Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-04-21 13:37:30 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 91
fleet/.golangci.yml

392 lines
14 KiB
YAML
Raw Permalink Normal View History

Update golangci-lint to v2.4.0 (#33251) <!-- Add the related story/sub-task/bug number, like Resolves #123, or remove if NA --> **Related issue:** Resolves #33250 Waived most new failures. Planning to come back and fix some of them in subsequent PRs.
2025-09-22 18:17:11 +00:00
version: "2"
formatters:
enable:
- gofmt
settings:
gofmt:
# simplify code: gofmt with `-s` option, true by default
simplify: false
exclusions:
paths:
- server/fleet/agent_options_generated.go # generated file
issues:
max-issues-per-linter: 0 # show all issues
max-same-issues: 0 # show all issues
Configure golangci-lint for the whole repository Add a relatively minimal set of linters that raise safe and mostly un-opinionated issues with the code. It runs automatically on CI via a github action.
2021-08-24 17:35:03 +00:00
linters:
Update golangci-lint to v2.4.0 (#33251) <!-- Add the related story/sub-task/bug number, like Resolves #123, or remove if NA --> **Related issue:** Resolves #33250 Waived most new failures. Planning to come back and fix some of them in subsequent PRs.
2025-09-22 18:17:11 +00:00
default: none
Configure golangci-lint for the whole repository Add a relatively minimal set of linters that raise safe and mostly un-opinionated issues with the code. It runs automatically on CI via a github action.
2021-08-24 17:35:03 +00:00
enable:
Create errors with ctxerr, add the call to store them in redis (#2786)
2021-11-15 14:11:38 +00:00
- depguard
Added forbidigo linter that catches slog being used without context. (#39432) <!-- Add the related story/sub-task/bug number, like Resolves #123, or remove if NA --> **Related issue:** Resolves #38889 # Checklist for submitter ## Testing - [x] QA'd all new/changed functionality manually
2026-02-09 21:28:42 +00:00
- forbidigo
Adding gosec linter (#4437) * Adding gosec linter Adding gosec (Static application security testing) linter. * Testing gosec exclusion in golangci-lint G110 is being triggered - testing if exclude works, then will revert and leave the excludes section there for future needs. Also adding some tests to exclude rules * Update .golangci.yml Testing gosec allow list of rules * Update .golangci.yml Trying gosec deny list of rules * Update .golangci.yml Reconfiguring G306 alert to use 644, less stringent, and adding every file with current warnings to exclusions. Once this is all buttoned up and running on NEW files, we will go back and address all issues or put a comment stating why the file is excluded here. * Update .golangci.yml Removing exclusion to see if lint now fails * Update .golangci.yml Removing most exclusions to test * Update .golangci.yml Removing 100% of exclusions for more testing * Update .golangci.yml Re-adding exclusions slowly and testing to be sure we only exclude what is needed * Update .golangci.yml Adding all exclusions and comments per category pointing to github issues for investigating and cleaning up over time.
2022-03-07 14:10:35 +00:00
- gosec
Make creation of http.Client uniform across the codebase (#3097)
2021-11-24 20:56:54 +00:00
- gocritic
Add `govet`'s `nilness` and golangci-lint `nilnesserr` (#33359) These seemed easy to fix. And worth keeping the lint enabled moving forward.
2025-09-23 20:55:50 +00:00
- nilnesserr
Configure golangci-lint for the whole repository Add a relatively minimal set of linters that raise safe and mostly un-opinionated issues with the code. It runs automatically on CI via a github action.
2021-08-24 17:35:03 +00:00
- govet
- ineffassign
- revive
- rowserrcheck
- sqlclosecheck
- unconvert
- unused
Enable `errcheck` linter for `golangci-lint` (#8899)
2022-12-05 22:50:49 +00:00
- errcheck
Enable staticcheck Go linter. (#23487) #23486 Linter: https://staticcheck.dev/
2024-11-05 17:16:24 +00:00
- staticcheck
Update golangci-lint to v2.4.0 (#33251) <!-- Add the related story/sub-task/bug number, like Resolves #123, or remove if NA --> **Related issue:** Resolves #33250 Waived most new failures. Planning to come back and fix some of them in subsequent PRs.
2025-09-22 18:17:11 +00:00
settings:
Added forbidigo linter that catches slog being used without context. (#39432) <!-- Add the related story/sub-task/bug number, like Resolves #123, or remove if NA --> **Related issue:** Resolves #38889 # Checklist for submitter ## Testing - [x] QA'd all new/changed functionality manually
2026-02-09 21:28:42 +00:00
forbidigo:
forbid:
- pattern: "^print$"
msg: "use structured logging instead of built-in print"
- pattern: "^println$"
msg: "use structured logging instead of built-in println"
# slog: forbid non-context methods
- pattern: "^slog\\.(Debug|Info|Warn|Error)"
pkg: "^log/slog$"
msg: "Don't use the default logger. Use a specific *slog.Logger instance."
- pattern: "slog\\.Logger\\.(Debug|Info|Warn|Error)$"
msg: "use DebugContext/InfoContext/WarnContext/ErrorContext instead"
analyze-types: true
Update golangci-lint to v2.4.0 (#33251) <!-- Add the related story/sub-task/bug number, like Resolves #123, or remove if NA --> **Related issue:** Resolves #33250 Waived most new failures. Planning to come back and fix some of them in subsequent PRs.
2025-09-22 18:17:11 +00:00
depguard:
rules:
main:
deny:
- pkg: github.com/pkg/errors
desc: "use ctxerr if a context.Context is available or stdlib errors.New / fmt.Errorf with the %w verb"
Add dependency check for some libraries (#37915) Context: https://fleetdm.slack.com/archives/C019WG4GH0A/p1767713469571139 Check working with some faked import: <img width="921" height="437" alt="Screenshot 2026-01-07 at 4 10 34 PM" src="https://github.com/user-attachments/assets/4856acda-edc6-49bd-98da-99ad46846e5c" />
2026-01-07 20:43:09 +00:00
- pkg: github.com/valyala/fastjson
desc: |
Unanswered issue opened 3 years ago: https://github.com/valyala/fastjson/issues/88).
For a safe use of their fastjson, you really have to call Validate* first and then Parse*,
otherwise it accepts a lot of invalid JSON strings.
There was a PR to address this, but it's still open and uncommented by the owner:
https://github.com/valyala/fastjson/pull/68.
- pkg: github.com/valyala/fasttemplate
desc: |
Unanswered issue opened 3 years ago: https://github.com/valyala/fastjson/issues/88).
For a safe use of their fastjson, you really have to call Validate* first and then Parse*,
otherwise it accepts a lot of invalid JSON strings.
There was a PR to address this, but it's still open and uncommented by the owner:
https://github.com/valyala/fastjson/pull/68.
Add `govet`'s `nilness` and golangci-lint `nilnesserr` (#33359) These seemed easy to fix. And worth keeping the lint enabled moving forward.
2025-09-23 20:55:50 +00:00
govet:
enable:
- nilness
Configure golangci-lint for the whole repository Add a relatively minimal set of linters that raise safe and mostly un-opinionated issues with the code. It runs automatically on CI via a github action.
2021-08-24 17:35:03 +00:00
Update golangci-lint to v2.4.0 (#33251) <!-- Add the related story/sub-task/bug number, like Resolves #123, or remove if NA --> **Related issue:** Resolves #33250 Waived most new failures. Planning to come back and fix some of them in subsequent PRs.
