1linters:
2 disable-all: true
3 enable:
4 - errcheck
5 - gofmt
6 - gosec
7 - gosimple
8 - govet
9 - ineffassign
10 - misspell
11 - typecheck
12 - unconvert
13 - unparam
14 - unused
15 # TODO(#6202): Re-enable 'wastedassign' linter
16linters-settings:
17 errcheck:
18 exclude-functions:
19 - (net/http.ResponseWriter).Write
20 - (net.Conn).Write
21 - encoding/binary.Write
22 - io.Write
23 - net/http.Write
24 - os.Remove
25 - github.com/miekg/dns.WriteMsg
26 gosimple:
27 # S1029: Range over the string directly
28 checks: ["all", "-S1029"]
29 govet:
30 settings:
31 printf:
32 funcs:
33 - (github.com/letsencrypt/boulder/log.Logger).Errf
34 - (github.com/letsencrypt/boulder/log.Logger).Warningf
35 - (github.com/letsencrypt/boulder/log.Logger).Infof
36 - (github.com/letsencrypt/boulder/log.Logger).Debugf
37 - (github.com/letsencrypt/boulder/log.Logger).AuditInfof
38 - (github.com/letsencrypt/boulder/log.Logger).AuditErrf
39 - (github.com/letsencrypt/boulder/ocsp/responder).SampledError
40 - (github.com/letsencrypt/boulder/web.RequestEvent).AddError
41 gosec:
42 excludes:
43 # TODO: Identify, fix, and remove violations of most of these rules
44 - G101 # Potential hardcoded credentials
45 - G102 # Binds to all network interfaces
46 - G107 # Potential HTTP request made with variable url
47 - G201 # SQL string formatting
48 - G202 # SQL string concatenation
49 - G306 # Expect WriteFile permissions to be 0600 or less
50 - G401 # Use of weak cryptographic primitive
51 - G402 # TLS InsecureSkipVerify set true.
52 - G403 # RSA keys should be at least 2048 bits
53 - G404 # Use of weak random number generator (math/rand instead of crypto/rand)
54 - G501 # Blacklisted import `crypto/md5`: weak cryptographic primitive
55 - G505 # Blacklisted import `crypto/sha1`: weak cryptographic primitive
View as plain text