version: "2" run: build-tags: - expr_debug linters: default: all disable: # # Redundant # - cyclop # revive - funlen # revive - gocognit # revive - gocyclo # revive - lll # revive # Disabled atm - intrange # intrange is a linter to find places where for loops could make use of an integer range. - funcorder # # Recommended? (easy) # - dogsled # Checks assignments with too many blank identifiers (e.g. x, _, _, _, := f()) - errchkjson # Checks types passed to the json encoding functions. Reports unsupported types and reports occasions, where the check for the returned error can be omitted. - exhaustive # check exhaustiveness of enum switch statements - godot # Check if comments end in a period - gosec # (gas): Inspects source code for security problems - inamedparam # reports interfaces with unnamed method parameters - musttag # enforce field tags in (un)marshaled structs - promlinter # Check Prometheus metrics naming via promlint - protogetter # Reports direct reads from proto message fields when getters should be used - tagalign # check that struct tags are well aligned - thelper # thelper detects tests helpers which is not start with t.Helper() method. - wrapcheck # Checks that errors returned from external packages are wrapped # # Recommended? (requires some work) # - errname # Checks that sentinel errors are prefixed with the `Err` and error types are suffixed with the `Error`. - ireturn # Accept Interfaces, Return Concrete Types - mnd # An analyzer to detect magic numbers. - nilnil # Checks that there is no simultaneous return of `nil` error and an invalid value. - unparam # Reports unused function parameters # # Formatting only, useful in IDE but should not be forced on CI? # - nlreturn # nlreturn checks for a new line before return and branch statements to increase code clarity - whitespace # Whitespace is a linter that checks for unnecessary newlines at the start and end of functions, if, for, etc. - wsl # add or remove empty lines # # Well intended, but not ready for this # - dupl # Tool for code clone detection - forcetypeassert # finds forced type assertions - godox # Tool for detection of FIXME, TODO and other comment keywords - err113 # Go linter to check the errors handling expressions - paralleltest # Detects missing usage of t.Parallel() method in your Go test - testpackage # linter that makes you use a separate _test package # # Too strict / too many false positives (for now?) # - exhaustruct # Checks if all structure fields are initialized - forbidigo # Forbids identifiers - gochecknoglobals # Check that no global variables exist. - goconst # Finds repeated strings that could be replaced by a constant - tagliatelle # Checks the struct tags. - varnamelen # checks that the length of a variable's name matches its scope - prealloc settings: depguard: rules: wrap: files: - '!**/pkg/database/*.go' deny: - pkg: github.com/pkg/errors desc: errors.Wrap() is deprecated in favor of fmt.Errorf() yaml: files: - '!**/pkg/acquisition/acquisition.go' - '!**/pkg/acquisition/acquisition_test.go' - '!**/pkg/acquisition/modules/appsec/appsec.go' - '!**/pkg/acquisition/modules/cloudwatch/cloudwatch.go' - '!**/pkg/acquisition/modules/docker/docker.go' - '!**/pkg/acquisition/modules/file/file.go' - '!**/pkg/acquisition/modules/journalctl/journalctl.go' - '!**/pkg/acquisition/modules/kafka/kafka.go' - '!**/pkg/acquisition/modules/kinesis/kinesis.go' - '!**/pkg/acquisition/modules/kubernetesaudit/k8s_audit.go' - '!**/pkg/acquisition/modules/loki/loki.go' - '!**/pkg/acquisition/modules/loki/timestamp_test.go' - '!**/pkg/acquisition/modules/victorialogs/victorialogs.go' - '!**/pkg/acquisition/modules/s3/s3.go' - '!**/pkg/acquisition/modules/syslog/syslog.go' - '!**/pkg/acquisition/modules/wineventlog/wineventlog_windows.go' - '!**/pkg/appsec/appsec.go' - '!**/pkg/appsec/loader.go' - '!**/pkg/csplugin/broker.go' - '!**/pkg/leakybucket/buckets_test.go' - '!**/pkg/leakybucket/manager_load.go' - '!**/pkg/parser/node.go' - '!**/pkg/parser/node_test.go' - '!**/pkg/parser/parsing_test.go' - '!