torjus/oubliette
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
This repository has been archived on 2026-03-09. You can view files and clone it. You cannot open issues or pull requests or push a commit.
Files
9aecc7ce02101443aaa16a49770438c3871584e0
oubliette/.golangci.yml
Torjus Håkestad d4380c0aea chore: add golangci-lint config and fix all lint issues 
Enable 15 additional linters (gosec, errorlint, gocritic, modernize,
misspell, bodyclose, sqlclosecheck, nilerr, unconvert, durationcheck,
sloglint, wastedassign, usestdlibvars) with sensible exclusion rules.

Fix all findings: errors.Is for error comparisons, run() pattern in
main to avoid exitAfterDefer, ReadHeaderTimeout for Slowloris
protection, bounds check in escape sequence reader, WaitGroup.Go,
slices.Contains, range-over-int loops, and http.MethodGet constants.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-14 21:43:49 +01:00

80 lines
2.1 KiB
YAML
Raw Blame History

version: "2"
linters:
enable:
# Bug detectors.
- bodyclose
- durationcheck
- errorlint
- gocritic
- nilerr
- sqlclosecheck
# Security.
- gosec
# Style and modernization.
- misspell
- modernize
- unconvert
- usestdlibvars
# Logging.
- sloglint
# Dead code.
- wastedassign
settings:
errcheck:
exclude-functions:
# Terminal I/O writes (honeypot shell output).
- fmt.Fprint
- fmt.Fprintf
# Low-level byte I/O in shell readLine (escape sequences, echo).
- (io.ReadWriter).Read
- (io.ReadWriter).Write
- (io.ReadWriteCloser).Read
- (io.ReadWriteCloser).Write
- (io.Reader).Read
- (io.Writer).Write
gosec:
excludes:
# File reads from config paths — expected in a CLI tool.
- G304
# Weak RNG for shell selection — crypto/rand not needed.
- G404
exclusions:
rules:
# Ignore unchecked Close() — standard resource cleanup.
- linters: [errcheck]
text: "Error return value of .+\\.Close.+ is not checked"
# Ignore unchecked Rollback() — called in error paths before returning.
- linters: [errcheck]
text: "Error return value of .+\\.Rollback.+ is not checked"
# Ignore unchecked Reply/Reject — SSH protocol; nothing useful on failure.
- linters: [errcheck]
text: "Error return value of .+\\.(Reply|Reject).+ is not checked"
# Test files: allow unchecked errors.
- linters: [errcheck]
path: "_test\\.go"
# Test files: InsecureIgnoreHostKey, file permissions, unhandled errors are expected.
- linters: [gosec]
path: "_test\\.go"
# Unhandled errors for cleanup/protocol ops — mirrors errcheck exclusions.
- linters: [gosec]
text: "G104"
source: "\\.(Close|Rollback|Reject|Reply|Read|Write)\\("
# SQL with safe column interpolation from a fixed switch — not user input.
- linters: [gosec]
text: "G201"
path: "internal/storage/"
Reference in New Issue View Git Blame Copy Permalink