filter

package

v0.2.4 Latest Latest Go to latest Published: Apr 24, 2026 License: MIT Imports: 12 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/MHChlagou/lintel

Links

Open Source Insights

Documentation ¶

Overview ¶

Package filter applies allowlist, baseline, warn_paths, and inline-ignore layers.

Index ¶

func InlineIgnored(path string, line int, marker, rule string) (bool, bool, error)
func SaveBaseline(repoRoot string, findings []finding.Finding, now string) error
type AllowEntry
- func (e AllowEntry) Expired() bool
- func (e AllowEntry) Matches(check, rule, file string) bool
type Allowlist
- func LoadAllowlist(repoRoot string) (*Allowlist, error)
type Baseline
- func LoadBaseline(repoRoot string) (*Baseline, error)
- func (b *Baseline) Contains(f finding.Finding) bool
type BaselineFinding

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func InlineIgnored ¶

func InlineIgnored(path string, line int, marker, rule string) (bool, bool, error)

InlineIgnored reports whether the given file:line (or the preceding line) carries an "lintel:ignore-..." directive with a non-empty reason.

Accepted forms (on the same or preceding line):

// lintel:ignore-secret  reason="test fixture"
# lintel:ignore-rule=SQLi.raw-concat  reason="hardened elsewhere"

A bare `lintel:ignore-*` without a reason is itself a finding caller can surface.

func SaveBaseline ¶

func SaveBaseline(repoRoot string, findings []finding.Finding, now string) error

Types ¶

type AllowEntry ¶

type AllowEntry struct {
	Path    string   `yaml:"path"`
	Rule    string   `yaml:"rule"`
	Checks  []string `yaml:"checks"`
	Reason  string   `yaml:"reason"`
	Expires string   `yaml:"expires"`
}

func (AllowEntry) Expired ¶

func (e AllowEntry) Expired() bool

func (AllowEntry) Matches ¶

func (e AllowEntry) Matches(check, rule, file string) bool

Matches returns true if the entry covers the given finding.

type Allowlist ¶

type Allowlist struct {
	Entries []AllowEntry `yaml:"entries"`
}

func LoadAllowlist ¶

func LoadAllowlist(repoRoot string) (*Allowlist, error)

type Baseline ¶

type Baseline struct {
	CreatedAt string            `json:"created_at"`
	Keys      map[string]bool   `json:"-"`
	Raw       []BaselineFinding `json:"findings"`
}

func LoadBaseline ¶

func LoadBaseline(repoRoot string) (*Baseline, error)

func (*Baseline) Contains ¶

func (b *Baseline) Contains(f finding.Finding) bool

Contains reports whether this finding was already in the baseline. Line numbers are deliberately not part of the key - files get reformatted.

type BaselineFinding ¶

type BaselineFinding struct {
	Check      string `json:"check"`
	RuleID     string `json:"rule_id"`
	File       string `json:"file"`
	SnippetKey string `json:"snippet_key"`
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL