birdnet-go/.golangci.yaml at main · tphakala/birdnet-go · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
version: "2"
output:
  sort-order:
    - linter
    - severity
    - file
linters:
  exclusions:
    warn-unused: true
    rules:
      - path: frontend/
        text: ".*"
  enable:
    # Existing linters
    - copyloopvar
    - durationcheck
    - errname
    - errorlint
    - gocognit
    - gocritic
    - misspell
    - predeclared
    - revive
    - unconvert
    - wastedassign
    # Security & quality linters
    # - gosec
    - goconst
    - staticcheck
    - ineffassign
    - bodyclose
    - fatcontext
    - iface
    - dupl
    #- ireturn
    - nilnil
    - nilerr
    - thelper
    - testifylint
    - gocyclo
    - modernize
    - forbidigo  # Sensitive field name detection
    # Performance linters
    - prealloc
    - exhaustive
  disable:
    - unused
  settings:
    gocognit:
      min-complexity: 50
    gocritic:
      disabled-checks:
        - commentFormatting
        - commentedOutCode
      enabled-tags:
        - style
        - diagnostic
        - performance
      settings:
        ruleguard:
          rules: "rules/*.go"
    revive:
      rules:
        - name: unused-parameter
          disabled: true
    gosec:
      # Configure gosec for security scanning
      excludes:
        - G104  # Audit errors not checked (covered by errcheck)
      severity: medium
      confidence: medium
    prealloc:
      # Configure prealloc for slice optimization
      simple: true
      range-loops: true
      for-loops: true
    exhaustive:
      # Check exhaustiveness of enum switch statements
      default-signifies-exhaustive: true
    forbidigo:
      # Detect potential sensitive data logging
      # Use logger.Username(), logger.Password(), logger.Token(), etc. instead
      forbid:
        # Password/credential field names - always use logger.Password() or logger.Credential()
        # Uses .* to catch variations like "user_password", "mqtt_secret", etc.
        - pattern: 'logger\.String\(\s*"(?i)[^"]*(password|passwd|pwd|secret|credential)[^"]*"'
          msg: "Use logger.Password() or logger.Credential() for sensitive credential fields instead of logger.String()"
        # Token field names - always use logger.Token()
        - pattern: 'logger\.String\(\s*"(?i)[^"]*(token|bearer|api_key|apikey|auth_token|access_token)[^"]*"'
          msg: "Use logger.Token() for token fields instead of logger.String()"
        # Username field names - always use logger.Username()
        - pattern: 'logger\.String\(\s*"(?i)[^"]*(username|user_name|userid|user_id|login)[^"]*"'
          msg: "Use logger.Username() for username fields instead of logger.String()"
        # Email addresses - should be sanitized
        - pattern: 'logger\.String\(\s*"(?i)[^"]*(email|e-mail|mail)[^"]*"'
          msg: "Use logger.SanitizedString() for email fields to redact sensitive data"
      analyze-types: false
issues:
  max-issues-per-linter: 0
  max-same-issues: 0
  uniq-by-line: true
  new: false