fix; CVE-2025-68156 remediation

- Changed report title to reflect security audit focus - Updated date and status to indicate approval for commit - Enhanced executive summary with detailed validation results - Included comprehensive test coverage results for backend and frontend - Documented pre-commit hooks validation and known issues - Added detailed security scan results, confirming absence of CVE-2025-68156 - Verified binary inspection for expr-lang dependency - Provided risk assessment and recommendations for post-merge actions - Updated compliance matrix and final assessment sections - Improved overall report structure and clarity
2026-01-11 19:33:25 +00:00
parent db7490d763
commit e06eb4177b
43 changed files with 4230 additions and 2661 deletions
--- a/scripts/pre-commit-hooks/golangci-lint-fast.sh
+++ b/scripts/pre-commit-hooks/golangci-lint-fast.sh
@@ -0,0 +1,45 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Wrapper script for golangci-lint fast linters in pre-commit
+# This ensures golangci-lint works in both terminal and VS Code pre-commit integration
+
+# Find golangci-lint in common locations
+GOLANGCI_LINT=""
+
+# Check if already in PATH
+if command -v golangci-lint >/dev/null 2>&1; then
+    GOLANGCI_LINT="golangci-lint"
+else
+    # Check common installation locations
+    COMMON_PATHS=(
+        "$HOME/go/bin/golangci-lint"
+        "/usr/local/bin/golangci-lint"
+        "/usr/bin/golangci-lint"
+        "${GOPATH:-$HOME/go}/bin/golangci-lint"
+    )
+
+    for path in "${COMMON_PATHS[@]}"; do
+        if [[ -x "$path" ]]; then
+            GOLANGCI_LINT="$path"
+            break
+        fi
+    done
+fi
+
+# Exit if not found
+if [[ -z "$GOLANGCI_LINT" ]]; then
+    echo "ERROR: golangci-lint not found in PATH or common locations"
+    echo "Searched:"
+    echo "  - PATH: $PATH"
+    echo "  - $HOME/go/bin/golangci-lint"
+    echo "  - /usr/local/bin/golangci-lint"
+    echo "  - /usr/bin/golangci-lint"
+    echo ""
+    echo "Install from: https://golangci-lint.run/usage/install/"
+    exit 1
+fi
+
+# Change to backend directory and run golangci-lint
+cd "$(dirname "$0")/../../backend" || exit 1
+exec "$GOLANGCI_LINT" run --config .golangci-fast.yml ./...
--- a/scripts/pre-commit-hooks/golangci-lint-full.sh
+++ b/scripts/pre-commit-hooks/golangci-lint-full.sh
@@ -0,0 +1,45 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Wrapper script for golangci-lint full linters in pre-commit
+# This ensures golangci-lint works in both terminal and VS Code pre-commit integration
+
+# Find golangci-lint in common locations
+GOLANGCI_LINT=""
+
+# Check if already in PATH
+if command -v golangci-lint >/dev/null 2>&1; then
+    GOLANGCI_LINT="golangci-lint"
+else
+    # Check common installation locations
+    COMMON_PATHS=(
+        "$HOME/go/bin/golangci-lint"
+        "/usr/local/bin/golangci-lint"
+        "/usr/bin/golangci-lint"
+        "${GOPATH:-$HOME/go}/bin/golangci-lint"
+    )
+
+    for path in "${COMMON_PATHS[@]}"; do
+        if [[ -x "$path" ]]; then
+            GOLANGCI_LINT="$path"
+            break
+        fi
+    done
+fi
+
+# Exit if not found
+if [[ -z "$GOLANGCI_LINT" ]]; then
+    echo "ERROR: golangci-lint not found in PATH or common locations"
+    echo "Searched:"
+    echo "  - PATH: $PATH"
+    echo "  - $HOME/go/bin/golangci-lint"
+    echo "  - /usr/local/bin/golangci-lint"
+    echo "  - /usr/bin/golangci-lint"
+    echo ""
+    echo "Install from: https://golangci-lint.run/usage/install/"
+    exit 1
+fi
+
+# Change to backend directory and run golangci-lint
+cd "$(dirname "$0")/../../backend" || exit 1
+exec "$GOLANGCI_LINT" run -v ./...