From 3a762d0a4d1941c2b3117fde59796f53868acdd7 Mon Sep 17 00:00:00 2001 From: Ryan Parman Date: Thu, 23 May 2024 14:41:50 -0600 Subject: [PATCH] feat: Initial commit. --- .dcignore | 110 ++ .ecrc | 68 + .editorconfig | 54 + .gitattributes | 132 ++ .githooks/commit-msg.sh | 3 + .github/CODEOWNERS | 5 + .github/dco.yml | 7 + .github/dependabot.yml | 28 + .gitignore | 43 + .golangci.yml | 1697 ++++++++++++++++++ .gommit.toml | 19 + .goplicate.yaml | 69 + .licensei.toml | 15 + .mailmap | 25 + .markdownlint.base.jsonc | 256 +++ .markdownlint.jsonc | 15 + .pre-commit-config.yaml | 178 ++ .vscode/extensions.json | 187 ++ .vscode/settings.json | 684 +++++++ LICENSE.txt | 201 +++ README.md | 61 + SECURITY.md | 35 + __update.sh | 87 + cliff.toml | 136 ++ cmd/doc.go | 18 + cmd/root.go | 191 ++ cmd/version.go | 23 + ecrc.toml | 76 + example.sarif.json | 172 ++ exception.sarif.json | 167 ++ go.mod | 47 + go.sum | 123 ++ lintbrush/check_executables_have_shebangs.go | 78 + lintbrush/doc.go | 18 + lintbrush/utils.go | 85 + main.go | 21 + scripts/generate-contributors.sh | 21 + trivy-license.yaml | 201 +++ trivy-vuln.yaml | 62 + 39 files changed, 5418 insertions(+) create mode 100644 .dcignore create mode 100644 .ecrc create mode 100644 .editorconfig create mode 100644 .gitattributes create mode 100755 .githooks/commit-msg.sh create mode 100644 .github/CODEOWNERS create mode 100644 .github/dco.yml create mode 100644 .github/dependabot.yml create mode 100644 .gitignore create mode 100644 .golangci.yml create mode 100644 .gommit.toml create mode 100644 .goplicate.yaml create mode 100644 .licensei.toml create mode 100644 .mailmap create mode 100644 .markdownlint.base.jsonc create mode 100644 .markdownlint.jsonc create mode 100644 .pre-commit-config.yaml create mode 100644 .vscode/extensions.json create mode 100644 .vscode/settings.json create mode 100644 LICENSE.txt create mode 100644 README.md create mode 100644 SECURITY.md create mode 100755 __update.sh create mode 100644 cliff.toml create mode 100644 cmd/doc.go create mode 100644 cmd/root.go create mode 100644 cmd/version.go create mode 100644 ecrc.toml create mode 100644 example.sarif.json create mode 100644 exception.sarif.json create mode 100644 go.mod create mode 100644 go.sum create mode 100644 lintbrush/check_executables_have_shebangs.go create mode 100644 lintbrush/doc.go create mode 100644 lintbrush/utils.go create mode 100644 main.go create mode 100755 scripts/generate-contributors.sh create mode 100644 trivy-license.yaml create mode 100644 trivy-vuln.yaml diff --git a/.dcignore b/.dcignore new file mode 100644 index 0000000..a334c0b --- /dev/null +++ b/.dcignore @@ -0,0 +1,110 @@ +# Write glob rules for ignored files. +# Check syntax on https://deepcode.freshdesk.com/support/solutions/articles/60000531055-how-can-i-ignore-files-or-directories- +# Used by Snyk; https://docs.snyk.io/features/integrations/ide-tools/visual-studio-code-extension-for-snyk-code + +# Hidden directories +.*/ + +# Python +__pycache__/ +build/ +develop-eggs/ +dist/ +downloads/ +eggs/ +lib/ +lib64/ +parts/ +sdist/ +var/ +wheels/ +share/python-wheels/ +*.egg-info/ +MANIFEST +htmlcov/ +cover/ +instance/ +docs/_build/ +target/ +profile_default/ +__pypackages__/ +celerybeat-schedule +env/ +venv/ +ENV/ +env.bak/ +venv.bak/ +/site +cython_debug/ + +# JupyterNotebooks +profile_default/ + +# Hugo +/public/ +/resources/_gen/ + +# VirtualEnv +[Bb]in +[Ii]nclude +[Ll]ib +[Ll]ib64 +[Ll]ocal +[Ss]cripts + +# SublimeText +Package Control.cache/ +Package Control.ca-certs/ + +# Windows +$RECYCLE.BIN/ + +# Linux +*~ + +# Emacs +*~ +#*# +auto-save-list +tramp +*_archive +/eshell/history +/eshell/lastdir +/elpa/ +/auto/ +dist/ +/server/ + +# macOS +Icon + +Network Trash Folder +Temporary Items + +# JetBrains +cmake-build-*/ +out/ + +# Vim +*~ +tags + +# Node +logs +pids +lib-cov +coverage +bower_components +build/Release +node_modules/ +jspm_packages/ +web_modules/ +out +dist + +# Rust +debug/ +target/ + +# Packer +packer_cache/ diff --git a/.ecrc b/.ecrc new file mode 100644 index 0000000..9313abd --- /dev/null +++ b/.ecrc @@ -0,0 +1,68 @@ +{ + "Debug": false, + "Exclude": [ + "\\.7z$", + "\\.avif", + "\\.bak$", + "\\.bin$", + "\\.bz2$", + "\\.cache$", + "\\.css\\.map$", + "\\.dcignore$", + "\\.ecrc$", + "\\.eot$", + "\\.example$", + "\\.gif$", + "\\.go$", + "\\.golangci.yml$", + "\\.goreleaser.yml$", + "\\.gotmpl$", + "\\.gz$", + "\\.ico$", + "\\.jpeg$", + "\\.jpg$", + "\\.js\\.map$", + "\\.log$", + "\\.mp4$", + "\\.otf$", + "\\.patch$", + "\\.pbm", + "\\.pdf$", + "\\.pgm", + "\\.png$", + "\\.pnm", + "\\.ppm", + "\\.snap$", + "\\.svg$", + "\\.tar$", + "\\.terraform-docs\\.yml$", + "\\.terraform\\.lock\\.hcl$", + "\\.ttf$", + "\\.txt$", + "\\.vscode/.*?\\.json$", + "\\.webp$", + "\\.wmv$", + "\\.woff$", + "\\.woff2$", + "\\.zip$", + "^\\.pnp\\.cjs$", + "^\\.pnp\\.js$", + "^\\.pnp\\.loader\\.mjs$", + "^\\.yarn/", + "^Cargo\\.lock$", + "^composer\\.lock$", + "^package-lock\\.json$", + "^yarn\\.lock$", + "cliff\\.toml$", + "go\\.mod$", + "go\\.sum$", + "min\\.css$", + "min\\.js$", + "package-lock\\.json$", + "standard\\.mk$" + ], + "IgnoreDefaults": true, + "NoColor": false, + "SpacesAfterTabs": false, + "Verbose": false +} diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..3478d46 --- /dev/null +++ b/.editorconfig @@ -0,0 +1,54 @@ +# Uses editorconfig to maintain consistent coding styles +# https://editorconfig.org + +root = true + +[*] +charset = utf-8 +end_of_line = lf +indent_size = 4 +indent_style = space +insert_final_newline = true +max_line_length = 120 +tab_width = 4 +trim_trailing_whitespace = true + +[Makefile*] +indent_style = tab +max_line_length = 20000 + +# Web +[*.{css,html,js,less,sass,scss}] +indent_size = 2 + +# Configuration formats +[*.{hcl,json,jsonc,toml,yaml,yml}] +indent_size = 2 + +[.ecrc] +indent_size = 2 + +[*.go] +indent_style = tab + +[*.{md,md.tmpl}] +indent_size = 2 +max_line_length = 20000 + +[*.py] +indent_size = 4 + +[*.sh] +indent_size = 4 +max_line_length = 120 + +# Terraform files +[*.{tf,tftpl,tfvars}] +indent_size = 2 +indent_style = space + +[.yamllint] +indent_size = 2 + +[bats/*.sh] +max_line_length = 20000 diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..343ab72 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,132 @@ +# Helps Git use the right algorithms for diffs +# https://git-scm.com/docs/gitattributes + +# Auto detect text files and perform LF normalization +# https://www.davidlaing.com/2012/09/19/customise-your-gitattributes-to-become-a-git-ninja/ +* text=auto + +# Front-end +*.css text eol=lf diff=css +*.htm text eol=lf diff=html +*.html text eol=lf diff=html +*.js text eol=lf +*.less text eol=lf diff=css +*.sass text eol=lf diff=css +*.scss text eol=lf diff=css +*.ts text eol=lf +*.xhtml text eol=lf diff=html + +# Documents +*.bibtex text diff=bibtex +*.doc diff=astextplain +*.DOC diff=astextplain +*.docx filter=lfs diff=lfs merge=lfs -text +*.DOCX filter=lfs diff=lfs merge=lfs -text +*.dot diff=astextplain +*.DOT diff=astextplain +*.pdf filter=lfs diff=lfs merge=lfs -text +*.PDF filter=lfs diff=lfs merge=lfs -text +*.rtf diff=astextplain +*.RTF diff=astextplain +*.md text eol=lf diff=markdown +*.tex text eol=lf diff=tex +*.adoc text eol=lf +*.textile text eol=lf +*.mustache text eol=lf +*.csv text eol=lf +*.tab text eol=lf +*.tsv text eol=lf +*.txt text eol=lf +*.markdown text eol=lf diff=markdown +*.md text eol=lf diff=markdown +*.mdwn text eol=lf diff=markdown +*.mdown text eol=lf diff=markdown +*.mkd text eol=lf diff=markdown +*.mkdn text eol=lf diff=markdown +*.mdtxt text eol=lf diff=markdown +*.mdtext text eol=lf diff=markdown +*.txt text eol=lf + +# "Files" +Dockerfile text eol=lf +Makefile text eol=lf +*README* text eol=lf + +# Graphics +*.png filter=lfs diff=lfs merge=lfs -text +*.jpg filter=lfs diff=lfs merge=lfs -text +*.jpeg filter=lfs diff=lfs merge=lfs -text +*.gif filter=lfs diff=lfs merge=lfs -text +*.tif filter=lfs diff=lfs merge=lfs -text +*.tiff filter=lfs diff=lfs merge=lfs -text +*.ico filter=lfs diff=lfs merge=lfs -text +*.eps filter=lfs diff=lfs merge=lfs -text +*.svg text eol=lf +*.svgz filter=lfs diff=lfs merge=lfs -text +*.webp filter=lfs diff=lfs merge=lfs -text + +# Scripts +*.bash text eol=lf +*.fish text eol=lf +*.sh text eol=lf + +# These are explicitly windows files and should use crlf +*.bat text eol=crlf +*.cmd text eol=crlf +*.ps1 text eol=crlf + +# Fonts +*.ttf filter=lfs diff=lfs merge=lfs -text +*.eot filter=lfs diff=lfs merge=lfs -text +*.otf filter=lfs diff=lfs merge=lfs -text +*.woff filter=lfs diff=lfs merge=lfs -text +*.woff2 filter=lfs diff=lfs merge=lfs -text + +# Serialization +*.ini text eol=lf +*.json text eol=lf +*.toml text eol=lf +*.xml text eol=lf +*.yaml text eol=lf +*.yml text eol=lf + +# Configs +*.conf text eol=lf +*.config text eol=lf +.editorconfig text eol=lf +.env text eol=lf +.gitattributes text eol=lf +.gitconfig text eol=lf +*.lock text eol=lf -diff +package-lock.json text eol=lf -diff + +# Archives +*.7z filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.tar filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text + +# Database +*.sql text eol=lf + +# Text files where line endings should be preserved +*.patch -text + +# Exclude files from exporting +.gitattributes export-ignore +.gitignore export-ignore +.gitkeep export-ignore + +# Treat all Go files in this repo as binary, with no git magic updating +# line endings. Windows users contributing to Go will need to use a +# modern version of git and editors capable of LF line endings. +*.go -text diff=golang + +# Terraform +*.tf text eol=lf +*.tfvars text eol=lf +*.hcl text eol=lf + +# Ignore files (like .npmignore or .gitignore) +*.*ignore text eol=lf diff --git a/.githooks/commit-msg.sh b/.githooks/commit-msg.sh new file mode 100755 index 0000000..bd89daf --- /dev/null +++ b/.githooks/commit-msg.sh @@ -0,0 +1,3 @@ +#!/bin/bash +# shellcheck disable=2312 +gommit check message "$(cat "$1")" diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 0000000..02d81cd --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1,5 @@ +# These owners will be the default owners for everything in +# the repo. Unless a later match takes precedence, +# @global-owner1 and @global-owner2 will be requested for +# review when someone opens a pull request. +* @skyzyx diff --git a/.github/dco.yml b/.github/dco.yml new file mode 100644 index 0000000..4fc52e8 --- /dev/null +++ b/.github/dco.yml @@ -0,0 +1,7 @@ +--- +# https://github.com/dcoapp/app +allowRemediationCommits: + individual: true + +require: + members: false diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..8152274 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,28 @@ +--- +# To get started with Dependabot version updates, you'll need to specify which +# package ecosystems to update and where the package manifests are located. +# Please see the documentation for all configuration options: +# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates + +version: 2 +updates: + # ---------------------------------------------------------------------------- + # goplicate-start:always + - package-ecosystem: docker + directory: /.devcontainer + schedule: + interval: daily + + - package-ecosystem: github-actions + directory: / + schedule: + interval: daily + # goplicate-end:always + + # ---------------------------------------------------------------------------- + # goplicate-start:go + - package-ecosystem: gomod # See documentation for possible values + directory: / # Location of package manifests + schedule: + interval: daily + # goplicate-end:go diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..cc859b5 --- /dev/null +++ b/.gitignore @@ -0,0 +1,43 @@ +# goplicate-start:always +_*.out +_*.txt +_/ +_cache_/* +.dccache +.private.env +*.cache.json +*.zip +dist/ +# goplicate-end:always + +# goplicate-start:go +*.pgo +*.pprof +*.test +callgrind.* +# goplicate-end:go + +# goplicate-start:terraform +.infracost +.terraform +.terraform.lock.hcl +.terraformrc +*_override.tf +*_override.tf.json +_provider.tf +*.tfstate* +**/.terraform/* +override.tf +override.tf.json +secrets.auto.tfvars +terraform +terraform.d/ +terraform.rc +tests/.test-data +tests/**/.test-data +tests/**/terraform.* +tests/**/terratest-* +tests/terraform.* +tests/terratest-* +tfplan +# goplicate-end:terraform diff --git a/.golangci.yml b/.golangci.yml new file mode 100644 index 0000000..948cfd7 --- /dev/null +++ b/.golangci.yml @@ -0,0 +1,1697 @@ +--- +# https://github.com/golangci/golangci-lint/blob/master/.golangci.reference.yml +# https://golangci-lint.run/jsonschema/golangci.jsonschema.json + +# goplicate-start:run +run: + # The default concurrency value is the number of available CPU. + # concurrency: 4 + + # timeout for analysis, e.g. 30s, 5m, default is 1m + timeout: 1m + + # exit code when at least one issue was found, default is 1 + issues-exit-code: 1 + + # include test files or not, default is true + tests: true + + # list of build tags, all linters use it. Default is empty list. + # build-tags: [] + + # If set we pass it to "go list -mod={option}". From "go help modules": + # If invoked with -mod=readonly, the go command is disallowed from the implicit + # automatic updating of go.mod described above. Instead, it fails when any changes + # to go.mod are needed. This setting is most useful to check that go.mod does + # not need updates, such as in a continuous integration and testing system. + # If invoked with -mod=vendor, the go command assumes that the vendor + # directory holds the correct copies of dependencies and ignores + # the dependency descriptions in go.mod. + # + # Allowed values: readonly|vendor|mod + # By default, it isn't set. + modules-download-mode: readonly + + # Allow multiple parallel golangci-lint instances running. + # If false (default) - golangci-lint acquires file lock on start. + allow-parallel-runners: true + + # Allow multiple golangci-lint instances running, but serialize them around a lock. + # If false, golangci-lint exits with an error if it fails to acquire file lock on start. + # Default: false + allow-serial-runners: true + + # Define the Go version limit. + # Mainly related to generics support since go1.18. + # Default: use Go version from the go.mod file, fallback on the env var `GOVERSION`, fallback on 1.18 + # go: "1.21" + +# goplicate-end:run + +# goplicate-start:severity +severity: + case-sensitive: false +# goplicate-end:severity + +# goplicate-start:linters +linters: + # please, do not use `enable-all`: it's deprecated and will be removed soon. + # inverted configuration with `enable-all` and `disable` is not scalable + # during updates of golangci-lint + disable-all: true + enable: + # - asasalint + # - bidichk + - copyloopvar + # - cyclop + - decorder + # - depguard + - dogsled + - dupl + - dupword + - errcheck + - errchkjson + - errorlint + - exhaustive + # - forbidigo + - funlen + # - ginkgolinter + - gocognit + - goconst + - gocritic + # - gocyclo + # - godot + - godox + - gofmt + - gofumpt + # - goheader + - goimports + # - gomoddirectives + # - gomodguard + - gosec + - gosimple + # - gosmopolitan + - govet + # - grouper + - importas + - interfacebloat + # - ireturn + - lll + # - loggercheck + - maintidx + - makezero + - misspell + - mnd + # - musttag + - nakedret + - nestif + - nilnil + - nlreturn + # - nolintlint + - nonamedreturns + - paralleltest + # - prealloc + # - predeclared + # - promlinter + # - reassign + # - revive: @TODO: Review and enable + # - rowserrcheck + - sloglint + - spancheck + - staticcheck + - stylecheck + - tagalign + - tagliatelle + # - tenv + # - testifylint + # - testpackage + - thelper + - unparam + - unused + - usestdlibvars + # - varnamelen + - whitespace + - wrapcheck + - wsl + +# goplicate-end:linters + +# goplicate-start:output +output: + # The formats used to render issues. + # Format: `colored-line-number`, `line-number`, `json`, `colored-tab`, `tab`, `checkstyle`, `code-climate`, `junit-xml`, `github-actions`, `teamcity` + # Output path can be either `stdout`, `stderr` or path to the file to write to. + # + # For the CLI flag (`--out-format`), multiple formats can be specified by separating them by comma. + # The output can be specified for each of them by separating format name and path by colon symbol. + # Example: "--out-format=checkstyle:report.xml,json:stdout,colored-line-number" + # The CLI flag (`--out-format`) override the configuration file. + # + # Default: + # formats: + # - format: colored-line-number + # path: stdout + formats: + - format: colored-line-number + path: stdout + + # Print lines of code with issue. + # Default: true + print-issued-lines: true + + # Print linter name in the end of issue text. + # Default: true + print-linter-name: true + + # Make issues output unique by line. + # Default: true + uniq-by-line: true + + # Add a prefix to the output file references. + # Default is no prefix. + path-prefix: '' + + # Sort results by the order defined in `sort-order`. + sort-results: true + + # Order to use when sorting results. + # Require `sort-results` to `true`. + # Possible values: `file`, `linter`, and `severity`. + # + # If the severity values are inside the following list, they are ordered in this order: + # 1. error + # 2. warning + # 3. high + # 4. medium + # 5. low + # Either they are sorted alphabetically. + # + # Default: ["file"] + sort-order: + - linter + - severity + - file # filepath, line, and column. + + # Show statistics per linter. + # Default: false + show-stats: true + +# goplicate-end:output + +linters-settings: + # goplicate-start:settings-asasalint + # asasalint: + # goplicate-end:settings-asasalint + + # goplicate-start:settings-bidichk + # bidichk: + # goplicate-end:settings-bidichk + + # goplicate-start:settings-copyloopvar + copyloopvar: + # If true, ignore aliasing of loop variables. + # Default: false + ignore-alias: false + # goplicate-end:settings-copyloopvar + + # goplicate-start:settings-cyclop + # cyclop: + # goplicate-end:settings-cyclop + + # goplicate-start:settings-decorder + decorder: + # Required order of `type`, `const`, `var` and `func` declarations inside a file. + # Default: types before constants before variables before functions. + dec-order: + - const + - var + - type + - func + + # If true, order of declarations is not checked at all. + # Default: true (disabled) + disable-dec-order-check: false + + # If true, `init` func can be anywhere in file (does not have to be declared before all other functions). + # Default: true (disabled) + disable-init-func-first-check: false + + # If true, multiple global `type`, `const` and `var` declarations are allowed. + # Default: true (disabled) + disable-dec-num-check: false + # goplicate-end:settings-decorder + + # goplicate-start:settings-depguard + # depguard: + # goplicate-end:settings-depguard + + # goplicate-start:settings-dogsled + dogsled: + # checks assignments with too many blank identifiers; default is 2 + max-blank-identifiers: 2 + # goplicate-end:settings-dogsled + + # goplicate-start:settings-dupl + dupl: + # tokens count to trigger issue, 150 by default + threshold: 100 + # goplicate-end:settings-dupl + + # goplicate-start:settings-dupword + dupword: + # Keywords for detecting duplicate words. + # If this list is not empty, only the words defined in this list will be detected. + # Default: [] + keywords: + - a + - an + - and + - of + - or + - the + - this + + # Keywords used to ignore detection. + # Default: [] + # ignore: [] + # goplicate-end:settings-dupword + + # goplicate-start:settings-errcheck + errcheck: + # report about not checking of errors in type assetions: `a := b.(MyStruct)`; + # default is false: such cases aren't reported by default. + check-type-assertions: true + + # report about assignment of errors to blank identifier: `num, _ := strconv.Atoi(numStr)`; + # default is false: such cases aren't reported by default. + check-blank: false + # goplicate-end:settings-errcheck + + # goplicate-start:settings-errchkjson + errchkjson: + # With check-error-free-encoding set to true, errchkjson does warn about + # errors from json encoding functions that are safe to be ignored, because + # they are not possible to happen. + # + # if check-error-free-encoding is set to true and errcheck linter is + # enabled, it is recommended to add the following exceptions to prevent from + # false positives: + # + # linters-settings: + # errcheck: + # exclude-functions: + # - encoding/json.Marshal + # - encoding/json.MarshalIndent + # + # Default: false + check-error-free-encoding: false + + # Issue on struct encoding that doesn't have exported fields. + # Default: false + report-no-exported: false + # goplicate-end:settings-errchkjson + + # goplicate-start:settings-errorlint + errorlint: + # Check whether fmt.Errorf uses the %w verb for formatting errors. + # See the https://github.com/polyfloyd/go-errorlint for caveats. + # Default: true + errorf: true + + # Check for plain type assertions and type switches. + # Default: true + asserts: true + + # Check for plain error comparisons. + # Default: true + comparison: true + # goplicate-end:settings-errorlint + + # goplicate-start:settings-exhaustive + exhaustive: + # Program elements to check for exhaustiveness. + # Default: [ switch ] + check: + - switch + - map + + # Check switch statements in generated files also. + # Default: false + check-generated: true + + # Presence of "default" case in switch statements satisfies exhaustiveness, + # even if all enum members are not listed. + # Default: false + default-signifies-exhaustive: true + + # Enum members matching the supplied regex do not have to be listed in + # switch statements to satisfy exhaustiveness. + # Default: "" + # ignore-enum-members: "Example.+" + + # Enum types matching the supplied regex do not have to be listed in + # switch statements to satisfy exhaustiveness. + # Default: "" + # ignore-enum-types: "Example.