口碑好的网站推广价格,做网站模板的海报尺寸多少,哪儿可以学电商,自建网站主题及策划GolangCI-Lint配置变更实践
Golang编程中#xff0c;为了便于调试和代码质量和安全性检查。利用该方法可以在开发周期的早期捕获错误#xff0c;并且检查团队编程风格#xff0c;提高一致性。这对团队协作开发特别有用#xff0c;可以提高开发的效率#xff0c;保持代码质…GolangCI-Lint配置变更实践
Golang编程中为了便于调试和代码质量和安全性检查。利用该方法可以在开发周期的早期捕获错误并且检查团队编程风格提高一致性。这对团队协作开发特别有用可以提高开发的效率保持代码质量和安全性。 本实践所有测试内容都使用以下代码进行测试
package mainimport (database/sqlfmtlognet/httpstrings_ github.com/go-sql-driver/mysql
)var db *sql.DBfunc main() {// 连接到数据库var err errordb, err sql.Open(mysql, username:passwordtcp(localhost:3306)/mydatabase)if err ! nil {log.Fatal(err)}defer db.Close()http.HandleFunc(/search, searchHandler)http.ListenAndServe(:8080, nil)
}func searchHandler(w http.ResponseWriter, r *http.Request) {query : r.URL.Query().Get(query)// 构建SQL查询字符串易受SQL注入攻击sqlQuery : SELECT name, age FROM users WHERE name query rows, err : db.Query(sqlQuery)if err ! nil {log.Println(Error executing query:, err)return}defer rows.Close()var name stringvar age intfor rows.Next() {err : rows.Scan(name, age)if err ! nil {log.Println(Error scanning row:, err)continue}fmt.Fprintf(w, Name: %s, Age: %d\n, name, age)}
}概述
开发更全面的linting工具的是golang社区的一个热门开发领域。社区产生了大量的linter模块每个都有特定的目的。比如 Unused用于检查Golang代码中未使用的常量、变量、函数和类型。 Goconst查找可以被常量替换的重复字符串。 Gocyclo计算并检查函数的cyclomatic复杂度。 Errcheck检测Golang代码中无法检查到的错误。
面对这么多的linting模块开发者必须自己下载每个单独的linter并管理它们的版本。此外按顺序运行它们中的每一个可能太慢因此引入了golang ci-lint这是一个并行运行linters的 Go linters 聚合器重用Go构建缓存并缓存分析结果以大大提高后续运行的性能。 出于方便和性能原因该项目旨在并行聚合和运行多个单独的linter。当安装该程序时将获得大约48个linter检查器用户可以继续挑选特定的检查器以适合自己的实际情况和需求。除了能够在开发调试时候在本地运行之外还可以将linting加入到CI/CD和DevOps流程中自动的、持续集成的进行检查测试。
安装
使用go install 安装golangci-lint支持在有golang开发环境的任何操作系统上本地安装。也可以在官方下载特定操作系统下的二进制包安装。 比如在macOS下可以使用brew安装
brew install golangci-lint
brew upgrade golangci-lint简单用法
安装后通过以下命令查看版本
golangci-lint version
golangci-lint has version 1.55.1 built with go1.21.3 from 9b20d49 on 2023-10-24T12:38:15Z可以通过 help linter命令查看当前启用的linter规则可以看到gosec默认是关闭的:
golangci-lint help linters
Enabled by default linters:
errcheck: errcheck is a program for checking for unchecked errors in Go code. These unchecked errors can be critical bugs in some cases [fast: false, auto-fix: false]
gosimple (megacheck): Linter for Go source code that specializes in simplifying code [fast: false, auto-fix: false]
govet (vet, vetshadow): Vet examines Go source code and reports suspicious constructs, such as Printf calls whose arguments do not align with the format string [fast: false, auto-fix: false]
ineffassign: Detects when assignments to existing variables are not used [fast: true, auto-fix: false]
staticcheck (megacheck): Its a set of rules from staticcheck. Its not the same thing as the staticcheck binary. The author of staticcheck doesnt support or approve the use of staticcheck as a library inside golangci-lint. [fast: false, auto-fix: false]
unused (megacheck): Checks Go code for unused constants, variables, functions and types [fast: false, auto-fix: false]Disabled by default linters:
asasalint: check for pass []any as any in variadic func(...any) [fast: false, auto-fix: false]
asciicheck: Simple linter to check that your code does not contain non-ASCII identifiers [fast: true, auto-fix: false]
bidichk: Checks for dangerous unicode character sequences [fast: true, auto-fix: false]
bodyclose: checks whether HTTP response body is closed successfully [fast: false, auto-fix: false]
containedctx: containedctx is a linter that detects struct contained context.Context field [fast: false, auto-fix: false]
contextcheck: check whether the function uses a non-inherited context [fast: false, auto-fix: false]
cyclop: checks function and package cyclomatic complexity [fast: false, auto-fix: false]
deadcode [deprecated]: Finds unused code [fast: false, auto-fix: false]
decorder: check declaration order and count of types, constants, variables and functions [fast: true, auto-fix: false]
depguard: Go linter that checks if package imports are in a list of acceptable packages [fast: true, auto-fix: false]
dogsled: Checks assignments with too many blank identifiers (e.g. x, _, _, _, : f()) [fast: true, auto-fix: false]
dupl: Tool for code clone detection [fast: true, auto-fix: false]
dupword: checks for duplicate words in the source code [fast: true, auto-fix: true]
durationcheck: check for two durations multiplied together [fast: false, auto-fix: false]
errchkjson: Checks types passed to the json encoding functions. Reports unsupported types and optionally reports occasions, where the check for the returned error can be omitted. [fast: false, auto-fix: false]
errname: Checks that sentinel errors are prefixed with the Err and error types are suffixed with the Error. [fast: false, auto-fix: false]
errorlint: errorlint is a linter for that can be used to find code that will cause problems with the error wrapping scheme introduced in Go 1.13. [fast: false, auto-fix: false]
execinquery: execinquery is a linter about query string checker in Query function which reads your Go src files and warning it finds [fast: false, auto-fix: false]
exhaustive: check exhaustiveness of enum switch statements [fast: false, auto-fix: false]
exhaustivestruct [deprecated]: Checks if all structs fields are initialized [fast: false, auto-fix: false]
exhaustruct: Checks if all structure fields are initialized [fast: false, auto-fix: false]
exportloopref: checks for pointers to enclosing loop variables [fast: false, auto-fix: false]
forbidigo: Forbids identifiers [fast: false, auto-fix: false]
forcetypeassert: finds forced type assertions [fast: true, auto-fix: false]
funlen: Tool for detection of long functions [fast: true, auto-fix: false]
gci: Gci controls Go package import order and makes it always deterministic. [fast: true, auto-fix: false]
ginkgolinter: enforces standards of using ginkgo and gomega [fast: false, auto-fix: false]
gocheckcompilerdirectives: Checks that go compiler directive comments (//go:) are valid. [fast: true, auto-fix: false]
gochecknoglobals: check that no global variables exist [fast: false, auto-fix: false]
gochecknoinits: Checks that no init functions are present in Go code [fast: true, auto-fix: false]
gochecksumtype: Run exhaustiveness checks on Go sum types [fast: false, auto-fix: false]
gocognit: Computes and checks the cognitive complexity of functions [fast: true, auto-fix: false]
goconst: Finds repeated strings that could be replaced by a constant [fast: true, auto-fix: false]
gocritic: Provides diagnostics that check for bugs, performance and style issues. [fast: false, auto-fix: false]
gocyclo: Computes and checks the cyclomatic complexity of functions [fast: true, auto-fix: false]
godot: Check if comments end in a period [fast: true, auto-fix: true]
godox: Tool for detection of FIXME, TODO and other comment keywords [fast: true, auto-fix: false]
goerr113: Go linter to check the errors handling expressions [fast: false, auto-fix: false]
gofmt: Gofmt checks whether code was gofmt-ed. By default this tool runs with -s option to check for code simplification [fast: true, auto-fix: true]
gofumpt: Gofumpt checks whether code was gofumpt-ed. [fast: true, auto-fix: true]
goheader: Checks is file header matches to pattern [fast: true, auto-fix: false]
goimports: Check import statements are formatted according to the goimport command. Reformat imports in autofix mode. [fast: true, auto-fix: true]
golint [deprecated]: Golint differs from gofmt. Gofmt reformats Go source code, whereas golint prints out style mistakes [fast: false, auto-fix: false]
gomnd: An analyzer to detect magic numbers. [fast: true, auto-fix: false]
gomoddirectives: Manage the use of replace, retract, and excludes directives in go.mod. [fast: true, auto-fix: false]
