version: "2" linters: # Default set of linters. # The value can be: `standard`, `all`, `none`, or `fast`. # Default: standard default: none # Enable specific linter. # https://golangci-lint.run/usage/linters/#enabled-by-default enable: - asasalint - asciicheck - bidichk - bodyclose - copyloopvar - depguard - dogsled - errcheck - errname - errorlint - gocheckcompilerdirectives - gocritic - goprintffuncname - gosec - govet - ineffassign - interfacebloat - lll - makezero - mirror - nakedret - nilerr - nolintlint - perfsprint - prealloc - predeclared - revive - sqlclosecheck - staticcheck - testifylint - tparallel - unconvert - unparam - unused - usetesting settings: depguard: # Rules to apply. # # Variables: # - File Variables # Use an exclamation mark `!` to negate a variable. # Example: `!$test` matches any file that is not a go test file. # # `$all` - matches all go files # `$test` - matches all go test files # # - Package Variables # # `$gostd` - matches all of go's standard library (Pulled from `GOROOT`) # # Default (applies if no custom rules are defined): Only allow $gostd in all files. rules: # Name of a rule. main: # List of file globs that will match this list of settings to compare against. # By default, if a path is relative, it is relative to the directory where the golangci-lint command is executed. # The placeholder '${base-path}' is substituted with a path relative to the mode defined with `run.relative-path-mode`. # The placeholder '${config-path}' is substituted with a path relative to the configuration file. # Default: $all files: - '!**/agent/**' - '!**/cmd/**' - '!**/config/**' - '!**/filter/**' - '!**/internal/**' - '!**/logger/**' - '!**/metric/**' - '!**/models/**' - '!**/plugins/serializers/**' - '!**/scripts/**' - '!**/selfstat/**' - '!**/testutil/**' - '!**/tools/**' - '!**/*_test.go' # List of packages that are not allowed. # Entries can be a variable (starting with $), a string prefix, or an exact match (if ending with $). # Default: [] deny: - pkg: log desc: 'Use injected telegraf.Logger instead' errcheck: # report about assignment of errors to blank identifier: `num, _ := strconv.Atoi(numStr)`. # Such cases aren't reported by default. # Default: false check-blank: true # List of functions to exclude from checking, where each entry is a single function to exclude. # See https://github.com/kisielk/errcheck#excluding-functions for details. exclude-functions: - '(*hash/maphash.Hash).Write' - '(*hash/maphash.Hash).WriteByte' - '(*hash/maphash.Hash).WriteString' - '(*github.com/influxdata/telegraf/plugins/outputs/postgresql/sqltemplate.Template).UnmarshalText' gocritic: # Disable all checks. # Default: false disable-all: true # Which checks should be enabled in addition to default checks; can't be combined with 'disabled-checks'. # By default, list of stable checks is used (https://go-critic.com/overview#checks-overview). # To see which checks are enabled run `GL_DEBUG=gocritic golangci-lint run --enable=gocritic`. enabled-checks: # diagnostic - argOrder - badCall - badCond - badLock - badRegexp - badSorting - badSyncOnceFunc - builtinShadowDecl - caseOrder - codegenComment - commentedOutCode - deferInLoop - deprecatedComment - dupArg - dupBranchBody - dupCase - dupSubExpr - dynamicFmtString - emptyDecl - evalOrder - exitAfterDefer - externalErrorReassign - filepathJoin - flagName - mapKey - nilValReturn - offBy1 - regexpPattern - sloppyLen - sloppyReassign - sloppyTypeAssert - sortSlice - sprintfQuotedString - sqlQuery - syncMapLoadAndDelete - truncateCmp - uncheckedInlineErr - unnecessaryDefer - weakCond # performance - appendCombine - equalFold - hugeParam - indexAlloc - preferDecodeRune - preferFprint - preferStringWriter - preferWriteByte - rangeExprCopy - rangeValCopy - sliceClear - stringXbytes # Settings passed to gocritic. # The settings key is the name of a supported gocritic checker. # The list of supported checkers can be found at https://go-critic.com/overview. settings: hugeParam: # Size in bytes that makes the warning trigger. # Default: 80 sizeThreshold: 512 rangeValCopy: # Size in bytes that makes the warning trigger. # Default: 128 sizeThreshold: 512 gosec: # To select a subset of rules to run. # Available rules: https://github.com/securego/gosec#available-rules # Default: [] - means include all rules includes: - G101 # Look for hard coded credentials - G102 # Bind to all interfaces - G103 # Audit the use of unsafe block - G106 # Audit the use of ssh.InsecureIgnoreHostKey - G107 # Url provided to HTTP request as taint input - G108 # Profiling endpoint automatically exposed on /debug/pprof - G109 # Potential Integer