boulder/.golangci.yml at master · fullstackinfo/boulder · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
version: "2"
linters:
  default: none
  enable:
    - asciicheck
    - bidichk
    - errcheck
    - gosec
    - govet
    - ineffassign
    - misspell
    - nolintlint
    - spancheck
    - sqlclosecheck
    - staticcheck
    - unconvert
    - unparam
    - unused
    - wastedassign
  settings:
    errcheck:
      exclude-functions:
        - (net/http.ResponseWriter).Write
        - (net.Conn).Write
        - encoding/binary.Write
        - io.Write
        - net/http.Write
        - os.Remove
        - github.com/miekg/dns.WriteMsg
    govet:
      disable:
        - fieldalignment
        - shadow
      enable-all: true
      settings:
        printf:
          funcs:
            - (github.com/letsencrypt/boulder/log.Logger).Errf
            - (github.com/letsencrypt/boulder/log.Logger).Warningf
            - (github.com/letsencrypt/boulder/log.Logger).Infof
            - (github.com/letsencrypt/boulder/log.Logger).Debugf
            - (github.com/letsencrypt/boulder/log.Logger).AuditInfof
            - (github.com/letsencrypt/boulder/log.Logger).AuditErrf
            - (github.com/letsencrypt/boulder/ocsp/responder).SampledError
            - (github.com/letsencrypt/boulder/web.RequestEvent).AddError
    gosec:
      excludes:
        # TODO: Identify, fix, and remove violations of most of these rules
        - G101 # Potential hardcoded credentials
        - G102 # Binds to all network interfaces
        - G104 # Errors unhandled
        - G107 # Potential HTTP request made with variable url
        - G201 # SQL string formatting
        - G202 # SQL string concatenation
        - G204 # Subprocess launched with variable
        - G302 # Expect file permissions to be 0600 or less
        - G306 # Expect WriteFile permissions to be 0600 or less
        - G304 # Potential file inclusion via variable
        - G401 # Use of weak cryptographic primitive
        - G402 # TLS InsecureSkipVerify set true.
        - G403 # RSA keys should be at least 2048 bits
        - G404 # Use of weak random number generator
    nolintlint:
      require-explanation: true
      require-specific: true
      allow-unused: false
    staticcheck:
      checks:
        - all
        # TODO: Identify, fix, and remove violations of most of these rules
        - -S1029  # Range over the string directly
        - -SA1019 # Using a deprecated function, variable, constant or field
        - -SA6003 # Converting a string to a slice of runes before ranging over it
        - -ST1000 # Incorrect or missing package comment
        - -ST1003 # Poorly chosen identifier
        - -ST1005 # Incorrectly formatted error string
        - -QF1001 # Could apply De Morgan's law
        - -QF1008 # Could remove embedded field from selector
  exclusions:
    presets:
      - std-error-handling
formatters:
  enable:
    - gofmt