forked from crowdsecurity/crowdsec
-
Notifications
You must be signed in to change notification settings - Fork 0
/
.golangci.yml
524 lines (457 loc) · 19.9 KB
/
.golangci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
# https://github.com/golangci/golangci-lint/blob/master/.golangci.reference.yml
linters-settings:
gci:
sections:
- standard
- default
- prefix(github.com/crowdsecurity)
- prefix(github.com/crowdsecurity/crowdsec)
gomoddirectives:
replace-allow-list:
- golang.org/x/time/rate
govet:
enable-all: true
disable:
- reflectvaluecompare
- fieldalignment
maintidx:
# raise this after refactoring
under: 16
misspell:
locale: US
nestif:
# lower this after refactoring
min-complexity: 16
nlreturn:
block-size: 5
nolintlint:
allow-unused: false # report any unused nolint directives
require-explanation: false # don't require an explanation for nolint directives
require-specific: false # don't require nolint directives to be specific about which linter is being skipped
interfacebloat:
max: 12
depguard:
rules:
wrap:
deny:
- pkg: "github.com/pkg/errors"
desc: "errors.Wrap() is deprecated in favor of fmt.Errorf()"
files:
- "!**/pkg/database/*.go"
yaml:
files:
- "!**/pkg/acquisition/acquisition.go"
- "!**/pkg/acquisition/acquisition_test.go"
- "!**/pkg/acquisition/modules/appsec/appsec.go"
- "!**/pkg/acquisition/modules/cloudwatch/cloudwatch.go"
- "!**/pkg/acquisition/modules/docker/docker.go"
- "!**/pkg/acquisition/modules/file/file.go"
- "!**/pkg/acquisition/modules/journalctl/journalctl.go"
- "!**/pkg/acquisition/modules/kafka/kafka.go"
- "!**/pkg/acquisition/modules/kinesis/kinesis.go"
- "!**/pkg/acquisition/modules/kubernetesaudit/k8s_audit.go"
- "!**/pkg/acquisition/modules/loki/loki.go"
- "!**/pkg/acquisition/modules/loki/timestamp_test.go"
- "!**/pkg/acquisition/modules/s3/s3.go"
- "!**/pkg/acquisition/modules/syslog/syslog.go"
- "!**/pkg/acquisition/modules/wineventlog/wineventlog_windows.go"
- "!**/pkg/appsec/appsec.go"
- "!**/pkg/appsec/loader.go"
- "!**/pkg/csplugin/broker.go"
- "!**/pkg/leakybucket/buckets_test.go"
- "!**/pkg/leakybucket/manager_load.go"
- "!**/pkg/parser/node.go"
- "!**/pkg/parser/node_test.go"
- "!**/pkg/parser/parsing_test.go"
- "!**/pkg/parser/stage.go"
deny:
- pkg: "gopkg.in/yaml.v2"
desc: "yaml.v2 is deprecated for new code in favor of yaml.v3"
stylecheck:
checks:
- all
- -ST1003 # should not use underscores in Go names; ...
- -ST1005 # error strings should not be capitalized
- -ST1012 # error var ... should have name of the form ErrFoo
- -ST1016 # methods on the same type should have the same receiver name
- -ST1022 # comment on exported var ... should be of the form ...
