empayre/fleet
14
0
Fork 0
mirror of https://github.com/empayre/fleet.git synced 2024-11-06 17:05:18 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
3ce1b7c552
fleet/.golangci.yml
Guillaume Ross 1884726f55
Adding gosec linter (#4437) 
* Adding gosec linter

Adding gosec (Static application security testing) linter.

* Testing gosec exclusion in golangci-lint

G110 is being triggered - testing if exclude works, then will revert and leave the excludes section there for future needs.

Also adding some tests to exclude rules

* Update .golangci.yml

Testing gosec allow list of rules

* Update .golangci.yml

Trying gosec deny list of rules

* Update .golangci.yml

Reconfiguring G306 alert to use 644, less stringent, and adding every file with current warnings to exclusions. Once this is all buttoned up and running on NEW files, we will go back and address all issues or put a comment stating why the file is excluded here.

* Update .golangci.yml

Removing exclusion to see if lint now fails

* Update .golangci.yml

Removing most exclusions to test

* Update .golangci.yml

Removing 100% of exclusions for more testing

* Update .golangci.yml

Re-adding exclusions slowly and testing to be sure we only exclude what is needed

* Update .golangci.yml

Adding all exclusions and comments per category pointing to github issues for investigating and cleaning up over time.
2022-03-07 09:10:35 -05:00

203 lines
5.1 KiB
YAML
Raw Blame History

linters:
disable-all: true
enable:
- deadcode
- depguard
- gosec
- gocritic
- gofmt
- govet
- ineffassign
- revive
- rowserrcheck
- sqlclosecheck
- structcheck
- typecheck
- unconvert
- unused
linters-settings:
depguard:
list-type: blacklist
include-go-root: false
packages-with-error-message:
- github.com/rotisserie/eris: "use ctxerr.New or ctxerr.Wrap[f] instead"
- github.com/pkg/errors: "use ctxerr if a context.Context is available or stdlib errors.New / fmt.Errorf with the %w verb"
gosec:
config:
G306: "0644"
gocritic:
enabled-checks:
- ruleguard
settings:
ruleguard:
rules: "tools/ci/rules.go"
gofmt:
# simplify code: gofmt with `-s` option, true by default
simplify: false
revive:
ignoreGeneratedHeader: false
severity: "warning"
confidence: 0.8
errorCode: 0
warningCode: 0
rules:
- name: dot-imports
- name: error-return
- name: var-declaration
- name: package-comments
- name: range
- name: receiver-naming
- name: time-naming
- name: indent-error-flow
- name: errorf
- name: empty-block
- name: superfluous-else
- name: unreachable-code
- name: redefines-builtin-id
# Before excluding files from gosec linter - an issue must be created and referenced in a comment.
issues:
exclude-rules:
- path: server/datastore/mysql/migrations/[^/]+/[^/]+\.go
linters:
- depguard
# cmd gosec exclusions https://github.com/fleetdm/fleet/issues/4451
- path: cmd/osquery-perf/agent.go
linters:
- gosec
- path: cmd/fleet/serve.go
linters:
- gosec
- path: cmd/fleetctl/api.go
linters:
- gosec
- path: cmd/fleetctl/get.go
linters:
- gosec
- path: cmd/fleetctl/preview.go
linters:
- gosec
# Orbit gosec exclusions https://github.com/fleetdm/fleet/issues/4452
- path: orbit/pkg/update/update.go
linters:
- gosec
- path: orbit/pkg/packaging/wix/wix.go
linters:
- gosec
- path: orbit/pkg/packaging/macos.go
linters:
- gosec
- path: orbit/pkg/packaging/windows.go
linters:
- gosec
- path: orbit/pkg/packaging/packaging.go
linters:
- gosec
# insecure proxy is insecure by design
- path: orbit/pkg/insecure/proxy.go
linters:
- gosec
# pkg gosec exclusions https://github.com/fleetdm/fleet/issues/4453
# Test file which triggers many TLS warnings by design
- path: pkg/fleethttp/fleethttp_test.go
linters:
- gosec
- path: pkg/certificate/certificate.go
linters:
- gosec
- path: pkg/download/download.go
linters:
- gosec
# server gosec exclusions https://github.com/fleetdm/fleet/issues/4455
- path: server/mail/mail.go
linters:
- gosec
- path: server/datastore/mysql/migrations/tables/20201011162341_CleanupSoftDeletedColumns.go
linters:
- gosec
- path: server/service/redis_policy_set/redis_policy_set_test.go
linters:
- gosec
- path: server/sso/settings.go
linters:
- gosec
- path: server/datastore/mysql/hosts.go
linters:
- gosec
- path: server/datastore/mysql/hosts_test.go
linters:
- gosec
- path: server/datastore/mysql/mysql_test.go
linters:
- gosec
- path: server/service/client_live_query.go
linters:
- gosec
- path: server/service/invites.go
linters:
- gosec
- path: server/service/service_appconfig.go
linters:
- gosec
- path: server/service/service_users.go
linters:
- gosec
- path: server/datastore/mysql/migrations/tables/20201011162341_CleanupSoftDeletedColumns.go
linters:
- gosec
- path: server/datastore/mysql/aggregated_stats_test.go
linters:
- gosec
- path: server/fleet/app.go
linters:
- gosec
- path: server/service/async/async_policy.go
linters:
- gosec
- path: server/logging/kinesis.go
linters:
- gosec
- path: server/logging/kinesis_test.go
linters:
- gosec
- path: server/config/config.go
linters:
- gosec
- path: server/datastore/redis/ratelimit_store.go
linters:
- gosec
- path: server/datastore/mysql/testing_utils.go
linters:
- gosec
- path: server/datastore/mysql/packs_test.go
linters:
- gosec
- path: server/service/appconfig.go
linters:
- gosec
- path: server/service/client.go
linters:
- gosec
- path: server/service/users.go
linters:
- gosec
- path: server/service/appconfig_test.go
linters:
- gosec
- path: server/service/service_campaign_test.go
linters:
- gosec
- path: server/datastore/mysql/software_test.go
linters:
- gosec
# tools gosec exclusions https://github.com/fleetdm/fleet/issues/4456
- path: tools/dbutils/schema_generator.go
linters:
- gosec
Reference in New Issue View Git Blame Copy Permalink