Junie: write golangci-lint config.

.golangci.yml

@@ -0,0 +1,233 @@
+# MCIAS golangci-lint configuration
+# This is a strict configuration focused on security and code quality
+#
+# Usage:
+#   - Run all linters: golangci-lint run
+#   - Run specific linter: golangci-lint run --disable-all --enable=gosec
+#   - Run with specific configuration: golangci-lint run -c .golangci.yml
+#
+# This configuration enables a comprehensive set of linters to ensure:
+#   1. Security best practices (gosec, errcheck, etc.)
+#   2. Code quality and maintainability (gofmt, goimports, etc.)
+#   3. Performance considerations (prealloc, etc.)
+#   4. Error handling correctness (errcheck, errorlint, etc.)
+#
+# For more information about golangci-lint, visit: https://golangci-lint.run/
+
+run:
+  # Timeout for running linters, default is 1m
+  timeout: 5m
+  # Include test files
+  tests: true
+  # Go version to use for analysis
+  go: "1.18"
+
+# Output configuration
+output:
+  # Format: colored-line-number|line-number|json|tab|checkstyle|code-climate|junit-xml|github-actions
+  formats:
+    - format: colored-line-number
+  # Print lines of code with issue
+  print-issued-lines: true
+  # Print linter name in the end of issue text
+  print-linter-name: true
+
+# All available linters
+linters:
+  enable-all: false
+  disable-all: true
+  enable:
+    # Default linters
+    - errcheck      # Detect unchecked errors
+    - gosimple      # Simplify code
+    - govet         # Examine Go source code and reports suspicious constructs
+    - ineffassign   # Detect ineffectual assignments
+    - staticcheck   # Go static analysis
+    - typecheck     # Like the front-end of a Go compiler
+    - unused        # Check for unused constants, variables, functions and types
+
+    # Additional linters for security and code quality
+    - asciicheck    # Check that your code does not contain non-ASCII identifiers
+    - bodyclose     # Checks whether HTTP response body is closed successfully
+    - cyclop        # Check function and package cyclomatic complexity
+    - dupl          # Code clone detection
+    - durationcheck # Check for two durations multiplied together
+    - errorlint     # Find code that will cause problems with the error wrapping scheme
+    - exhaustive    # Check exhaustiveness of enum switch statements
+    - copyloopvar   # Check for pointers to enclosing loop variables (replaces exportloopref)
+    - forbidigo     # Forbids identifiers
+    - funlen        # Tool for detection of long functions
+    - gochecknoinits # Check that no init functions are present
+    - goconst       # Find repeated strings that could be replaced by a constant
+    - gocritic      # Provides diagnostics that check for bugs, performance and style issues
+    - gocyclo       # Calculate cyclomatic complexities of functions
+    - godot         # Check if comments end in a period
+    - gofmt         # Check whether code was gofmt-ed
+    - goimports     # Check imports are formatted according to goimports
+    - mnd           # Detect magic numbers (replaces gomnd)
+    - gosec         # Inspects source code for security problems
+    - misspell      # Find commonly misspelled English words
+    - nakedret      # Find naked returns
+    - nestif        # Reports deeply nested if statements
+    - noctx         # Find sending HTTP request without context.Context
+    - nolintlint    # Reports ill-formed or insufficient nolint directives
+    - prealloc      # Find slice declarations that could potentially be preallocated
+    - predeclared   # Find code that shadows predeclared identifiers
+    - revive        # Fast, configurable, extensible, flexible, and beautiful linter for Go
+    - sqlclosecheck # Checks that sql.Rows and sql.Stmt are closed
+    - stylecheck    # Stylecheck is a replacement for golint
+    - thelper       # Detect golang test helpers without t.Helper() call
+    - tparallel     # Detects inappropriate usage of t.Parallel()
+    - unconvert     # Remove unnecessary type conversions
+    - unparam       # Find unused function parameters
+    - wastedassign  # Find wasted assignment statements
+    - whitespace    # Tool for detection of leading and trailing whitespace
+
+# Linter settings
+linters-settings:
+  errcheck:
+    # Report about not checking of errors in type assertions: `a := b.(MyStruct)`.
+    check-type-assertions: true
+    # Report about assignment of errors to blank identifier: `num, _ := strconv.Atoi(numStr)`.
+    check-blank: true
+
+  funlen:
+    # Checks the number of lines in a function.
+    lines: 100
+    # Checks the number of statements in a function.
+    statements: 50
+
+  gocyclo:
+    # Minimal code complexity to report.
+    min-complexity: 15
+
+  cyclop:
+    # The maximal code complexity to report.
+    max-complexity: 15
+    # The maximal average package complexity.