revive:
ignore-generated-header: true
severity: error
enable-all-rules: true
rules:
- name: add-constant
disabled: true
- name: cognitive-complexity
# lower this after refactoring
arguments: [119]
- name: comment-spacings
disabled: true
- name: confusing-results
disabled: true
- name: cyclomatic
# lower this after refactoring
arguments: [39]
- name: defer
disabled: true
- name: empty-block
disabled: true
- name: empty-lines
disabled: true
- name: error-naming
disabled: true
- name: flag-parameter
disabled: true
- name: function-result-limit
arguments: [6]
- name: function-length
# lower this after refactoring
arguments: [110, 235]
- name: get-return
disabled: true
- name: increment-decrement
disabled: true
- name: import-alias-naming
disabled: true
- name: import-shadowing
disabled: true
- name: line-length-limit
# lower this after refactoring
arguments: [221]
- name: max-control-nesting
# lower this after refactoring
arguments: [7]
- name: max-public-structs
disabled: true
- name: optimize-operands-order
disabled: true
- name: nested-structs
disabled: true
- name: package-comments
disabled: true
- name: struct-tag
disabled: true
- name: redundant-import-alias
disabled: true
- name: time-equal
disabled: true
- name: var-naming
disabled: true
- name: unchecked-type-assertion
disabled: true
- name: exported
disabled: true
- name: unexported-naming
disabled: true
- name: unexported-return
disabled: true
- name: unhandled-error
disabled: true
arguments:
- "fmt.Print"
- "fmt.Printf"
- "fmt.Println"
- name: unnecessary-stmt
disabled: true
- name: unused-parameter
disabled: true
- name: unused-receiver
disabled: true
- name: use-any
disabled: true
- name: useless-break
disabled: true
wsl:
# Allow blocks to end with comments
allow-trailing-comment: true
gocritic:
enable-all: true
disabled-checks:
- typeDefFirst
- paramTypeCombine
- httpNoBody
- ifElseChain
- importShadow
- hugeParam
- rangeValCopy
- commentedOutCode
- commentedOutImport
- unnamedResult
- sloppyReassign
- appendCombine
- captLocal
- typeUnparen
- commentFormatting
- deferInLoop #
- sprintfQuotedString #
- whyNoLint
- equalFold #
- unnecessaryBlock #
- ptrToRefParam #
- stringXbytes #
- appendAssign #
- tooManyResultsChecker
- unnecessaryDefer
- docStub
- preferFprint
linters:
enable-all: true
disable:
#
# DEPRECATED by golangi-lint
#
- execinquery
- exportloopref
#
# Redundant
#
- gocyclo # revive
- cyclop # revive
- lll # revive
- funlen # revive
- gocognit # revive
# Disabled atm
- intrange # intrange is a linter to find places where for loops could make use of an integer range.
#
# Enabled
#
# - asasalint # check for pass []any as any in variadic func(...any)
# - asciicheck # checks that all code identifiers does not have non-ASCII symbols in the name
# - bidichk # Checks for dangerous unicode character sequences
# - bodyclose # checks whether HTTP response body is closed successfully
# - copyloopvar # copyloopvar is a linter detects places where loop variables are copied
# - decorder # check declaration order and count of types, constants, variables and functions
# - depguard # Go linter that checks if package imports are in a list of acceptable packages
# - dupword # checks for duplicate words in the source code
# - durationcheck # check for two durations multiplied together
# - errcheck # errcheck is a program for checking for unchecked errors in Go code. These unchecked errors can be critical bugs in some cases
# - errorlint # errorlint is a linter for that can be used to find code that will cause problems with the error wrapping scheme introduced in Go 1.13.
# - ginkgolinter # enforces standards of using ginkgo and gomega
# - gocheckcompilerdirectives # Checks that go compiler directive comments (//go:) are valid.
# - gochecknoinits # Checks that no init functions are present in Go code
# - gochecksumtype # Run exhaustiveness checks on Go "sum types"
# - gocritic # Provides diagnostics that check for bugs, performance and style issues.
# - goheader # Checks is file header matches to pattern
# - gomoddirectives # Manage the use of 'replace', 'retract', and 'excludes' directives in go.mod.
# - gomodguard # Allow and block list linter for direct Go module dependencies. This is different from depguard where there are different block types for example version constraints and module recommendations.
# - goprintffuncname # Checks that printf-like functions are named with `f` at the end
# - gosimple # (megacheck): Linter for Go source code that specializes in simplifying code
# - gosmopolitan # Report certain i18n/l10n anti-patterns in your Go codebase
# - govet # (vet, vetshadow): Vet examines Go source code and reports suspicious constructs. It is roughly the same as 'go vet' and uses its passes.
# - grouper # Analyze expression groups.
# - importas # Enforces consistent import aliases
# - ineffassign # Detects when assignments to existing variables are not used
# - interfacebloat # A linter that checks the number of methods inside an interface.
# - loggercheck # (logrlint): Checks key value pairs for common logger libraries (kitlog,klog,logr,zap).
# - logrlint # Check logr arguments.
# - maintidx # maintidx measures the maintainability index of each function.
# - makezero # Finds slice declarations with non-zero initial length
# - mirror # reports wrong mirror patterns of bytes/strings usage
# - misspell # Finds commonly misspelled English words
# - nakedret # Checks that functions with naked returns are not longer than a maximum size (can be zero).
# - nestif # Reports deeply nested if statements
# - nilerr # Finds the code that returns nil even if it checks that the error is not nil.
# - nolintlint # Reports ill-formed or insufficient nolint directives
# - nonamedreturns # Reports all named returns
# - nosprintfhostport # Checks for misuse of Sprintf to construct a host with port in a URL.
# - perfsprint # Checks that fmt.Sprintf can be replaced with a faster alternative.
# - predeclared # find code that shadows one of Go's predeclared identifiers
# - reassign # Checks that package variables are not reassigned
# - revive # Fast, configurable, extensible, flexible, and beautiful linter for Go. Drop-in replacement of golint.
# - rowserrcheck # checks whether Rows.Err of rows is checked successfully
# - sloglint # ensure consistent code style when using log/slog
# - spancheck # Checks for mistakes with OpenTelemetry/Census spans.
# - sqlclosecheck # Checks that sql.Rows, sql.Stmt, sqlx.NamedStmt, pgx.Query are closed.
# - staticcheck # (megacheck): It's a set of rules from staticcheck. It's not the same thing as the staticcheck binary. The author of staticcheck doesn't support or approve the use of staticcheck as a library inside golangci-lint.
# - stylecheck # Stylecheck is a replacement for golint
# - tenv # tenv is analyzer that detects using os.Setenv instead of t.Setenv since Go1.17
# - testableexamples # linter checks if examples are testable (have an expected output)
# - testifylint # Checks usage of github.com/stretchr/testify.
# - tparallel # tparallel detects inappropriate usage of t.Parallel() method in your Go test codes
# - unconvert # Remove unnecessary type conversions
# - unused # (megacheck): Checks Go code for unused constants, variables, functions and types
# - usestdlibvars # A linter that detect the possibility to use variables/constants from the Go standard library.
# - wastedassign # Finds wasted assignment statements
# - zerologlint # Detects the wrong usage of `zerolog` that a user forgets to dispatch with `Send` or `Msg`
#
# Recommended? (easy)
#
- dogsled # Checks assignments with too many blank identifiers (e.g. x, _, _, _, := f())
- errchkjson # Checks types passed to the json encoding functions. Reports unsupported types and reports occasions, where the check for the returned error can be omitted.
- exhaustive # check exhaustiveness of enum switch statements
- gci # Gci control golang package import order and make it always deterministic.
- godot # Check if comments end in a period
- gofmt # Gofmt checks whether code was gofmt-ed. By default this tool runs with -s option to check for code simplification
- goimports # Check import statements are formatted according to the 'goimport' command. Reformat imports in autofix mode.
- gosec # (gas): Inspects source code for security problems
- inamedparam # reports interfaces with unnamed method parameters
- musttag # enforce field tags in (un)marshaled structs
- promlinter # Check Prometheus metrics naming via promlint
- protogetter # Reports direct reads from proto message fields when getters should be used
- tagalign # check that struct tags are well aligned
- thelper # thelper detects tests helpers which is not start with t.Helper() method.
- wrapcheck # Checks that errors returned from external packages are wrapped
#
# Recommended? (requires some work)
#
- containedctx # containedctx is a linter that detects struct contained context.Context field
- contextcheck # check whether the function uses a non-inherited context
- errname # Checks that sentinel errors are prefixed with the `Err` and error types are suffixed with the `Error`.
- gomnd # An analyzer to detect magic numbers.
- ireturn # Accept Interfaces, Return Concrete Types
- mnd # An analyzer to detect magic numbers.
- nilnil # Checks that there is no simultaneous return of `nil` error and an invalid value.
- noctx # Finds sending http request without context.Context
- unparam # Reports unused function parameters
#
# Formatting only, useful in IDE but should not be forced on CI?
#
- gofumpt # Gofumpt checks whether code was gofumpt-ed.
- nlreturn # nlreturn checks for a new line before return and branch statements to increase code clarity
- whitespace # Whitespace is a linter that checks for unnecessary newlines at the start and end of functions, if, for, etc.
- wsl # add or remove empty lines
#
# Well intended, but not ready for this
#
- dupl # Tool for code clone detection
- forcetypeassert # finds forced type assertions
- godox # Tool for detection of FIXME, TODO and other comment keywords
- err113 # Go linter to check the errors handling expressions
- paralleltest # Detects missing usage of t.Parallel() method in your Go test
- testpackage # linter that makes you use a separate _test package
#
# Too strict / too many false positives (for now?)
#
- exhaustruct # Checks if all structure fields are initialized
- forbidigo # Forbids identifiers
- gochecknoglobals # Check that no global variables exist.
