sneak
985d79d3c0
- Remove sensitive data from debug logs (vault/secrets.go, secret/version.go) - Add input validation for GPG key IDs and keychain item names - Resolve GPG key IDs to full fingerprints before storing in metadata - Add comprehensive test coverage for validation functions - Add golangci-lint configuration with additional linters Security improvements: - Debug logs no longer expose decrypted secret values or private keys - GPG and keychain commands now validate input to prevent injection attacks - All validation uses precompiled regex patterns for performance
99 lines
2.2 KiB
YAML
99 lines
2.2 KiB
YAML
run:
|
|
timeout: 5m
|
|
go: "1.22"
|
|
|
|
linters:
|
|
enable:
|
|
# Additional linters requested
|
|
- testifylint # Checks usage of github.com/stretchr/testify
|
|
- usetesting # usetesting is an analyzer that detects using os.Setenv instead of t.Setenv since Go 1.17
|
|
- tagliatelle # Checks the struct tags
|
|
- nlreturn # nlreturn checks for a new line before return and branch statements
|
|
- nilnil # Checks that there is no simultaneous return of nil error and an invalid value
|
|
- nestif # Reports deeply nested if statements
|
|
- mnd # An analyzer to detect magic numbers
|
|
- lll # Reports long lines
|
|
- intrange # intrange is a linter to find places where for loops could make use of an integer range
|
|
- gofumpt # Gofumpt checks whether code was gofumpt-ed
|
|
- gochecknoglobals # Check that no global variables exist
|
|
|
|
# Default/existing linters that are commonly useful
|
|
- govet
|
|
- errcheck
|
|
- staticcheck
|
|
- unused
|
|
- gosimple
|
|
- ineffassign
|
|
- typecheck
|
|
- gofmt
|
|
- goimports
|
|
- misspell
|
|
- revive
|
|
- gosec
|
|
- unconvert
|
|
- unparam
|
|
|
|
linters-settings:
|
|
lll:
|
|
line-length: 120
|
|
|
|
mnd:
|
|
# List of enabled checks, see https://github.com/tommy-muehle/go-mnd/#checks for description.
|
|
checks:
|
|
- argument
|
|
- case
|
|
- condition
|
|
- operation
|
|
- return
|
|
- assign
|
|
ignored-numbers:
|
|
- '0'
|
|
- '1'
|
|
- '2'
|
|
- '8'
|
|
- '16'
|
|
- '40' # GPG fingerprint length
|
|
- '64'
|
|
- '128'
|
|
- '256'
|
|
- '512'
|
|
- '1024'
|
|
- '2048'
|
|
- '4096'
|
|
|
|
nestif:
|
|
min-complexity: 4
|
|
|
|
nlreturn:
|
|
block-size: 2
|
|
|
|
tagliatelle:
|
|
case:
|
|
rules:
|
|
json: snake
|
|
yaml: snake
|
|
xml: snake
|
|
bson: snake
|
|
|
|
testifylint:
|
|
enable-all: true
|
|
|
|
usetesting:
|
|
strict: true
|
|
|
|
issues:
|
|
exclude-rules:
|
|
# Exclude some linters from running on tests files
|
|
- path: _test\.go
|
|
linters:
|
|
- gochecknoglobals
|
|
- mnd
|
|
- unparam
|
|
|
|
# Allow long lines in generated code or test data
|
|
- path: ".*_gen\\.go"
|
|
linters:
|
|
- lll
|
|
|
|
max-issues-per-linter: 0
|
|
max-same-issues: 0 |