lukaszraczylo/graphql-monitoring-proxy
1
0
Fork 0
mirror of https://github.com/lukaszraczylo/graphql-monitoring-proxy.git synced 2026-06-04 22:59:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
graphql-monitoring-proxy/.golangci.yml
T
lukaszraczylo 3aa83d4480 chore(security,refactor): extract sanitization and improve code quality (#41) 
* chore(security,refactor): extract sanitization and improve code quality

- [x] Extract sanitization functions to dedicated sanitization.go module
- [x] Add comprehensive golangci-lint v2 configuration with security rules
- [x] Replace interface{} with any type throughout codebase
- [x] Add admin API authentication security warning
- [x] Extract WebSocket and stats streaming constants
- [x] Add best-effort error handling comments for resource cleanup
- [x] Expand sensitive field patterns for improved PII redaction
- [x] Simplify safety checks and remove redundant nil validations
- [x] Improve test coverage for password field redaction patterns

* refactor: replace interface{} with any type alias

- [x] Replace all `map[string]interface{}` with `map[string]any`
- [x] Replace all `interface{}` with `any` in function signatures and type definitions
- [x] Update sync.Pool New function returns from `interface{}` to `any`
- [x] Add package documentation comments to 8 package files
- [x] Update type assertions and casts to work with `any` type
2026-01-17 00:04:12 +00:00

117 lines
3.1 KiB
YAML
Raw Permalink Blame History

# Project-specific golangci-lint configuration (v2)
version: "2"
linters:
default: none
enable:
# Code quality
- govet # Go vet (suspicious constructs)
- staticcheck # Advanced static analysis
- unused # Find unused code
- errcheck # Check for unchecked errors
# Security
- gosec # Security issues
settings:
unused:
field-writes-are-uses: true
post-statements-are-reads: true
exported-is-used: true
exported-fields-are-used: true
govet:
enable-all: true
disable:
# Field alignment is a micro-optimization that reduces readability
- fieldalignment
# Shadow warnings in this codebase are intentional and safe
- shadow
staticcheck:
checks:
- "all"
# Disable naming convention checks - existing codebase uses underscores
# and ALL_CAPS which would require significant refactoring
- "-ST1000" # Package comments
- "-ST1003" # Naming conventions (underscores, ALL_CAPS)
# Disable quickfix suggestions - these are style preferences, not errors
- "-QF1001" # De Morgan's law
- "-QF1012" # fmt.Fprintf suggestion
errcheck:
# Don't check error returns on these functions (best-effort cleanup)
exclude-functions:
- (*github.com/gorilla/websocket.Conn).Close
- (*github.com/gorilla/websocket.Conn).SetReadDeadline
- (*github.com/gorilla/websocket.Conn).WriteMessage
- (*github.com/redis/go-redis/v9.Client).Close
- (*github.com/redis/go-redis/v9.Pipeline).Exec
- (io.Closer).Close
- (*os.File).Close
- (*compress/gzip.Reader).Close
- (net.Conn).Close
gosec:
excludes:
# G104: Errors unhandled - covered by errcheck with proper exclusions
- G104
# G115: Integer overflow conversion - safe in this codebase
# These are uint64 counter values that will never exceed int64 max
- G115
# G402: TLS InsecureSkipVerify - this is a configurable option
# Users explicitly enable this via GMP_DISABLE_TLS_VERIFY env var
- G402
exclusions:
presets:
- common-false-positives
rules:
# Test files can have relaxed rules
- path: _test\.go
linters:
- unused
- errcheck
- gosec
# Specific file exclusions for known patterns
- path: api\.go
linters:
- gosec
text: "G306"
# File permissions 0644 for banned users file is intentional
# This is a non-sensitive configuration file that may be
# read by deployment tools
# Exclude enableApi naming (would be a breaking change)
- path: api\.go
text: "ST1003"
# Generated files
- path: \.pb\.go$
linters:
- all
formatters:
enable:
- gofmt
settings:
gofmt:
simplify: true
run:
timeout: 5m
tests: true
modules-download-mode: readonly
build-tags:
- ""
go: "1.23"
output:
formats:
text:
path: stdout
colors: true
sort-results: true
Reference in New Issue View Git Blame Copy Permalink