+    package-average: 10.0
+
+  mnd:
+    # List of enabled checks, see https://github.com/tommy-muehle/go-mnd/#checks for description.
+    checks:
+      - argument
+      - case
+      - condition
+      - operation
+      - return
+      - assign
+
+  forbidigo:
+    # Forbid the following identifiers
+    forbid:
+      - ^print$
+      - ^println$
+    # Exclude godoc examples from forbidigo checks
+    exclude_godoc_examples: true
+
+  govet:
+    # Enable all analyzers.
+    enable-all: true
+    # Disable specific analyzers.
+    disable:
+      - fieldalignment # Too strict for now
+    # Settings per analyzer.
+    settings:
+      shadow:
+        # Whether to be strict about shadowing; can be noisy.
+        strict: true
+
+  revive:
+    # Maximum number of open files at the same time.
+    max-open-files: 2048
+    # Minimal confidence for issues, default is 0.8.
+    confidence: 0.8
+    # Enable all available rules.
+    enable-all-rules: true
+    # Disabled rules.
+    rules:
+      - name: line-length-limit
+        disabled: true
+
+  staticcheck:
+    # https://staticcheck.io/docs/options#checks
+    checks: ["all"]
+
+  stylecheck:
+    # https://staticcheck.io/docs/options#checks
+    checks: ["all"]
+
+  gosec:
+    # To select a subset of rules to run.
+    # Available rules: https://github.com/securego/gosec#available-rules
+    includes:
+      - G101 # Look for hard coded credentials
+      - G102 # Bind to all interfaces
+      - G103 # Audit the use of unsafe block
+      - G104 # Audit errors not checked
+      - G106 # Audit the use of ssh.InsecureIgnoreHostKey
+      - G107 # Url provided to HTTP request as taint input
+      - G108 # Profiling endpoint automatically exposed
+      - G109 # Potential Integer overflow made by strconv.Atoi result conversion to int16/32
+      - G110 # Potential DoS vulnerability via decompression bomb
+      - G111 # Potential directory traversal
+      - G112 # Potential slowloris attack
+      - G113 # Usage of Rat.SetString in math/big
+      - G114 # Use of net/http serve function that has no support for setting timeouts
+      - G201 # SQL query construction using format string
+      - G202 # SQL query construction using string concatenation
+      - G203 # Use of unescaped data in HTML templates
+      - G204 # Audit use of command execution
+      - G301 # Poor file permissions used when creating a directory
+      - G302 # Poor file permissions used when creation of file
+      - G303 # Creating tempfile using a predictable path
+      - G304 # File path provided as taint input
+      - G305 # File traversal when extracting zip/tar archive
+      - G306 # Poor file permissions used when writing to a file
+      - G307 # Deferring a method which returns an error
+      - G401 # Detect the usage of weak crypto algorithms
+      - G402 # Look for bad TLS connection settings
+      - G403 # Ensure minimum RSA key length of 2048 bits
+      - G404 # Insecure random number source (rand)
+      - G501 # Import blocklist: crypto/md5
+      - G502 # Import blocklist: crypto/des
+      - G503 # Import blocklist: crypto/rc4
+      - G504 # Import blocklist: net/http/cgi
+      - G505 # Import blocklist: crypto/sha1
+      - G601 # Implicit memory aliasing of items from a range statement
+      - G602 # Slice access out of bounds
+
+# Issues configuration
+issues:
+  # Maximum count of issues with the same text.
+  max-same-issues: 3
+
+  # Maximum issues count per one linter.
+  max-issues-per-linter: 50
+
+  # Fix found issues (if it's supported by the linter).
+  fix: false
+
+  # Exclude some directories from linting
+  exclude-dirs:
+    - vendor
+
+  # Exclude some files from linting
+  exclude-files:
+    - ".*\\.pb\\.go$"
+    - ".*\\.gen\\.go$"
+
+  # Exclude specific linting rules for specific files
+  exclude-rules:
+    # Exclude some linters from running on tests files.
+    - path: _test\.go
+      linters:
+        - gocyclo
+        - errcheck
+        - dupl
+        - gosec
+        - funlen
+        - thelper       # Many test helpers don't need t.Helper()
+        - noctx         # Context is often not needed in tests
+        - cyclop        # Test functions can be more complex
+        - nestif        # Test functions often have nested if statements

README.org

@@ -118,5 +118,13 @@
 
   - Run tests: =go test ./...=
   - Run linter: =golangci-lint run=
+  - Run specific linter: =golangci-lint run --disable-all --enable=gosec=
+
+  The project uses a strict golangci-lint configuration defined in =.golangci.yml=.
+  This configuration includes a comprehensive set of linters focused on:
+  - Security best practices
+  - Code quality and maintainability
+  - Performance considerations
+  - Error handling correctness
 
   See the [[file:docs/installation.org][Installation and Usage Guide]] for more details.