+" + + # Consider enums only in package scopes, not in inner scopes. + # Default: false + package-scope-only: false + + # Only run exhaustive check on switches with "//exhaustive:enforce" comment. + # Default: false + explicit-exhaustive-switch: false + + # Only run exhaustive check on map literals with "//exhaustive:enforce" comment. + # Default: false + explicit-exhaustive-map: false + # goplicate-end:settings-exhaustive + + # goplicate-start:settings-exhaustruct + exhaustruct: + # List of regular expressions to match struct packages and names. + # If this list is empty, all structs are tested. + # Default: [] + # include: [] + + # List of regular expressions to exclude struct packages and names from check. + # Default: [] + # exclude: [] + # goplicate-end:settings-exhaustruct + + # goplicate-start:settings-forbidigo + # forbidigo: + # goplicate-end:settings-forbidigo + + # goplicate-start:settings-funlen + funlen: + # Checks the number of lines in a function. + # If lower than 0, disable the check. + # Default: 60 + lines: -1 + + # Checks the number of statements in a function. + # If lower than 0, disable the check. + # Default: 40 + statements: -1 + + # Ignore comments when counting lines. + # Default false + ignore-comments: true + # goplicate-end:settings-funlen + + # goplicate-start:settings-ginkgolinter + # ginkgolinter: + # goplicate-end:settings-ginkgolinter + + # goplicate-start:settings-gocognit + gocognit: + # Minimal code complexity to report. + # Default: 30 (but we recommend 10-20) + min-complexity: 20 + # goplicate-end:settings-gocognit + + # goplicate-start:settings-goconst + goconst: + # Minimal length of string constant. + # Default: 3 + min-len: 80 + + # Minimum occurrences of constant string count to trigger issue. + # Default: 3 + min-occurrences: 3 + + # Ignore test files. + # Default: false + ignore-tests: false + + # Look for existing constants matching the values. + # Default: true + match-constant: true + + # Search also for duplicated numbers. + # Default: false + numbers: false + + # Minimum value, only works with goconst.numbers + # Default: 3 + # min: 3 + + # Maximum value, only works with goconst.numbers + # Default: 3 + # max: 3 + + # Ignore when constant is not used as function argument. + # Default: true + ignore-calls: true + # goplicate-end:settings-goconst + + # goplicate-start:settings-gocritic + gocritic: + # Disable all checks. + # Default: false + # disable-all: true + + # Which checks should be enabled in addition to default checks; can't be combined with 'disabled-checks'. + # By default, list of stable checks is used (https://go-critic.github.io/overview#checks-overview): + # appendAssign, argOrder, assignOp, badCall, badCond, captLocal, caseOrder, codegenComment, commentFormatting, + # defaultCaseOrder, deprecatedComment, dupArg, dupBranchBody, dupCase, dupSubExpr, elseif, exitAfterDefer, + # flagDeref, flagName, ifElseChain, mapKey, newDeref, offBy1, regexpMust, singleCaseSwitch, sloppyLen, + # sloppyTypeAssert, switchTrue, typeSwitchVar, underef, unlambda, unslice, valSwap, wrapperFunc + # To see which checks are enabled run `GL_DEBUG=gocritic golangci-lint run --enable=gocritic`. + # enabled-checks: + + # Enable all checks. + # Default: false + # enable-all: true + + # Enable multiple checks by tags, run `GL_DEBUG=gocritic golangci-lint run` to see all tags and checks. + # See https://github.com/go-critic/go-critic#usage -> section "Tags". + # Default: [] + enabled-tags: + - diagnostic + - experimental + - opinionated + - performance + - style + + # Settings passed to gocritic. + # The settings key is the name of a supported gocritic checker. + # The list of supported checkers can be find in https://go-critic.github.io/overview. + settings: + captLocal: + # Whether to restrict checker to params only. + # Default: true + paramsOnly: true + + elseif: + # Whether to skip balanced if-else pairs. + # Default: true + skipBalanced: true + + hugeParam: + # Size in bytes that makes the warning trigger. + # Default: 80 + sizeThreshold: 80 + + nestingReduce: + # Min number of statements inside a branch to trigger a warning. + # Default: 5 + bodyWidth: 5 + + rangeExprCopy: + # Size in bytes that makes the warning trigger. + # Default: 512 + sizeThreshold: 512 + + # Whether to check test functions + # Default: true + skipTestFuncs: true + + rangeValCopy: + # Size in bytes that makes the warning trigger. + # Default: 128 + sizeThreshold: 128 + + # Whether to check test functions. + # Default: true + skipTestFuncs: true + + ruleguard: + # Enable debug to identify which 'Where' condition was rejected. + # The value of the parameter is the name of a function in a ruleguard file. + # + # When a rule is evaluated: + # If: + # The Match() clause is accepted; and + # One of the conditions in the Where() clause is rejected, + # Then: + # ruleguard prints the specific Where() condition that was rejected. + # + # The flag is passed to the ruleguard 'debug-group' argument. + # Default: "" + # debug: '' + + # Determines the behavior when an error occurs while parsing ruleguard files. + # If flag is not set, log error and skip rule files that contain an error. + # If flag is set, the value must be a comma-separated list of error conditions. + # - 'all': fail on all errors. + # - 'import': ruleguard rule imports a package that cannot be found. + # - 'dsl': gorule file does not comply with the ruleguard DSL. + # Default: "" + # failOn: '' + + # Comma-separated list of file paths containing ruleguard rules. + # If a path is relative, it is relative to the directory where the golangci-lint command is executed. + # The special '${configDir}' variable is substituted with the absolute directory containing the golangci config file. + # Glob patterns such as 'rules-*.go' may be specified. + # Default: "" + # rules: '' + + # Comma-separated list of enabled groups or skip empty to enable everything. + # Tags can be defined with # character prefix. + # Default: "" + # enable: "myGroupName,#myTagName" + + # Comma-separated list of disabled groups or skip empty to enable everything. + # Tags can be defined with # character prefix. + # Default: "" + # disable: "myGroupName,#myTagName" + + tooManyResultsChecker: + # Maximum number of results. + # Default: 5 + maxResults: 20 + + truncateCmp: + # Whether to skip int/uint/uintptr types. + # Default: true + skipArchDependent: true + + underef: + # Whether to skip (*x).method() calls where x is a pointer receiver. + # Default: true + skipRecvDeref: true + + unnamedResult: + # Whether to check exported functions. + # Default: false + checkExported: false + # goplicate-end:settings-gocritic + + # goplicate-start:settings-gocyclo + # gocyclo: + # goplicate-end:settings-gocyclo + + # goplicate-start:settings-godot + # godot: + # goplicate-end:settings-godot + + # goplicate-start:settings-godox + godox: + # report any comments starting with keywords, this is useful for TODO or + # FIXME comments that might be left in the code accidentally and should be + # resolved before merging + keywords: + - BUG + - FIXME + - HACK + - NOTE + - OPTIMIZE + - TODO + - '@TODO' + # goplicate-end:settings-godox + + # goplicate-start:settings-gofmt + gofmt: + # Simplify code: gofmt with `-s` option. + # Default: true + simplify: true + + # Apply the rewrite rules to the source before reformatting. + # https://pkg.go.dev/cmd/gofmt + # Default: [] + rewrite-rules: + - pattern: interface{} + replacement: any + - pattern: a[b:len(a)] + replacement: a[b:] + # goplicate-end:settings-gofmt + + # goplicate-start:settings-gofumpt + # gofumpt: + # # Module path which contains the source code being formatted. + # # Default: "" + # # module-path: github.com/org/project + + # # Choose whether to use the extra rules. + # # Default: false + # extra-rules: true + # goplicate-end:settings-gofumpt + + # goplicate-start:settings-goheader + # goheader: + # goplicate-end:settings-goheader + + # goplicate-start:settings-goimports + goimports: + # A comma-separated list of prefixes, which, if set, checks import paths + # with the given prefixes are grouped after 3rd-party packages. + # Default: "" + local-prefixes: github.com/northwood-labs/ + # goplicate-end:settings-goimports + + # goplicate-start:settings-mnd + mnd: + # List of enabled checks, see https://github.com/tommy-muehle/go-mnd/#checks for description. + # Default: ["argument", "case", "condition", "operation", "return", "assign"] + checks: + - argument + - case + - condition + - operation + - return + - assign + + # List of numbers to exclude from analysis. + # The numbers should be written as string. + # Values always ignored: "1", "1.0", "0" and "0.0" + # Default: [] + ignored-numbers: + - '0666' + - '0755' + + # List of file patterns to exclude from analysis. + # Values always ignored: `.+_test.go` + # Default: [] + # ignored-files: + # - 'magic1_.+\.go$' + + # List of function patterns to exclude from analysis. + # Following functions are always ignored: `time.Date`, + # `strconv.FormatInt`, `strconv.FormatUint`, `strconv.FormatFloat`, + # `strconv.ParseInt`, `strconv.ParseUint`, `strconv.ParseFloat`. + # Default: [] + # ignored-functions: + # - '^math\.' + # - '^http\.StatusText$' + # goplicate-end:settings-mnd + + # goplicate-start:settings-gomoddirectives + # gomoddirectives: + # goplicate-end:settings-gomoddirectives + + # goplicate-start:settings-gomodguard + # gomodguard: + # goplicate-end:settings-gomodguard + + # goplicate-start:settings-gosimple + gosimple: + # Sxxxx checks in https://staticcheck.io/docs/configuration/options/#checks + # Default: ["*"] + checks: ['*'] + # goplicate-end:settings-gosimple + + # goplicate-start:settings-gosec + gosec: + # To select a subset of rules to run. + # Available rules: https://github.com/securego/gosec#available-rules + # Default: [] - means include all rules + # includes: + + # To specify a set of rules to explicitly exclude. + # Available rules: https://github.com/securego/gosec#available-rules + # Default: [] + # excludes: + + # Exclude generated files + # Default: false + exclude-generated: true + + # Filter out the issues with a lower severity than the given value. + # Valid options are: low, medium, high. + # Default: low + severity: low + + # Filter out the issues with a lower confidence than the given value. + # Valid options are: low, medium, high. + # Default: low + confidence: medium + + # Concurrency value. + # Default: the number of logical CPUs usable by the current process. + # concurrency: 12 + + # To specify the configuration of rules. + config: + # Globals are applicable to all rules. + global: + # If true, ignore #nosec in comments (and an alternative as well). + # Default: false + nosec: false + + # Add an alternative comment prefix to #nosec (both will work at the same time). + # Default: "" + # "#nosec": "#my-custom-nosec" + + # Define whether nosec issues are counted as finding or not. + # Default: false + show-ignored: false + + # Audit mode enables addition checks that for normal code analysis might be too nosy. + # Default: false + audit: true + + G101: + # Regexp pattern for variables and constants to find. + # Default: "(?i)passwd|pass|password|pwd|secret|token|pw|apiKey|bearer|cred" + # pattern: "(?i)example" + + # If true, complain about all cases (even with low entropy). + # Default: false + ignore_entropy: false + + # Maximum allowed entropy of the string. + # Default: "80.0" + entropy_threshold: '80.0' + + # Maximum allowed value of entropy/string length. + # Is taken into account if entropy >= entropy_threshold/2. + # Default: "3.0" + per_char_threshold: '3.0' + + # Calculate entropy for first N chars of the string. + # Default: "16" + truncate: '16' + + # Additional functions to ignore while checking unhandled errors. + # Following functions always ignored: + # bytes.Buffer: + # - Write + # - WriteByte + # - WriteRune + # - WriteString + # fmt: + # - Print + # - Printf + # - Println + # - Fprint + # - Fprintf + # - Fprintln + # strings.Builder: + # - Write + # - WriteByte + # - WriteRune + # - WriteString + # io.PipeWriter: + # - CloseWithError + # hash.Hash: + # - Write + # os: + # - Unsetenv + # Default: {} + G104: + fmt: + - Fscanf + + G111: + # Regexp pattern to find potential directory traversal. + # Default: "http\\.Dir\\(\"\\/\"\\)|http\\.Dir\\('\\/'\\)" + pattern: custom\.Dir\(\) + + # Maximum allowed permissions mode for os.Mkdir and os.MkdirAll + # Default: "0750" + G301: '0750' + + # Maximum allowed permissions mode for os.OpenFile and os.Chmod + # Default: "0600" + G302: '0600' + + # Maximum allowed permissions mode for os.WriteFile and ioutil.WriteFile + # Default: "0666" + G306: '0666' + # goplicate-end:settings-gosec + + # goplicate-start:settings-gosmopolitan + # gosmopolitan: + # goplicate-end:settings-gosmopolitan + + # goplicate-start:settings-govet + govet: + # Enable analyzers by name. + # (in addition to default: + # appends, asmdecl, assign, atomic, bools, buildtag, cgocall, composites, copylocks, defers, directive, errorsas, + # framepointer, httpresponse, ifaceassert, loopclosure, lostcancel, nilfunc, printf, shift, sigchanyzer, slog, + # stdmethods, stringintconv, structtag, testinggoroutine, tests, timeformat, unmarshal, unreachable, unsafeptr, + # unusedresult + # ). + # Run `go tool vet help` to see all analyzers. + # Default: [] + enable: + - appends + - asmdecl + - assign + - atomic + - atomicalign + - bools + - buildtag + - cgocall + - composites + - copylocks + - deepequalerrors + - defers + - directive + - errorsas + - fieldalignment + - findcall + - framepointer + - httpresponse + - ifaceassert + - loopclosure + - lostcancel + - nilfunc + - nilness + - printf + - reflectvaluecompare + - shadow + - shift + - sigchanyzer + - slog + - sortslice + - stdmethods + - stringintconv + - structtag + - testinggoroutine + - tests + - unmarshal + - unreachable + - unsafeptr + - unusedresult + - unusedwrite + + # settings per analyzer + # run `go tool vet help` to see all analyzers + # run `go tool vet help printf` to see available settings for `printf` analyzer + # fieldalignment? + settings: + asmdecl: {} + assign: {} + atomic: {} + bools: {} + buildtag: {} + composites: + whitelist: true + copylocks: {} + # errorsas: {} + loopclosure: {} + lostcancel: {} + nilfunc: {} + printf: + funcs: true + shift: {} + stdmethods: {} + structtag: {} + unmarshal: {} + unreachable: {} + unsafeptr: {} + unusedresult: + funcs: true + stringmethods: true + # goplicate-end:settings-govet + + # goplicate-start:settings-grouper + # grouper: + # goplicate-end:settings-grouper + + # goplicate-start:settings-importas + importas: + # Do not allow unaliased imports of aliased packages. + # Default: false + no-unaliased: true + + # Do not allow non-required aliases. + # Default: false + no-extra-aliases: false + + # List of aliases + # Default: [] + # alias: + # [] + # # Using `servingv1` alias for `knative.dev/serving/pkg/apis/serving/v1` package. + # - pkg: knative.dev/serving/pkg/apis/serving/v1 + # alias: servingv1 + + # # You can specify the package path by regular expression, + # # and alias by regular expression expansion syntax like below. + # # see https://github.com/julz/importas#use-regular-expression for details + # - pkg: knative.dev/serving/pkg/apis/(\w+)/(v[\w\d]+) + # alias: $1$2 + # goplicate-end:settings-importas + + # goplicate-start:settings-interfacebloat + interfacebloat: + # The maximum number of methods allowed for an interface. + # Default: 10 + max: 10 + # goplicate-end:settings-interfacebloat + + # goplicate-start:settings-ireturn + # ireturn: + # goplicate-end:settings-ireturn + + # goplicate-start:settings-lll + lll: + # max line length, lines longer will be reported. Default is 120. '\t' is counted as 1 character + # by default, and can be changed with the tab-width option + line-length: 120 + + # tab width in spaces. Default to 1. + tab-width: 1 + # goplicate-end:settings-lll + + # goplicate-start:settings-loggercheck + # loggercheck: + # goplicate-end:settings-loggercheck + + # goplicate-start:settings-maintidx + maintidx: + # Show functions with maintainability index lower than N. A high index indicates better + # maintainability (it's kind of the opposite of complexity). + # Default: 20 + under: 20 + # goplicate-end:settings-maintidx + + # goplicate-start:settings-makezero + makezero: + # Allow only slices initialized with a length of zero. + # Default: false + always: false + # goplicate-end:settings-makezero + + # goplicate-start:settings-misspell + misspell: + # Correct spellings using locale preferences for US or UK. + # Setting locale to US will correct the British spelling of 'colour' to 'color'. + # Default is to use a neutral variety of English. + locale: US + + # Default: [] + # Typos to ignore. + # Should be in lower case. + # ignore-words: + # - someword + + # Extra word corrections. + # `typo` and `correction` should only contain letters. + # The words are case-insensitive. + # Default: [] + extra-words: + - typo: 'iff' + correction: 'if' + - typo: 'cancelation' + correction: 'cancellation' + # goplicate-end:settings-misspell + + # goplicate-start:settings-musttag + # musttag: + # goplicate-end:settings-musttag + + # goplicate-start:settings-nakedret + nakedret: + # make an issue if func has more lines of code than this setting and it has naked returns; + # default is 30 + max-func-lines: 30 + # goplicate-end:settings-nakedret + + # goplicate-start:settings-nestif + nestif: + min-complexity: 10 + # goplicate-end:settings-nestif + + # goplicate-start:settings-nilnil + nilnil: + # Checks that there is no simultaneous return of `nil` error and an invalid value. + # Default: ["ptr", "func", "iface", "map", "chan"] + checked-types: + - ptr + - func + - iface + - map + - chan + # goplicate-end:settings-nilnil + + # goplicate-start:settings-nlreturn + nlreturn: + # Size of the block (including return statement that is still "OK") + # so no return split required. + # Default: 1 + block-size: 2 + # goplicate-end:settings-nlreturn + + # goplicate-start:settings-nolintlint + # nolintlint: + # goplicate-end:settings-nolintlint + + # goplicate-start:settings-nonamedreturns + nonamedreturns: + # Report named error if it is assigned inside defer. + # Default: false + report-error-in-defer: false + # goplicate-end:settings-nonamedreturns + + # goplicate-start:settings-paralleltest + paralleltest: + # Ignore missing calls to `t.Parallel()` and only report incorrect uses of it. + # Default: false + ignore-missing: true + + # Ignore missing calls to `t.Parallel()` in subtests. Top-level tests are + # still required to have `t.Parallel`, but subtests are allowed to skip it. + # Default: false + ignore-missing-subtests: true + # goplicate-end:settings-paralleltest + + # goplicate-start:settings-perfsprint + perfsprint: + # Optimizes even if it requires an int or uint type cast. + # Default: true + int-conversion: true + + # Optimizes into `err.Error()` even if it is only equivalent for non-nil errors. + # Default: false + err-error: false + + # Optimizes `fmt.Errorf`. + # Default: true + errorf: true + + # Optimizes `fmt.Sprintf` with only one argument. + # Default: true + sprintf1: true + + # Optimizes into strings concatenation. + # Default: true + strconcat: true + # goplicate-end:settings-perfsprint + + # goplicate-start:settings-prealloc + # prealloc: + # goplicate-end:settings-prealloc + + # goplicate-start:settings-predeclared + # predeclared: + # goplicate-end:settings-predeclared + + # goplicate-start:settings-promlinter + # promlinter: + # goplicate-end:settings-promlinter + + # goplicate-start:settings-reassign + # reassign: + # goplicate-end:settings-reassign + + # goplicate-start:settings-revive + # revive: @TODO: Review and enable. + # goplicate-end:settings-revive + + # goplicate-start:settings-rowserrcheck + # rowserrcheck: + # goplicate-end:settings-rowserrcheck + + # goplicate-start:settings-sloglint + sloglint: + # See also https://github.com/go-simpler/sloggen + + # Enforce using key-value pairs only (incompatible with attr-only). + # Default: false + kv-only: true + + # Enforce using attributes only (incompatible with kv-only). + # Default: false + attr-only: false + + # Enforce using constants instead of raw keys. + # Default: false + no-raw-keys: true + + # Enforce putting arguments on separate lines. + # Default: false + args-on-sep-lines: false + # goplicate-end:settings-sloglint + + # goplicate-start:settings-spancheck + spancheck: + # Checks to enable. + # Options include: + # - `end`: check that `span.End()` is called + # - `record-error`: check that `span.RecordError(err)` is called when an error is returned + # - `set-status`: check that `span.SetStatus(codes.Error, msg)` is called when an error is returned + # Default: ["end"] + # checks: + # - end + # - record-error + # - set-status + + # A list of regexes for function signatures that silence `record-error` and `set-status` reports + # if found in the call path to a returned error. + # https://github.com/jjti/go-spancheck#ignore-check-signatures + # Default: [] + # ignore-check-signatures: + # - "telemetry.RecordError" + # goplicate-end:settings-spancheck + + # goplicate-start:settings-staticcheck + staticcheck: + # https://staticcheck.io/docs/options#checks + # https://staticcheck.io/docs/checks/ + # Default: ["*"] + checks: ['*'] + # goplicate-end:settings-staticcheck + + # goplicate-start:settings-stylecheck + stylecheck: + # STxxxx checks in https://staticcheck.io/docs/configuration/options/#checks + # Default: ["*"] + checks: ['*'] + + # https://staticcheck.io/docs/configuration/options/#dot_import_whitelist + # Default: ["github.com/mmcloughlin/avo/build", "github.com/mmcloughlin/avo/operand", "github.com/mmcloughlin/avo/reg"] + # dot-import-whitelist: + # - fmt + + # https://staticcheck.io/docs/configuration/options/#initialisms + # Default: ["ACL", "API", "ASCII", "CPU", "CSS", "DNS", "EOF", "GUID", "HTML", "HTTP", "HTTPS", "ID", "IP", "JSON", "QPS", "RAM", "RPC", "SLA", "SMTP", "SQL", "SSH", "TCP", "TLS", "TTL", "UDP", "UI", "GID", "UID", "UUID", "URI", "URL", "UTF8", "VM", "XML", "XMPP", "XSRF", "XSS", "SIP", "RTP", "AMQP", "DB", "TS"] + # initialisms: + + # https://staticcheck.io/docs/configuration/options/#http_status_code_whitelist + # Default: ["200", "400", "404", "500"] + # http-status-code-whitelist: [ "200", "400", "404", "500" ] + # goplicate-end:settings-stylecheck + + # goplicate-start:settings-tagalign + tagalign: + # Align and sort can be used together or separately. + # + # Whether enable align. If true, the struct tags will be aligned. + # eg: + # type FooBar struct { + # Bar string `json:"bar" validate:"required"` + # FooFoo int8 `json:"foo_foo" validate:"required"` + # } + # will be formatted to: + # type FooBar struct { + # Bar string `json:"bar" validate:"required"` + # FooFoo int8 `json:"foo_foo" validate:"required"` + # } + # Default: true. + align: true + + # Whether enable tags sort. + # If true, the tags will be sorted by name in ascending order. + # eg: `xml:"bar" json:"bar" validate:"required"` -> `json:"bar" validate:"required" xml:"bar"` + # Default: true + sort: true + + # Specify the order of tags, the other tags will be sorted by name. + # This option will be ignored if `sort` is false. + # Default: [] + # order: + + # Whether enable strict style. + # In this style, the tags will be sorted and aligned in the dictionary order, + # and the tags with the same name will be aligned together. + # Note: This option will be ignored if 'align' or 'sort' is false. + # Default: false + strict: true + # goplicate-end:settings-tagalign + + # goplicate-start:settings-tagliatelle + tagliatelle: + # Check the struct tag name case. + case: + # Use the struct field name to check the name of the struct tag. + # Default: false + use-field-name: false + + # `camel` is used for `json` and `yaml`, and `header` is used for `header` (can be overridden) + # Default: {} + rules: + # Any struct tag type can be used. + # Support string case: `camel`, `pascal`, `kebab`, `snake`, `upperSnake`, `goCamel`, `goPascal`, `goKebab`, `goSnake`, `upper`, `lower`, `header` + avro: snake + bson: camel + env: upperSnake + envconfig: upperSnake + ini: snake + json: camel + mapstructure: kebab + toml: snake + xml: camel + yaml: camel + # goplicate-end:settings-tagliatelle + + # goplicate-start:settings-tenv + # tenv: + # goplicate-end:settings-tenv + + # goplicate-start:settings-testifylint + # testifylint: + # goplicate-end:settings-testifylint + + # goplicate-start:settings-testpackage + # testpackage: + # goplicate-end:settings-testpackage + + # goplicate-start:settings-thelper + thelper: + test: + # Check *testing.T is first param (or after context.Context) of helper function. + # Default: true + first: true + + # Check *testing.T param has name t. + # Default: true + name: true + + # Check t.Helper() begins helper function. + # Default: true + begin: true + + benchmark: + # Check *testing.B is first param (or after context.Context) of helper function. + # Default: true + first: true + + # Check *testing.B param has name b. + # Default: true + name: true + + # Check b.Helper() begins helper function. + # Default: true + begin: true + + tb: + # Check *testing.TB is first param (or after context.Context) of helper function. + # Default: true + first: true + + # Check *testing.TB param has name tb. + # Default: true + name: true + + # Check tb.Helper() begins helper function. + # Default: true + begin: true + + fuzz: + # Check *testing.F is first param (or after context.Context) of helper function. + # Default: true + first: true + + # Check *testing.F param has name f. + # Default: true + name: true + + # Check f.Helper() begins helper function. + # Default: true + begin: true + # goplicate-end:settings-thelper + + # goplicate-start:settings-usestdlibvars + usestdlibvars: + # Suggest the use of http.MethodXX. + # Default: true + http-method: true + + # Suggest the use of http.StatusXX. + # Default: true + http-status-code: true + + # Suggest the use of time.Weekday.String(). + # Default: true + time-weekday: true + + # Suggest the use of time.Month.String(). + # Default: false + time-month: false + + # Suggest the use of time.Layout. + # Default: false + time-layout: false + + # Suggest the use of crypto.Hash.String(). + # Default: false + crypto-hash: false + + # Suggest the use of rpc.DefaultXXPath. + # Default: false + default-rpc-path: false + + # Suggest the use of sql.LevelXX.String(). + # Default: false + sql-isolation-level: false + + # Suggest the use of tls.SignatureScheme.String(). + # Default: false + tls-signature-scheme: false + + # Suggest the use of constant.Kind.String(). + # Default: false + constant-kind: false + # goplicate-end:settings-usestdlibvars + + # goplicate-start:settings-unconvert + unconvert: + # Remove conversions that force intermediate rounding. + # Default: false + fast-math: false + + # Be more conservative (experimental). + # Default: false + safe: false + # goplicate-end:settings-unconvert + + # goplicate-start:settings-unparam + unparam: + # Inspect exported functions. + # + # Set to true if no external program/library imports your code. + # XXX: if you enable this setting, unparam will report a lot of false-positives in text editors: + # if it's called for subdir of a project it can't find external interfaces. All text editor integrations + # with golangci-lint call it on a directory with the changed file. + # + # Default: false + check-exported: false + # goplicate-end:settings-unparam + + # goplicate-start:settings-unused + unused: + # Mark all struct fields that have been written to as used. + # Default: true + field-writes-are-uses: true + + # Treat IncDec statement (e.g. `i++` or `i--`) as both read and write operation instead of just write. + # Default: false + post-statements-are-reads: false + + # Mark all exported identifiers as used. + # Default: true + exported-is-used: true + + # Mark all exported fields as used. + # default: true + exported-fields-are-used: true + + # Mark all function parameters as used. + # default: true + parameters-are-used: true + + # Mark all local variables as used. + # default: true + local-variables-are-used: true + + # Mark all identifiers inside generated files as used. + # Default: true + generated-is-used: true + # goplicate-end:settings-unused + + # goplicate-start:settings-varnamelen + # varnamelen: + # goplicate-end:settings-varnamelen + + # goplicate-start:settings-whitespace + whitespace: + # Enforces newlines (or comments) after every multi-line if statement. + # Default: false + multi-if: false + + # Enforces newlines (or comments) after every multi-line function signature. + # Default: false + multi-func: false + # goplicate-end:settings-whitespace + + # goplicate-start:settings-wrapcheck + wrapcheck: + # An array of strings that specify substrings of signatures to ignore. + # If this set, it will override the default set of ignored signatures. + # See https://github.com/tomarrell/wrapcheck#configuration for more information. + # Default: [".Errorf(", "errors.New(", "errors.Unwrap(", ".Wrap(", ".Wrapf(", ".WithMessage(", ".WithMessagef(", ".WithStack("] + ignoreSigs: + - .Errorf( + - errors.New( + - errors.Unwrap( + - errors.Join( + - .Wrap( + - .Wrapf( + - .WithMessage( + - .WithMessagef( + - .WithStack( + + # An array of strings that specify regular expressions of signatures to ignore. + # Default: [] + # ignoreSigRegexps: + # - \.New.*Error\( + + # An array of strings that specify globs of packages to ignore. + # Default: [] + # ignorePackageGlobs: + # - encoding/* + # - github.com/pkg/* + + # An array of strings that specify regular expressions of interfaces to ignore. + # Default: [] + # ignoreInterfaceRegexps: + # - ^(?i)c(?