gomodguard: Allow and block list linter for direct Go module dependencies. This is different from depguard where there are different block types for example version constraints and module recommendations. [fast: true, auto-fix: false]
goprintffuncname: Checks that printf-like functions are named with f at the end [fast: true, auto-fix: false]
gosec (gas): Inspects source code for security problems [fast: false, auto-fix: false]
gosmopolitan: Report certain i18n/l10n anti-patterns in your Go codebase [fast: false, auto-fix: false]
grouper: An analyzer to analyze expression groups. [fast: true, auto-fix: false]
ifshort [deprecated]: Checks that your code uses short syntax for if-statements whenever possible [fast: true, auto-fix: false]
importas: Enforces consistent import aliases [fast: false, auto-fix: false]
inamedparam: reports interfaces with unnamed method parameters [fast: true, auto-fix: false]
interfacebloat: A linter that checks the number of methods inside an interface. [fast: true, auto-fix: false]
interfacer [deprecated]: Linter that suggests narrower interface types [fast: false, auto-fix: false]
ireturn: Accept Interfaces, Return Concrete Types [fast: false, auto-fix: false]
lll: Reports long lines [fast: true, auto-fix: false]
loggercheck (logrlint): Checks key value pairs for common logger libraries (kitlog,klog,logr,zap). [fast: false, auto-fix: false]
maintidx: maintidx measures the maintainability index of each function. [fast: true, auto-fix: false]
makezero: Finds slice declarations with non-zero initial length [fast: false, auto-fix: false]
maligned [deprecated]: Tool to detect Go structs that would take less memory if their fields were sorted [fast: false, auto-fix: false]
mirror: reports wrong mirror patterns of bytes/strings usage [fast: false, auto-fix: false]
misspell: Finds commonly misspelled English words in comments [fast: true, auto-fix: true]
musttag: enforce field tags in (un)marshaled structs [fast: false, auto-fix: false]
nakedret: Finds naked returns in functions greater than a specified function length [fast: true, auto-fix: false]
nestif: Reports deeply nested if statements [fast: true, auto-fix: false]
nilerr: Finds the code that returns nil even if it checks that the error is not nil. [fast: false, auto-fix: false]
nilnil: Checks that there is no simultaneous return of nil error and an invalid value. [fast: false, auto-fix: false]
nlreturn: nlreturn checks for a new line before return and branch statements to increase code clarity [fast: true, auto-fix: false]
noctx: noctx finds sending http request without context.Context [fast: false, auto-fix: false]
nolintlint: Reports ill-formed or insufficient nolint directives [fast: true, auto-fix: false]
nonamedreturns: Reports all named returns [fast: false, auto-fix: false]
nosnakecase [deprecated]: nosnakecase is a linter that detects snake case of variable naming and function name. [fast: true, auto-fix: false]
nosprintfhostport: Checks for misuse of Sprintf to construct a host with port in a URL. [fast: true, auto-fix: false]
paralleltest: paralleltest detects missing usage of t.Parallel() method in your Go test [fast: false, auto-fix: false]
perfsprint: Checks that fmt.Sprintf can be replaced with a faster alternative. [fast: false, auto-fix: false]
prealloc: Finds slice declarations that could potentially be pre-allocated [fast: true, auto-fix: false]
predeclared: find code that shadows one of Gos predeclared identifiers [fast: true, auto-fix: false]
promlinter: Check Prometheus metrics naming via promlint [fast: true, auto-fix: false]
protogetter: Reports direct reads from proto message fields when getters should be used [fast: false, auto-fix: true]
reassign: Checks that package variables are not reassigned [fast: false, auto-fix: false]
revive: Fast, configurable, extensible, flexible, and beautiful linter for Go. Drop-in replacement of golint. [fast: false, auto-fix: false]