2025-09-22 18:17:11 +00:00
errcheck:
check-type-assertions: false
check-blank: false
disable-default-exclusions: false
exclude-functions:
# Logging
- "(github.com/go-kit/log.Logger).Log"
Changes needed before gokit/log to slog transition. (#39527) <!-- Add the related story/sub-task/bug number, like Resolves #123, or remove if NA --> **Related issue:** Resolves #38889 PLEASE READ BELOW before looking at file changes Before converting individual files/packages to slog, we generally need to make these 2 changes to make the conversion easier: - Replace uses of `kitlog.With` since they are not fully compatible with our kitlog adapter - Directly use the kitlog adapter logger type instead of the kitlog interface, which will let us have direct access to the underlying slog logger: `*logging.Logger` Note: that I did not replace absolutely all uses of `kitlog.Logger`, but I did remove all uses of `kitlog.With` except for these due to complexity: - server/logging/filesystem.go and the other log writers (webhook, firehose, kinesis, lambda, pubsub, nats) - server/datastore/mysql/nanomdm_storage.go (adapter pattern) - server/vulnerabilities/nvd/* (cascades to CLI tools) - server/service/osquery_utils/queries.go (callback type signatures cascade broadly) - cmd/maintained-apps/ (standalone, so can be transitioned later all at once) Most of the changes in this PR follow these patterns: - `kitlog.Logger` type → `*logging.Logger` - `kitlog.With(logger, ...)` → `logger.With(...)` - `kitlog.NewNopLogger() → logging.NewNopLogger()`, including similar variations such as `logging.NewLogfmtLogger(w)` and `logging.NewJSONLogger(w)` - removed many now-unused kitlog imports Unique changes that the PR review should focus on: - server/platform/logging/kitlog_adapter.go: Core adapter changes - server/platform/logging/logging.go: New convenience functions - server/service/integration_logger_test.go: Test changes for slog # Checklist for submitter If some of the following don't apply, delete the relevant line. - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. - Was added in previous PR ## Testing - [x] Added/updated automated tests - [x] QA'd all new/changed functionality manually <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Refactor** * Migrated the codebase to a unified internal structured logging system for more consistent, reliable logs and observability. * No user-facing functionality changed; runtime behavior and APIs remain compatible. * **Tests** * Updated tests to use the new logging helpers to ensure consistent test logging and validation. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-02-11 16:08:33 +00:00
- "(*github.com/fleetdm/fleet/v4/server/platform/logging.Logger).Log"
Update golangci-lint to v2.4.0 (#33251) <!-- Add the related story/sub-task/bug number, like Resolves #123, or remove if NA --> **Related issue:** Resolves #33250 Waived most new failures. Planning to come back and fix some of them in subsequent PRs.
2025-09-22 18:17:11 +00:00
# fmt package
- fmt.Fprint
- fmt.Fprintf
- fmt.Fprintln
- fmt.Print
- fmt.Printf
- fmt.Println
# Close methods
- "(io.Closer).Close"
- "(io.ReadCloser).Close"
- "(io.WriteCloser).Close"
- "(net.Conn).Close"
- "(net.Listener).Close"
- "(*database/sql.Rows).Close"
- "(*database/sql.DB).Close"
- "(*database/sql.Stmt).Close"
- "(*database/sql.Tx).Close"
- "(*database/sql.Tx).Rollback"
- "(*os.File).Close"
# OS operations
- os.Remove
- os.RemoveAll
- os.Setenv
- os.Unsetenv
- os.Chdir
- os.Mkdir
- os.MkdirAll
- os.Rename
# Writers and flushers
- "(*bufio.Writer).Flush"
- "(*bufio.ReadWriter).Flush"
- "(*archive/tar.Writer).Close"
- "(*archive/zip.Writer).Close"
- "(*archive/zip.ReadCloser).Close"
- "(*compress/gzip.Writer).Close"
- "(*compress/gzip.Reader).Close"
- "(*mime/multipart.Writer).Close"
# HTTP and network
- "(*net.TCPConn).Close"
- "(*net.UDPConn).Close"
- "(*net.UnixConn).Close"
- "(*net.TCPListener).Close"
