Bootstrap repo with sample code with intentional issues

Signed-off-by: Jai <[email protected]>

.deepsource.toml

@@ -0,0 +1,71 @@
+version = 1
+
+[[analyzers]]
+name = "go"
+enabled = true
+
+  [analyzers.meta]
+  import_paths = ["github.com/QuackatronHQ/Gigarepo"]
+
+[[analyzers]]
+name = "java"
+enabled = true
+
+  [analyzers.meta]
+  runtime_version = "11"
+
+[[analyzers]]
+name = "javascript"
+enabled = true
+
+  [analyzers.meta]
+  environment = ['nodejs']
+  plugins = ['react', 'vue']
+  dialect = 'flow'
+  dependency_file_paths = [
+    'javascript/packages/demo-react/',
+    'javascript/packages/demo-vue/',
+    'javascript/packages/demo-next/',
+    'javascript/packages/demo-nuxt/',
+    'javascript/packages/demo-typescript/'
+  ]
+
+[[analyzers]]
+name = "python"
+enabled = true
+
+  [analyzers.meta]
+  runtime_version = "3.x.x"
+  type_checker = "mypy"
+
+[[analyzers]]
+name = "php"
+enabled = true
+
+[[analyzers]]
+name = "rust"
+enabled = true
+
+[[analyzers]]
+name = "ruby"
+enabled = true
+
+[[analyzers]]
+name = "terraform"
+enabled = true
+
+[[analyzers]]
+name = "shell"
+enabled = true
+
+[[analyzers]]
+name = "docker"
+enabled = true
+
+[[analyzers]]
+name = "secrets"
+enabled = true
+
+[[transformers]]
+name = "gofmt"
+enabled = true

README.md

@@ -0,0 +1,22 @@
+<p align="center">
+  <img src="https://cms.deepsource.io/logo-wordmark-dark.svg" />
+</p>
+
+<p align="center">
+  <a href="https://deepsource.io/docs/">Documentation</a> |
+  <a href="https://deepsource.io/signup/">Get Started</a> |
+  <a href="https://discuss.deepsource.io/">Community forum</a> |
+  <a href="https://deepsource.io/discord/"> Discord server</a>
+</p>
+
+<p align="center">
+  DeepSource helps developers ship good code.
+</p>
+
+</p>
+
+---
+
+# Gigarepo
+
+This repository demonstrates a sample list of issues detected by DeepSource analyzers.

csharp/Antipattern.cs

@@ -0,0 +1,71 @@
+using System;
+
+namespace demo_csharp;
+
+internal class Foo
+{
+    public object? Bar;
+}
+
+internal class Antipattern
+{
+    public static void CommonAntipatterns()
+    {
+        var arr = new[] {1, 2, 3, 4, 5};
+        // CS-R1019: `arr[arr.Length - 1]` can be rewritten as `arr[^1].`
+        // https://deepsource.io/directory/analyzers/csharp/issues/CS-R1019
+        var last = arr[arr.Length - 1];
+
+        var emptyString = string.Empty;
+        // CS-R1014: Use `string.IsNullOrEmpty` or `string.IsNullOrWhiteSpace` to check for empty strings.
+        // https://deepsource.io/directory/analyzers/csharp/issues/CS-R1014
+        if (emptyString == "")
+        {
+            Console.WriteLine("String is empty!");
+        }
+
+        // CS-R1046: Rewrite `arr.Where(x => x % 3 == 0).Count()` as `arr.Count(x => x % 3 == 0)`.
+        // https://deepsource.io/directory/analyzers/csharp/issues/CS-R1046
+        var threeMultiples = arr.Where(x => x % 3 == 0).Count();
+
+        // CS-R1047: Use `T?` instead of `Nullable<T>`.
+        // https://deepsource.io/directory/analyzers/csharp/issues/CS-R1047
+        Nullable<int> i = null;
+
+        // CS-R1024: Use `null-coalescing` operator, i.e. rewrite as `i ?? 1`.
+        // https://deepsource.io/directory/analyzers/csharp/issues/CS-R1024
+        var value = i != null ? i : 1;
+
+        // CS-R1007: Use `Guid.Empty` instead.
+        // https://deepsource.io/directory/analyzers/csharp/issues/CS-R1007
+        var guid = new Guid();
+
+        var s1 = "alpha";
+        var s2 = "Alpha";
+
+        // CS-R1017: Inefficient case insensitive comparison.
+        // Should be rewritten as `string.Equals(s1, s2, StringComparison.OrdinalIgnoreCase)`
+        // https://deepsource.io/directory/analyzers/csharp/issues/CS-R1017
+        var caseInsensitiveCmp = s1.ToLower() == s2.ToLower();
+
+        // CS-R1045: Explicit array size is redundant when initialized in place.
+        // https://deepsource.io/directory/analyzers/csharp/issues/CS-R1045
+        var odd = new int[] {1, 3, 5, 7, 9};
+
+        Foo? f = null;
+        // CS-R1040: Null check can be collapsed and written as `f?.Bar == null`.
+        // https://deepsource.io/directory/analyzers/csharp/issues/CS-R1040.
+        if (f == null || f.Bar == null)
+        {
+            //
+        }
+
+        // CS-R1043: `null` check is redundant when used in combination with `is`.
+        // The condition can be simply written as `f is Foo`.
+        // https://deepsource.io/directory/analyzers/csharp/issues/CS-R1043.
+        if (f != null && f is Foo)
+        {
+
+        }
+    }
+}