- goconst # Finds repeated strings that could be replaced by a constant
- tagliatelle # Checks the struct tags.
- varnamelen # checks that the length of a variable's name matches its scope
#
# Under evaluation
#
- prealloc # Finds slice declarations that could potentially be preallocated
issues:
# “Look, that’s why there’s rules, understand? So that you think before you
# break ‘em.” ― Terry Pratchett
exclude-dirs:
- pkg/time/rate
- pkg/metabase
exclude-files:
- pkg/yamlpatch/merge.go
- pkg/yamlpatch/merge_test.go
exclude-generated: strict
max-issues-per-linter: 0
max-same-issues: 0
exclude-rules:
# Won't fix:
# `err` is often shadowed, we may continue to do it
- linters:
- govet
text: "shadow: declaration of \"err\" shadows declaration"
- linters:
- errcheck
text: "Error return value of `.*` is not checked"
# Will fix, trivial - just beware of merge conflicts
- linters:
- perfsprint
text: "fmt.Sprintf can be replaced .*"
#
# Will fix, easy but some neurons required
#
- linters:
- errorlint
text: "non-wrapping format verb for fmt.Errorf. Use `%w` to format errors"
- linters:
- errorlint
text: "type assertion on error will fail on wrapped errors. Use errors.As to check for specific errors"
- linters:
- errorlint
text: "type switch on error will fail on wrapped errors. Use errors.As to check for specific errors"
- linters:
- errorlint
text: "comparing with .* will fail on wrapped errors. Use errors.Is to check for a specific error"
- linters:
- nosprintfhostport
text: "host:port in url should be constructed with net.JoinHostPort and not directly with fmt.Sprintf"
# https://github.com/timakin/bodyclose
- linters:
- bodyclose
text: "response body must be closed"
# named/naked returns are evil, with a single exception
# https://go.dev/wiki/CodeReviewComments#named-result-parameters
- linters:
- nonamedreturns
text: "named return .* with type .* found"
- linters:
- revive
path: pkg/leakybucket/manager_load.go
text: "confusing-naming: Field '.*' differs only by capitalization to other field in the struct type BucketFactory"
- linters:
- revive
path: pkg/exprhelpers/helpers.go
text: "confusing-naming: Method 'flatten' differs only by capitalization to function 'Flatten' in the same source file"
- linters:
- revive
path: pkg/appsec/query_utils.go
text: "confusing-naming: Method 'parseQuery' differs only by capitalization to function 'ParseQuery' in the same source file"
- linters:
- revive
path: pkg/acquisition/modules/loki/internal/lokiclient/loki_client.go
text: "confusing-naming: Method 'QueryRange' differs only by capitalization to method 'queryRange' in the same source file"
- linters:
- revive
path: cmd/crowdsec-cli/copyfile.go
- linters:
- revive
path: pkg/hubtest/hubtest_item.go
text: "cyclomatic: .*RunWithLogFile"
# tolerate complex functions in tests for now
- linters:
- maintidx
path: "(.+)_test.go"
# tolerate long functions in tests
- linters:
- revive
path: "pkg/(.+)_test.go"
text: "function-length: .*"
# tolerate long lines in tests
- linters:
- revive
path: "pkg/(.+)_test.go"
text: "line-length-limit: .*"
# tolerate deep exit in tests, for now
- linters:
- revive
path: "pkg/(.+)_test.go"
text: "deep-exit: .*"
# tolerate deep exit in cobra's OnInitialize, for now
- linters:
- revive
path: "cmd/crowdsec-cli/main.go"
text: "deep-exit: .*"
- linters:
- revive
path: "cmd/crowdsec-cli/clihub/item_metrics.go"
text: "deep-exit: .*"
- linters:
- revive
path: "cmd/crowdsec-cli/idgen/password.go"
text: "deep-exit: .*"
- linters:
- revive
path: "pkg/leakybucket/overflows.go"
text: "deep-exit: .*"
- linters:
- revive
path: "cmd/crowdsec/crowdsec.go"
text: "deep-exit: .*"
- linters:
- revive
path: "cmd/crowdsec/api.go"
text: "deep-exit: .*"
- linters:
- revive
path: "cmd/crowdsec/win_service.go"
text: "deep-exit: .*"