diff --git a/.golangci.yml b/.golangci.yml index 920bdd3965..24e3cfca04 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -54,6 +54,12 @@ linters-settings: desc: The io/ioutil package has been deprecated, see https://go.dev/doc/go1.16#ioutil gocyclo: min-complexity: 16 + gosec: + excludes: + - G104 # G104: Errors unhandled; (TODO: reduce unhandled errors, or explicitly ignore) + - G113 # G113: Potential uncontrolled memory consumption in Rat.SetString (CVE-2022-23772); (only affects go < 1.16.14. and go < 1.17.7) + - G306 # G306: Expect WriteFile permissions to be 0600 or less (too restrictive; also flags "0o644" permissions) + - G307 # G307: Deferring unsafe method "*os.File" on type "Close" (also EXC0008); (TODO: evaluate these and fix where needed: G307: Deferring unsafe method "*os.File" on type "Close") govet: enable: - shadow @@ -123,11 +129,6 @@ issues: - text: "Subprocess launch(ed with variable|ing should be audited)" linters: - gosec - # EXC0008 - # TODO: evaluate these and fix where needed: G307: Deferring unsafe method "*os.File" on type "Close" (gosec) - - text: "G307" - linters: - - gosec # EXC0009 - text: "(Expect directory permissions to be 0750 or less|Expect file permissions to be 0600 or less)" linters: @@ -137,21 +138,6 @@ issues: linters: - gosec - # G113 Potential uncontrolled memory consumption in Rat.SetString (CVE-2022-23772) - # only affects gp < 1.16.14. and go < 1.17.7 - - text: "G113" - linters: - - gosec - # TODO: G104: Errors unhandled. (gosec) - - text: "G104" - linters: - - gosec - # Looks like the match in "EXC0009" above doesn't catch this one - # TODO: consider upstreaming this to golangci-lint's default exclusion rules - - text: "G306: Expect WriteFile permissions to be 0600 or less" - linters: - - gosec - # TODO: make sure all packages have a description. Currently, there's 67 packages without. - text: "package-comments: should have a package comment" linters: