Skip to content

Add scan-config command to extract env placeholders from config files#7

Merged
BLemine merged 1 commit into
mainfrom
claude/add-jvm-config-scanning-GkTDt
Apr 19, 2026
Merged

Add scan-config command to extract env placeholders from config files#7
BLemine merged 1 commit into
mainfrom
claude/add-jvm-config-scanning-GkTDt

Conversation

@BLemine

@BLemine BLemine commented Apr 19, 2026

Copy link
Copy Markdown
Owner

Summary

Adds a new scan-config command that extracts environment variable placeholders (${VAR} and ${VAR:default}) from Spring Boot and Quarkus configuration files (YAML and .properties formats). The command distinguishes between required variables (no default) and optional variables (with defaults), and can validate that all required variables are defined in local .env or .env.example files.

Key Changes

  • New command scan-config (cmd/scan_config.go):

    • Scans one or more YAML or .properties config files for ${VAR} and ${VAR:default} placeholders
    • Supports multiple output formats: human-readable, JSON, and quiet (names only)
    • Integrates with existing .env parser to compare against local/example files
    • Implements --strict mode to exit with error if required variables are missing
    • Flags: --files, --format, --local, --example, --strict, --json, --quiet

  • New internal/configscan package with modular extraction logic:

    • types.go: Core Placeholder and ScanResult types
    • extract.go: Regex-based placeholder extraction with deduplication
    • yaml.go: YAML file parsing with recursive tree walking to build key paths
    • props.go: Java .properties file parsing
    • Comprehensive test coverage for all extraction scenarios

  • Test suite covering:

    • Placeholder extraction from various formats (required, optional, embedded, duplicates)
    • YAML parsing with nested keys and array indices
    • .properties file parsing with comments and edge cases
    • Default value extraction and preservation
    • Strict comparison logic for missing variables

  • Documentation in README with usage examples, flag descriptions, and sample config formats

  • Integration: Registered new command in cmd/root.go and added gopkg.in/yaml.v3 dependency

Implementation Details

  • Placeholder regex validates variable names ([A-Z_][A-Z0-9_]*) to avoid false positives
  • YAML walker builds dot-notation paths (e.g., spring.datasource.url) and array indices (e.g., servers.0.host)
  • Deduplication prevents duplicate reporting of the same variable in the same source location
  • Optional variables (with defaults) are tracked separately from required ones for clear reporting

https://claude.ai/code/session_011LtAmNkYuy2HPHQwL8dZyP

@claude
Add scan-config command for Spring Boot / Quarkus config file scanning
8081a19 
Adds a new `envguard scan-config` command that extracts ${VAR} and
${VAR:default} placeholders from YAML and .properties config files,
reporting required and optional variables separately.

New internal/configscan package with:
- extract.go: shared regex-based placeholder extraction
- yaml.go:    YAML AST traversal using gopkg.in/yaml.v3
- props.go:   line-by-line .properties parser
- types.go:   Placeholder and ScanResult types

Command flags: --files, --format, --local, --example, --strict, --json, --quiet

https://claude.ai/code/session_011LtAmNkYuy2HPHQwL8dZyP
@BLemine BLemine merged commit b056b09 into main Apr 19, 2026
2 checks passed
@BLemine BLemine deleted the claude/add-jvm-config-scanning-GkTDt branch April 19, 2026 21:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@BLemine @claude