rowserrcheck: checks whether Err of rows is checked successfully [fast: false, auto-fix: false]
scopelint [deprecated]: Scopelint checks for unpinned variables in go programs [fast: true, auto-fix: false]
sloglint: ensure consistent code style when using log/slog [fast: false, auto-fix: false]
sqlclosecheck: Checks that sql.Rows and sql.Stmt are closed. [fast: false, auto-fix: false]
structcheck [deprecated]: Finds unused struct fields [fast: false, auto-fix: false]
stylecheck: Stylecheck is a replacement for golint [fast: false, auto-fix: false]
tagalign: check that struct tags are well aligned [fast: true, auto-fix: true]
tagliatelle: Checks the struct tags. [fast: true, auto-fix: false]
tenv: tenv is analyzer that detects using os.Setenv instead of t.Setenv since Go1.17 [fast: false, auto-fix: false]
testableexamples: linter checks if examples are testable (have an expected output) [fast: true, auto-fix: false]
testifylint: Checks usage of github.com/stretchr/testify. [fast: false, auto-fix: false]
testpackage: linter that makes you use a separate _test package [fast: true, auto-fix: false]
thelper: thelper detects Go test helpers without t.Helper() call and checks the consistency of test helpers [fast: false, auto-fix: false]
tparallel: tparallel detects inappropriate usage of t.Parallel() method in your Go test codes [fast: false, auto-fix: false]
unconvert: Remove unnecessary type conversions [fast: false, auto-fix: false]
unparam: Reports unused function parameters [fast: false, auto-fix: false]
usestdlibvars: A linter that detect the possibility to use variables/constants from the Go standard library. [fast: true, auto-fix: false]
varcheck [deprecated]: Finds unused global variables and constants [fast: false, auto-fix: false]
varnamelen: checks that the length of a variables name matches its scope [fast: false, auto-fix: false]
wastedassign: wastedassign finds wasted assignment statements. [fast: false, auto-fix: false]
whitespace: Tool for detection of leading and trailing whitespace [fast: true, auto-fix: true]
wrapcheck: Checks that errors returned from external packages are wrapped [fast: false, auto-fix: false]
wsl: Whitespace Linter - Forces you to use empty lines! [fast: true, auto-fix: false]
zerologlint: Detects the wrong usage of zerolog that a user forgets to dispatch with Send or Msg. [fast: false, auto-fix: false]Linters presets:
bugs: asasalint, asciicheck, bidichk, bodyclose, contextcheck, durationcheck, errcheck, errchkjson, errorlint, exhaustive, exportloopref, gocheckcompilerdirectives, gochecksumtype, gosec, gosmopolitan, govet, loggercheck, makezero, musttag, nilerr, noctx, protogetter, reassign, rowserrcheck, sqlclosecheck, staticcheck, testifylint, zerologlint
comment: dupword, godot, godox, misspell
complexity: cyclop, funlen, gocognit, gocyclo, maintidx, nestif
error: errcheck, errorlint, goerr113, wrapcheck
format: decorder, gci, gofmt, gofumpt, goimports, sloglint, tagalign
import: depguard, gci, goimports, gomodguard
metalinter: gocritic, govet, revive, staticcheck
module: depguard, gomoddirectives, gomodguard
performance: bodyclose, noctx, perfsprint, prealloc
sql: execinquery, rowserrcheck, sqlclosecheck
style: asciicheck, containedctx, decorder, depguard, dogsled, dupl, errname, exhaustruct, forbidigo, forcetypeassert, ginkgolinter, gochecknoglobals, gochecknoinits, goconst, gocritic, godot, godox, goerr113, goheader, gomnd, gomoddirectives, gomodguard, goprintffuncname, gosimple, grouper, importas, inamedparam, interfacebloat, ireturn, lll, loggercheck, makezero, mirror, misspell, musttag, nakedret, nilnil, nlreturn, nolintlint, nonamedreturns, nosprintfhostport, paralleltest, predeclared, promlinter, revive, sloglint, stylecheck, tagalign, tagliatelle, tenv, testpackage, thelper, tparallel, unconvert, usestdlibvars, varnamelen, wastedassign, whitespace, wrapcheck, wsl
