rudder-server/.golangci.yml at master · rudderlabs/rudder-server · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
version: "2"
linters:
  enable:
    - bodyclose
    - decorder
    - depguard
    - forbidigo
    - gosec
    - makezero
    - misspell
    - nilerr
    - nilnil
    - rowserrcheck
    - unconvert
    - unparam
    - wastedassign
  settings:
    depguard:
      rules:
        main:
          files:
            - $all
            - '!**/uuid_test.go'
          deny:
            - pkg: github.com/gofrs/uuid
              desc: use github.com/google/uuid instead
            - pkg: golang.org/x/exp/slices
              desc: use "slices" instead
            - pkg: github.com/json-iterator/go
              desc: use "jsonrs" instead
            - pkg: github.com/rudderlabs/sonnet
              desc: use "jsonrs" instead
            - pkg: github.com/aws/aws-sdk-go$
              desc: use "aws-sdk-go-v2" instead
            - pkg: github.com/aws/aws-sdk-go/
              desc: use "aws-sdk-go-v2" instead
    forbidigo:
      forbid:
        - pattern: ^json\.Marshal.*$
          pkg: ^encoding/json$
          msg: use jsonrs.Marshal instead
        - pattern: ^json\.Unmarshal$
          pkg: ^encoding/json$
          msg: use jsonrs.UnMarshal instead
        - pattern: ^json\.NewDecoder.*$
          pkg: ^encoding/json$
          msg: use jsonrs.NewDecoder instead
        - pattern: ^json\.NewEncoder.*$
          pkg: ^encoding/json$
          msg: use jsonrs.NewEncoder instead
        # Rules for enforcing the go-kit non-sugared logger
        - pattern: Logger.Debug(f|w)?$
          pkg: ^github.com/rudderlabs/rudder-go-kit/logger$
          msg: use Logger.Debugn instead
        - pattern: Logger\.Info(f|w)?$
          pkg: ^github.com/rudderlabs/rudder-go-kit/logger$
          msg: use Logger.Infon instead
        - pattern: Logger.Warn(f|w)?$
          pkg: ^github.com/rudderlabs/rudder-go-kit/logger$
          msg: use Logger.Warnn instead
        - pattern: Logger.Error(f|w)?$
          pkg: ^github.com/rudderlabs/rudder-go-kit/logger$
          msg: use Logger.Errorn instead
        - pattern: Logger.Fatal(f|w)?$
          pkg: ^github.com/rudderlabs/rudder-go-kit/logger$
          msg: use Logger.Fataln instead
        - pattern: Logger.With$
          pkg: ^github.com/rudderlabs/rudder-go-kit/logger$
          msg: use Logger.Withn instead
        - pattern: NewField$
          pkg: ^github.com/rudderlabs/rudder-go-kit/logger$
          msg: use type specific counterpart e.g. NewStringField, NewIntField, etc...
        - pattern: NewErrorField$
          pkg: ^github.com/rudderlabs/rudder-go-kit/logger$
          msg: use rudder-observability-kit Error function
        # Rules for enforcing cenkalti/backoff/v5
        - pattern: ^backoff\..*$
          pkg: ^github.com/cenkalti/backoff$
          msg: use github.com/cenkalti/backoff/v5
        - pattern: ^backoff\..*$
          pkg: ^github.com/cenkalti/backoff/v[1-4]$
          msg: use github.com/cenkalti/backoff/v5
      analyze-types: true
    gosec:
      excludes:
        - G101  # Hardcoded credentials (6 findings)
        - G104  # Errors unhandled (6 findings)
        - G107  # HTTP request with variable URL (4 findings)
        - G110  # Decompression bomb (2 findings)
        - G115  # Integer overflow conversion (35 findings)
        - G201  # SQL string formatting (13 findings)
        - G202  # SQL string concatenation (3 findings)
        - G204  # Subprocess with variable (3 findings)
        - G301  # Directory permissions >0750 (21 findings)
        - G302  # File permissions >0600 (10 findings)
        - G304  # File inclusion via variable (68 findings)
        - G305  # Zip traversal (1 finding)
        - G306  # WriteFile permissions >0600 (1 finding)
        - G401  # Weak crypto primitive (2 findings)
        - G402  # TLS InsecureSkipVerify (2 findings)
        - G404  # Weak PRNG math/rand (8 findings)
        - G501  # Blocklisted import crypto/md5 (2 findings)
        - G602  # Slice index out of range (2 findings)
  exclusions:
    generated: lax
    presets:
      - comments
      - common-false-positives
      - legacy
      - std-error-handling
    rules:
      - linters:
          - bodyclose
        path: gateway/webhook/webhook_test.go
      - linters:
          - bodyclose
        path: processor/transformer/transformer.go
      - linters:
          - bodyclose
        path: gateway/gateway_test.go
      - linters:
          - bodyclose
        path: cmd/rudder-cli/status/status.go
    paths:
      - third_party$
      - builtin$
      - examples$
issues:
  max-issues-per-linter: 50
  max-same-issues: 10
  new: false
formatters:
  exclusions:
    generated: lax
    paths:
      - third_party$
      - builtin$
      - examples$