mirror of https://github.com/docker/cli.git
Merge pull request #5585 from thaJeztah/bump_golangci_lint
bump golangci-lint to v1.61.0 and cleanup config
This commit is contained in:
commit
5e51513a8b
|
@ -1,12 +1,12 @@
|
||||||
linters:
|
linters:
|
||||||
enable:
|
enable:
|
||||||
- bodyclose
|
- bodyclose
|
||||||
|
- copyloopvar # Detects places where loop variables are copied.
|
||||||
- depguard
|
- depguard
|
||||||
- dogsled
|
- dogsled
|
||||||
- dupword # Detects duplicate words.
|
- dupword # Detects duplicate words.
|
||||||
- durationcheck
|
- durationcheck
|
||||||
- errchkjson
|
- errchkjson
|
||||||
- exportloopref # Detects pointers to enclosing loop variables.
|
|
||||||
- gocritic # Metalinter; detects bugs, performance, and styling issues.
|
- gocritic # Metalinter; detects bugs, performance, and styling issues.
|
||||||
- gocyclo
|
- gocyclo
|
||||||
- gofumpt # Detects whether code was gofumpt-ed.
|
- gofumpt # Detects whether code was gofumpt-ed.
|
||||||
|
@ -52,6 +52,13 @@ linters-settings:
|
||||||
desc: The io/ioutil package has been deprecated, see https://go.dev/doc/go1.16#ioutil
|
desc: The io/ioutil package has been deprecated, see https://go.dev/doc/go1.16#ioutil
|
||||||
gocyclo:
|
gocyclo:
|
||||||
min-complexity: 16
|
min-complexity: 16
|
||||||
|
gosec:
|
||||||
|
excludes:
|
||||||
|
- G104 # G104: Errors unhandled; (TODO: reduce unhandled errors, or explicitly ignore)
|
||||||
|
- G113 # G113: Potential uncontrolled memory consumption in Rat.SetString (CVE-2022-23772); (only affects go < 1.16.14. and go < 1.17.7)
|
||||||
|
- G115 # G115: integer overflow conversion; (TODO: verify these: https://github.com/docker/cli/issues/5584)
|
||||||
|
- G306 # G306: Expect WriteFile permissions to be 0600 or less (too restrictive; also flags "0o644" permissions)
|
||||||
|
- G307 # G307: Deferring unsafe method "*os.File" on type "Close" (also EXC0008); (TODO: evaluate these and fix where needed: G307: Deferring unsafe method "*os.File" on type "Close")
|
||||||
govet:
|
govet:
|
||||||
enable:
|
enable:
|
||||||
- shadow
|
- shadow
|
||||||
|
@ -87,6 +94,10 @@ issues:
|
||||||
# The default exclusion rules are a bit too permissive, so copying the relevant ones below
|
# The default exclusion rules are a bit too permissive, so copying the relevant ones below
|
||||||
exclude-use-default: false
|
exclude-use-default: false
|
||||||
|
|
||||||
|
# This option has been defined when Go modules was not existed and when the
|
||||||
|
# golangci-lint core was different, this is not something we still recommend.
|
||||||
|
exclude-dirs-use-default: false
|
||||||
|
|
||||||
exclude:
|
exclude:
|
||||||
- parameter .* always receives
|
- parameter .* always receives
|
||||||
|
|
||||||
|
@ -104,6 +115,9 @@ issues:
|
||||||
#
|
#
|
||||||
# These exclusion patterns are copied from the default excluses at:
|
# These exclusion patterns are copied from the default excluses at:
|
||||||
# https://github.com/golangci/golangci-lint/blob/v1.44.0/pkg/config/issues.go#L10-L104
|
# https://github.com/golangci/golangci-lint/blob/v1.44.0/pkg/config/issues.go#L10-L104
|
||||||
|
#
|
||||||
|
# The default list of exclusions can be found at:
|
||||||
|
# https://golangci-lint.run/usage/false-positives/#default-exclusions
|
||||||
|
|
||||||
# EXC0001
|
# EXC0001
|
||||||
- text: "Error return value of .((os\\.)?std(out|err)\\..*|.*Close|.*Flush|os\\.Remove(All)?|.*print(f|ln)?|os\\.(Un)?Setenv). is not checked"
|
- text: "Error return value of .((os\\.)?std(out|err)\\..*|.*Close|.*Flush|os\\.Remove(All)?|.*print(f|ln)?|os\\.(Un)?Setenv). is not checked"
|
||||||
|
@ -121,11 +135,6 @@ issues:
|
||||||
- text: "Subprocess launch(ed with variable|ing should be audited)"
|
- text: "Subprocess launch(ed with variable|ing should be audited)"
|
||||||
linters:
|
linters:
|
||||||
- gosec
|
- gosec
|
||||||
# EXC0008
|
|
||||||
# TODO: evaluate these and fix where needed: G307: Deferring unsafe method "*os.File" on type "Close" (gosec)
|
|
||||||
- text: "G307"
|
|
||||||
linters:
|
|
||||||
- gosec
|
|
||||||
# EXC0009
|
# EXC0009
|
||||||
- text: "(Expect directory permissions to be 0750 or less|Expect file permissions to be 0600 or less)"
|
- text: "(Expect directory permissions to be 0750 or less|Expect file permissions to be 0600 or less)"
|
||||||
linters:
|
linters:
|
||||||
|
@ -135,26 +144,6 @@ issues:
|
||||||
linters:
|
linters:
|
||||||
- gosec
|
- gosec
|
||||||
|
|
||||||
# G113 Potential uncontrolled memory consumption in Rat.SetString (CVE-2022-23772)
|
|
||||||
# only affects gp < 1.16.14. and go < 1.17.7
|
|
||||||
- text: "G113"
|
|
||||||
linters:
|
|
||||||
- gosec
|
|
||||||
# TODO: G104: Errors unhandled. (gosec)
|
|
||||||
- text: "G104"
|
|
||||||
linters:
|
|
||||||
- gosec
|
|
||||||
# Looks like the match in "EXC0007" above doesn't catch this one
|
|
||||||
# TODO: consider upstreaming this to golangci-lint's default exclusion rules
|
|
||||||
- text: "G204: Subprocess launched with a potential tainted input or cmd arguments"
|
|
||||||
linters:
|
|
||||||
- gosec
|
|
||||||
# Looks like the match in "EXC0009" above doesn't catch this one
|
|
||||||
# TODO: consider upstreaming this to golangci-lint's default exclusion rules
|
|
||||||
- text: "G306: Expect WriteFile permissions to be 0600 or less"
|
|
||||||
linters:
