Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

sql injection #80

Closed
wants to merge 3 commits into from
Closed

sql injection #80

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
0737e2d
ci: enable security and SQL linters
ccoVeille Jul 19, 2024
117207e
ci: enable identical-branches on revive linter
ccoVeille Jul 19, 2024
1b95bc5
ci: fix issues with golangci-lint in GHA
ccoVeille Jul 19, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 24 additions & 0 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
---
name: Continuous Integration

on:
pull_request:

jobs:
lint:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4

- name: Set up Go
uses: actions/setup-go@v5

- name: Golangci-lint
uses: golangci/[email protected]

- name: Test
run: go test -v ./...

- name: Build
run: go build -v ./...
4 changes: 0 additions & 4 deletions .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,10 +21,6 @@ jobs:
name: Set up Go
uses: actions/setup-go@v5

-
name: Golangci-lint
uses: golangci/[email protected]

-
name: Run GoReleaser
uses: goreleaser/goreleaser-action@v6
Expand Down
29 changes: 28 additions & 1 deletion .golangci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
# Author: @ccoVeille
# License: MIT
# Variant: 03-safe
# Version: v1.0.0
# Version: v1.0.0 + gosec + sqlclosecheck + rowserrcheck
#
linters:
# some linters are enabled by default
Expand Down Expand Up @@ -49,6 +49,15 @@ linters:
# Checks for duplicate words in the source code.
- dupword

# Inspects source code for security problems.
- gosec

# Checks that sql.Rows, sql.Stmt, sqlx.NamedStmt, pgx.Query are closed.
- sqlclosecheck

# Checks whether Rows.Err of rows is checked successfully.
- rowserrcheck

linters-settings:
gci: # define the section orders for imports
sections:
Expand Down Expand Up @@ -132,12 +141,30 @@ linters-settings:
# warns when initialism, variable or package naming conventions are not followed.
- name: var-naming

# if-then-else conditional with identical implementations in both branches is an error.
- name: identical-branches

# warns when errors returned by a function are not explicitly handled on the caller side.
- name: unhandled-error
arguments: # here are the exceptions we don't want to be reported
- "fmt.Print.*"
- "fmt.Fprint.*"
- "bytes.Buffer.Write*"
- "strings.Builder.Write*"

dupword:
# Keywords used to ignore detection.
# Default: []
ignore:
# - "blah" # this will accept "blah blah …" as a valid duplicate word

gosec:
# To specify a set of rules to explicitly exclude.
# Available rules: https://github.com/securego/gosec#available-rules
excludes:
- G306 # Poor file permissions used when writing to a new file
- G307 # Poor file permissions used when creating a file with os.Create

misspell:
# Correct spellings using locale preferences for US or UK.
# Setting locale to US will correct the British spelling of 'colour' to 'color'.
Expand Down
Loading