compose-unpacker/.golangci.yaml at develop · portainer/compose-unpacker · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
version: "2"

run:
  allow-parallel-runners: true
linters:
  default: none
  enable:
    - bodyclose
    - copyloopvar
    - depguard
    - errcheck
    - errorlint
    - forbidigo
    - govet
    - ineffassign
    - intrange
    - perfsprint
    - staticcheck
    - unused
    - mirror
    - durationcheck
    - errorlint
    - govet
    - unconvert
    - usetesting
    - zerologlint
    - testifylint
    - modernize
    - unconvert
    - unused
    - zerologlint
    - exptostd
  settings:
    depguard:
      rules:
        main:
          deny:
            - pkg: encoding/json
              desc: use github.com/segmentio/encoding/json
            - pkg: golang.org/x/exp
              desc: exp is not allowed
            - pkg: github.com/portainer/libcrypto
              desc: use github.com/portainer/portainer/pkg/libcrypto
            - pkg: github.com/portainer/libhttp
              desc: use github.com/portainer/portainer/pkg/libhttp
            - pkg: golang.org/x/crypto
              desc: golang.org/x/crypto is not allowed because of FIPS mode
            - pkg: github.com/ProtonMail/go-crypto/openpgp
              desc: github.com/ProtonMail/go-crypto/openpgp is not allowed because of FIPS mode
            - pkg: github.com/cosi-project/runtime
              desc: github.com/cosi-project/runtime is not allowed because of FIPS mode
            - pkg: gopkg.in/yaml.v3
              desc: use go.yaml.in/yaml/v3 instead
    forbidigo:
      forbid:
        - pattern: ^tls\.Config$
          msg: Use crypto.CreateTLSConfiguration() instead
        - pattern: ^tls\.Config\.(InsecureSkipVerify|MinVersion|MaxVersion|CipherSuites|CurvePreferences)$
          msg: Do not set this field directly, use crypto.CreateTLSConfiguration() instead
        - pattern: ^object\.(Commit|Tag)\.Verify$
          msg: "Not allowed because of FIPS mode"
        - pattern: ^(types\.SystemContext\.)?(DockerDaemonInsecureSkipTLSVerify|DockerInsecureSkipTLSVerify|OCIInsecureSkipTLSVerify)$
          msg: "Not allowed because of FIPS mode"
        - pattern: ^(filepath|path)\.Join$
          msg: Use filesystem.JoinPaths() from github.com/portainer/portainer/api/filesystem to prevent path traversal attacks
      analyze-types: true
  exclusions:
    generated: lax
    presets:
      - comments
      - common-false-positives
      - legacy
    paths:
      - third_party$
      - builtin$
      - examples$
formatters:
  exclusions:
    generated: lax
    paths:
      - third_party$
      - builtin$
      - examples$