johno/gastown
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
9cd2696abe68ac0defc612ace5028d327d4f207d
gastown/.golangci.yml
max 1b69576573 fix: Address golangci-lint errors (errcheck, gosec) (#76) 
Apply PR #76 from dannomayernotabot:

- Add golangci exclusions for internal package false positives
- Tighten file permissions (0644 -> 0600) for sensitive files
- Add ReadHeaderTimeout to HTTP server (slowloris prevention)
- Explicit error ignoring with _ = for intentional cases
- Add //nolint comments with justifications
- Spelling: cancelled -> canceled (US locale)

Co-Authored-By: dannomayernotabot <noreply@github.com>

🤖 Generated with Claude Code
2026-01-03 16:11:55 -08:00

82 lines
2.2 KiB
YAML
Raw Blame History

version: "2"
run:
timeout: 5m
tests: false
linters:
default: 'none'
enable:
- errcheck
- gosec
- misspell
- unconvert
- unparam
settings:
errcheck:
exclude-functions:
- (*database/sql.DB).Close
- (*database/sql.Rows).Close
- (*database/sql.Tx).Rollback
- (*database/sql.Stmt).Close
- (*database/sql.Conn).Close
- (*os.File).Close
- (os).RemoveAll
- (os).Remove
- (os).Setenv
- (os).Unsetenv
- (os).Chdir
- (os).MkdirAll
- (fmt).Sscanf
# fmt.Fprintf/Fprintln errors are typically safe to ignore for logging
- fmt.Fprintf
- fmt.Fprintln
- (fmt).Fprintf
- (fmt).Fprintln
misspell:
locale: US
exclusions:
rules:
# G304: File inclusion via variable in tests is safe (test data)
- path: '_test\.go'
linters:
- gosec
text: "G304"
# G304: Config/state file loading uses constructed paths, not user input
# All internal packages read files from constructed paths, not user input
- path: 'internal/'
linters:
- gosec
text: "G304"
# G306: File permissions 0644 in tests are acceptable (test fixtures)
- path: '_test\.go'
linters:
- gosec
text: "G306"
# G302/G306: Non-sensitive operational files (state, config, logs) can use 0644
# Internal packages write non-sensitive operational data files
- path: 'internal/'
linters:
- gosec
text: "G306|G302"
# G302/G306: Directory/file permissions 0700/0750 are acceptable
- linters:
- gosec
text: "G302.*0700|G301.*0750"
# G204: Safe subprocess launches with validated arguments (internal tools)
# All internal packages use subprocess calls for trusted internal tools
- path: 'internal/'
linters:
- gosec
text: 'G204'
# errcheck: Ignore unchecked errors in test files for common cleanup patterns
- path: '_test\.go'
linters:
- errcheck
text: "Error return value of .*(Close|Rollback|RemoveAll|Setenv|Unsetenv|Chdir|MkdirAll|Remove|Write).* is not checked"
issues:
uniq-by-line: true
Reference in New Issue View Git Blame Copy Permalink