-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.golangci.yml
More file actions
31 lines (28 loc) · 1.05 KB
/
.golangci.yml
File metadata and controls
31 lines (28 loc) · 1.05 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
version: "2"
linters:
enable:
- errcheck
- govet
- staticcheck
- ineffassign
- unused
- gosec
settings:
gosec:
excludes:
- G104 # unhandled errors in defer/cleanup — already caught by errcheck
- G117 # exported field name matches secret pattern — struct fields, not hardcoded creds
- G304 # file path via variable — paths come from trusted env vars or ~/.aws
- G305 # path traversal in tar extraction — validated immediately after filepath.Join
- G703 # path traversal taint — credentials path comes from env var or ~/.aws
- G704 # SSRF taint analysis — S3 endpoint is user-configured; IMDS URL is a fixed constant
- G706 # log injection taint — all logged values are computed from arithmetic, not user input
- G115 # integer overflow uintptr→int — file descriptors are always small non-negative ints
formatters:
enable:
- gofmt
- goimports
settings:
goimports:
local-prefixes:
- github.com/block/bundle-cache