146 lines
2.6 KiB
TOML
146 lines
2.6 KiB
TOML
## SPDX-FileCopyrightText: The go-mail Authors
|
|
##
|
|
## SPDX-License-Identifier: MIT
|
|
|
|
version = '2'
|
|
|
|
[run]
|
|
go = '1.24'
|
|
tests = true
|
|
|
|
[linters]
|
|
enable = [
|
|
'containedctx',
|
|
'contextcheck',
|
|
'decorder',
|
|
'errname',
|
|
'errorlint',
|
|
'gosec',
|
|
'staticcheck',
|
|
'whitespace'
|
|
]
|
|
|
|
[linters.exclusions]
|
|
generated = 'lax'
|
|
presets = [
|
|
'comments',
|
|
'common-false-positives',
|
|
'legacy',
|
|
'std-error-handling'
|
|
]
|
|
paths = [
|
|
'examples',
|
|
'third_party$',
|
|
'builtin$',
|
|
'examples$'
|
|
]
|
|
|
|
## An overflow is impossible here
|
|
[[linters.exclusions.rules]]
|
|
linters = [
|
|
'gosec'
|
|
]
|
|
path = 'random.go'
|
|
text = 'G115:'
|
|
|
|
## These are tests which intentionally do not need any TLS settings
|
|
[[linters.exclusions.rules]]
|
|
linters = [
|
|
'gosec'
|
|
]
|
|
path = 'client_test.go'
|
|
text = 'G402:'
|
|
|
|
## These are tests which intentionally do not need any TLS settings
|
|
[[linters.exclusions.rules]]
|
|
linters = [
|
|
'gosec'
|
|
]
|
|
path = 'smtp/smtp_test.go'
|
|
text = 'G402:'
|
|
|
|
## We do not dictate a TLS minimum version in the smtp package. go-mail
|
|
## itself does set sane defaults
|
|
[[linters.exclusions.rules]]
|
|
linters = [
|
|
'gosec'
|
|
]
|
|
path = 'smtp/smtp.go'
|
|
text = 'G402:'
|
|
|
|
## The chance that we write +2 million tests is very low, I think we can
|
|
## ignore this for the time being
|
|
[[linters.exclusions.rules]]
|
|
linters = [
|
|
'gosec'
|
|
]
|
|
path = 'client_test.go'
|
|
text = 'G109:'
|
|
|
|
## The chance that we write +2 million tests is very low, I think we can
|
|
## ignore this for the time being
|
|
[[linters.exclusions.rules]]
|
|
linters = [
|
|
'gosec'
|
|
]
|
|
path = 'smtp/smtp_test.go'
|
|
text = 'G109:'
|
|
|
|
## We inform the user about the deprecated status of CRAM-MD5 and suggest
|
|
## to use SCRAM-SHA instead
|
|
[[linters.exclusions.rules]]
|
|
linters = [
|
|
'gosec'
|
|
]
|
|
path = 'smtp/auth_cram_md5.go'
|
|
text = 'G501:'
|
|
|
|
## Yes, SHA1 is weak, but in the context of SCRAM it is still considered
|
|
## secure for specific applications. The user is information about this
|
|
## in the documentation
|
|
[[linters.exclusions.rules]]
|
|
linters = [
|
|
'gosec'
|
|
]
|
|
path = 'smtp/auth_scram.go'
|
|
text = 'G505:'
|
|
|
|
## Test code for SCRAM-SHA1. Can be ignored.
|
|
[[linters.exclusions.rules]]
|
|
linters = [
|
|
'gosec'
|
|
]
|
|
path = 'smtp/smtp_test.go'
|
|
text = 'G505:'
|
|
|
|
## These are tests which intentionally do not need any TLS settings
|
|
[[linters.exclusions.rules]]
|
|
linters = [
|
|
'gosec'
|
|
]
|
|
path = 'quicksend_test.go'
|
|
text = 'G402:'
|
|
|
|
## These are tests which intentionally test SHA1 and SHA256
|
|
[[linters.exclusions.rules]]
|
|
linters = [
|
|
'gosec'
|
|
]
|
|
path = 'internal/pbkdf2/pbkdf2_test.go'
|
|
text = 'G505:'
|
|
|
|
[formatters]
|
|
enable = [
|
|
'gofmt',
|
|
'gofumpt'
|
|
]
|
|
|
|
[formatters.exclusions]
|
|
generated = 'lax'
|
|
paths = [
|
|
'examples',
|
|
'third_party$',
|
|
'builtin$',
|
|
'examples$'
|
|
]
|