csharp/Bugrisk.cs

@@ -0,0 +1,31 @@
+using System;
+
+namespace demo_csharp;
+
+internal class Bugrisk
+{
+    public static unsafe void CommonBugRiskPractices()
+    {
+        // CS-W1020: Calling `.ToString()` on an array does not stringify it.
+        // https://deepsource.io/directory/analyzers/csharp/issues/CS-W1020
+        var arr = new[] {1, 2, 3, 4, 5};
+        Console.WriteLine($"Array is {arr.ToString()}");
+
+        var name = "Joe";
+        // CS-W1000: Missing arguments to interpolation.
+        // https://deepsource.io/directory/analyzers/csharp/issues/CS-W1000
+        var intro = $"My name is name";
+
+        var pi = 3.14;
+        // CS-W1003: Invalid comparison against `NaN`.
+        // https://deepsource.io/directory/analyzers/csharp/issues/CS-W1003
+        var isNaN = pi == double.NaN;
+
+        // CS-W1025: Potential memory leak inside `for` loop due to `stackalloc`.
+        // https://deepsource.io/directory/analyzers/csharp/issues/CS-W1025.
+        for ( /* some condition */;;)
+        {
+            var buffer = stackalloc byte[16];
+        }
+    }
+}

csharp/Perf.cs

@@ -0,0 +1,41 @@
+using System;
+using System.Collections.Generic;
+
+namespace demo_csharp;
+
+internal class Perf
+{
+    public static void CommonPerfInefficientPractices()
+    {
+        var list = new List<string>
+        {
+            "alfa", "beta", "charlie", "delta"
+        };
+
+        // CS-P1006: Inefficient overload of `string.Contains`. Should be rewritten as `s.Contains('a')`.
+        // https://deepsource.io/directory/analyzers/csharp/issues/CS-P1006
+        if (list.Exists(s => s.Contains("a")))
+            Console.WriteLine("There exists at least 1 string with 'a' in it.");
+
+        var transformers = new Dictionary<string, string>
+        {
+            {"csharp", "dotnet-format"},
+            {"go", "gofmt"},
+            {"scala", "scalafmt"}
+        };
+
+        // CS-P1005: Double access to `Dictionary`. First via `ContainsKey`, then via `Indexer`.
+        // Use `.TryGetValue` instead.
+        // https://deepsource.io/directory/analyzers/csharp/issues/CS-P1005
+        if (transformers.ContainsKey("csharp"))
+        {
+            Console.WriteLine($"C#'s transformer is {transformers["csharp"]}");
+        }
+    }
+
+    // CS-P1000: Avoid empty finalizers.
+    // https://deepsource.io/directory/analyzers/csharp/issues/CS-P1000.
+    ~Perf()
+    {
+    }
+}

csharp/Program.cs

@@ -0,0 +1,15 @@
+using System;
+
+namespace demo_csharp;
+
+class Program
+{
+    public static void Main()
+    {
+        // This repository's aim is to point out a few incorrect practices belonging to categories
+        // such as performance, bug-risk, antipattern, and security.
+        //
+        // To view all the issues that the C# analyzer detects, visit:
+        // https://deepsource.io/directory/analyzers/csharp/issues.
+    }
+}

