# MCIAS golangci-lint configuration # This is a strict configuration focused on security and code quality # # Usage: # - Run all linters: golangci-lint run # - Run specific linter: golangci-lint run --disable-all --enable=gosec # - Run with specific configuration: golangci-lint run -c .golangci.yml # # This configuration enables a comprehensive set of linters to ensure: # 1. Security best practices (gosec, errcheck, etc.) # 2. Code quality and maintainability (gofmt, goimports, etc.) # 3. Performance considerations (prealloc, etc.) # 4. Error handling correctness (errcheck, errorlint, etc.) # # For more information about golangci-lint, visit: https://golangci-lint.run/ run: # Timeout for running linters, default is 1m timeout: 5m # Include test files tests: true # Go version to use for analysis go: "1.22" # Output configuration output: # Format: colored-line-number|line-number|json|tab|checkstyle|code-climate|junit-xml|github-actions formats: - format: colored-line-number # Print lines of code with issue print-issued-lines: true # Print linter name in the end of issue text print-linter-name: true # All available linters linters: enable-all: false disable-all: true enable: # Default linters - errcheck # Detect unchecked errors - gosimple # Simplify code - govet # Examine Go source code and reports suspicious constructs - ineffassign # Detect ineffectual assignments - staticcheck # Go static analysis - typecheck # Like the front-end of a Go compiler - unused # Check for unused constants, variables, functions and types # Additional linters for security and code quality - asciicheck # Check that your code does not contain non-ASCII identifiers - bodyclose # Checks whether HTTP response body is closed successfully - cyclop # Check function and package cyclomatic complexity - dupl # Code clone detection - durationcheck # Check for two durations multiplied together - errorlint # Find code that will cause problems with the error wrapping scheme - exhaustive # Check exhaustiveness of enum switch statements - copyloopvar # Check for pointers to enclosing loop variables (replaces exportloopref) - forbidigo # Forbids identifiers - funlen # Tool for detection of long functions - goconst # Find repeated strings that could be replaced by a constant - gocritic # Provides diagnostics that check for bugs, performance and style issues - gocyclo # Calculate cyclomatic complexities of functions - godot # Check if comments end in a period - gofmt # Check whether code was gofmt-ed - goimports # Check imports are formatted according to goimports - mnd # Detect magic numbers (replaces gomnd) - gosec # Inspects source code for security problems - misspell # Find commonly misspelled English words - nakedret # Find naked returns - nestif # Reports deeply nested if statements - noctx # Find sending HTTP request without context.Context - nolintlint # Reports ill-formed or insufficient nolint directives - prealloc # Find slice declarations that could potentially be preallocated - predeclared # Find code that shadows predeclared identifiers - revive # Fast, configurable, extensible, flexible, and beautiful linter for Go - sqlclosecheck # Checks that sql.Rows and sql.Stmt are closed - stylecheck # Stylecheck is a replacement for golint - thelper # Detect golang test helpers without t.Helper() call - tparallel # Detects inappropriate usage of t.Parallel() - unconvert # Remove unnecessary type conversions - unparam # Find unused function parameters - wastedassign # Find wasted assignment statements - whitespace # Tool for detection of leading and trailing whitespace # Linter settings linters-settings: errcheck: # Report about not checking of errors in type assertions: `a := b.(MyStruct)`. check-type-assertions: true # Report about assignment of errors to blank identifier: `num, _ := strconv.Atoi(numStr)`. check-blank: true funlen: # Checks the number of lines in a function. lines: 100 # Checks the number of statements in a function. statements: 50 gocyclo: # Minimal code complexity to report. min-complexity: 15 cyclop: # The maximal code complexity to report. max-complexity: 15 # The maximal average package complexity. package-average: 10.0 mnd: # List of enabled checks, see https://github.com/tommy-muehle/go-mnd/#checks for description. checks: - argument - case - condition - operation - return - assign forbidigo: # Forbid the following identifiers forbid: - ^print$ - ^println$ # Exclude godoc examples from forbidigo checks exclude_godoc_examples: true govet: # Enable all analyzers. enable-all: true # Disable specific analyzers. disable: - fieldalignment # Too strict for now # Settings per analyzer. settings: shadow: # Whether to be strict about shadowing; can be noisy. strict: true revive: # Maximum number of open files at the same time. max-open-files: 2048 # Minimal confidence for issues, default is 0.8. confidence: 0.8 # Enable all available rules. enable-all-rules: true # Disabled rules. rules: - name: line-length-limit disabled: true staticcheck: # https://staticcheck.io/docs/options#checks checks: ["all"] stylecheck: # https://staticcheck.io/docs/options#checks checks: ["all"] gosec: # To select a subset of rules to run. # Available rules: https://github.com/securego/gosec#available-rules includes: - G101 # Look for hard coded credentials - G102 # Bind to all interfaces - G103 # Audit the use of unsafe block - G104 # Audit errors not checked - G106 # Audit the use of ssh.InsecureIgnoreHostKey - G107 # Url provided to HTTP request as taint input - G108 # Profiling endpoint automatically exposed - G109 # Potential Integer overflow made by strconv.Atoi result conversion to int16/32 - G110 # Potential DoS vulnerability via decompression bomb - G111 # Potential directory traversal - G112 # Potential slowloris attack - G113 # Usage of Rat.SetString in math/big - G114 # Use of net/http serve function that has no support for setting timeouts - G201 # SQL query construction using format string - G202 # SQL query construction using string concatenation - G203 # Use of unescaped data in HTML templates - G204 # Audit use of command execution - G301 # Poor file permissions used when creating a directory - G302 # Poor file permissions used when creation of file - G303 # Creating tempfile using a predictable path - G304 # File path provided as taint input - G305 # File traversal when extracting zip/tar archive - G306 # Poor file permissions used when writing to a file - G307 # Deferring a method which returns an error - G401 # Detect the usage of weak crypto algorithms - G402 # Look for bad TLS connection settings - G403 # Ensure minimum RSA key length of 2048 bits - G404 # Insecure random number source (rand) - G501 # Import blocklist: crypto/md5 - G502 # Import blocklist: crypto/des - G503 # Import blocklist: crypto/rc4 - G504 # Import blocklist: net/http/cgi - G505 # Import blocklist: crypto/sha1 - G601 # Implicit memory aliasing of items from a range statement - G602 # Slice access out of bounds # Issues configuration issues: # Maximum count of issues with the same text. max-same-issues: 3 # Maximum issues count per one linter. max-issues-per-linter: 50 # Fix found issues (if it's supported by the linter). fix: false # Exclude some directories from linting exclude-dirs: - vendor # Exclude some files from linting exclude-files: - ".*\\.pb\\.go$" - ".*\\.gen\\.go$" # Exclude specific linting rules for specific files exclude-rules: # Exclude some linters from running on tests files. - path: _test\.go linters: - gocyclo - errcheck - dupl - gosec - funlen - thelper # Many test helpers don't need t.Helper() - noctx # Context is often not needed in tests - cyclop # Test functions can be more complex - nestif # Test functions often have nested if statements