Closed ldez closed 3 months ago
@ldez The new approach is using the go list
to parse the go version first from the local go module file, if this is not found will fall back to runtime version. Is go list
introducing performance issues?
I am thinking to keep the current behaviour as default and introduce an environment variable to bypass the go list parsing something like GOSECNOLOCALVERSION
. Would this work for you?
Is
go list
introducing performance issues?
Yes because golangci-lint loads the rules for each package, so a go list
is done a lot of times (nb of rules that require the Go version)*(nb of packages).
I am thinking to keep the current behaviour as default and introduce an environment variable to bypass the go list parsing something like
GOSECNOLOCALVERSION
. Would this work for you?
An env var can work.
Note: currently, only 2 rules (G601 and G113) use the GoVersion
function but the more you will use it and more you will also be impacted by this performance problem.
@ldez I added an environment variable which should disabled the parsing of Go version from module file present in the project. Please have a look at the README.
@ccojocar I was expected to be able to set the go version through the env var because the runtime
version will not be right.
// GoVersion returns parsed version of Go mod version and fallback to runtime version if not found.
func GoVersion() (int, int, int) {
if env, ok := os.LookupEnv("GOSECGOVERSION"); ok {
return parseGoVersion(strings.TrimPrefix(env, "go"))
}
goVersion, err := goModVersion()
if err != nil {
return parseGoVersion(strings.TrimPrefix(runtime.Version(), "go"))
}
return parseGoVersion(goVersion)
}
Summary
Hello,
I know that my request is really specific to golangci-lint, and if you don't want to do that I will understand.
The new way for gosec to detect the Go version has a huge impact on golangci-lint performances.
1119
The best solution for us is to have an option to set the Go version to bypass the usage of
go list
.Steps to reproduce the behavior
https://github.com/golangci/golangci-lint/issues/4735
gosec version
v2.20.0
Go version (output of 'go version')
Operating system / Environment
Not dependent on the OS