62 lines
1.7 KiB
YAML
62 lines
1.7 KiB
YAML
version: "2"
|
|
|
|
run:
|
|
timeout: 5m
|
|
|
|
linters:
|
|
enable:
|
|
- govet
|
|
- ineffassign
|
|
- staticcheck
|
|
- unused
|
|
- gosec
|
|
- bodyclose
|
|
- copyloopvar
|
|
- durationcheck
|
|
- errname
|
|
- exhaustive
|
|
settings:
|
|
gosec:
|
|
excludes:
|
|
- G104 # Unhandled errors in fire-and-forget
|
|
- G112 # Slowloris — local-only servers
|
|
- G115 # Integer overflow — CLI-safe conversions
|
|
- G204 # Subprocess with variable — intentional for player/extractor launch
|
|
- G301 # Directory perms > 0750 — standard for user dirs
|
|
- G302 # File perms > 0600 — resume files need 0644
|
|
- G304 # File inclusion via variable — config paths are trusted
|
|
- G306 # WriteFile perms > 0600 — binaries need 0755
|
|
- G702 # Command injection via taint — self-update uses trusted URLs
|
|
- G703 # Path traversal via taint — internal paths only
|
|
- G704 # SSRF via taint — user-configured URLs
|
|
- G706 # Log injection via taint — internal log lines
|
|
exhaustive:
|
|
default-signifies-exhaustive: true
|
|
exclusions:
|
|
paths:
|
|
- dist
|
|
rules:
|
|
# Allow misspell "cancelled" — API constant matching server
|
|
- linters:
|
|
- misspell
|
|
text: "Cancell"
|
|
# Ignore nilerr in intentional log-and-continue patterns
|
|
- linters:
|
|
- nilerr
|
|
path: "(clean|scanner|usenet|engine)"
|
|
# Ignore staticcheck style suggestions (QF/S/SA4/SA9)
|
|
- linters:
|
|
- staticcheck
|
|
text: "^(QF|S1|SA4011|SA9003)"
|
|
# Ignore gosec G101 (hardcoded creds) in tests
|
|
- linters:
|
|
- gosec
|
|
path: _test\.go
|
|
|
|
formatters:
|
|
enable:
|
|
- gofmt
|
|
- goimports
|
|
exclusions:
|
|
paths:
|
|
- dist
|