. 

const (
	// DepthFast skips the JVM type oracle entirely. Source-level type
	// inference still runs.
	DepthFast DepthPreset = "fast"

	// DepthBalanced is the default: source-level inference plus the JVM
	// type oracle.
	DepthBalanced DepthPreset = "balanced"

	// DepthThorough is a forward-looking preset reserved for richer
	// oracle facts (narrow expression types, expanded class-table
	// coverage). Today it behaves identically to balanced.
	DepthThorough DepthPreset = "thorough"
)

type FilewalkFilters 

type FilewalkFilters struct {
	Extensions []string // file suffixes to include, e.g. [".kt", ".kts", ".java"]
	Excludes   []string // user-specified glob/substring exclude patterns
}

FilewalkFilters controls which files are collected and which paths are skipped.

func (FilewalkFilters) Hash 

func (f FilewalkFilters) Hash() string

Hash returns a stable hex string over the filter configuration. A change in any field causes a whole-cache miss on the next warm run.

func (FilewalkFilters) Match 

func (f FilewalkFilters) Match(name string) bool

Match reports whether filename matches one of the configured extensions.

type MatrixRunOptions 

type MatrixRunOptions struct {
	Format     string
	OutputPath string
	MatrixSpec string
	Candidates []string
	Runs       int
	FlagArgs   []string
	Targets    []string
	NoCache    bool
	Store      *store.FileStore
}

type NewExperimentOpts 

type NewExperimentOpts struct {
	Name        string
	Description string
	Intent      string
	TargetRules []string
	WireFile    string // relative to repo root
}

newExperimentOpts carries the inputs for the scaffold command.

type RuleAuditOpts 

type RuleAuditOpts struct {
	// MinFindings filters out rules with fewer findings than this from the
	// main table. Details section still uses the same filter.
	MinFindings int
	// DetailRules is the number of top unexperimented rules to show in the
	// sample-details section.
	DetailRules int
	// SamplesPerRule is the number of sample findings printed per rule in
	// the details section.
	SamplesPerRule int
	// SampleContext is the number of surrounding source lines shown above
	// and below each sample finding's line.
	SampleContext int
	// ClusterFilter, if non-empty, restricts the audit to rules whose
	// cluster label contains the given substring. Case-insensitive.
	ClusterFilter string
	// Targets is the set of scan paths the audit was invoked over. Used
	// to group findings in multi-target mode.
	Targets []string
	// Format is "plain" or "json".
	Format string
}

ruleAuditOpts controls the rule-audit output.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.