forked from crowdsecurity/crowdsec
-
Notifications
You must be signed in to change notification settings - Fork 0
/
.golangci.yml
458 lines (393 loc) · 14.2 KB
/
.golangci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
# https://github.com/golangci/golangci-lint/blob/master/.golangci.reference.yml
linters-settings:
gci:
sections:
- standard
- default
- prefix(github.com/crowdsecurity)
- prefix(github.com/crowdsecurity/crowdsec)
gomoddirectives:
replace-allow-list:
- golang.org/x/time/rate
govet:
enable-all: true
disable:
- reflectvaluecompare
- fieldalignment
maintidx:
# raise this after refactoring
under: 15
misspell:
locale: US
nestif:
# lower this after refactoring
min-complexity: 16
nlreturn:
block-size: 5
nolintlint:
allow-unused: false # report any unused nolint directives
require-explanation: false # don't require an explanation for nolint directives
require-specific: false # don't require nolint directives to be specific about which linter is being skipped
interfacebloat:
max: 12
depguard:
rules:
wrap:
deny:
- pkg: "github.com/pkg/errors"
desc: "errors.Wrap() is deprecated in favor of fmt.Errorf()"
files:
- "!**/pkg/database/*.go"
yaml:
files:
- "!**/pkg/acquisition/acquisition.go"
- "!**/pkg/acquisition/acquisition_test.go"
- "!**/pkg/acquisition/modules/appsec/appsec.go"
- "!**/pkg/acquisition/modules/cloudwatch/cloudwatch.go"
- "!**/pkg/acquisition/modules/docker/docker.go"
- "!**/pkg/acquisition/modules/file/file.go"
- "!**/pkg/acquisition/modules/journalctl/journalctl.go"
- "!**/pkg/acquisition/modules/kafka/kafka.go"
- "!**/pkg/acquisition/modules/kinesis/kinesis.go"
- "!**/pkg/acquisition/modules/kubernetesaudit/k8s_audit.go"
- "!**/pkg/acquisition/modules/loki/loki.go"
- "!**/pkg/acquisition/modules/loki/timestamp_test.go"
- "!**/pkg/acquisition/modules/s3/s3.go"
- "!**/pkg/acquisition/modules/syslog/syslog.go"
- "!**/pkg/acquisition/modules/wineventlog/wineventlog_windows.go"
- "!**/pkg/appsec/appsec.go"
- "!**/pkg/appsec/loader.go"
- "!**/pkg/csplugin/broker.go"
- "!**/pkg/leakybucket/buckets_test.go"
- "!**/pkg/leakybucket/manager_load.go"
- "!**/pkg/parser/node.go"
- "!**/pkg/parser/node_test.go"
- "!**/pkg/parser/parsing_test.go"
- "!**/pkg/parser/stage.go"
deny:
- pkg: "gopkg.in/yaml.v2"
desc: "yaml.v2 is deprecated for new code in favor of yaml.v3"
stylecheck:
checks:
- all
- -ST1003 # should not use underscores in Go names; ...
- -ST1005 # error strings should not be capitalized
- -ST1012 # error var ... should have name of the form ErrFoo
- -ST1016 # methods on the same type should have the same receiver name
- -ST1022 # comment on exported var ... should be of the form ...
revive:
ignore-generated-header: true
severity: error
enable-all-rules: true
rules:
- name: add-constant
disabled: true
- name: cognitive-complexity
# lower this after refactoring
arguments: [119]
- name: comment-spacings
disabled: true
- name: confusing-results
disabled: true
- name: cyclomatic
# lower this after refactoring
arguments: [39]
- name: defer
disabled: true
- name: empty-block
disabled: true
- name: empty-lines
disabled: true
- name: error-naming
disabled: true
- name: flag-parameter
disabled: true
- name: function-result-limit
arguments: [6]
- name: function-length
# lower this after refactoring
arguments: [110, 237]
- name: get-return
disabled: true
- name: increment-decrement
disabled: true
- name: import-alias-naming
disabled: true
- name: import-shadowing
disabled: true
- name: line-length-limit
# lower this after refactoring
arguments: [221]
- name: max-control-nesting
# lower this after refactoring
arguments: [7]
- name: max-public-structs
disabled: true
- name: nested-structs
disabled: true
- name: package-comments
disabled: true
- name: redundant-import-alias
disabled: true
- name: time-equal
disabled: true
- name: var-naming
disabled: true
- name: unchecked-type-assertion
disabled: true
- name: exported
disabled: true
- name: unexported-naming
disabled: true
- name: unexported-return
disabled: true
- name: unhandled-error
disabled: true
arguments:
- "fmt.Print"
- "fmt.Printf"
- "fmt.Println"
- name: unnecessary-stmt
disabled: true
- name: unused-parameter
disabled: true
- name: unused-receiver
disabled: true
- name: use-any
disabled: true
- name: useless-break
disabled: true
wsl:
# Allow blocks to end with comments
allow-trailing-comment: true
gocritic:
enable-all: true
disabled-checks:
- typeDefFirst
- paramTypeCombine
- httpNoBody
- ifElseChain
- importShadow
- hugeParam
- rangeValCopy
- commentedOutCode
- commentedOutImport
- unnamedResult
- sloppyReassign
- appendCombine
- captLocal
- typeUnparen
- commentFormatting
- deferInLoop #
- sprintfQuotedString #
- whyNoLint
- equalFold #
- unnecessaryBlock #
- ptrToRefParam #
- stringXbytes #
- appendAssign #
- tooManyResultsChecker
- unnecessaryDefer
- docStub
- preferFprint
linters:
enable-all: true
disable:
#
# DEPRECATED by golangi-lint
#
- execinquery
- exportloopref
- gomnd
#
# Redundant
#
- gocyclo # revive
- cyclop # revive
- lll # revive
- funlen # revive
- gocognit # revive
# Disabled atm
- intrange # intrange is a linter to find places where for loops could make use of an integer range.
#
# Recommended? (easy)
#
- dogsled # Checks assignments with too many blank identifiers (e.g. x, _, _, _, := f())
- errchkjson # Checks types passed to the json encoding functions. Reports unsupported types and reports occasions, where the check for the returned error can be omitted.
- exhaustive # check exhaustiveness of enum switch statements
- gci # Gci control golang package import order and make it always deterministic.
- godot # Check if comments end in a period
- gofmt # Gofmt checks whether code was gofmt-ed. By default this tool runs with -s option to check for code simplification
- goimports # Check import statements are formatted according to the 'goimport' command. Reformat imports in autofix mode.
- gosec # (gas): Inspects source code for security problems
- inamedparam # reports interfaces with unnamed method parameters
- musttag # enforce field tags in (un)marshaled structs
- promlinter # Check Prometheus metrics naming via promlint
- protogetter # Reports direct reads from proto message fields when getters should be used
- tagalign # check that struct tags are well aligned
- thelper # thelper detects tests helpers which is not start with t.Helper() method.
- wrapcheck # Checks that errors returned from external packages are wrapped
#
# Recommended? (requires some work)
#
- containedctx # containedctx is a linter that detects struct contained context.Context field
- errname # Checks that sentinel errors are prefixed with the `Err` and error types are suffixed with the `Error`.
- ireturn # Accept Interfaces, Return Concrete Types
- mnd # An analyzer to detect magic numbers.
- nilnil # Checks that there is no simultaneous return of `nil` error and an invalid value.
- noctx # Finds sending http request without context.Context
- unparam # Reports unused function parameters
#
# Formatting only, useful in IDE but should not be forced on CI?
#
- gofumpt # Gofumpt checks whether code was gofumpt-ed.
- nlreturn # nlreturn checks for a new line before return and branch statements to increase code clarity
- whitespace # Whitespace is a linter that checks for unnecessary newlines at the start and end of functions, if, for, etc.
- wsl # add or remove empty lines
#
# Well intended, but not ready for this
#
- dupl # Tool for code clone detection
- forcetypeassert # finds forced type assertions
- godox # Tool for detection of FIXME, TODO and other comment keywords
- err113 # Go linter to check the errors handling expressions
- paralleltest # Detects missing usage of t.Parallel() method in your Go test
- testpackage # linter that makes you use a separate _test package
#
# Too strict / too many false positives (for now?)
#
- exhaustruct # Checks if all structure fields are initialized
- forbidigo # Forbids identifiers
- gochecknoglobals # Check that no global variables exist.
- goconst # Finds repeated strings that could be replaced by a constant
- tagliatelle # Checks the struct tags.
- varnamelen # checks that the length of a variable's name matches its scope
#
# Under evaluation
#
- prealloc # Finds slice declarations that could potentially be preallocated
issues:
# “Look, that’s why there’s rules, understand? So that you think before you
# break ‘em.” ― Terry Pratchett
exclude-dirs:
- pkg/time/rate
- pkg/metabase
exclude-files:
- pkg/yamlpatch/merge.go
- pkg/yamlpatch/merge_test.go
exclude-generated: strict
max-issues-per-linter: 0
max-same-issues: 0
exclude-rules:
# Won't fix:
# `err` is often shadowed, we may continue to do it
- linters:
- govet
text: "shadow: declaration of \"(err|ctx)\" shadows declaration"
- linters:
- errcheck
text: "Error return value of `.*` is not checked"
# Will fix, trivial - just beware of merge conflicts
- linters:
- perfsprint
text: "fmt.Sprintf can be replaced .*"
#
# Will fix, easy but some neurons required
#
- linters:
- errorlint
text: "non-wrapping format verb for fmt.Errorf. Use `%w` to format errors"
- linters:
- errorlint
text: "type assertion on error will fail on wrapped errors. Use errors.As to check for specific errors"
- linters:
- errorlint
text: "type switch on error will fail on wrapped errors. Use errors.As to check for specific errors"
- linters:
- nosprintfhostport
text: "host:port in url should be constructed with net.JoinHostPort and not directly with fmt.Sprintf"
# https://github.com/timakin/bodyclose
- linters:
- bodyclose
text: "response body must be closed"
# named/naked returns are evil, with a single exception
# https://go.dev/wiki/CodeReviewComments#named-result-parameters
- linters:
- nonamedreturns
text: "named return .* with type .* found"
- linters:
- revive
path: pkg/leakybucket/manager_load.go
text: "confusing-naming: Field '.*' differs only by capitalization to other field in the struct type BucketFactory"
- linters:
- revive
path: pkg/exprhelpers/helpers.go
text: "confusing-naming: Method 'flatten' differs only by capitalization to function 'Flatten' in the same source file"
- linters:
- revive
path: pkg/appsec/query_utils.go
text: "confusing-naming: Method 'parseQuery' differs only by capitalization to function 'ParseQuery' in the same source file"
- linters:
- revive
path: pkg/acquisition/modules/loki/internal/lokiclient/loki_client.go
text: "confusing-naming: Method 'QueryRange' differs only by capitalization to method 'queryRange' in the same source file"
- linters:
- revive
path: cmd/crowdsec-cli/copyfile.go
- linters:
- revive
path: pkg/hubtest/hubtest_item.go
text: "cyclomatic: .*RunWithLogFile"
# tolerate complex functions in tests for now
- linters:
- maintidx
path: "(.+)_test.go"
# tolerate long functions in tests
- linters:
- revive
path: "pkg/(.+)_test.go"
text: "function-length: .*"
# tolerate long lines in tests
- linters:
- revive
path: "pkg/(.+)_test.go"
text: "line-length-limit: .*"
# tolerate deep exit in tests, for now
- linters:
- revive
path: "pkg/(.+)_test.go"
text: "deep-exit: .*"
# we use t,ctx instead of ctx,t in tests
- linters:
- revive
path: "pkg/(.+)_test.go"
text: "context-as-argument: context.Context should be the first parameter of a function"
# tolerate deep exit in cobra's OnInitialize, for now
- linters:
- revive
path: "cmd/crowdsec-cli/main.go"
text: "deep-exit: .*"
- linters:
- revive
path: "cmd/crowdsec-cli/clihub/item_metrics.go"
text: "deep-exit: .*"
- linters:
- revive
path: "cmd/crowdsec-cli/idgen/password.go"
text: "deep-exit: .*"
- linters:
- revive
path: "pkg/leakybucket/overflows.go"
text: "deep-exit: .*"
- linters:
- revive
path: "cmd/crowdsec/crowdsec.go"
text: "deep-exit: .*"
- linters:
- revive
path: "cmd/crowdsec/api.go"
text: "deep-exit: .*"
- linters:
- revive
path: "cmd/crowdsec/win_service.go"
text: "deep-exit: .*"