|
|
||||||
- gosec
|
|
||||||
|
|
||||||
# TODO: make sure all packages have a description. Currently, there's 67 packages without.
|
# TODO: make sure all packages have a description. Currently, there's 67 packages without.
|
||||||
- text: "package-comments: should have a package comment"
|
- text: "package-comments: should have a package comment"
|
||||||
linters:
|
linters:
|
||||||
|
|
|
@ -17,5 +17,5 @@ func (c *candidate) Path() string {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *candidate) Metadata() ([]byte, error) {
|
func (c *candidate) Metadata() ([]byte, error) {
|
||||||
return exec.Command(c.path, MetadataSubcommandName).Output()
|
return exec.Command(c.path, MetadataSubcommandName).Output() // #nosec G204 -- ignore "Subprocess launched with a potential tainted input or cmd arguments"
|
||||||
}
|
}
|
||||||
|
|
|
@ -240,7 +240,8 @@ func PluginRunCommand(dockerCli command.Cli, name string, rootcmd *cobra.Command
|
||||||
// TODO: why are we not returning plugin.Err?
|
// TODO: why are we not returning plugin.Err?
|
||||||
return nil, errPluginNotFound(name)
|
return nil, errPluginNotFound(name)
|
||||||
}
|
}
|
||||||
cmd := exec.Command(plugin.Path, args...)
|
cmd := exec.Command(plugin.Path, args...) // #nosec G204 -- ignore "Subprocess launched with a potential tainted input or cmd arguments"
|
||||||
|
|
||||||
// Using dockerCli.{In,Out,Err}() here results in a hang until something is input.
|
// Using dockerCli.{In,Out,Err}() here results in a hang until something is input.
|
||||||
// See: - https://github.com/golang/go/issues/10338
|
// See: - https://github.com/golang/go/issues/10338
|
||||||
// - https://github.com/golang/go/commit/d000e8742a173aa0659584aa01b7ba2834ba28ab
|
// - https://github.com/golang/go/commit/d000e8742a173aa0659584aa01b7ba2834ba28ab
|
||||||
|
|
|
@ -112,7 +112,7 @@ func (p *Plugin) RunHook(ctx context.Context, hookData HookPluginData) ([]byte,
|
||||||
return nil, wrapAsPluginError(err, "failed to marshall hook data")
|
return nil, wrapAsPluginError(err, "failed to marshall hook data")
|
||||||
}
|
}
|
||||||
|
|
||||||
pCmd := exec.CommandContext(ctx, p.Path, p.Name, HookSubcommandName, string(hDataBytes))
|
pCmd := exec.CommandContext(ctx, p.Path, p.Name, HookSubcommandName, string(hDataBytes)) // #nosec G204 -- ignore "Subprocess launched with a potential tainted input or cmd arguments"
|
||||||
pCmd.Env = os.Environ()
|
pCmd.Env = os.Environ()
|
||||||
pCmd.Env = append(pCmd.Env, ReexecEnvvar+"="+os.Args[0])
|
pCmd.Env = append(pCmd.Env, ReexecEnvvar+"="+os.Args[0])
|
||||||
hookCmdOutput, err := pCmd.Output()
|
hookCmdOutput, err := pCmd.Output()
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
|
|
||||||
ARG GO_VERSION=1.22.8
|
ARG GO_VERSION=1.22.8
|
||||||
ARG ALPINE_VERSION=3.20
|
ARG ALPINE_VERSION=3.20
|
||||||
ARG GOLANGCI_LINT_VERSION=v1.59.1
|
ARG GOLANGCI_LINT_VERSION=v1.61.0
|
||||||
|
|
||||||
FROM golangci/golangci-lint:${GOLANGCI_LINT_VERSION}-alpine AS golangci-lint
|
FROM golangci/golangci-lint:${GOLANGCI_LINT_VERSION}-alpine AS golangci-lint
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue