Linter: gosec, Rule: G602 - Slice access out of bounds. Should we enable it?

[zak-pawel]

Use Case

This issue starts discussion about enabling:

• linter: gosec - Inspects source code for security problems by scanning the Go AST.
• rule: G602 - Slice access out of bounds

Added here: securego/gosec#973

Expected behavior

Decision if rule should be enabled or not.

Actual behavior

For this rule no findings were found in current code.

Additional info

For this rule no additional configuration can be provided.

[powersj]

Hi,

I have very mixed feelings about enabling even more linters :) Yes, I absolutely want to do this.

However, we need to put a pause on this until we can consistently get the
linter jobs to run. It is not fair to our contributors or ourselves, to constantly have flaky tests that are failing due to resource issues because the linters are currently so heavy.

Even last night the windows linter test failed due to memory issues, even with GOGC=1 set. It was not a timeout on golangci-lint is 30mins and the CircleCI no output timeout is 30mins.

Rather than enabling more and more linters, I would appreciate some time put into figuring out how we can ensure these jobs pass consistently.

[srebhan]

Seconding the comment of @powersj, I absolutely would want this linter enabled but having nightly OOM'ing often is not a good thing...

[zak-pawel]

@srebhan
I've reviewed the jobs from the past week, and I have a feeling that after this PR: #14639, all linter jobs (which used the code introduced by the mentioned PR) had no issues with OOM or timing out.
If they failed, it was because they encountered a problem in the code ;)