run:
  # Timeout for analysis, e.g. 30s, 5m.
  # Default: 1m
  timeout: 6m

# This file contains only configs which differ from defaults.
# All possible options can be found here https://github.com/golangci/golangci-lint/blob/master/.golangci.reference.yml
linters-settings:
  errcheck:
    # Report about not checking of errors in type assertions: `a := b.(MyStruct)`.
    # Such cases aren't reported by default.
    # Default: false
    check-type-assertions: false

  gosec:
    includes:
      - G101 # Look for hard coded credentials
      #- G102 # Bind to all interfaces
      - G103 # Audit the use of unsafe block
      - G104 # Audit errors not checked
      - G106 # Audit the use of ssh.InsecureIgnoreHostKey
      #- G107 # Url provided to HTTP request as taint input
      - G108 # Profiling endpoint automatically exposed on /debug/pprof
      - G109 # Potential Integer overflow made by strconv.Atoi result conversion to int16/32
      - G110 # Potential DoS vulnerability via decompression bomb
      - G111 # Potential directory traversal
      #- G112 # Potential slowloris attack
      - G113 # Usage of Rat.SetString in math/big with an overflow (CVE-2022-23772)
      #- G114 # Use of net/http serve function that has no support for setting timeouts
      - G201 # SQL query construction using format string
      - G202 # SQL query construction using string concatenation
      - G203 # Use of unescaped data in HTML templates
      #- G204 # Audit use of command execution
      - G301 # Poor file permissions used when creating a directory
      - G302 # Poor file permissions used with chmod
      - G303 # Creating tempfile using a predictable path
      - G304 # File path provided as taint input
      - G305 # File traversal when extracting zip/tar archive
      - G306 # Poor file permissions used when writing to a new file
      - G307 # Poor file permissions used when creating a file with os.Create
      #- G401 # Detect the usage of DES, RC4, MD5 or SHA1
      #- G402 # Look for bad TLS connection settings
      - G403 # Ensure minimum RSA key length of 2048 bits
      #- G404 # Insecure random number source (rand)
      #- G501 # Import blocklist: crypto/md5
      - G502 # Import blocklist: crypto/des
      - G503 # Import blocklist: crypto/rc4
      - G504 # Import blocklist: net/http/cgi
      #- G505 # Import blocklist: crypto/sha1
      - G601 # Implicit memory aliasing of items from a range statement
      - G602 # Slice access out of bounds

  gocritic:
    disabled-checks:
      - commentFormatting
      - captLocal
      - deprecatedComment

  govet:
    # Enable all analyzers.
    # Default: false
    enable-all: false
    enable:
      - nilness

  revive:
    rules:
      - name: exported
        severity: warning
        disabled: false
        arguments:
          - "checkPrivateReceivers"
          - "sayRepetitiveInsteadOfStutters"
  tenv:
    # The option `all` will run against whole test files (`_test.go`) regardless of method/function signatures.
    # Otherwise, only methods that take `*testing.T`, `*testing.B`, and `testing.TB` as arguments are checked.
    # Default: false
    all: true

linters:
  disable-all: true
  enable:
    ## enabled by default
    - errcheck # checking for unchecked errors, these unchecked errors can be critical bugs in some cases
    - gosimple # specializes in simplifying a code
    - govet # reports suspicious constructs, such as Printf calls whose arguments do not align with the format string
    - ineffassign # detects when assignments to existing variables are not used
    - staticcheck # is a go vet on steroids, applying a ton of static analysis checks
    - tenv # Tenv is analyzer that detects using os.Setenv instead of t.Setenv since Go1.17.
    - typecheck # like the front-end of a Go compiler, parses and type-checks Go code
    - unused # checks for unused constants, variables, functions and types
    ## disable by default but the have interesting results so lets add them
    - bodyclose # checks whether HTTP response body is closed successfully
    - dupword # dupword checks for duplicate words in the source code
    - durationcheck # durationcheck checks for two durations multiplied together
    - forbidigo # forbidigo forbids identifiers
    - gocritic # provides diagnostics that check for bugs, performance and style issues
    - gosec # inspects source code for security problems
    - mirror # mirror reports wrong mirror patterns of bytes/strings usage
    - misspell # misspess finds commonly misspelled English words in comments
    - nilerr # finds the code that returns nil even if it checks that the error is not nil
    - nilnil # checks that there is no simultaneous return of nil error and an invalid value
    - predeclared # predeclared finds code that shadows one of Go's predeclared identifiers
    - revive # Fast, configurable, extensible, flexible, and beautiful linter for Go. Drop-in replacement of golint.
    - sqlclosecheck # checks that sql.Rows and sql.Stmt are closed
    - thelper # thelper detects Go test helpers without t.Helper() call and checks the consistency of test helpers.
    - wastedassign # wastedassign finds wasted assignment statements
issues:
  # Maximum count of issues with the same text.
  # Set to 0 to disable.
  # Default: 3
  max-same-issues: 5

  exclude-rules:
    # allow fmt
    - path: management/cmd/root\.go
      linters: forbidigo
    - path: signal/cmd/root\.go
      linters: forbidigo
    - path: sharedsock/filter\.go
      linters:
      - unused
    - path: client/firewall/iptables/rule\.go
      linters:
      - unused
    - path: test\.go
      linters:
      - mirror
      - gosec
    - path: mock\.go
      linters:
      - nilnil