overflow made by strconv.Atoi result conversion to int16/32 - G110 # Potential DoS vulnerability via decompression bomb - G111 # Potential directory traversal - G112 # Potential slowloris attack - G114 # Use of net/http serve function that has no support for setting timeouts - G201 # SQL query construction using format string - G202 # SQL query construction using string concatenation - G203 # Use of unescaped data in HTML templates - G301 # Poor file permissions used when creating a directory - G302 # Poor file permissions used with chmod - G303 # Creating tempfile using a predictable path - G305 # File traversal when extracting zip/tar archive - G306 # Poor file permissions used when writing to a new file - G401 # Detect the usage of MD5 or SHA1 - G403 # Ensure minimum RSA key length of 2048 bits - G404 # Insecure random number source (rand) - G405 # Detect the usage of DES or RC4 - G406 # Detect the usage of MD4 or RIPEMD160 - G501 # Import blocklist: crypto/md5 - G502 # Import blocklist: crypto/des - G503 # Import blocklist: crypto/rc4 - G505 # Import blocklist: crypto/sha1 - G506 # Import blocklist: golang.org/x/crypto/md4 - G507 # Import blocklist: golang.org/x/crypto/ripemd160 - G601 # Implicit memory aliasing of items from a range statement - G602 # Slice access out of bounds # G104, G105, G113, G204, G304, G307, G402, G504 were not enabled intentionally # TODO: review G115 when reporting false positives is fixed (https://github.com/securego/gosec/issues/1212) # To specify the configuration of rules. config: # Maximum allowed permissions mode for os.OpenFile and os.Chmod # Default: "0600" G302: "0640" # Maximum allowed permissions mode for os.WriteFile and ioutil.WriteFile # Default: "0600" G306: "0640" govet: # Settings per analyzer. settings: # Analyzer name, run `go tool vet help` to see all analyzers. printf: # Comma-separated list of print function names to check (in addition to default, see `go tool vet help printf`). # Default: [] funcs: - (github.com/influxdata/telegraf.Logger).Tracef - (github.com/influxdata/telegraf.Logger).Debugf - (github.com/influxdata/telegraf.Logger).Infof - (github.com/influxdata/telegraf.Logger).Warnf - (github.com/influxdata/telegraf.Logger).Errorf - (github.com/influxdata/telegraf.Logger).Trace - (github.com/influxdata/telegraf.Logger).Debug - (github.com/influxdata/telegraf.Logger).Info - (github.com/influxdata/telegraf.Logger).Warn - (github.com/influxdata/telegraf.Logger).Error lll: # Max line length, lines longer will be reported. # '\t' is counted as 1 character by default, and can be changed with the tab-width option. # Default: 120. line-length: 160 # Tab width in spaces. # Default: 1 tab-width: 4 nakedret: # Make an issue if func has more lines of code than this setting, and it has naked returns. # Default: 30 max-func-lines: 1 nolintlint: # Enable to require an explanation of nonzero length after each nolint directive. # Default: false require-explanation: true # Enable to require nolint directives to mention the specific linter being suppressed. # Default: false require-specific: true prealloc: # Report pre-allocation suggestions only on simple loops that have no returns/breaks/continues/gotos in them. # Default: true simple: false revive: # Sets the default severity. # See https://github.com/mgechev/revive#configuration # Default: warning severity: error # Run `GL_DEBUG=revive golangci-lint run --enable-only=revive` to see default, all available rules, and enabled rules. rules: - name: argument-limit arguments: [ 6 ] - name: atomic - name: bare-return - name: blank-imports - name: bool-literal-in-expr - name: call-to-gc - name: comment-spacings - name: confusing-naming - name: confusing-results - name: constant-logical-expr - name: context-as-argument - name: context-keys-type - name: datarace - name: deep-exit - name: defer - name: dot-imports - name: duplicated-imports - name: early-return - name: empty-block - name: empty-lines - name: enforce-map-style exclude: [ "TEST" ] arguments: - "make" - name: enforce-repeated-arg-type-style arguments: - "short" - name: enforce-slice-style arguments: - "make" - name: error-naming - name: error-return - name: error-strings - name: errorf - name: exported exclude: - "**/accumulator.go" - "**/agent/**" - "**/cmd/**" - "**/config/**" - "**/filter/**" - "**/internal/**" - "**/logger/**" - "**/logger.go" - "**/metric/**" - "**/metric.go" - "**/migrations/**" - "**/models/**" - "**/persister/**" - "**/metric.go" - "**/parser.go" - "**/plugin.go" - "**/plugins/aggregators/**" - "**/plugins/common/**" - "**/plugins/outputs/**" - "**/plugins/parsers/**" - "**/plugins/processors/**" - "**/plugins/secretstores/**" - "**/plugins/serializers/**" - "**/selfstat/**" - "**/serializer.go" - "**/testutil/**" - "**/tools/**" arguments: - "check-private-receivers" - "say-repetitive-instead-of-stutters" - "check-public-interface" - "disable-checks-on-types" - name: function-result-limit arguments: [ 3 ] - name: get-return - name: identical-branches - name: if-return - name: import-alias-naming arguments: - "^[a-z][a-z0-9_]*[a-z0-9]+$" - name: import-shadowing - name: increment-decrement - name: indent-error-flow - name: max-public-structs arguments: [ 5 ] exclude: [ "TEST" ] - name: modifies-parameter - name: modifies-value-receiver - name: optimize-operands-order - name: package-comments - name: range - name: range-val-address - name: range-val-in-closure - name: receiver-naming - name: redefines-builtin-id - name: redundant-import-alias - name: string-format arguments: - - 'fmt.Errorf[0],errors.New[0]' - '/^([^A-Z]|$)/' - 'Error string must not start with a capital letter.' - - 'fmt.Errorf[0],errors.New[0]' - '/(^|[^\.!?])$/' - 'Error string must not end in punctuation.' - - 'panic' - '/^[^\n]*$/' - 'Must not contain line breaks.' - name: string-of-int - name: struct-tag - name: superfluous-else - name: time-equal - name: time-naming - name: unconditional-recursion - name: unexported-naming - name: unnecessary-stmt - name: unreachable-code - name: unused-parameter - name: unused-receiver - name: var-declaration - name: var-naming arguments: - [ ] # AllowList - [ "ID", "DB", "TS" ] # DenyList - name: waitgroup-by-value staticcheck: # SAxxxx checks in https://staticcheck.dev/docs/configuration/options/#checks # Example (to disable some checks): [ "all", "-SA1000", "-SA1001"] # Default: ["all", "-ST1000", "-ST1003", "-ST1016", "-ST1020", "-ST1021", "-ST1022"] checks: - all # Poorly chosen identifier. # https://staticcheck.dev/docs/checks/#ST1003 - -ST1003 # The documentation of an exported function should start with the function's name. # https://staticcheck.dev/docs/checks/#ST1020 - -ST1020 # The documentation of an exported type should start with type's name. # https://staticcheck.dev/docs/checks/#ST1021 - -ST1021 # The documentation of an exported variable or constant should start with variable's name. # https://staticcheck.dev/docs/checks/#ST1022 - -ST1022 # Apply De Morgan's law. # https://staticcheck.dev/docs/checks/#QF1001 - -QF1001 # Convert if/else-if chain to tagged switch. # https://staticcheck.dev/docs/checks/#QF1003 - -QF1003 # Use 'strings.ReplaceAll' instead of 'strings.Replace' with 'n == -1'. # https://staticcheck.dev/docs/checks/#QF1004 - -QF1004 # Lift 'if'+'break' into loop condition. # https://staticcheck.dev/docs/checks/#QF1006 - -QF1006 # Merge conditional assignment into variable declaration. # https://staticcheck.dev/docs/checks/#QF1007 - -QF1007 # Omit embedded fields from selector expression. # https://staticcheck.dev/docs/checks/#QF1008 - -QF1008 # Use 'time.Time.Equal' instead of '==' operator. # https://staticcheck.dev/docs/checks/#QF1009 - -QF1009 testifylint: # Disable all checkers (https://github.com/Antonboom/testifylint#checkers). # Default: false disable-all: true # Enable checkers by name enable: - blank-import - bool-compare - compares - contains - empty - encoded-compare - error-is-as - error-nil - expected-actual - float-compare - formatter - go-require - len - negative-positive - nil-compare - regexp - require-error - suite-broken-parallel - suite-dont-use-pkg - suite-extra-assert-call - suite-subtest-run - suite-thelper - useless-assert usetesting: # Enable/disable `os.TempDir()` detections. # Default: false os-temp-dir: true # Defines a set of rules to ignore issues. # It does not skip the analysis, and so does not ignore "typecheck" errors. exclusions: # Mode of the generated files analysis. # # - `strict`: sources are excluded by strictly following the Go generated file convention. # Source files that have lines matching only the following regular expression will be excluded: `^// Code generated .* DO NOT EDIT\.$` # This line must appear before the first non-comment, non-blank text in the file. # https://go.dev/s/generatedcode # - `lax`: sources are excluded if they contain lines like `autogenerated file`, `code generated`, `do not edit`, etc. # - `disable`: disable the generated files exclusion. # # Default: strict generated: lax # Excluding configuration per-path, per-linter, per-text and per-source. rules: # errcheck - path: cmd/telegraf/(main|printer|cmd_plugins).go text: "Error return value of `outputBuffer.Write` is not checked" - path: plugins/inputs/win_perf_counters/pdh.go linters: - errcheck # gosec:G101 - path: _test\.go text: "Potential hardcoded credentials" # gosec:G404 - path: _test\.go text: "Use of weak random number generator" # revive:max-public-structs - path-except: ^plugins/(aggregators|inputs|outputs|parsers|processors|serializers)/... text: "max-public-structs: you have exceeded the maximum number" # revive:var-naming - path: (.