linters

README

Linters

Linters is a collection of static analyzers for the Go programing language. Although created for the needs of the Cilium project, they may be applied to any Go codebase.

ioreadall

ioreadall is an analyzer that checks for the use of (io|ioutil).ReadAll. This function reads all data from an io.Reader until EOF. However, if misused, it can be used as a possible attack vector (e.g. an attacker gets the program to read a very large file which fills up memory leader to a denial of service attack). Users are encouraged to use alternative constructs such as making use of io.LimitReader.

slowg

slowg is an analyzer that checks for inappropriate use of Logger.With from the log/slog (or golang.org/x/exp/slog) package.

Logger.With() (and Logger.WithGroup() creates a new Logger containing the provided attributes. The parent logger is cloned when arguments are supplied, which is a relatively expensive operation which should not be used in hot code path.

For example, slowg would report the following call:

log.With("key", val).Info("message")

Which should be replaced with the following one:

log.Info("message", "key", val)

However, the slowg checker does not prevent the use of With and WithGroup.

wlog := log.With("key", val)             // this is fine
wlog.Info("info")                        // this is also fine
wlog.With("more", "attr").Debug("debug") // this is flagged as inappropriate use

timeafter

timeafter is an analyzer that checks for the use of time.After instances in loops. As stated in its documentation, the underlying Timer is not recovered by the garbage collector until the timer fires.

Documentation

Overview

Package main creates the main function to run all analyzers in this module.