From 3cd1af3223cf6f35a1e0546c204696a15b73a613 Mon Sep 17 00:00:00 2001 From: Ben Kochie Date: Wed, 14 Feb 2024 09:22:55 +0100 Subject: [PATCH] Enforce no subprocess policy Add depguard to golangci-lint to enforce the no-os/exec policy. Signed-off-by: Ben Kochie --- .golangci.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.golangci.yml b/.golangci.yml index 3f7e4589cb..472b3a5e13 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -1,5 +1,6 @@ linters: enable: + - depguard - misspell - revive disable: @@ -19,6 +20,14 @@ issues: - errcheck linters-settings: + depguard: + rules: + no_exec_policy: + files: + - "!$test" + deny: + - pkg: "os/exec" + desc: "Using os/exec to run sub processes it not allowed by policy" errcheck: exclude-functions: # Used in HTTP handlers, any error is handled by the server itself.