Server fixes

modules/secretscan/patterns.go

@@ -277,11 +277,11 @@ var builtinPatterns = []Pattern{
 		Severity:    SeverityHigh,
 		Category:    CategoryPassword,
 		FalsePositiveRegexes: []*regexp.Regexp{
-			regexp.MustCompile(`\$\{.*\}`),        // Template variables
-			regexp.MustCompile(`process\.env`),   // Environment references
-			regexp.MustCompile(`\{\{.*\}\}`),     // Handlebars/mustache
-			regexp.MustCompile(`<.*>`),           // Placeholder text
-			regexp.MustCompile(`(?i)example`),    // Example text
+			regexp.MustCompile(`\$\{.*\}`),     // Template variables
+			regexp.MustCompile(`process\.env`), // Environment references
+			regexp.MustCompile(`\{\{.*\}\}`),   // Handlebars/mustache
+			regexp.MustCompile(`<.*>`),         // Placeholder text
+			regexp.MustCompile(`(?i)example`),  // Example text
 			regexp.MustCompile(`(?i)placeholder`),
 		},
 	},
@@ -357,14 +357,14 @@ var builtinPatterns = []Pattern{
 
 // genericFalsePositivePatterns are patterns that indicate false positives across all detections
 var genericFalsePositivePatterns = []*regexp.Regexp{
-	regexp.MustCompile(`^[xX]+$`),                  // All x's (placeholder)
-	regexp.MustCompile(`^[0]+$`),                   // All zeros
-	regexp.MustCompile(`(?i)example`),              // Contains "example"
-	regexp.MustCompile(`(?i)sample`),               // Contains "sample"
-	regexp.MustCompile(`(?i)dummy`),                // Contains "dummy"
-	regexp.MustCompile(`(?i)placeholder`),          // Contains "placeholder"
+	regexp.MustCompile(`^[xX]+$`),                     // All x's (placeholder)
+	regexp.MustCompile(`^[0]+$`),                      // All zeros
+	regexp.MustCompile(`(?i)example`),                 // Contains "example"
+	regexp.MustCompile(`(?i)sample`),                  // Contains "sample"
+	regexp.MustCompile(`(?i)dummy`),                   // Contains "dummy"
+	regexp.MustCompile(`(?i)placeholder`),             // Contains "placeholder"
 	regexp.MustCompile(`(?i)your[_-]?(api[_-]?)?key`), // "your_key", "your_api_key", etc.
-	regexp.MustCompile(`__[A-Z_]+__`),              // Python dunder-like placeholders
+	regexp.MustCompile(`__[A-Z_]+__`),                 // Python dunder-like placeholders
 }
 
 // GetBuiltinPatterns returns all built-in secret detection patterns

modules/secretscan/scanner.go

@@ -162,14 +162,13 @@ func (s *Scanner) ScanContent(content, filePath string) []DetectedSecret {
 func (s *Scanner) ScanDiff(diff string) []DetectedSecret {
 	var secrets []DetectedSecret
 
-	lines := strings.Split(diff, "\n")
 	currentFile := ""
 	lineNumber := 0
 
-	for _, line := range lines {
+	for line := range strings.SplitSeq(diff, "\n") {
 		// Track current file from diff header
-		if strings.HasPrefix(line, "+++ b/") {
-			currentFile = strings.TrimPrefix(line, "+++ b/")
+		if file, found := strings.CutPrefix(line, "+++ b/"); found {
+			currentFile = file
 			lineNumber = 0
 			continue
 		}
@@ -177,10 +176,9 @@ func (s *Scanner) ScanDiff(diff string) []DetectedSecret {
 		// Track line numbers from hunk header
 		if strings.HasPrefix(line, "@@") {
 			// Parse @@ -x,y +a,b @@
-			parts := strings.Split(line, " ")
-			for _, part := range parts {
+			for part := range strings.SplitSeq(line, " ") {
 				if strings.HasPrefix(part, "+") && part != "+++" {
-					fmt.Sscanf(part, "+%d", &lineNumber)
+					_, _ = fmt.Sscanf(part, "+%d", &lineNumber)
 					lineNumber-- // Will be incremented below
 					break
 				}
@@ -189,9 +187,8 @@ func (s *Scanner) ScanDiff(diff string) []DetectedSecret {
 		}
 
 		// Only scan added lines (starting with +)
-		if strings.HasPrefix(line, "+") && !strings.HasPrefix(line, "+++") {
+		if content, found := strings.CutPrefix(line, "+"); found && !strings.HasPrefix(line, "+++") {
 			lineNumber++
-			content := line[1:] // Remove the + prefix
 
 			if s.shouldIgnoreFile(currentFile) {
 				continue

routers/private/hook_pre_receive.go

@@ -560,7 +560,7 @@ func scanPushForSecrets(ctx *preReceiveContext, repo *repo_model.Repository, git
 		ctx.JSON(http.StatusForbidden, private.Response{
 			UserMsg: result.Message,
 		})
-		return fmt.Errorf("secrets detected")
+		return errors.New("secrets detected")
 	}
 
 	if len(result.Secrets) > 0 {

services/secretscan/secretscan.go

@@ -122,11 +122,14 @@ func formatBlockMessage(secrets []secretscan.DetectedSecret, repoName string) st
 	for file, fileSecrets := range byFile {
 		sb.WriteString(fmt.Sprintf("📄 %s\n", file))
 		for _, s := range fileSecrets {
-			icon := "⚠️"
-			if s.Severity == secretscan.SeverityCritical {
+			var icon string
+			switch s.Severity {
+			case secretscan.SeverityCritical:
 				icon = "🔴"
-			} else if s.Severity == secretscan.SeverityHigh {
+			case secretscan.SeverityHigh:
 				icon = "🟠"
+			default:
+				icon = "⚠️"
 			}
 			sb.WriteString(fmt.Sprintf("   %s Line %d: %s [%s]\n", icon, s.LineNumber, s.PatternName, s.Severity))
 			sb.WriteString(fmt.Sprintf("      Found: %s\n", s.MaskedText))