mirror of
https://github.com/moonD4rk/HackBrowserData.git
synced 2026-07-06 21:37:47 +02:00
6d0efadb59
Restore previously required the dump's origin OS, overlaying keys onto locally-discovered browsers. It now rebuilds Chromium engines from the dump's vaults (v2 adds engine kind), so copied data or an archive zip decrypts on any OS.
198 lines
5.0 KiB
YAML
198 lines
5.0 KiB
YAML
# golangci-lint v2 configuration
|
|
# Compatible with Go 1.20
|
|
version: "2"
|
|
|
|
run:
|
|
go: "1.20"
|
|
timeout: "5m"
|
|
allow-parallel-runners: true
|
|
|
|
linters:
|
|
default: none
|
|
enable:
|
|
# Default tier — must-have for any Go project
|
|
- errcheck
|
|
- govet
|
|
- staticcheck
|
|
- ineffassign
|
|
- unused
|
|
|
|
# Bug detection
|
|
- errorlint
|
|
- gosec
|
|
- sqlclosecheck
|
|
- nilerr
|
|
- bodyclose
|
|
- durationcheck
|
|
- errchkjson
|
|
- exhaustive
|
|
- forcetypeassert
|
|
|
|
# Code quality
|
|
- depguard
|
|
- dogsled
|
|
- dupl
|
|
- dupword
|
|
- errname
|
|
- funlen
|
|
- gocheckcompilerdirectives
|
|
- gochecknoinits
|
|
- goconst
|
|
- gocritic
|
|
- godox
|
|
- goprintffuncname
|
|
- lll
|
|
- mirror
|
|
- misspell
|
|
- nakedret
|
|
- predeclared
|
|
- revive
|
|
- testifylint
|
|
- unconvert
|
|
- unparam
|
|
- usestdlibvars
|
|
- wastedassign
|
|
- whitespace
|
|
|
|
# Complexity
|
|
- gocognit
|
|
- nestif
|
|
|
|
# Note: copyloopvar, intrange, modernize, perfsprint require Go 1.22+
|
|
# They will be enabled when Go version constraint is lifted.
|
|
|
|
settings:
|
|
depguard:
|
|
rules:
|
|
blocked:
|
|
deny:
|
|
- pkg: "github.com/pkg/errors"
|
|
desc: Use fmt.Errorf with %w or errors stdlib instead.
|
|
- pkg: "io/ioutil"
|
|
desc: Deprecated since Go 1.16. Use io and os packages instead.
|
|
- pkg: "github.com/instana/testify"
|
|
desc: Use github.com/stretchr/testify instead.
|
|
exhaustive:
|
|
default-signifies-exhaustive: true
|
|
dupl:
|
|
threshold: 100
|
|
funlen:
|
|
lines: -1
|
|
statements: 50
|
|
# goconst kept deliberately lenient (above the default min-occurrences: 3) — short, repeated
|
|
# literals like test fixtures and scheme strings aren't worth extracting into named constants.
|
|
goconst:
|
|
min-len: 5
|
|
min-occurrences: 5
|
|
ignore-string-values:
|
|
- "all"
|
|
- "csv"
|
|
- "json"
|
|
- "https"
|
|
- "http"
|
|
# browser registry keys/names — declarative table, not worth constants
|
|
- "chrome"
|
|
- "Chrome"
|
|
- "firefox"
|
|
- "chromium"
|
|
gocritic:
|
|
enabled-tags:
|
|
- diagnostic
|
|
- experimental
|
|
- opinionated
|
|
- performance
|
|
- style
|
|
disabled-checks:
|
|
- dupImport
|
|
- hugeParam
|
|
- rangeValCopy # keychainbreaker structs are large by design
|
|
- unnamedResult # crypto functions returning (key, iv) are clear without names
|
|
- whyNoLint
|
|
lll:
|
|
line-length: 140
|
|
gocognit:
|
|
min-complexity: 30
|
|
nestif:
|
|
min-complexity: 5
|
|
godox:
|
|
keywords:
|
|
- FIXME
|
|
govet:
|
|
enable:
|
|
- nilness
|
|
errorlint:
|
|
asserts: false
|
|
gosec:
|
|
excludes:
|
|
- G101 # hardcoded credentials — false positives on const names
|
|
- G115 # integer overflow on conversion — false positives on safe narrowing
|
|
- G117 # struct field matches secret pattern — false positive on Password fields
|
|
- G204 # exec.Command with variable — required for macOS `security` command
|
|
- G304 # file inclusion via variable — required for dynamic browser paths
|
|
- G703 # path traversal via taint analysis — same false-positive class as G304 (gosec 2.22+ / golangci-lint 2.11+)
|
|
- G401 # weak crypto SHA1 — required for Chromium PBKDF2 key derivation
|
|
- G402 # TLS MinVersion — not applicable (no TLS in this tool)
|
|
- G405 # weak crypto DES — required for Firefox 3DES decryption
|
|
- G501 # blocklisted import crypto/md5 — not used, keep for safety
|
|
- G502 # blocklisted import crypto/des — required for Firefox decryption
|
|
- G505 # blocklisted import crypto/sha1 — required for PBKDF2
|
|
errcheck:
|
|
check-type-assertions: true
|
|
exclude-functions:
|
|
- "os.Remove"
|
|
- "os.RemoveAll"
|
|
- "(*database/sql.DB).Close"
|
|
- "(*database/sql.Rows).Close"
|
|
misspell:
|
|
locale: US
|
|
revive:
|
|
rules:
|
|
- name: indent-error-flow
|
|
- name: unexported-return
|
|
- name: unused-parameter
|
|
disabled: true
|
|
staticcheck:
|
|
checks:
|
|
- "all"
|
|
- "-ST1000" # package comment — not a public library
|
|
- "-ST1003" # naming convention — allow platform-specific names
|
|
|
|
exclusions:
|
|
presets:
|
|
- comments
|
|
- std-error-handling
|
|
- common-false-positives
|
|
- legacy
|
|
rules:
|
|
- path: _test\.go
|
|
linters:
|
|
- dupl
|
|
- funlen
|
|
- gosec
|
|
- errcheck
|
|
- lll
|
|
- goconst
|
|
- source: "defer"
|
|
linters:
|
|
- errcheck
|
|
- text: "SELECT"
|
|
linters:
|
|
- gosec
|
|
- path: "cmd/hack-browser-data/main.go"
|
|
linters:
|
|
- lll
|
|
- path: "masterkey/gcoredump_darwin.go"
|
|
linters:
|
|
- gocognit
|
|
|
|
formatters:
|
|
enable:
|
|
- gofumpt
|
|
- goimports
|
|
settings:
|
|
gofumpt:
|
|
extra-rules: true
|
|
goimports:
|
|
local-prefixes:
|
|
- github.com/moond4rk/hackbrowserdata
|