0x524a
95626ffafc
- Added new exclusions for hardcoded IP addresses in additional Go files to enhance security analysis. - Updated the golangci-lint action version to v1.64.8 for improved linting consistency and performance.
84 lines
3.2 KiB
Properties
84 lines
3.2 KiB
Properties
sonar.projectKey=0x524a_onvif-go
|
|
sonar.organization=0x524a
|
|
|
|
# Project metadata
|
|
sonar.projectName=onvif-go
|
|
sonar.projectVersion=1.0.0
|
|
|
|
# Source code location
|
|
sonar.sources=.
|
|
sonar.exclusions=**/vendor/**,**/*_test.go,**/examples/**,**/cmd/**,**/testdata/**,**/testing/**
|
|
|
|
# Test settings
|
|
sonar.tests=.
|
|
sonar.test.inclusions=**/*_test.go
|
|
sonar.test.exclusions=**/vendor/**
|
|
|
|
# Go specific settings
|
|
sonar.go.coverage.reportPaths=coverage.out
|
|
sonar.go.tests.reportPaths=test-report.json
|
|
|
|
# Source encoding
|
|
sonar.sourceEncoding=UTF-8
|
|
|
|
# Coverage exclusions - exclude non-production code from coverage metrics
|
|
sonar.coverage.exclusions=**/cmd/**,**/examples/**,**/server/**,**/testing/**,**/testdata/**,**/*_test.go
|
|
|
|
# Duplications exclusions
|
|
sonar.cpd.exclusions=**/*_test.go,**/testdata/**
|
|
|
|
# Security Hotspot exclusions - skip test files, CI configuration, and CLI tools
|
|
# These files don't represent production security concerns
|
|
sonar.security.hotspots.exclusions=**/*_test.go,**/testing/**,**/testdata/**,**/.github/**,**/examples/**,**/cmd/**
|
|
|
|
# Issue exclusions for specific rules
|
|
sonar.issue.ignore.multicriteria=e1,e2,e3,e4,e5,e6,e7,e8,e9,e10,e11,e12,e13
|
|
|
|
# Ignore security issues in test files
|
|
sonar.issue.ignore.multicriteria.e1.ruleKey=go:S5042
|
|
sonar.issue.ignore.multicriteria.e1.resourceKey=**/*_test.go
|
|
|
|
# Ignore hardcoded credentials in test/example files (test credentials are expected)
|
|
sonar.issue.ignore.multicriteria.e2.ruleKey=go:S6418
|
|
sonar.issue.ignore.multicriteria.e2.resourceKey=**/*_test.go
|
|
|
|
sonar.issue.ignore.multicriteria.e3.ruleKey=go:S6418
|
|
sonar.issue.ignore.multicriteria.e3.resourceKey=**/examples/**
|
|
|
|
# Ignore hardcoded IP addresses in test files (test IPs like 192.168.x.x are expected)
|
|
sonar.issue.ignore.multicriteria.e4.ruleKey=go:S1313
|
|
sonar.issue.ignore.multicriteria.e4.resourceKey=**/*_test.go
|
|
|
|
# Ignore hardcoded IP addresses in CLI tools (example/default IPs for demos)
|
|
sonar.issue.ignore.multicriteria.e5.ruleKey=go:S1313
|
|
sonar.issue.ignore.multicriteria.e5.resourceKey=**/cmd/**
|
|
|
|
# Ignore hardcoded IP addresses in examples
|
|
sonar.issue.ignore.multicriteria.e6.ruleKey=go:S1313
|
|
sonar.issue.ignore.multicriteria.e6.resourceKey=**/examples/**
|
|
|
|
# Ignore hardcoded credentials in CLI tools (default/demo credentials)
|
|
sonar.issue.ignore.multicriteria.e7.ruleKey=go:S6418
|
|
sonar.issue.ignore.multicriteria.e7.resourceKey=**/cmd/**
|
|
|
|
# Explicit exclusions for specific files flagged by SonarCloud
|
|
# These use hardcoded IPs for testing/demo purposes only
|
|
sonar.issue.ignore.multicriteria.e8.ruleKey=go:S1313
|
|
sonar.issue.ignore.multicriteria.e8.resourceKey=client_test.go
|
|
|
|
sonar.issue.ignore.multicriteria.e9.ruleKey=go:S1313
|
|
sonar.issue.ignore.multicriteria.e9.resourceKey=media_test.go
|
|
|
|
sonar.issue.ignore.multicriteria.e10.ruleKey=go:S1313
|
|
sonar.issue.ignore.multicriteria.e10.resourceKey=examples/test-real-camera-all/main.go
|
|
|
|
sonar.issue.ignore.multicriteria.e11.ruleKey=go:S1313
|
|
sonar.issue.ignore.multicriteria.e11.resourceKey=cmd/onvif-diagnostics/main.go
|
|
|
|
sonar.issue.ignore.multicriteria.e12.ruleKey=go:S1313
|
|
sonar.issue.ignore.multicriteria.e12.resourceKey=cmd/onvif-cli/main.go
|
|
|
|
# Ignore hardcoded IP addresses in all Go files under examples
|
|
sonar.issue.ignore.multicriteria.e13.ruleKey=go:S1313
|
|
sonar.issue.ignore.multicriteria.e13.resourceKey=examples/**/*.go
|