csharp/Security.cs

@@ -0,0 +1,25 @@
+using System;
+using System.Security.AccessControl;
+
+namespace demo_csharp;
+
+internal class Security
+{
+    public static void CommonInsecurePractices()
+    {
+        // CS-S1000: Broad permissions granted.
+        // https://deepsource.io/directory/analyzers/csharp/issues/CS-S1000
+        var accessRule = new FileSystemAccessRule("Everyone", FileSystemRights.FullControl, AccessControlType.Allow);
+
+        // CS-A1008: Insecurely generated random number.
+        // https://deepsource.io/directory/analyzers/csharp/issues/CS-A1008
+        var randomNum = new Random();
+    }
+
+    // CS-A1000: Use `System.URI` where possible.
+    // https://deepsource.io/directory/analyzers/csharp/issues/CS-A1000
+    public static string GetEndpointUri()
+    {
+        return "http://www.contoso.com/";
+    }
+}

csharp/demo-csharp.csproj

@@ -0,0 +1,12 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <OutputType>Exe</OutputType>
+    <TargetFramework>net6.0</TargetFramework>
+    <RootNamespace>demo_csharp</RootNamespace>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <Nullable>enable</Nullable>
+    <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
+  </PropertyGroup>
+
+</Project>

docker/Dockerfile

@@ -0,0 +1,64 @@
+#
+# example Dockerfile for https://docs.docker.com/engine/examples/postgresql_service/
+#
+
+FROM ubuntu as builder
+
+USER root
+
+# Add the PostgreSQL PGP key to verify their Debian packages.
+# It should be the same key as https://www.postgresql.org/media/keys/ACCC4CF8.asc
+RUN apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8
+
+# Add PostgreSQL's repository. It contains the most recent stable release
+#     of PostgreSQL, ``9.3``.
+RUN echo "deb http://apt.postgresql.org/pub/repos/apt/ precise-pgdg main" > /etc/apt/sources.list.d/pgdg.list
+
+# Install ``python-software-properties``, ``software-properties-common`` and PostgreSQL 9.3
+#  There are some warnings (in red) that show up during the build. You can hide
+#  them by prefixing each apt-get statement with DEBIAN_FRONTEND=noninteractive
+RUN apt-get update && apt-get install python3 python-software-properties software-properties-common postgresql postgresql-client postgresql-contrib wget curl bash
+
+RUN ln -sfv /bin/bash /bin/sh
+
+# Switch to the postgres home directory to set up files there.
+RUN alias server_uptime='ssh $host 'uptime -p''
+RUN PYTHONPATH ="/usr/share/" cd /home/postgres &; sudo python3 -m pip install pip && sudo python3 -m pip install matplotlib pandas setuptools
+RUN git clone https://github.com/someorg/somepackage.git
+RUN make
+ADD ./a.out /app
+
+# Note: The official Debian and Ubuntu images automatically ``apt-get clean``
+# after each ``apt-get``
+
+FROM alpine
+
+RUN apk update && apk add postgresql curl
+RUN mkdir /app
+COPY --from builder /home/postgres /app
+
+RUN curl https://rustup.sh | sh# we will use this in the container.
+
+# Create a PostgreSQL role named ``docker`` with ``docker`` as the password and
+# then create a database `docker` owned by the ``docker`` role.
+# Note: here we use ``&&\`` to run commands one after the other - the ``\``
+#       allows the RUN command to span multiple lines.
+RUN    /etc/init.d/postgresql start &&\
+    psql --command "CREATE USER docker WITH SUPERUSER PASSWORD 'docker';" &&\
+    createdb -O docker docker
+
+# Adjust PostgreSQL configuration so that remote connections to the
+# database are possible.
+RUN echo "host all  all    0.0.0.0/0  md5" >> /etc/postgresql/9.3/main/pg_hba.conf
+
+# And add ``listen_addresses`` to ``/etc/postgresql/9.3/main/postgresql.conf``
+RUN echo "listen_addresses='*' >> /etc/postgresql/9.3/main/postgresql.conf
+
+# Expose the PostgreSQL port
+EXPOSE 5432
+
+# Add VOLUMEs to allow backup of config, logs and databases
+VOLUME  ["/etc/postgresql", "/var/log/postgresql", "/var/lib/postgresql"]
+
+# Set the default command to run when starting the container
+CMD /usr/lib/postgresql/9.3/bin/postgres -D /var/lib/postgresql/9.3/main -c config_file=/etc/postgresql/9.3/main/postgresql.conf

go/bind.go

@@ -0,0 +1,19 @@
+package main
+
+import (
+	"golang.org/x/crypto/ssh"
+	"log"
+	"net"
+)
+
+func connect() {
+	l, err := net.Listen("tcp", "0.0.0.0:2000")
+	if err != nil {
+		log.Fatal(err)
+	}
+	defer l.Close()
+}
+
+func sshConfigure() {
+	_ = ssh.InsecureIgnoreHostKey()
+}