mirror of
https://github.com/lunchcat/sif.git
synced 2026-04-28 11:33:06 -07:00
09314edf5c
second pass after v2 surfaced more old-code noise:
* staticcheck ST1000/ST1003 were the v1 'stylecheck' linter
(never enabled here); disabled to preserve prior parity
* errcheck can't match (io.Closer).Close against concrete
types (tarball, tcp, logger); added narrow file+text rules
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
114 lines
3.7 KiB
YAML
114 lines
3.7 KiB
YAML
---
|
|
version: "2"
|
|
|
|
run:
|
|
timeout: 5m
|
|
issues-exit-code: 1
|
|
|
|
linters:
|
|
enable:
|
|
- errcheck # check error returns
|
|
- govet # suspicious constructs
|
|
- staticcheck # advanced static analysis (absorbs gosimple in v2)
|
|
- unused # unused code
|
|
- ineffassign # useless assignments
|
|
- misspell # spelling mistakes
|
|
- gocritic # opinionated lints
|
|
- revive # replacement for golint
|
|
- unconvert # unnecessary type conversions
|
|
- bodyclose # http response body not closed
|
|
- noctx # http requests without context
|
|
- gosec # security issues
|
|
- errorlint # error wrapping and comparison
|
|
- nilnil # return nil, nil
|
|
- wastedassign # assignments to variables never read
|
|
- usetesting # os.Setenv in tests instead of t.Setenv, etc.
|
|
|
|
settings:
|
|
govet:
|
|
enable-all: true
|
|
disable:
|
|
# too many structs to reorder, risks breaking serialization
|
|
- fieldalignment
|
|
- shadow # common Go pattern, too noisy
|
|
- unusedwrite # false positives on test data structs
|
|
errcheck:
|
|
check-blank: false
|
|
exclude-functions:
|
|
# log writes are best-effort
|
|
- github.com/dropalldatabases/sif/internal/logger.Write
|
|
# Close on io.Closer is idiomatic best-effort
|
|
- (io.Closer).Close
|
|
- (*os.File).Close
|
|
- (*net/http.Response).Body.Close
|
|
# fmt.Fprint* returns are rarely actionable
|
|
- fmt.Fprint
|
|
- fmt.Fprintf
|
|
- fmt.Fprintln
|
|
staticcheck:
|
|
# QF1003/QF1012 are v2 quickfix suggestions, not bugs.
|
|
# ST1000/ST1003 were the stylecheck linter in v1
|
|
# (not previously enabled); skipping to match prior parity.
|
|
checks:
|
|
- all
|
|
- -QF1003
|
|
- -QF1012
|
|
- -ST1000
|
|
- -ST1003
|
|
revive:
|
|
rules:
|
|
# stuttering names (scan.ScanResult) need breaking API changes
|
|
- name: exported
|
|
disabled: true
|
|
gocritic:
|
|
enabled-tags:
|
|
- diagnostic
|
|
- style
|
|
- performance
|
|
disabled-checks:
|
|
- commentedOutCode # too opinionated for a project with TODOs
|
|
- paramTypeCombine # style-only, not worth churn
|
|
- unnamedResult # style-only
|
|
- unnecessaryDefer # common pattern in tests
|
|
# inverting conditions in scan logic hurts readability
|
|
- nestingReduce
|
|
- importShadow # nuclei output pkg alias conflict, intentional
|
|
- rangeValCopy # nuclei module iterates value types, fine here
|
|
gosec:
|
|
excludes:
|
|
- G104 # errcheck covers this
|
|
- G107 # pentesting tool -- variable URLs are the whole point
|
|
- G110 # nuclei template decompression, acceptable context
|
|
- G301 # log/template dirs need 0755 for common tooling
|
|
- G302 # log files intentionally world-readable for tailing
|
|
- G304 # sif reads user-supplied wordlist paths -- intentional
|
|
|
|
exclusions:
|
|
rules:
|
|
# test files get some slack
|
|
- path: _test\.go
|
|
linters:
|
|
- errcheck
|
|
- noctx
|
|
# net.* calls predate context plumbing; refactor tracked separately
|
|
- path: internal/scan/(ports|shodan|subdomaintakeover)\.go
|
|
linters:
|
|
- noctx
|
|
# Close on concrete types errcheck can't match to (io.Closer).Close
|
|
- path: internal/nuclei/templates/templates\.go
|
|
text: "tarball.Close"
|
|
linters:
|
|
- errcheck
|
|
- path: internal/scan/ports\.go
|
|
text: "tcp.Close"
|
|
linters:
|
|
- errcheck
|
|
- path: sif\.go
|
|
text: "logger.Close"
|
|
linters:
|
|
- errcheck
|
|
|
|
issues:
|
|
max-issues-per-linter: 50
|
|
max-same-issues: 50
|