gvisor.dev/gvisor@v0.0.0-20240520182842-f9d4d51c7e0f/nogo.yaml (about)

     1  groups:
     2    # We define three basic groups: generated (all generated files),
     3    # external (all files outside the repository), and internal (all
     4    # files within the local repository). We can't enforce many style
     5    # checks on generated and external code, so enable those cases
     6    # selectively for analyzers below.
     7    - name: generated
     8      regex: "^(bazel-genfiles|bazel-out|bazel-bin)/"
     9      default: true
    10    - name: external
    11      regex: "^external/"
    12      default: false
    13    - name: internal
    14      regex: ".*"
    15      default: true
    16  global:
    17    generated:
    18      suppress:
    19        # Suppress the basic style checks for
    20        # generated code, but keep the analysis
    21        # that are required for quality & security.
    22        - "should not use ALL_CAPS in Go names"
    23        - "should not use underscores"
    24        - "comment on exported"
    25        - "methods on the same type should have the same receiver name"
    26        - "at least one file in a package"
    27        - "package comment should be of the form"
    28        # Generated code may have dead code paths.
    29        - "identical build constraints"
    30        - "no value of type"
    31        - "is never used"
    32        # go_embed_data rules generate unicode literals.
    33        - "string literal contains the Unicode format character"
    34        - "string literal contains the Unicode control character"
    35        - "string literal contains Unicode control characters"
    36        - "string literal contains Unicode format and control characters"
    37        # Some external code will generate protov1
    38        # implementations. These should be ignored.
    39        - "proto.* is deprecated"
    40        - "xxx_messageInfo_.*"
    41        - "receiver name should be a reflection of its identity"
    42        # Generated gRPC code is not compliant either.
    43        - "error strings should not be capitalized"
    44        - "grpc.Errorf is deprecated"
    45        # Generated proto code does not always follow capitalization conventions.
    46        - "(field|method|struct|type) .* should be .*"
    47        # Generated proto code sometimes duplicates imports with aliases.
    48        - "duplicate import"
    49        # These will never be annotated.
    50        - "unexpected call to atomic function"
    51        - "may require checklocks annotation for"
    52        # Generated proto code creates declarations like 'var start int = iNdEx'
    53        - "should omit type .* from declaration; it will be inferred from the right-hand side"
    54    external:
    55      suppress:
    56        # buildssa can't handle certain packages (cmd/...).
    57        - "panic recovered: interface conversion: types.Type is nil"
    58        - "panic recovered: runtime error: invalid memory address or nil"
    59        - "panic recovered: no type for \\*ast.CallExpr"
    60        - "panic recovered: interface conversion: types.Type is \\*types.Basic"
    61        - "panic recovered: no type for \\*ast.BinaryExpr"
    62        - "panic recovered: no type for \\*ast.SelectorExpr"
    63        - "panic recovered: no types.Object for ast.Ident SetTypeErrors"
    64        - "panic recovered: unexpected CompositeLit type: invalid type"
    65        - "panic recovered: interface conversion: ssa.Member is \\*ssa.NamedConst"
    66      exclude:
    67        - ".*/vet/testdata/.*"
    68        - ".*/runtime/testdata/.*"
    69    internal:
    70      suppress:
    71        # We use ALL_CAPS for system definitions,
    72        # which are common enough in the code base
    73        # that we shouldn't annotate exceptions.
    74        #
    75        # Same story for underscores.
    76        - "should not use ALL_CAPS in Go names"
    77        - "should not use underscores in Go names"
    78        # These need to be annotated.
    79        - "unexpected call to atomic function.*"
    80        - "return with unexpected locks held.*"
    81        - "incompatible return states.*"
    82        - "may require checklocks annotation for.*"
    83        # For some reason, the types package falls down.
    84        - "panic recovered: .*types/sizes.go:82: assertion failed"
    85      exclude:
    86        # Generated: exempt all.
    87        - pkg/shim/runtimeoptions/runtimeoptions_cri.go
    88        - pkg/shim/runtimeoptions/v14/runtimeoptions_cri.go
    89  analyzers:
    90    asmdecl:
    91      generated: # Enabled.
    92      external:
    93        exclude: [".*"] # Disabled.
    94      internal:
    95        suppress:
    96          # Valid reasons to break the rules.
    97          - "xsetbv: invalid MOVL of value"
    98          - "xsetbv: invalid offset value"
    99          - "xgetbv: invalid MOVL of ret"
   100          - "xgetbv: invalid offset ret"
   101          - "wrmsr: invalid MOVL of value"
   102          - "wrmsr: invalid offset value"
   103          - "rdmsr: invalid MOVL of ret"
   104          - "rdmsr: invalid offset ret"
   105          # Non-conventional functions.
   106          - "\\[amd64\\].*sysret: RET without writing to 8-byte"
   107          - "\\[amd64\\].*iret: RET without writing to 8-byte"
   108          - "\\[amd64\\].*exception: use of .* points beyond argument frame"
   109          - "\\[arm64\\].*HaltEl1ExceptionAndResume: unknown variable"
   110          - "\\[arm64\\].*HaltEl1ExceptionAndResume: use of .* points beyond argument frame"
   111    assign:
   112      external:
   113        exclude:
   114          - gazelle/walk/walk.go
   115    atomic:
   116      external: # Enabled.
   117    bools:
   118      external: # Enabled.
   119    buildtag:
   120      external: # Enabled.
   121    cgocall:
   122      external: # Enabled.
   123    checklocks:
   124      internal:
   125        exclude:
   126          - "^-$" # b/181776900: analyzer fails on buildkite.
   127    shadow: # Disable for now.
   128      generated:
   129        exclude: [".*"]
   130      internal:
   131        exclude: [".*"]
   132    composites: # Disable for now.
