2022-10-17 18:19:50 +02:00
|
|
|
## SPDX-FileCopyrightText: 2022 Winni Neessen <winni@neessen.dev>
|
|
|
|
##
|
|
|
|
## SPDX-License-Identifier: MIT
|
|
|
|
|
2022-10-17 18:10:24 +02:00
|
|
|
[run]
|
2024-08-16 10:17:31 +02:00
|
|
|
go = "1.23"
|
2022-10-17 18:10:24 +02:00
|
|
|
tests = true
|
2024-08-16 10:17:31 +02:00
|
|
|
exclude-dirs = ["examples"]
|
2022-10-17 18:10:24 +02:00
|
|
|
|
|
|
|
[linters]
|
2022-10-17 18:34:05 +02:00
|
|
|
enable = ["stylecheck", "whitespace", "containedctx", "contextcheck", "decorder",
|
2024-11-15 12:35:15 +01:00
|
|
|
"errname", "errorlint", "gofmt", "gofumpt", "gosec"]
|
|
|
|
|
|
|
|
[issues]
|
|
|
|
|
|
|
|
## An overflow is impossible here
|
|
|
|
[[issues.exclude-rules]]
|
|
|
|
linters = ["gosec"]
|
|
|
|
path = "random.go"
|
|
|
|
text = "G115:"
|
|
|
|
|
|
|
|
## These are tests which intentionally do not need any TLS settings
|
|
|
|
[[issues.exclude-rules]]
|
|
|
|
linters = ["gosec"]
|
|
|
|
path = "client_test.go"
|
|
|
|
text = "G402:"
|
|
|
|
|
|
|
|
## These are tests which intentionally do not need any TLS settings
|
|
|
|
[[issues.exclude-rules]]
|
|
|
|
linters = ["gosec"]
|
|
|
|
path = "smtp/smtp_test.go"
|
|
|
|
text = "G402:"
|
|
|
|
|
|
|
|
## We do not dictate a TLS minimum version in the smtp package. go-mail
|
|
|
|
## itself does set sane defaults
|
|
|
|
[[issues.exclude-rules]]
|
|
|
|
linters = ["gosec"]
|
|
|
|
path = "smtp/smtp.go"
|
|
|
|
text = "G402:"
|
|
|
|
|
|
|
|
## The chance that we write +2 million tests is very low, I think we can
|
|
|
|
## ignore this for the time being
|
|
|
|
[[issues.exclude-rules]]
|
|
|
|
linters = ["gosec"]
|
|
|
|
path = "client_test.go"
|
|
|
|
text = "G109:"
|
|
|
|
|
|
|
|
## The chance that we write +2 million tests is very low, I think we can
|
|
|
|
## ignore this for the time being
|
|
|
|
[[issues.exclude-rules]]
|
|
|
|
linters = ["gosec"]
|
|
|
|
path = "smtp/smtp_test.go"
|
|
|
|
text = "G109:"
|
|
|
|
|
|
|
|
## We inform the user about the deprecated status of CRAM-MD5 and suggest
|
|
|
|
## to use SCRAM-SHA instead
|
|
|
|
[[issues.exclude-rules]]
|
|
|
|
linters = ["gosec"]
|
|
|
|
path = "smtp/auth_cram_md5.go"
|
|
|
|
text = "G501:"
|
|
|
|
|
|
|
|
## Yes, SHA1 is weak, but in the context of SCRAM it is still considered
|
|
|
|
## secure for specific applications. The user is information about this
|
|
|
|
## in the documentation
|
|
|
|
[[issues.exclude-rules]]
|
|
|
|
linters = ["gosec"]
|
|
|
|
path = "smtp/auth_scram.go"
|
|
|
|
text = "G505:"
|
|
|
|
|
|
|
|
## Test code for SCRAM-SHA1. Can be ignored.
|
|
|
|
[[issues.exclude-rules]]
|
|
|
|
linters = ["gosec"]
|
|
|
|
path = "smtp/smtp_test.go"
|
|
|
|
text = "G505:"
|