- "(*net/http.Client).CloseIdleConnections"
- "(*crypto/tls.Conn).Close"
# Redis
- "(github.com/gomodule/redigo/redis.Conn).Close"
- "(*github.com/gomodule/redigo/redis.Pool).Close"
- "(*github.com/redis/go-redis/v9.ClusterClient).Close"
- "(*github.com/fleetdm/fleet/v4/server/datastore/redis.Pool).Close"
- "(*github.com/mna/redisc.Cluster).Close"
# WebSockets
- "(*github.com/gorilla/websocket.Conn).Close"
- "(*github.com/igm/sockjs-go/v3/sockjs.session).Close"
# Test helpers and Fleet-specific
- "(*github.com/fleetdm/fleet/v4/server/datastore/mysql.Datastore).Close"
- "(*github.com/DATA-DOG/go-sqlmock.Sqlmock).ExpectClose"
# Additional project-specific types
- "(*github.com/fleetdm/fleet/v4/pkg/file.TemporaryFile).Close"
- "(*github.com/fleetdm/fleet/v4/server/fleet.TempFileReader).Close"
- "(*github.com/fleetdm/fleet/v4/server/service.Session).Close"
- "(github.com/fleetdm/fleet/v4/server/fleet.RedisPool).Close"
- "(*github.com/go-redis/redis/v8.ClusterClient).Close"
- "(*go.etcd.io/bbolt.DB).Close"
- "(*github.com/boltdb/bolt.DB).Close"
- "(*net/smtp.Client).Close"
- "(*cloud.google.com/go/pubsub.Client).Close"
- "(*github.com/saferwall/pe.File).Close"
- "(*github.com/sassoftware/relic/v8/lib/comdoc.ComDoc).Close"
# Unix/syscall operations
- "golang.org/x/sys/unix.Close"
# Additional writers and iterators
- "(*go/printer.Config).Fprint"
- "go/printer.Fprint"
- "(*github.com/fleetdm/fleet/v4/server/vulnerabilities/macoffice.OfficeReleasesIterator).Close"
- "(*github.com/fleetdm/fleet/v4/server/vulnerabilities/nvd.CPEIterator).Close"
- "(github.com/fleetdm/fleet/v4/server/fleet.SoftwareIterator).Close"
- "(*github.com/gosuri/uilive.Writer).Flush"
# Security hardware interface
- "(github.com/fleetdm/fleet/v4/ee/orbit/pkg/securehw.SecureHW).Close"
- "(github.com/fleetdm/fleet/v4/ee/orbit/pkg/securehw.Key).Close"
# Containerd
- "(*github.com/containerd/containerd.Client).Close"
# Windows-specific
- "(golang.org/x/sys/windows.Token).Close"
- "(golang.org/x/sys/windows/registry.Key).Close"
# Color package
- "(*github.com/fatih/color.Color).Fprint"
- "(*github.com/fatih/color.Color).Fprintf"
- "(*github.com/fatih/color.Color).Fprintln"
- "(*github.com/fatih/color.Color).Print"
- "(*github.com/fatih/color.Color).Printf"
- "(*github.com/fatih/color.Color).Println"
Make creation of http.Client uniform across the codebase (#3097)
2021-11-24 20:56:54 +00:00
Update golangci-lint to v2.4.0 (#33251) <!-- Add the related story/sub-task/bug number, like Resolves #123, or remove if NA --> **Related issue:** Resolves #33250 Waived most new failures. Planning to come back and fix some of them in subsequent PRs.
2025-09-22 18:17:11 +00:00
gosec:
excludes:
- G104 # Errors unhandled. We are using errcheck linter instead of this rule.
- G204 # Subprocess launched with variable. Some consider this rule to be too noisy.
- G301 # Directory permissions 0750 as opposed to standard 0755. Consider enabling stricter permission in the future.
Update golangci-lint from 2.7.1 to 2.11.3 (#42066)
2026-03-19 16:19:42 +00:00
- G304 # File path provided as taint input.
- G702 # Command injection via taint analysis (taint version of excluded G204).
- G703 # Path traversal via taint analysis (taint version of excluded G304).
# The following rules are excluded from the full lint but enabled in the incremental
# linter (.golangci-incremental.yml) so they only apply to new/changed code.
# Existing violations were audited during the v2.7.1 -> v2.11.3 upgrade.
- G101 # Potential hardcoded credentials.
- G115 # Integer overflow conversion.
- G117 # Marshaled struct field matches secret pattern.
- G118 # Goroutine uses context.Background/TODO while request-scoped context is available.
- G122 # Filesystem race in filepath.Walk/WalkDir callback.
- G202 # SQL string concatenation.
- G602 # Slice index out of range.
- G704 # SSRF via taint analysis.
- G705 # XSS via taint analysis.
- G706 # Log injection via taint analysis.
Update golangci-lint to v2.4.0 (#33251) <!-- Add the related story/sub-task/bug number, like Resolves #123, or remove if NA --> **Related issue:** Resolves #33250 Waived most new failures. Planning to come back and fix some of them in subsequent PRs.
2025-09-22 18:17:11 +00:00
config:
G306: "0644"
Configure golangci-lint for the whole repository Add a relatively minimal set of linters that raise safe and mostly un-opinionated issues with the code. It runs automatically on CI via a github action.
2021-08-24 17:35:03 +00:00
Update golangci-lint to v2.4.0 (#33251) <!-- Add the related story/sub-task/bug number, like Resolves #123, or remove if NA --> **Related issue:** Resolves #33250 Waived most new failures. Planning to come back and fix some of them in subsequent PRs.
2025-09-22 18:17:11 +00:00
gocritic:
enabled-checks:
- ruleguard
settings:
ruleguard:
rules: "${base-path}/tools/ci/rules.go"
failOn: all
Configure golangci-lint for the whole repository Add a relatively minimal set of linters that raise safe and mostly un-opinionated issues with the code. It runs automatically on CI via a github action.
2021-08-24 17:35:03 +00:00
Update golangci-lint to v2.4.0 (#33251) <!-- Add the related story/sub-task/bug number, like Resolves #123, or remove if NA --> **Related issue:** Resolves #33250 Waived most new failures. Planning to come back and fix some of them in subsequent PRs.
2025-09-22 18:17:11 +00:00
revive:
severity: "warning"
confidence: 0.8
rules:
- name: dot-imports
- name: error-return
- name: var-declaration
- name: range
- name: receiver-naming
- name: time-naming
- name: indent-error-flow
- name: errorf
- name: empty-block
- name: superfluous-else
- name: unreachable-code
- name: redefines-builtin-id
staticcheck:
checks:
- "all"
- "-SA9003" # Empty body in an if or else branch.
- "-ST1000" # Incorrect or missing package comment.
- "-ST1003" # Poorly chosen identifier.
- "-ST1016" # Use consistent method receiver names.
- "-ST1020" # The documentation of an exported function should start with the function's name.
- "-ST1021" # The documentation of an exported type should start with type's name.
- "-ST1022" # The documentation of an exported variable or constant should start with variable's name.
- "-ST1023" # Redundant type in variable declaration.
- "-SA1019" # Using a deprecated function, variable, constant or field.
- "-ST1005" # Incorrectly formatted error string.
- "-ST1012" # Poorly chosen name for error variable.
- "-ST1019" # Importing the same package multiple times. TODO: Fix this.
- "-QF1001" # Apply De Morgan's law. TODO: Autofix these QFs (quick-fixes) in a follow-up PR.
- "-QF1002" # Convert untagged switch to tagged switch.
- "-QF1003" # Convert if/else-if chain to tagged switch.
- "-QF1008" # Omit embedded fields from selector expression.
- "-QF1009" # Use time.Time.Equal instead of == operator
- "-QF1011" # Omit redundant type from variable declaration.
- "-QF1012" # Use 'fmt.Fprintf(x, ...)' instead of 'x.Write(fmt.Sprintf(...))'.
exclusions:
generated: strict
# Before excluding files from gosec linter - an issue must be created and referenced in a comment.
Configure golangci-lint for the whole repository Add a relatively minimal set of linters that raise safe and mostly un-opinionated issues with the code. It runs automatically on CI via a github action.
2021-08-24 17:35:03 +00:00
rules:
Update golangci-lint to v2.4.0 (#33251) <!-- Add the related story/sub-task/bug number, like Resolves #123, or remove if NA --> **Related issue:** Resolves #33250 Waived most new failures. Planning to come back and fix some of them in subsequent PRs.
2025-09-22 18:17:11 +00:00
- path: server/datastore/mysql/migrations/[^/]+/[^/]+\.go
linters:
- depguard
Added forbidigo linter that catches slog being used without context. (#39432) <!-- Add the related story/sub-task/bug number, like Resolves #123, or remove if NA --> **Related issue:** Resolves #38889 # Checklist for submitter ## Testing - [x] QA'd all new/changed functionality manually
2026-02-09 21:28:42 +00:00
# Legacy CLI tools that use slog without context
- path: cmd/cpe/generate.go
linters:
- forbidigo
- path: tools/mdm/migration/micromdm/main.go
linters:
- forbidigo
Update golangci-lint to v2.4.0 (#33251) <!-- Add the related story/sub-task/bug number, like Resolves #123, or remove if NA --> **Related issue:** Resolves #33250 Waived most new failures. Planning to come back and fix some of them in subsequent PRs.
2025-09-22 18:17:11 +00:00
# cmd gosec exclusions https://github.com/fleetdm/fleet/issues/4451
- path: cmd/osquery-perf/agent.go
linters:
- gosec
- path: cmd/fleet/serve.go
linters:
- gosec
- path: cmd/fleetctl/fleetctl/api.go
linters:
- gosec
- path: cmd/fleetctl/fleetctl/get.go
linters:
- gosec
- path: cmd/fleetctl/fleetctl/preview.go
linters:
- gosec
# Orbit gosec exclusions https://github.com/fleetdm/fleet/issues/4452
- path: orbit/pkg/update/update.go
linters:
- gosec
- path: orbit/pkg/packaging/wix/wix.go
linters:
- gosec
- path: orbit/pkg/packaging/macos.go
linters:
- gosec
- path: orbit/pkg/packaging/windows.go
linters:
- gosec
- path: orbit/pkg/packaging/packaging.go
linters:
- gosec
# insecure proxy is insecure by design
- path: orbit/pkg/insecure/proxy.go
linters:
- gosec
# pkg gosec exclusions https://github.com/fleetdm/fleet/issues/4453
# Test file which triggers many TLS warnings by design
- path: pkg/fleethttp/fleethttp_test.go
linters:
- gosec
- path: pkg/certificate/certificate.go
linters:
- gosec
- path: pkg/download/download.go
linters:
- gosec
# server gosec exclusions https://github.com/fleetdm/fleet/issues/4455
- path: server/mail/mail.go
linters:
- gosec
- path: server/datastore/mysql/migrations/tables/20201011162341_CleanupSoftDeletedColumns.go
linters:
- gosec
- path: server/service/redis_policy_set/redis_policy_set_test.go
linters:
- gosec
- path: server/sso/settings.go
linters:
- gosec
- path: server/datastore/mysql/hosts.go
linters:
- gosec
- path: server/datastore/mysql/hosts_test.go
linters:
- gosec
- path: server/datastore/mysql/mysql_test.go
linters:
- gosec
- path: server/service/client_live_query.go
linters:
- gosec
- path: server/service/invites.go
linters:
- gosec
- path: server/service/service_appconfig.go
linters:
- gosec
- path: server/service/service_users.go
linters:
- gosec
- path: server/datastore/mysql/migrations/tables/20201011162341_CleanupSoftDeletedColumns.go
linters:
- gosec
- path: server/datastore/mysql/aggregated_stats_test.go
linters:
- gosec
- path: server/fleet/app.go
linters:
- gosec
- path: server/service/async/async_policy.go
linters:
- gosec
- path: server/logging/kinesis.go
linters:
- gosec
- path: server/logging/kinesis_test.go
linters:
- gosec
- path: server/config/config.go
linters:
- gosec
- path: server/datastore/redis/ratelimit_store.go
linters:
- gosec
- path: server/datastore/mysql/testing_utils.go
linters:
- gosec
- path: server/datastore/mysql/packs_test.go
linters:
- gosec
- path: server/service/appconfig.go
linters:
- gosec
- path: server/service/client.go
linters:
- gosec
- path: server/service/users.go
linters:
- gosec
- path: server/service/appconfig_test.go
linters:
- gosec
- path: server/service/service_campaign_test.go
linters:
- gosec
- path: server/datastore/mysql/software_test.go
linters:
- gosec
# tools gosec exclusions https://github.com/fleetdm/fleet/issues/4456
- path: tools/dbutils/schema_generator.go
linters:
- gosec
Reference in a new issue Copy permalink