test: exhaustruct, paralleltest, testableexamples, testifylint, testpackage, tparallel
unused: ineffassign, unparam, unused在项目目录的根目录下通过golangci-lint run运行即可进行linters检查如果有问题就会打印对应的错误信息记录该问题所有上下文包括问题的简短描述以及出现问题的文件和行号。 由于默认不开启gosec所以只能扫描出一条
golangci-lint run
main.go:23:21: Error return value of http.ListenAndServe is not checked (errcheck) http.ListenAndServe(:8080, nil)golangci-lint的报告默认提供高亮显示对代码行和标记的标识符都用不同颜色表示可以方便快捷地获得关键信息。 也可以指定文件和目录检查其语法如下
golangci-lint run cc1 dir2 dir3/test.go配置
GolangCI-Lint可以针对不同用例提供灵活多样的配置。可以通过命令行选项或配置文件进行配置。注意命令行参数具有较高优先级覆盖掉配置文件中的配置项目。基本示例
golangci-lint run --disable-all -E revive -E errcheck -E nilerr -E gosec可以通过help linters当前情况下预设的规则
golangci-lint help linters | sed -n /Linters presets:/,$p
Linters presets:
bugs: asasalint, asciicheck, bidichk, bodyclose, contextcheck, durationcheck, errcheck, errchkjson, errorlint, exhaustive, exportloopref, gocheckcompilerdirectives, gochecksumtype, gosec, gosmopolitan, govet, loggercheck, makezero, musttag, nilerr, noctx, protogetter, reassign, rowserrcheck, sqlclosecheck, staticcheck, testifylint, zerologlint
comment: dupword, godot, godox, misspell
complexity: cyclop, funlen, gocognit, gocyclo, maintidx, nestif
error: errcheck, errorlint, goerr113, wrapcheck
format: decorder, gci, gofmt, gofumpt, goimports, sloglint, tagalign
import: depguard, gci, goimports, gomodguard
metalinter: gocritic, govet, revive, staticcheck
module: depguard, gomoddirectives, gomodguard
performance: bodyclose, noctx, perfsprint, prealloc
sql: execinquery, rowserrcheck, sqlclosecheck
style: asciicheck, containedctx, decorder, depguard, dogsled, dupl, errname, exhaustruct, forbidigo, forcetypeassert, ginkgolinter, gochecknoglobals, gochecknoinits, goconst, gocritic, godot, godox, goerr113, goheader, gomnd, gomoddirectives, gomodguard, goprintffuncname, gosimple, grouper, importas, inamedparam, interfacebloat, ireturn, lll, loggercheck, makezero, mirror, misspell, musttag, nakedret, nilnil, nlreturn, nolintlint, nonamedreturns, nosprintfhostport, paralleltest, predeclared, promlinter, revive, sloglint, stylecheck, tagalign, tagliatelle, tenv, testpackage, thelper, tparallel, unconvert, usestdlibvars, varnamelen, wastedassign, whitespace, wrapcheck, wsl
test: exhaustruct, paralleltest, testableexamples, testifylint, testpackage, tparallel
unused: ineffassign, unparam, unused可以通过-p 或者-presetor标志来运行预设
golangci-lint run -p bugs -p error针对项目可以通过项目配置来进行预设配置特定的linter选项而这是通过命令行选项无法实现的。配置文件格式可以支持yml、toml或json格式为了方便建议使用yml格式即.golangci.yml或.golangci.yaml文件。只需在项目目录的根目录中创建项目特定的配置。程序将自动在要检查的文件的目录中查找它们并在可以继承查询父目录中的配置。一个典型的.golangci.yml配置如下注意yml格式的缩进
linters:enable-all: truedisable:- maligned- preallocfast: false配置解释说明 enable-all: true这表示启用所有可用的代码检查规则。当设置为true时将启用所有代码检查规则这意味着代码检查工具将检查代码中的所有问题。 disable这是一个列出要禁用的具体代码检查规则的部分。在示例中禁用了两个规则maligned 和 prealloc。这意味着代码检查工具不会检查和报告与这两个规则相关的问题。 fast: false这是一个控制代码检查工具的速度和精度之间权衡的选项。如果设置为false代码检查工具将更加准确但可能运行得较慢。如果设置为true代码检查工具可能牺牲一些准确性以提高速度。 可以明显的看到配置了.golangci.yml 后扫描结果明显增多
注释忽略
有时针对个定的linting问题需要临时忽略其显示可以通过nolint标志或者配置文件中设置忽略项来说实现。
直接执行golangci-lint run -E gosec linter规则中提示了一个 SQL 注入风险 (G201: SQL string formatting)。
func searchHandler(w http.ResponseWriter, r *http.Request) {dealerId : r.URL.Query().Get(dealerId)if dealerId {fmt.Fprint(w, Please provide a search query.)return}table : fmt.Sprintf(risk_investigate_record a join (select max(I_ID) as MAX_ID from risk_investigate_record where ch_dealer_id %s group by I_TOP_REF )b on a.I_ID b.MAX_ID , dealerId) //nolintrows, err : db.Query(table)if err ! nil {fmt.Fprint(w, An error occurred.)return}defer rows.Close()
}通过由//nolint注释就可以告诉linting检查器忽略对该行的检查。也可以通过//nolint:xxx(比如gosec)忽略特定的linting检查 除了按照行来忽略也支持通过代码块比如函数{}来设置忽略
//nolint
func aFunc() {
}对整个源文件可以通过在其开头注释可以让检查器忽略对该文件的检查
//nolint:govet,errcheck
package main排除规则
可以在配置文件中指定排除规则以便更精细地控制哪些文件被检查以及报告哪些问题。例如可以设置不检查某些测试文件 (_test.go)上运行或者禁止在项目范围内产生某些错误。
