go-mail/.golangci.toml

## SPDX-FileCopyrightText: 2022 Winni Neessen <winni@neessen.dev>
##
## SPDX-License-Identifier: MIT

[run]
go = "1.23"
tests = true
exclude-dirs = ["examples"]

[linters]
enable = ["stylecheck", "whitespace", "containedctx", "contextcheck", "decorder",
    "errname", "errorlint", "gofmt", "gofumpt", "gosec"]

[issues]

## An overflow is impossible here
[[issues.exclude-rules]]
linters = ["gosec"]
path = "random.go"
text = "G115:"

## These are tests which intentionally do not need any TLS settings
[[issues.exclude-rules]]
linters = ["gosec"]
path = "client_test.go"
text = "G402:"

## These are tests which intentionally do not need any TLS settings
[[issues.exclude-rules]]
linters = ["gosec"]
path = "smtp/smtp_test.go"
text = "G402:"

## We do not dictate a TLS minimum version in the smtp package. go-mail
## itself does set sane defaults
[[issues.exclude-rules]]
linters = ["gosec"]
path = "smtp/smtp.go"
text = "G402:"

## The chance that we write +2 million tests is very low, I think we can
## ignore this for the time being
[[issues.exclude-rules]]
linters = ["gosec"]
path = "client_test.go"
text = "G109:"

## The chance that we write +2 million tests is very low, I think we can
## ignore this for the time being
[[issues.exclude-rules]]
linters = ["gosec"]
path = "smtp/smtp_test.go"
text = "G109:"

## We inform the user about the deprecated status of CRAM-MD5 and suggest
## to use SCRAM-SHA instead
[[issues.exclude-rules]]
linters = ["gosec"]
path = "smtp/auth_cram_md5.go"
text = "G501:"

## Yes, SHA1 is weak, but in the context of SCRAM it is still considered
## secure for specific applications. The user is information about this
## in the documentation
[[issues.exclude-rules]]
linters = ["gosec"]
path = "smtp/auth_scram.go"
text = "G505:"

## Test code for SCRAM-SHA1. Can be ignored.
[[issues.exclude-rules]]
linters = ["gosec"]
path = "smtp/smtp_test.go"
text = "G505:"

## These are tests which intentionally do not need any TLS settings
[[issues.exclude-rules]]
linters = ["gosec"]
path = "quicksend_test.go"
text = "G402:"
Fix golangci-lint config SPDX license 2022-10-17 18:19:50 +02:00			`## SPDX-FileCopyrightText: 2022 Winni Neessen <winni@neessen.dev>`
			`##`
			`## SPDX-License-Identifier: MIT`

Introduce golangci-lint 2022-10-17 18:10:24 +02:00			`[run]`
Update GolangCI config to go 1.23 and exclude examples Upgraded the Go version in GolangCI configuration from 1.22 to 1.23. Added the "examples" directory to the exclusion list for linting. 2024-08-16 10:17:31 +02:00			`go = "1.23"`
Introduce golangci-lint 2022-10-17 18:10:24 +02:00			`tests = true`
Update GolangCI config to go 1.23 and exclude examples Upgraded the Go version in GolangCI configuration from 1.22 to 1.23. Added the "examples" directory to the exclusion list for linting. 2024-08-16 10:17:31 +02:00			`exclude-dirs = ["examples"]`
Introduce golangci-lint 2022-10-17 18:10:24 +02:00
			`[linters]`
Update golangci-lint config 2022-10-17 18:34:05 +02:00			`enable = ["stylecheck", "whitespace", "containedctx", "contextcheck", "decorder",`
Enable gosec linter and add exclusion rules Added gosec to the list of enabled linters in `.golangci.toml`. Defined specific exclusion rules to ignore certain false positives and context-specific issues flagged by gosec, ensuring the linter does not impose on intentional code practices. 2024-11-15 12:35:15 +01:00			`"errname", "errorlint", "gofmt", "gofumpt", "gosec"]`

			`[issues]`

			`## An overflow is impossible here`
			`[[issues.exclude-rules]]`
			`linters = ["gosec"]`
			`path = "random.go"`
			`text = "G115:"`

			`## These are tests which intentionally do not need any TLS settings`
			`[[issues.exclude-rules]]`
			`linters = ["gosec"]`
			`path = "client_test.go"`
			`text = "G402:"`

			`## These are tests which intentionally do not need any TLS settings`
			`[[issues.exclude-rules]]`
			`linters = ["gosec"]`
			`path = "smtp/smtp_test.go"`
			`text = "G402:"`

			`## We do not dictate a TLS minimum version in the smtp package. go-mail`
			`## itself does set sane defaults`
			`[[issues.exclude-rules]]`
			`linters = ["gosec"]`
			`path = "smtp/smtp.go"`
			`text = "G402:"`

			`## The chance that we write +2 million tests is very low, I think we can`
			`## ignore this for the time being`
			`[[issues.exclude-rules]]`
			`linters = ["gosec"]`
			`path = "client_test.go"`
			`text = "G109:"`

			`## The chance that we write +2 million tests is very low, I think we can`
			`## ignore this for the time being`
			`[[issues.exclude-rules]]`
			`linters = ["gosec"]`
			`path = "smtp/smtp_test.go"`
			`text = "G109:"`

			`## We inform the user about the deprecated status of CRAM-MD5 and suggest`
			`## to use SCRAM-SHA instead`
			`[[issues.exclude-rules]]`
			`linters = ["gosec"]`
			`path = "smtp/auth_cram_md5.go"`
			`text = "G501:"`

			`## Yes, SHA1 is weak, but in the context of SCRAM it is still considered`
			`## secure for specific applications. The user is information about this`
			`## in the documentation`
			`[[issues.exclude-rules]]`
			`linters = ["gosec"]`
			`path = "smtp/auth_scram.go"`
			`text = "G505:"`

			`## Test code for SCRAM-SHA1. Can be ignored.`
			`[[issues.exclude-rules]]`
			`linters = ["gosec"]`
			`path = "smtp/smtp_test.go"`
			`text = "G505:"`
Add exclusion rule for TLS settings in tests Updated the .golangci.toml config to exclude gosec rule G402 in quicksend_test.go. This exclusion is intentional as these tests do not require TLS settings. 2024-11-19 17:29:37 +01:00
			`## These are tests which intentionally do not need any TLS settings`
			`[[issues.exclude-rules]]`
			`linters = ["gosec"]`
			`path = "quicksend_test.go"`
			`text = "G402:"`