**/pkg/parser/stage.go' deny: - pkg: gopkg.in/yaml.v2 desc: yaml.v2 is deprecated for new code in favor of yaml.v3 errcheck: # Report about not checking of errors in type assertions: `a := b.(MyStruct)`. # Such cases aren't reported by default. check-type-assertions: false # List of functions to exclude from checking, where each entry is a single function to exclude. # See https://github.com/kisielk/errcheck#excluding-functions for details. exclude-functions: - (*bytes.Buffer).ReadFrom # TODO - io.Copy # TODO - (net/http.ResponseWriter).Write # TODO - (*os/exec.Cmd).Start - (*os/exec.Cmd).Wait - (*os.Process).Kill - (*text/template.Template).ExecuteTemplate - syscall.FreeLibrary - golang.org/x/sys/windows.CloseHandle - golang.org/x/sys/windows.ResetEvent - (*golang.org/x/sys/windows/svc/eventlog.Log).Info - (*golang.org/x/sys/windows/svc/mgr.Mgr).Disconnect - (github.com/bluele/gcache.Cache).Set - (github.com/gin-gonic/gin.ResponseWriter).WriteString - (*github.com/segmentio/kafka-go.Reader).SetOffsetAt - (*gopkg.in/tomb.v2.Tomb).Wait - (*github.com/crowdsecurity/crowdsec/pkg/appsec.ReqDumpFilter).FilterArgs - (*github.com/crowdsecurity/crowdsec/pkg/appsec.ReqDumpFilter).FilterBody - (*github.com/crowdsecurity/crowdsec/pkg/appsec.ReqDumpFilter).FilterHeaders - (*github.com/crowdsecurity/crowdsec/pkg/longpollclient.LongPollClient).Stop gocritic: enable-all: true disabled-checks: - paramTypeCombine - ifElseChain - hugeParam - commentedOutCode - commentedOutImport - unnamedResult - sloppyReassign - appendCombine - commentFormatting - deferInLoop # - whyNoLint - equalFold # - unnecessaryBlock # - tooManyResultsChecker - docStub - preferFprint - importShadow gomoddirectives: replace-allow-list: - golang.org/x/time/rate - github.com/corazawaf/coraza/v3 govet: disable: - fieldalignment enable-all: true interfacebloat: max: 12 maintidx: # raise this after refactoring under: 18 misspell: locale: US nestif: # lower this after refactoring min-complexity: 16 nlreturn: block-size: 5 nolintlint: require-explanation: false # don't require an explanation for nolint directives require-specific: false # don't require nolint directives to be specific about which linter is being skipped allow-unused: false # report any unused nolint directives revive: severity: error enable-all-rules: true rules: - name: add-constant disabled: true - name: cognitive-complexity arguments: # lower this after refactoring - 113 - name: comment-spacings disabled: true - name: confusing-results disabled: true - name: cyclomatic arguments: # lower this after refactoring - 38 - name: defer disabled: true - name: empty-block disabled: true - name: empty-lines disabled: true - name: error-naming disabled: true - name: flag-parameter disabled: true - name: function-result-limit arguments: - 6 - name: function-length arguments: # lower this after refactoring - 87 - 198 - name: get-return disabled: true - name: increment-decrement disabled: true - name: import-alias-naming disabled: true - name: import-shadowing disabled: true - name: line-length-limit arguments: # lower this after refactoring - 221 - name: max-control-nesting arguments: # lower this after refactoring - 7 - name: max-public-structs disabled: true - name: nested-structs disabled: true - name: package-comments disabled: true - name: redundant-import-alias disabled: true - name: var-naming disabled: true - name: unchecked-type-assertion disabled: true - name: exported disabled: true - name: unexported-naming disabled: true - name: unexported-return disabled: true - name: unhandled-error arguments: - fmt.Print - fmt.Printf - fmt.Println disabled: true - name: unnecessary-stmt disabled: true - name: unused-parameter disabled: true - name: unused-receiver disabled: true - name: use-any disabled: true - name: useless-break disabled: true staticcheck: checks: - all - -ST1003 - -ST1005 - -ST1012 - -QF1003 - -QF1012 wsl: # Allow blocks to end with comments allow-trailing-comment: true exclusions: presets: - comments - common-false-positives - legacy - std-error-handling rules: # `err` is often shadowed, we may continue to do it - linters: - govet text: 'shadow: declaration of "(err|ctx)" shadows declaration' # Will apply, trivial - just beware of merge conflicts - linters: - perfsprint text: fmt.Sprintf can be replaced .* # Will fix, easy but some thinking required - linters: - errorlint text: non-wrapping format verb for fmt.Errorf. Use `%w` to format errors - linters: - nosprintfhostport text: host:port in url should be constructed with net.JoinHostPort and not directly with fmt.Sprintf # https://github.com/timakin/bodyclose - linters: - bodyclose text: response body must be closed # named/naked returns are evil, with a single exception # https://go.dev/wiki/CodeReviewComments#named-result-parameters - linters: - nonamedreturns text: named return .* with type .* found - linters: - revive path: pkg/leakybucket/manager_load.go text: 'confusing-naming: Field ''.*'' differs only by capitalization to other field in the struct type BucketFactory' - linters: - revive path: pkg/exprhelpers/helpers.go text: 'confusing-naming: Method ''flatten'' differs only by capitalization to function ''Flatten'' in the same source file' - linters: - revive path: pkg/appsec/query_utils.go text: 'confusing-naming: Method ''parseQuery'' differs only by capitalization to function ''ParseQuery'' in the same source file' - linters: - revive path: pkg/acquisition/modules/loki/internal/lokiclient/loki_client.go text: 'confusing-naming: Method ''QueryRange'' differs only by capitalization to method ''queryRange'' in the same source file' - linters: - revive path: pkg/acquisition/modules/victorialogs/internal/vlclient/vl_client.go text: 'confusing-naming: Method ''QueryRange'' differs only by capitalization to method ''queryRange'' in the same source file' # tolerate complex functions in tests for now - linters: - maintidx path: (.+)_test.go # tolerate long functions in tests - linters: - revive path: pkg/(.+)_test.go text: 'function-length: .*' # tolerate long lines in tests - linters: - revive path: pkg/(.+)_test.go text: 'line-length-limit: .*' # we use t,ctx instead of ctx,t in tests - linters: - revive path: pkg/(.+)_test.go text: 'context-as-argument: context.Context should be the first parameter of a function' # tolerate deep exit in cobra's OnInitialize, for now - linters: - revive path: cmd/crowdsec-cli/main.go text: 'deep-exit: .*' - linters: - revive path: cmd/crowdsec/crowdsec.go text: 'deep-exit: .*' - linters: - revive path: cmd/crowdsec/api.go text: 'deep-exit: .*' - linters: - revive path: cmd/crowdsec/win_service.go text: 'deep-exit: .*' - linters: - recvcheck path: pkg/csplugin/hclog_adapter.go text: the methods of "HCLogAdapter" use pointer receiver and non-pointer receiver. # encoding to json/yaml requires value receivers - linters: - recvcheck path: pkg/cwhub/item.go text: the methods of "Item" use pointer receiver and non-pointer receiver. - linters: - gocritic path: cmd/crowdsec-cli text: 'rangeValCopy: .*' - linters: - gocritic path: pkg/(cticlient|hubtest) text: 'rangeValCopy: .*' - linters: - gocritic path: (.+)_test.go text: 'rangeValCopy: .*' - linters: - gocritic path: pkg/(appsec|acquisition|dumps|alertcontext|leakybucket|exprhelpers) text: 'rangeValCopy: .*' - linters: - revive path: pkg/types/utils.go text: 'argument-limit: .*' # need some cleanup first: to create db in memory and share the client, not the config - linters: - usetesting path: (.+)_test.go text: context.Background.* - linters: - usetesting path: pkg/apiserver/(.+)_test.go text: os.MkdirTemp.* could be replaced by t.TempDir.* - linters: - usetesting path: pkg/apiserver/(.+)_test.go text: os.CreateTemp.* could be replaced by os.CreateTemp.* - linters: - containedctx path: cmd/notification-file/main.go text: found a struct that contains a context.Context field paths: - pkg/yamlpatch/merge.go - pkg/yamlpatch/merge_test.go - pkg/time/rate - pkg/metabase - third_party$ - builtin$ - examples$ issues: max-issues-per-linter: 0 max-same-issues: 0 formatters: settings: gci: sections: - standard - default - prefix(github.com/crowdsecurity) - prefix(github.com/crowdsecurity/crowdsec) exclusions: paths: - third_party$ - builtin$ - examples$