Add support to whitelist selector expressions #12
Conversation
This will allow a pre defined list of selector expressions X and Sel idents to mark as whitelisted. By doing this we could allow a specific type or function from a specific package such as `regexp.MustCompile`.
Codecov Report
@@ Coverage Diff @@
## master #12 +/- ##
===========================================
+ Coverage 59.15% 71.02% +11.87%
===========================================
Files 2 2
Lines 71 107 +36
===========================================
+ Hits 42 76 +34
- Misses 27 28 +1
- Partials 2 3 +1
Continue to review full report at Codecov.
|
|
I tried to look at your other code to find what style or likings you've got. Feel free to nit on formatting, newlines, naming and whatnot! Also tell me if you wan't me to squash this into a single commit! |
|
Just follow the Go convention of prefixing global error variables with What's the benefit of whitelisting EDIT: |
|
Yeah I'm all for following the naming convention for errors and only allow names staring with Regarding versus I noticed now that one of the main reasons to add support for this according to the issue was to check for compilation errors but the reason I made this PR was to avoid re-compiling the regexp more than once. |
|
Why need to call func NewServer() *Server {
re := regexp.MustCompile(`^\d+$`)
return &Server{
re: re,
}
}
// Then use and inject (*Server).re anywhere you like |
|
How about code with functions requiring regexp that is not attached to a struct? In my case I don't always have a And even if I did, I don't think I like the idea of adding fields to a struct just to be able to make them "global". The same way I don't like to implement methods on a struct if the struct itself is never used. But it boils down to a matter of opinion I guess. You could always argue to refactor your code to avoid the need for global variables I guess. |
|
Attaching the |
|
This seems to boil down only to opinions and tastes. Compiled regexps as constants or not. I personally would like to have compiled regexps as constants. But not everyone agrees. Could we make the linter configurable. Perhaps providing a list of allowed prefixes or types? |
|
Yeah I got that it was an example, that’s why I ended my previous post the way I did. I also tried to show other examples which might be harder to refactor for. It wouldn't be much of a helping function if you were to provide the regexp executed yourself. I’ll leave the PR open and let a maintainer chose if they want to close the PR. Thanks for your input! |
|
@leighmcculloch are you going to merge this PR in or did you decide not to support this use case? If you didn't decide to support this behavior, closing this PR would be nice, because its very unclear what state this is in, as an observer 1yr later. |
|
I still don't like the idea of whitelisting any function calls. |
|
Regular expressions are often used in the same was as constants are in code, so declaring them at the var level in one package, then referencing the var in other packages is a fairly common code pattern. The documentation for I would be concerned about suggesting code with Obviously that is all just my opinion. If there isn't support for this, then it would be more clear to close this PR, rather than leave it open and confuse others in the future. |
|
Thanks for reviving this PR. I apologize it dropped through the cracks. I think there's a lot of value including regular expression compilation, even though they are not constants, many Go developers treat them like constants including myself. The errors I'm unclear about, and I think it'd be great if we can make Could we reduce this PR with just the |
|
Sure thing, I can split this into two separate PRs, probably later today or tomorrow. |
* Only allow regexp.MustCompile as an arbitrary named global var * Update README * Rename whitelist to allowlist and whitelisted to allowed * Revert tests * Remove comment from main to fix 'code in directory ... expects import'
bombsimon
force-pushed
the
whitelisted-selectors
branch
from
8468dcc to
3739e46
Compare
| if isWhitelisted(vn) { | ||
| if isAllowed(vn) { |
There was a problem hiding this comment.
Thank you for renaming whitelist to allow. 💯
Co-authored-by: Simon Sawert <[email protected]>
|
👏 Thanks @bombsimon! |
|
Closed #6 |
This will allow a pre defined list of selector expressions X and Sel
idents to mark as whitelisted. By doing this we could allow a specific
type or function from a specific package such as
regexp.MustCompile.I had a discussion today regarding how to handle things such as
regexp.MustCompile()or pre defined errors as a global variable which this linter doesn't really support. I know you can ignore errors by using specific variable names but I also saw that there were someTODOmakers to skip fake errors. I also found #6 which addresses the same issue I have and that you were open to PRs.I guess I could and should've asked in the ticket but I thought I had a go at an implementation to handle this. Since you're already open to match the name of the variable, would you be open to define a list of selector expression value that could be whitelisted?
As seen in the PR I created a 2D array which holds an
Xident and aSelident which will be matched. I added three defaults to test this;errors New,fmt Errorfandregexp MustCompile. If this is a feasible solution this could even be configurable to allow any expressions, likehttp ClientI use in the test. Regarding errors specific I guess a check if it implements theError()interface would be better but I still see a use case for a feature like this.I added a new test file to show the behaviour and also updated the existing tests. Please let me know what you think! If this is not the way you want to go I totally understand and will close this PR.