mirror of
https://github.com/crowdsecurity/crowdsec.git
synced 2025-05-10 20:05:55 +02:00
495 lines
16 KiB
YAML
495 lines
16 KiB
YAML
version: "2"
|
|
|
|
run:
|
|
build-tags:
|
|
- expr_debug
|
|
|
|
linters:
|
|
default: all
|
|
disable:
|
|
#
|
|
# Redundant
|
|
#
|
|
- cyclop # revive
|
|
- funlen # revive
|
|
- gocognit # revive
|
|
- gocyclo # revive
|
|
- lll # revive
|
|
|
|
# Disabled atm
|
|
|
|
- intrange # intrange is a linter to find places where for loops could make use of an integer range.
|
|
- funcorder
|
|
|
|
#
|
|
# Recommended? (easy)
|
|
#
|
|
|
|
- dogsled # Checks assignments with too many blank identifiers (e.g. x, _, _, _, := f())
|
|
- errchkjson # Checks types passed to the json encoding functions. Reports unsupported types and reports occasions, where the check for the returned error can be omitted.
|
|
- exhaustive # check exhaustiveness of enum switch statements
|
|
- godot # Check if comments end in a period
|
|
- gosec # (gas): Inspects source code for security problems
|
|
- inamedparam # reports interfaces with unnamed method parameters
|
|
- musttag # enforce field tags in (un)marshaled structs
|
|
- promlinter # Check Prometheus metrics naming via promlint
|
|
- protogetter # Reports direct reads from proto message fields when getters should be used
|
|
- tagalign # check that struct tags are well aligned
|
|
- thelper # thelper detects tests helpers which is not start with t.Helper() method.
|
|
- wrapcheck # Checks that errors returned from external packages are wrapped
|
|
|
|
#
|
|
# Recommended? (requires some work)
|
|
#
|
|
|
|
- errname # Checks that sentinel errors are prefixed with the `Err` and error types are suffixed with the `Error`.
|
|
- ireturn # Accept Interfaces, Return Concrete Types
|
|
- mnd # An analyzer to detect magic numbers.
|
|
- nilnil # Checks that there is no simultaneous return of `nil` error and an invalid value.
|
|
- unparam # Reports unused function parameters
|
|
|
|
#
|
|
# Formatting only, useful in IDE but should not be forced on CI?
|
|
#
|
|
|
|
- nlreturn # nlreturn checks for a new line before return and branch statements to increase code clarity
|
|
- whitespace # Whitespace is a linter that checks for unnecessary newlines at the start and end of functions, if, for, etc.
|
|
- wsl # add or remove empty lines
|
|
|
|
#
|
|
# Well intended, but not ready for this
|
|
#
|
|
- dupl # Tool for code clone detection
|
|
- forcetypeassert # finds forced type assertions
|
|
- godox # Tool for detection of FIXME, TODO and other comment keywords
|
|
- err113 # Go linter to check the errors handling expressions
|
|
- paralleltest # Detects missing usage of t.Parallel() method in your Go test
|
|
- testpackage # linter that makes you use a separate _test package
|
|
|
|
#
|
|
# Too strict / too many false positives (for now?)
|
|
#
|
|
- exhaustruct # Checks if all structure fields are initialized
|
|
- forbidigo # Forbids identifiers
|
|
- gochecknoglobals # Check that no global variables exist.
|
|
- goconst # Finds repeated strings that could be replaced by a constant
|
|
- tagliatelle # Checks the struct tags.
|
|
- varnamelen # checks that the length of a variable's name matches its scope
|
|
- prealloc
|
|
|
|
settings:
|
|
|
|
depguard:
|
|
rules:
|
|
wrap:
|
|
files:
|
|
- '!**/pkg/database/*.go'
|
|
deny:
|
|
- pkg: github.com/pkg/errors
|
|
desc: errors.Wrap() is deprecated in favor of fmt.Errorf()
|
|
yaml:
|
|
files:
|
|
- '!**/pkg/acquisition/acquisition.go'
|
|
- '!**/pkg/acquisition/acquisition_test.go'
|
|
- '!**/pkg/acquisition/modules/appsec/appsec.go'
|
|
- '!**/pkg/acquisition/modules/cloudwatch/cloudwatch.go'
|
|
- '!**/pkg/acquisition/modules/docker/docker.go'
|
|
- '!**/pkg/acquisition/modules/file/file.go'
|
|
- '!**/pkg/acquisition/modules/journalctl/journalctl.go'
|
|
- '!**/pkg/acquisition/modules/kafka/kafka.go'
|
|
- '!**/pkg/acquisition/modules/kinesis/kinesis.go'
|
|
- '!**/pkg/acquisition/modules/kubernetesaudit/k8s_audit.go'
|
|
- '!**/pkg/acquisition/modules/loki/loki.go'
|
|
- '!**/pkg/acquisition/modules/loki/timestamp_test.go'
|
|
- '!**/pkg/acquisition/modules/victorialogs/victorialogs.go'
|
|
- '!**/pkg/acquisition/modules/s3/s3.go'
|
|
- '!**/pkg/acquisition/modules/syslog/syslog.go'
|
|
- '!**/pkg/acquisition/modules/wineventlog/wineventlog_windows.go'
|
|
- '!**/pkg/appsec/appsec.go'
|
|
- '!**/pkg/appsec/loader.go'
|
|
- '!**/pkg/csplugin/broker.go'
|
|
- '!**/pkg/leakybucket/buckets_test.go'
|
|
- '!**/pkg/leakybucket/manager_load.go'
|
|
- '!**/pkg/parser/node.go'
|
|
- '!**/pkg/parser/node_test.go'
|
|
- '!**/pkg/parser/parsing_test.go'
|
|
- '!**/pkg/parser/stage.go'
|
|
deny:
|
|
- pkg: gopkg.in/yaml.v2
|
|
desc: yaml.v2 is deprecated for new code in favor of yaml.v3
|
|
|
|
errcheck:
|
|
# Report about not checking of errors in type assertions: `a := b.(MyStruct)`.
|
|
# Such cases aren't reported by default.
|
|
check-type-assertions: false
|
|
# List of functions to exclude from checking, where each entry is a single function to exclude.
|
|
# See https://github.com/kisielk/errcheck#excluding-functions for details.
|
|
exclude-functions:
|
|
- (*bytes.Buffer).ReadFrom # TODO
|
|
- io.Copy # TODO
|
|
- (net/http.ResponseWriter).Write # TODO
|
|
- (*os/exec.Cmd).Start
|
|
- (*os/exec.Cmd).Wait
|
|
- (*os.Process).Kill
|
|
- (*text/template.Template).ExecuteTemplate
|
|
- syscall.FreeLibrary
|
|
- golang.org/x/sys/windows.CloseHandle
|
|
- golang.org/x/sys/windows.ResetEvent
|
|
- (*golang.org/x/sys/windows/svc/eventlog.Log).Info
|
|
- (*golang.org/x/sys/windows/svc/mgr.Mgr).Disconnect
|
|
|
|
- (github.com/bluele/gcache.Cache).Set
|
|
- (github.com/gin-gonic/gin.ResponseWriter).WriteString
|
|
- (*github.com/segmentio/kafka-go.Reader).SetOffsetAt
|
|
- (*gopkg.in/tomb.v2.Tomb).Wait
|
|
|
|
- (*github.com/crowdsecurity/crowdsec/pkg/appsec.ReqDumpFilter).FilterArgs
|
|
- (*github.com/crowdsecurity/crowdsec/pkg/appsec.ReqDumpFilter).FilterBody
|
|
- (*github.com/crowdsecurity/crowdsec/pkg/appsec.ReqDumpFilter).FilterHeaders
|
|
- (*github.com/crowdsecurity/crowdsec/pkg/longpollclient.LongPollClient).Stop
|
|
|
|
gocritic:
|
|
enable-all: true
|
|
disabled-checks:
|
|
- paramTypeCombine
|
|
- ifElseChain
|
|
- hugeParam
|
|
- commentedOutCode
|
|
- commentedOutImport
|
|
- unnamedResult
|
|
- sloppyReassign
|
|
- appendCombine
|
|
- commentFormatting
|
|
- deferInLoop #
|
|
- whyNoLint
|
|
- equalFold #
|
|
- unnecessaryBlock #
|
|
- tooManyResultsChecker
|
|
- docStub
|
|
- preferFprint
|
|
- importShadow
|
|
|
|
gomoddirectives:
|
|
replace-allow-list:
|
|
- golang.org/x/time/rate
|
|
- github.com/corazawaf/coraza/v3
|
|
|
|
govet:
|
|
disable:
|
|
- fieldalignment
|
|
enable-all: true
|
|
|
|
interfacebloat:
|
|
max: 12
|
|
|
|
maintidx:
|
|
# raise this after refactoring
|
|
under: 18
|
|
|
|
misspell:
|
|
locale: US
|
|
|
|
nestif:
|
|