+)\.go$ text: don't use an underscore in package name # revive:exported - path: (.+)\.go$ text: exported method .*\.(Init |SampleConfig |Gather |Start |Stop |GetState |SetState |SetParser |SetParserFunc |SetTranslator |Probe )should have comment or be unexported # EXC0001 errcheck: Almost all programs ignore errors on these functions, and in most cases it's ok - path: (.+)\.go$ text: Error return value of .((os\.)?std(out|err)\..*|.*Close.*|.*close.*|.*Flush|.*Disconnect|.*disconnect|.*Clear|os\.Remove(All)?|.*print(f|ln)?|os\.Setenv|os\.Unsetenv). is not checked # EXC0013 revive: Annoying issue about not having a comment. The rare codebase has such comments - path: (.+)\.go$ text: package comment should be of the form "(.+)... # EXC0015 revive: Annoying issue about not having a comment. The rare codebase has such comments - path: (.+)\.go$ text: should have a package comment # Which file paths to exclude: they will be analyzed, but issues from them won't be reported. # "/" will be replaced by the current OS file path separator to properly work on Windows. # Default: [] paths: - plugins/parsers/influx/machine.go* formatters: # Enable specific formatter. # Default: [] (uses standard Go formatting) enable: - gci # Formatters settings. settings: gci: # Section configuration to compare against. # Section names are case-insensitive and may contain parameters in (). # The default order of sections is `standard > default > custom > blank > dot > alias > localmodule`. # If `custom-order` is `true`, it follows the order of `sections` option. # Default: ["standard", "default"] sections: - standard # Standard section: captures all standard packages. - default # Default section: contains all imports that could not be matched to another section type. - localmodule # Local module section: contains all local packages. This section is not present unless explicitly enabled. exclusions: # Mode of the generated files analysis. # # - `strict`: sources are excluded by strictly following the Go generated file convention. # Source files that have lines matching only the following regular expression will be excluded: `^// Code generated .* DO NOT EDIT\.$` # This line must appear before the first non-comment, non-blank text in the file. # https://go.dev/s/generatedcode # - `lax`: sources are excluded if they contain lines like `autogenerated file`, `code generated`, `do not edit`, etc. # - `disable`: disable the generated files exclusion. # # Default: lax generated: lax issues: # Maximum issues count per one linter. # Set to 0 to disable. # Default: 50 max-issues-per-linter: 0 # Maximum count of issues with the same text. # Set to 0 to disable. # Default: 3 max-same-issues: 0 # Make issues output unique by line. # Default: true uniq-by-line: false # Output configuration options. output: # The formats used to render issues. formats: # Prints issues in columns representation separated by tabulations. tab: # Output path can be either `stdout`, `stderr` or path to the file to write to. # Default: stdout path: stdout # Order to use when sorting results. # Possible values: `file`, `linter`, and `severity`. # # If the severity values are inside the following list, they are ordered in this order: # 1. error # 2. warning # 3. high # 4. medium # 5. low # Either they are sorted alphabetically. # # Default: ["linter", "file"] sort-order: - file # filepath, line, and column. - linter # Show statistics per linter. # Default: true show-stats: true severity: # Set the default severity for issues. # # If severity rules are defined and the issues do not match or no severity is provided to the rule # this will be the default severity applied. # Severities should match the supported severity names of the selected out format. # - Code climate: https://docs.codeclimate.com/docs/issues#issue-severity # - Checkstyle: https://checkstyle.sourceforge.io/property_types.html#SeverityLevel # - GitHub: https://help.github.com/en/actions/reference/workflow-commands-for-github-actions#setting-an-error-message # - TeamCity: https://www.jetbrains.com/help/teamcity/service-messages.html#Inspection+Instance # # `@linter` can be used as severity value to keep the severity from linters (e.g. revive, gosec, ...) # # Default: "" default: error