johno/beads
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
648ecfafe717300b02af3792fc8b669f3c814f66
beads/.golangci.yml
Steve Yegge 648ecfafe7 Address gosec security warnings (bd-102) 
- Enable gosec linter in .golangci.yml
- Tighten file permissions: 0755→0750 for directories, 0644→0600 for configs
- Git hooks remain 0700 (executable, user-only access)
- Add #nosec comments for safe cases with justifications:
  - G204: Safe subprocess launches (git show, bd daemon)
  - G304: File inclusions with controlled paths
  - G201: SQL formatting with controlled column names
  - G115: Integer conversions with controlled values

All gosec warnings resolved (20→0). All tests passing.

Amp-Thread-ID: https://ampcode.com/threads/T-d7166b9e-cbbe-4c7b-9e48-3df36b20f0d0
Co-authored-by: Amp <amp@ampcode.com>
2025-10-26 22:48:19 -07:00

79 lines
1.9 KiB
YAML
Raw Blame History

version: "2"
run:
timeout: 5m
tests: false
linters:
disable:
- dupl
- goconst
- revive
enable:
- errcheck
- gosec
# - gocyclo # Disabled: high complexity acceptable for large functions (see LINTING.md)
- misspell
- unconvert
- unparam
linters-settings:
dupl:
threshold: 100
errcheck:
check-type-assertions: false
check-blank: false
exclude-functions:
- (*database/sql.DB).Close
- (*database/sql.Rows).Close
- (*database/sql.Tx).Rollback
- (*database/sql.Stmt).Close
- (*database/sql.Conn).Close
- (*os.File).Close
- (os).RemoveAll
- (os).Remove
- (os).Setenv
- (os).Unsetenv
- (os).Chdir
- (os).MkdirAll
goconst:
min-len: 3
min-occurrences: 3
gocyclo:
min-complexity: 15
misspell:
locale: US
revive:
rules:
- name: var-naming
- name: exported
issues:
exclude:
- "var-naming: avoid meaningless package names"
- "exported.*SQLiteStorage.*stutters"
exclude-rules:
# G304: File inclusion via variable in tests is safe (test data)
- path: _test\.go
linters:
- gosec
text: "G304.*file inclusion via variable"
# G302/G306: Directory/file permissions 0700/0750 are acceptable
- linters:
- gosec
text: "G302.*0700|G301.*0750"
# G306: Git hooks must be executable (0700)
- path: cmd/bd/init\.go
linters:
- gosec
text: "G306.*0700"
# G204: Safe subprocess launches (git show, bd daemon)
- linters:
- gosec
text: 'G204.*git.*show|G204.*daemon'
# errcheck: Ignore unchecked errors in test files for common cleanup patterns
- path: _test\.go
linters:
- errcheck
text: "Error return value of .*(Close|Rollback|RemoveAll|Setenv|Unsetenv|Chdir|MkdirAll|Remove|Write|SetReadDeadline|SetDeadline|Start|Stop).* is not checked"
Reference in New Issue View Git Blame Copy Permalink