From 4b0cc01b6490aef46afe687db21cee66ecd46758 Mon Sep 17 00:00:00 2001
From: Spiegel <spiegel.im.spiegel@gmail.com>
Date: Tue, 6 Oct 2020 10:28:27 +0900
Subject: [PATCH] Add actions and testing

---
 .gitattributes                        |  1 +
 .github/workflows/codeql-analysis.yml | 71 +++++++++++++++++++++++++++
 .github/workflows/lint.yml            | 25 ++++++++++
 .github/workflows/vulns.yml           | 21 ++++++++
 README.md                             |  3 +-
 clean-all.sh                          |  4 ++
 go.mod                                |  6 +--
 go.sum                                |  8 +--
 test-all.sh                           |  6 +++
 v3/base/base.go                       | 18 +++----
 v3/version/version.go                 |  4 +-
 11 files changed, 147 insertions(+), 20 deletions(-)
 create mode 100644 .gitattributes
 create mode 100644 .github/workflows/codeql-analysis.yml
 create mode 100644 .github/workflows/lint.yml
 create mode 100644 .github/workflows/vulns.yml
 create mode 100755 clean-all.sh
 create mode 100755 test-all.sh

diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 0000000..d207b18
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1 @@
+*.go text eol=lf
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
new file mode 100644
index 0000000..5657cd8
--- /dev/null
+++ b/.github/workflows/codeql-analysis.yml
@@ -0,0 +1,71 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+name: "CodeQL"
+
+on:
+  push:
+    branches: [master]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [master]
+  schedule:
+    - cron: '0 20 * * 0'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+
+    strategy:
+      fail-fast: false
+      matrix:
+        # Override automatic language detection by changing the below list
+        # Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 'python']
+        language: ['go']
+        # Learn more...
+        # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+      with:
+        # We must fetch at least the immediate parents so that if this is
+        # a pull request then we can checkout the head.
+        fetch-depth: 2
+
+    # If this run was triggered by a pull request event, then checkout
+    # the head of the pull request instead of the merge commit.
+    - run: git checkout HEAD^2
+      if: ${{ github.event_name == 'pull_request' }}
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v1
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file. 
+        # Prefix the list here with "+" to use these queries and those in the config file.
+        # queries: ./path/to/local/query, your-org/your-repo/queries@main
+
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v1
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 https://git.io/JvXDl
+
+    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+    #    and modify them (or add more) to build your code if your project
+    #    uses a compiled language
+
+    #- run: |
+    #   make bootstrap
+    #   make release
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v1
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
new file mode 100644
index 0000000..bb79263
--- /dev/null
+++ b/.github/workflows/lint.yml
@@ -0,0 +1,25 @@
+name: lint
+on:
+  push:
+    tags:
+      - v*
+    branches:
+      - master
+  pull_request:
+jobs:
+  golangci:
+    strategy:
+      matrix:
+        go-version: [1.15.x]
+        os: [ubuntu-latest]
+    name: lint
+    runs-on: ${{ matrix.os }}
+    steps:
+      - uses: actions/checkout@v2
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v2
+        with:
+          # Required: the version of golangci-lint is required and must be specified without patch version: we always use the latest patch version.
+          version: latest
+      - name: testing
+        run: go test ./...
diff --git a/.github/workflows/vulns.yml b/.github/workflows/vulns.yml
new file mode 100644
index 0000000..3df4099
--- /dev/null
+++ b/.github/workflows/vulns.yml
@@ -0,0 +1,21 @@
+name: vulns
+on:
+  push:
+    tags:
+      - v*
+    branches:
+      - master
+  pull_request:
+jobs:
+  vulns:
+    name: Vulnerability scanner
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/setup-go@v2
+        with:
+          go-version: ^1.13
+      - name: WriteGoList
+        run: go list -json -m all > go.list
+      - name: Nancy
+        uses: sonatype-nexus-community/nancy-github-action@main
diff --git a/README.md b/README.md
index 02ff371..4eea3fb 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,7 @@
 # [go-cvss] - Common Vulnerability Scoring System (CVSS) Version 3
 
-[![Build Status](https://travis-ci.org/spiegel-im-spiegel/go-cvss.svg?branch=master)](https://travis-ci.org/spiegel-im-spiegel/go-cvss)
+[![check vulns](https://github.com/spiegel-im-spiegel/go-cvss/workflows/vulns/badge.svg)](https://github.com/spiegel-im-spiegel/go-cvss/actions)
+[![lint status](https://github.com/spiegel-im-spiegel/go-cvss/workflows/lint/badge.svg)](https://github.com/spiegel-im-spiegel/go-cvss/actions)
 [![GitHub license](https://img.shields.io/badge/license-Apache%202-blue.svg)](https://raw.githubusercontent.com/spiegel-im-spiegel/go-cvss/master/LICENSE)
 [![GitHub release](https://img.shields.io/github/release/spiegel-im-spiegel/go-cvss.svg)](https://github.com/spiegel-im-spiegel/go-cvss/releases/latest)
 
diff --git a/clean-all.sh b/clean-all.sh
new file mode 100755
index 0000000..53c80b5
--- /dev/null
+++ b/clean-all.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+rm ./go.sum
+go clean -cache
+go clean -modcache
diff --git a/go.mod b/go.mod
index 2989ba0..df30128 100644
--- a/go.mod
+++ b/go.mod
@@ -1,8 +1,8 @@
 module github.com/spiegel-im-spiegel/go-cvss
 
-go 1.13
+go 1.15
 
 require (
-	github.com/spiegel-im-spiegel/errs v0.3.4
-	golang.org/x/text v0.3.2
+	github.com/spiegel-im-spiegel/errs v1.0.2
+	golang.org/x/text v0.3.3
 )
diff --git a/go.sum b/go.sum
index 294a83a..46f85c0 100644
--- a/go.sum
+++ b/go.sum
@@ -1,5 +1,5 @@
-github.com/spiegel-im-spiegel/errs v0.3.4 h1:lqiLtlT2ex7zpYS+WNWFuFX2x/o8RnG/UeaA8CFRYeE=
-github.com/spiegel-im-spiegel/errs v0.3.4/go.mod h1:NwHSe6m3oAhRj2bAkkbzz9xAffIDNcP9uTdyJd9fJNs=
-golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs=
-golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
+github.com/spiegel-im-spiegel/errs v1.0.2 h1:v4amEwRDqRWjKHOILQnJSovYhZ4ZttEnBBXNXEzS6Sc=
+github.com/spiegel-im-spiegel/errs v1.0.2/go.mod h1:UoasJYYujMcdkbT9USv8dfZWoMyaY3btqQxoLJImw0A=
+golang.org/x/text v0.3.3 h1:cokOdA+Jmi5PJGXLlLllQSgYigAEfHXJAERHVMaCc2k=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
diff --git a/test-all.sh b/test-all.sh
new file mode 100755
index 0000000..58eb31d
--- /dev/null
+++ b/test-all.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+go mod verify || exit 1
+go mod tidy -v || exit 1
+go list -json -m all | nancy sleuth -n || exit 1
+golangci-lint run ./... || exit 1
+go test ./...
diff --git a/v3/base/base.go b/v3/base/base.go
index b218ee1..2b533bd 100644
--- a/v3/base/base.go
+++ b/v3/base/base.go
@@ -48,15 +48,15 @@ func NewMetrics() *Metrics {
 func Decode(vector string) (*Metrics, error) {
 	values := strings.Split(vector, "/")
 	if len(values) < 9 {
-		return nil, errs.Wrap(cvsserr.ErrInvalidVector, "", errs.WithContext("vector", vector))
+		return nil, errs.Wrap(cvsserr.ErrInvalidVector, errs.WithContext("vector", vector))
 	}
 	//CVSS version
 	num, err := checkVersion(values[0])
 	if err != nil {
-		return nil, errs.Wrap(err, "", errs.WithContext("vector", vector))
+		return nil, errs.Wrap(err, errs.WithContext("vector", vector))
 	}
 	if num == version.Unknown {
-		return nil, errs.Wrap(cvsserr.ErrNotSupportVer, "", errs.WithContext("vector", vector))
+		return nil, errs.Wrap(cvsserr.ErrNotSupportVer, errs.WithContext("vector", vector))
 	}
 	//metrics
 	metrics := NewMetrics()
@@ -64,7 +64,7 @@ func Decode(vector string) (*Metrics, error) {
 	for _, value := range values[1:] {
 		metric := strings.Split(value, ":")
 		if len(metric) != 2 {
-			return nil, errs.Wrap(cvsserr.ErrInvalidVector, "", errs.WithContext("vector", vector))
+			return nil, errs.Wrap(cvsserr.ErrInvalidVector, errs.WithContext("vector", vector))
 		}
 		switch strings.ToUpper(metric[0]) {
 		case "AV": //Attack Vector
@@ -90,7 +90,7 @@ func Decode(vector string) (*Metrics, error) {
 		case "RC": //RemediationLevel
 			metrics.RC = GetReportConfidence(metric[1])
 		default:
-			return nil, errs.Wrap(cvsserr.ErrInvalidVector, "", errs.WithContext("vector", value))
+			return nil, errs.Wrap(cvsserr.ErrInvalidVector, errs.WithContext("vector", value))
 		}
 	}
 	return metrics, metrics.GetError()
@@ -98,10 +98,10 @@ func Decode(vector string) (*Metrics, error) {
 func checkVersion(ver string) (version.Num, error) {
 	v := strings.Split(ver, ":")
 	if len(v) != 2 {
-		return version.Unknown, errs.Wrap(cvsserr.ErrInvalidVector, "", errs.WithContext("vector", ver))
+		return version.Unknown, errs.Wrap(cvsserr.ErrInvalidVector, errs.WithContext("vector", ver))
 	}
 	if strings.ToUpper(v[0]) != "CVSS" {
-		return version.Unknown, errs.Wrap(cvsserr.ErrInvalidVector, "", errs.WithContext("vector", ver))
+		return version.Unknown, errs.Wrap(cvsserr.ErrInvalidVector, errs.WithContext("vector", ver))
 	}
 	return version.Get(v[1]), nil
 }
@@ -140,11 +140,11 @@ func (m *Metrics) Encode() (string, error) {
 //GetError returns error instance if undefined metric
 func (m *Metrics) GetError() error {
 	if m == nil {
-		return errs.Wrap(cvsserr.ErrUndefinedMetric, "")
+		return errs.Wrap(cvsserr.ErrUndefinedMetric)
 	}
 	switch true {
 	case !m.AV.IsDefined(), !m.AC.IsDefined(), !m.PR.IsDefined(), !m.UI.IsDefined(), !m.S.IsDefined(), !m.C.IsDefined(), !m.I.IsDefined(), !m.A.IsDefined():
-		return errs.Wrap(cvsserr.ErrUndefinedMetric, "")
+		return errs.Wrap(cvsserr.ErrUndefinedMetric)
 	default:
 		return nil
 	}
diff --git a/v3/version/version.go b/v3/version/version.go
index cf414a5..2b1f3c8 100644
--- a/v3/version/version.go
+++ b/v3/version/version.go
@@ -1,7 +1,5 @@
 package version
 
-import "fmt"
-
 //Num is error number for CVSS
 type Num int
 
@@ -21,7 +19,7 @@ func (n Num) String() string {
 	if s, ok := verStrings[n]; ok {
 		return s
 	}
-	return fmt.Sprintf("unknown")
+	return "unknown"
 }
 
 //Get returns Version number from string