   133      generated:
   134        exclude: [".*"]
   135      internal:
   136        exclude: [".*"]
   137    errorsas:
   138      external: # Enabled.
   139        exclude:
   140          # Specific broken case.
   141          - ".*/cmd/go/internal/modload/list.go"
   142    httpresponse:
   143      external: # Enabled.
   144    loopclosure:
   145      external: # Enabled.
   146    nilfunc:
   147      external: # Enabled.
   148    nilness:
   149      internal:
   150        exclude:
   151          - pkg/sentry/platform/kvm/kvm_test.go # Intentional.
   152          - tools/bigquery/bigquery.go          # False positive.
   153          - "-"                                 # No filename.
   154    printf:
   155      external: # Enabled.
   156        suppress:
   157          - "fmt.Fprintln arg list ends with redundant newline"
   158    shift:
   159      generated: # Disabled for generated code; these shifts are well-defined.
   160        exclude: [".*"]
   161      external:
   162        exclude:
   163          - ".*unix/syscall_linux.go" # False positive on line 2002.
   164    stringintconv:
   165      external:
   166        exclude:
   167          - ".*protobuf/.*.go"              # Bad conversions.
   168          - ".*flate/huffman_bit_writer.go" # Bad conversion.
   169          # Runtime internal violations.
   170          - ".*reflect/value.go"
   171          - ".*encoding/xml/xml.go"
   172          - ".*runtime/pprof/internal/profile/proto.go"
   173          - ".*fmt/scan.go"
   174          - ".*go/types/conversions.go"
   175          - ".*golang.org/x/net/dns/dnsmessage/message.go"
   176    tests:
   177      external: # Enabled.
   178    unmarshal:
   179      external: # Enabled.
   180    unreachable:
   181      external: # Enabled.
   182        exclude:
   183          - ".*jsonschema/reader.go"
   184          - ".*protobuf/.*.go"
   185    unsafeptr:
   186      internal:
   187        exclude:
   188          - ".*_test.go"                                             # Exclude tests.
   189          - "pkg/flipcall/.*_unsafe.go"                              # Special case.
   190          - pkg/gohacks/noescape_unsafe.go                           # Special case.
   191          - pkg/ring0/pagetables/allocator_unsafe.go                 # Special case.
   192          - pkg/sentry/fsutil/host_file_mapper_unsafe.go             # Special case.
   193          - pkg/sentry/platform/kvm/bluepill_unsafe.go               # Special case.
   194          - pkg/sentry/platform/kvm/machine_unsafe.go                # Special case.
   195          - pkg/sentry/platform/systrap/stub_unsafe.go               # Special case.
   196          - pkg/sentry/platform/systrap/syscall_thread_unsafe.go     # Special case.
   197          - pkg/sentry/platform/systrap/sysmsg_thread_unsafe.go      # Special case.
   198          - pkg/sentry/platform/systrap/subprocess_unsafe.go         # Special case.
   199          - pkg/sentry/platform/safecopy/safecopy_unsafe.go          # Special case.
   200          - pkg/sentry/usage/memory_unsafe.go                        # Special case.
   201          - pkg/sentry/vfs/mount_unsafe.go                           # Special case.
   202          - pkg/state/decode_unsafe.go                               # Special case.
   203    unusedresult:
   204      external: # Enabled.
   205    checkescape:
   206      external: # Enabled.
   207        suppress:
   208          # External libraries may not have binaries (e.g. stdlib testdata, etc.),
   209          # so these cases can be safely ignored.
   210          - "no such file or directory"
   211    checklinkname:
   212      external: # Enabled.
   213        suppress:
   214          # Suppress bad linkname directives in the internals. These will be fixed
   215          # in the bug: https://github.com/golang/go/issues/58440
   216          - "symbol \"runtime_pollWaitCanceled\".*"
   217          - "symbol \"runtime_procPin\".*"
   218          - "symbol \"registerMetric\".*"
   219        exclude:
   220          - ".*/containerd/sys/subprocess_unsafe_linux.go"
   221      internal:
   222        suppress:
   223          # See above.
   224          - "symbol \"runtime_pollWaitCanceled\".*"
   225          - "symbol \"runtime_procPin\".*"
   226      generated:
   227        suppress:
   228          # See above.
   229          - "symbol \"runtime_pollWaitCanceled\".*"
   230          - "symbol \"runtime_procPin\".*"
   231    SA1019: # Use of deprecated identifier.
   232      # disable for now due to misattribution from golang.org/issue/44195.
   233      generated:
   234        exclude: [".*"]
   235      internal:
   236        exclude: [".*"]
   237    SA2001: # Empty critical section.
   238      internal:
   239        exclude:
   240          - pkg/sentry/fs/fs.go          # Intentional.
   241          - pkg/sentry/fs/gofer/inode.go # Intentional.
   242          - pkg/refs/refcounter_test.go  # Intentional.
   243    SA4016: # Useless bitwise operations.
   244      internal:
   245        exclude:
   246          - pkg/gohacks/noescape_unsafe.go # x ^ 0 always equals x.
   247    ST1019: # Multiple imports of the same package.
   248      generated:
   249        exclude:
   250          # package ".../kubeapi/core/v1/v1" is being imported more than once
   251          - generated.gen.pb.go
   252    ST1021: # Doc should start with type name.
   253      internal:
   254        exclude:
   255          - "pkg/abi/nvgpu/.*.go"
   256        suppress:
   257          - "comment on exported type Translation" # Intentional.
   258          - "comment on exported type PinnedRange" # Intentional.
   259    ST1016: # CheckReceiverNamesIdentical
   260      internal:
   261        exclude:
   262          - pkg/tcpip/stack/packet_buffer.go # TODO(b/233086175): Remove.