go-safeweb icon indicating copy to clipboard operation
go-safeweb copied to clipboard

Published 20 hours ago verified publisher icon google

Create a set of linters

Open empijei opened this issue 4 years ago • 0 comments

As much as we are relying on the typesystem to do the heavy lifting, we should create linters for some things:

  • ban imports (with an allowlist for exceptions) e.g. don't allow importing github.com/google/go-safeweb/safesql/legacyconversions
  • ban function calls (with an allowlist for exceptions) e.g. don't allow calling safehttp.NewServeMuxConfig
  • allowlists live in a configuration file (JSON)

Additional useful features:

  • Make sure types that the dispatcher recognizes as safe are the only types passed to Write calls
  • Make sure the return value of a function call that returns a Result type is never ignored
  • Error returns shouldn't ever be ignored (people have to use explicit _ assignments). This could accept an allowlist of exceptions (e.g. io.Closer Close calls)

empijei avatar Aug 25 '20 09:08 empijei