# lower this after refactoring
|
|
min-complexity: 16
|
|
|
|
nlreturn:
|
|
block-size: 5
|
|
|
|
nolintlint:
|
|
require-explanation: false # don't require an explanation for nolint directives
|
|
require-specific: false # don't require nolint directives to be specific about which linter is being skipped
|
|
allow-unused: false # report any unused nolint directives
|
|
|
|
revive:
|
|
severity: error
|
|
enable-all-rules: true
|
|
rules:
|
|
- name: add-constant
|
|
disabled: true
|
|
- name: cognitive-complexity
|
|
arguments:
|
|
# lower this after refactoring
|
|
- 113
|
|
- name: comment-spacings
|
|
disabled: true
|
|
- name: confusing-results
|
|
disabled: true
|
|
- name: cyclomatic
|
|
arguments:
|
|
# lower this after refactoring
|
|
- 38
|
|
- name: defer
|
|
disabled: true
|
|
- name: empty-block
|
|
disabled: true
|
|
- name: empty-lines
|
|
disabled: true
|
|
- name: error-naming
|
|
disabled: true
|
|
- name: flag-parameter
|
|
disabled: true
|
|
- name: function-result-limit
|
|
arguments:
|
|
- 6
|
|
- name: function-length
|
|
arguments:
|
|
# lower this after refactoring
|
|
- 87
|
|
- 198
|
|
- name: get-return
|
|
disabled: true
|
|
- name: increment-decrement
|
|
disabled: true
|
|
- name: import-alias-naming
|
|
disabled: true
|
|
- name: import-shadowing
|
|
disabled: true
|
|
- name: line-length-limit
|
|
arguments:
|
|
# lower this after refactoring
|
|
- 221
|
|
- name: max-control-nesting
|
|
arguments:
|
|
# lower this after refactoring
|
|
- 7
|
|
- name: max-public-structs
|
|
disabled: true
|
|
- name: nested-structs
|
|
disabled: true
|
|
- name: package-comments
|
|
disabled: true
|
|
- name: redundant-import-alias
|
|
disabled: true
|
|
- name: var-naming
|
|
disabled: true
|
|
- name: unchecked-type-assertion
|
|
disabled: true
|
|
- name: exported
|
|
disabled: true
|
|
- name: unexported-naming
|
|
disabled: true
|
|
- name: unexported-return
|
|
disabled: true
|
|
- name: unhandled-error
|
|
arguments:
|
|
- fmt.Print
|
|
- fmt.Printf
|
|
- fmt.Println
|
|
disabled: true
|
|
- name: unnecessary-stmt
|
|
disabled: true
|
|
- name: unused-parameter
|
|
disabled: true
|
|
- name: unused-receiver
|
|
disabled: true
|
|
- name: use-any
|
|
disabled: true
|
|
- name: useless-break
|
|
disabled: true
|
|
|
|
staticcheck:
|
|
checks:
|
|
- all
|
|
- -ST1003
|
|
- -ST1005
|
|
- -ST1012
|
|
- -QF1003
|
|
- -QF1012
|
|
|
|
wsl:
|
|
# Allow blocks to end with comments
|
|
allow-trailing-comment: true
|
|
|
|
exclusions:
|
|
presets:
|
|
- comments
|
|
- common-false-positives
|
|
- legacy
|
|
- std-error-handling
|
|
rules:
|
|
|
|
# `err` is often shadowed, we may continue to do it
|
|
|
|
- linters:
|
|
- govet
|
|
text: 'shadow: declaration of "(err|ctx)" shadows declaration'
|
|
|
|
# Will apply, trivial - just beware of merge conflicts
|
|
|
|
- linters:
|
|
- perfsprint
|
|
text: fmt.Sprintf can be replaced .*
|
|
|
|
# Will fix, easy but some thinking required
|
|
|
|
- linters:
|
|
- errorlint
|
|
text: non-wrapping format verb for fmt.Errorf. Use `%w` to format errors
|
|
- linters:
|
|
- nosprintfhostport
|
|
text: host:port in url should be constructed with net.JoinHostPort and not directly with fmt.Sprintf
|
|
|
|
# https://github.com/timakin/bodyclose
|
|
- linters:
|
|
- bodyclose
|
|
text: response body must be closed
|
|
|
|
# named/naked returns are evil, with a single exception
|
|
# https://go.dev/wiki/CodeReviewComments#named-result-parameters
|
|
- linters:
|
|
- nonamedreturns
|
|
text: named return .* with type .* found
|
|
|
|
- linters:
|
|
- revive
|
|
path: pkg/leakybucket/manager_load.go
|
|
text: 'confusing-naming: Field ''.*'' differs only by capitalization to other field in the struct type BucketFactory'
|
|
|
|
- linters:
|
|
- revive
|
|
path: pkg/exprhelpers/helpers.go
|
|
text: 'confusing-naming: Method ''flatten'' differs only by capitalization to function ''Flatten'' in the same source file'
|
|
|
|
- linters:
|
|
- revive
|
|
path: pkg/appsec/query_utils.go
|
|
text: 'confusing-naming: Method ''parseQuery'' differs only by capitalization to function ''ParseQuery'' in the same source file'
|
|
|
|
- linters:
|
|
- revive
|
|
path: pkg/acquisition/modules/loki/internal/lokiclient/loki_client.go
|
|
text: 'confusing-naming: Method ''QueryRange'' differs only by capitalization to method ''queryRange'' in the same source file'
|
|
|
|
- linters:
|
|
- revive
|
|
path: pkg/acquisition/modules/victorialogs/internal/vlclient/vl_client.go
|
|
text: 'confusing-naming: Method ''QueryRange'' differs only by capitalization to method ''queryRange'' in the same source file'
|
|
|
|
# tolerate complex functions in tests for now
|
|
- linters:
|
|
- maintidx
|
|
path: (.+)_test.go
|
|
|
|
# tolerate long functions in tests
|
|
- linters:
|
|
- revive
|
|
path: pkg/(.+)_test.go
|
|
text: 'function-length: .*'
|
|
|
|
# tolerate long lines in tests
|
|
- linters:
|
|
- revive
|
|
path: pkg/(.+)_test.go
|
|
text: 'line-length-limit: .*'
|
|
|
|
# we use t,ctx instead of ctx,t in tests
|
|
- linters:
|
|
- revive
|
|
path: pkg/(.+)_test.go
|
|
text: 'context-as-argument: context.Context should be the first parameter of a function'
|
|
|
|
# tolerate deep exit in cobra's OnInitialize, for now
|
|
- linters:
|
|
- revive
|
|
path: cmd/crowdsec-cli/main.go
|
|
text: 'deep-exit: .*'
|
|
|
|
- linters:
|
|
- revive
|
|
path: cmd/crowdsec/crowdsec.go
|
|
text: 'deep-exit: .*'
|
|
|
|
- linters:
|
|
- revive
|
|
path: cmd/crowdsec/api.go
|
|
text: 'deep-exit: .*'
|
|
|
|
- linters:
|
|
- revive
|
|
path: cmd/crowdsec/win_service.go
|
|
text: 'deep-exit: .*'
|
|
|
|
- linters:
|
|
- recvcheck
|
|
path: pkg/csplugin/hclog_adapter.go
|
|
text: the methods of "HCLogAdapter" use pointer receiver and non-pointer receiver.
|
|
|
|
# encoding to json/yaml requires value receivers
|
|
- linters:
|
|
- recvcheck
|
|
path: pkg/cwhub/item.go
|
|
text: the methods of "Item" use pointer receiver and non-pointer receiver.
|
|
|
|
- linters:
|
|
- gocritic
|
|
path: cmd/crowdsec-cli
|
|
text: 'rangeValCopy: .*'
|
|
|
|
- linters:
|
|
- gocritic
|
|
path: pkg/(cticlient|hubtest)
|
|
text: 'rangeValCopy: .*'
|
|
|
|
- linters:
|
|
- gocritic
|
|
path: (.+)_test.go
|
|
text: 'rangeValCopy: .*'
|
|
|
|
- linters:
|
|
- gocritic
|
|
path: pkg/(appsec|acquisition|dumps|alertcontext|leakybucket|exprhelpers)
|
|
text: 'rangeValCopy: .*'
|
|
|
|
- linters:
|
|
- revive
|
|
path: pkg/types/utils.go
|
|
text: 'argument-limit: .*'
|
|
|
|
# need some cleanup first: to create db in memory and share the client, not the config
|
|
- linters:
|
|
- usetesting
|
|
path: (.+)_test.go
|
|
text: context.Background.*
|
|
|
|
- linters:
|
|
- usetesting
|
|
path: pkg/apiserver/(.+)_test.go
|
|
text: os.MkdirTemp.* could be replaced by t.TempDir.*
|
|
|
|
- linters:
|
|
- usetesting
|
|
path: pkg/apiserver/(.+)_test.go
|
|
text: os.CreateTemp.* could be replaced by os.CreateTemp.*
|
|
|
|
- linters:
|
|
- containedctx
|
|
path: cmd/notification-file/main.go
|
|
text: found a struct that contains a context.Context field
|
|
paths:
|
|
- pkg/yamlpatch/merge.go
|
|
- pkg/yamlpatch/merge_test.go
|
|
- pkg/time/rate
|
|
- pkg/metabase
|
|
- third_party$
|
|
- builtin$
|
|
- examples$
|
|
|
|
issues:
|
|
max-issues-per-linter: 0
|
|
max-same-issues: 0
|
|
|
|
formatters:
|
|
settings:
|
|
gci:
|
|
sections:
|
|
- standard
|
|
- default
|
|
- prefix(github.com/crowdsecurity)
|
|
- prefix(github.com/crowdsecurity/crowdsec)
|
|
|
|
exclusions:
|
|
paths:
|
|
- third_party$
|
|
- builtin$
|
|
- examples$
|