-i)ach(ing|e) + # goplicate-end:settings-wrapcheck + + # goplicate-start:settings-wsl + wsl: + # See https://github.com/bombsimon/wsl/blob/master/doc/configuration.md for documentation of available settings. + # These are the defaults for `golangci-lint`. + + # Allows assignments to be cuddled with anything. + allow-assign-and-anything: false + + # Allows assignments to be cuddled with variables used in calls on + # line above and calls to be cuddled with assignments of variables + # used in call on line above. + allow-assign-and-call: true + + # Allow multiple var/declaration statements to be cuddled. + allow-cuddle-declarations: false + + # A list of call idents that everything can be cuddled with. + # Defaults to calls looking like locks. + allow-cuddle-with-calls: [Lock, RLock] + + # AllowCuddleWithRHS is a list of right hand side variables that is allowed + # to be cuddled with anything. Defaults to assignments or calls looking + # like unlocks. + allow-cuddle-with-rhs: [Unlock, RUnlock] + + # Allows cuddling to assignments even if they span over multiple lines. + allow-multiline-assign: true + + # Allow multiple comments in the beginning of a block separated with newline. + allow-separated-leading-comment: true + + # Allow blocks to end with comments. + allow-trailing-comment: false + + # When force-err-cuddling is enabled this is a list of names + # used for error variables to check for in the conditional. + error-variable-names: [err] + + # If the number of lines in a case block is equal to or lager than this + # number, the case *must* end white a newline. + force-case-trailing-whitespace: 0 + + # Causes an error when an If statement that checks an error variable doesn't + # cuddle with the assignment of that variable. + force-err-cuddling: false + + # Causes an error if a short declaration (:=) cuddles with anything other than + # another short declaration. + # This logic overrides force-err-cuddling among others. + force-short-decl-cuddling: false + + # Do strict checking when assigning from append (x = append(x, y)). If + # this is set to true - the append call must append either a variable + # assigned, called or used on the line above. + strict-append: true + # goplicate-end:settings-wsl + +# goplicate-start:issues +issues: + # List of regexps of issue texts to exclude, empty list by default. But independently from this + # option we use default exclude patterns, it can be disabled by `exclude-use-default: false`. To + # list all excluded by default patterns execute `golangci-lint run --help` + # exclude: + + # If set to true exclude and exclude-rules regular expressions become case-sensitive. + # Default: false + exclude-case-sensitive: false + + # Independently from option `exclude` we use default exclude patterns, it can be disabled by this + # option. To list all excluded by default patterns execute `golangci-lint run --help`. Default + # value for this option is true. + exclude-use-default: false + + # Which dirs to exclude: issues from them won't be reported. + # Can use regexp here: `generated.*`, regexp is applied on full path, + # including the path prefix if one is set. + # Default dirs are skipped independently of this option's value (see exclude-dirs-use-default). + # "/" will be replaced by current OS file path separator to properly work on Windows. + # Default: [] + # exclude-dirs: + # - src/external_libs + # - autogenerated_by_my_lib + + # Enables exclude of directories: + # - vendor$, third_party$, testdata$, examples$, Godeps$, builtin$ + # Default: true + exclude-dirs-use-default: false + + # Which files to exclude: they will be analyzed, but issues from them won't be reported. + # There is no need to include all autogenerated files, + # we confidently recognize autogenerated files. + # If it's not, please let us know. + # "/" will be replaced by current OS file path separator to properly work on Windows. + # Default: [] + # exclude-files: + # - ".*\\.my\\.go$" + # - lib/bad.go + + # To follow strictly the Go generated file convention. + # + # If set to true, source files that have lines matching only the following regular expression will be excluded: + # `^// Code generated .* DO NOT EDIT\.$` + # This line must appear before the first non-comment, non-blank text in the file. + # https://go.dev/s/generatedcode + # + # By default, a lax pattern is applied: + # sources are excluded if they contain lines `autogenerated file`, `code generated`, `do not edit`, etc. + # Default: false + exclude-generated-strict: false + + # Fix found issues (if it's supported by the linter). + fix: false + + # Maximum issues count per one linter. Set to 0 to disable. Default is 50. + max-issues-per-linter: 0 + + # Maximum count of issues with the same text. Set to 0 to disable. Default is 3. + max-same-issues: 0 + + # Show only new issues: if there are unstaged changes or untracked files, only those changes are + # analyzed, else only changes in HEAD~ are analyzed. It's a super-useful option for integration of + # golangci-lint into existing large codebase. It's not practical to fix all existing issues at the + # moment of integration: much better don't allow issues in new code. Default is false. + new: false + + # Show only new issues created after git revision `REV` + # new-from-rev: REV + + # Show only new issues created in git patch with set file path. + # new-from-patch: path/to/patch/file + + # Excluding configuration per-path, per-linter, per-text and per-source + exclude-rules: + # Exclude some linters from running on tests files. + - linters: + - lll + source: lint:ignore_length + + - linters: + - gosec + source: lint:allow_666 + + - linters: + - gosec + source: lint:allow_possible_insecure + + - linters: + - unparam + source: lint:allow_param + + - linters: + - mnd + source: lint:allow_raw_number + + - text: 'commentedOutCode: may want to remove commented-out code' + linters: + - gocritic + source: lint:allow_commented + + - linters: + - nestif + source: lint:allow_nesting + + - linters: + - dupl + source: lint:no_dupe + + - linters: + - goerr113 + source: lint:allow_errorf + + - linters: + - wrapcheck + source: lint:allow_unwrapped_errors + + - text: (SA1019|G402) + linters: + - staticcheck + - gosec + source: lint:allow_tls_min_version + + - text: (returns interface) + linters: + - ireturn + source: lint:allow_return_interface + + - text: (G101) + linters: + - gosec + source: lint:not_a_secret + + - text: (G104) + linters: + - gosec + source: lint:allow_unhandled + + - text: (G404) + linters: + - gosec + source: lint:not_crypto + + - text: (error-strings) + linters: + - revive + source: lint:allow_human_errors + + - text: (hugeParam) + linters: + - gocritic + source: lint:allow_large_memory + + - linters: + - tagliatelle + - gofumpt + source: lint:allow_format + + - text: (is unused) + linters: + - unused + source: lint:allow_unused + + - text: (is a program, not an importable package) + linters: + - typecheck + source: lint:allow_importable_program + + - text: (don't use `init` function) + linters: + - gochecknoinits + source: lint:allow_init + + - text: (cuddle) + linters: + - wsl + source: lint:allow_cuddle + + - text: (ST1000) + linters: + - stylecheck + source: lint:allow_no_pkg_comment + + - text: (cognitive complexity) + linters: + - gocognit + source: lint:allow_complexity + + - text: (make it a constant) + linters: + - goconst + source: lint:no_const +# goplicate-end:issues diff --git a/.gommit.toml b/.gommit.toml new file mode 100644 index 0000000..d57b1c3 --- /dev/null +++ b/.gommit.toml @@ -0,0 +1,19 @@ +[config] +exclude-merge-commits = true +check-summary-length = true +summary-length = 80 + +[matchers] +all = "(?:build|ci|deps|docs|feat|fix|lint|perf|refactor|relprep|style|test)(?:\\([^\\)]*\\))?: (?:.+)" + +[examples] +a_simple_commit = """ +[build|ci|deps|docs|feat|fix|lint|perf|refactor|relprep|style|test](module): A commit message +""" +an_extended_commit = """ +[build|ci|deps|docs|feat|fix|lint|perf|refactor|relprep|style|test](module): A commit message + +* first line +* second line +* and so on... +""" diff --git a/.goplicate.yaml b/.goplicate.yaml new file mode 100644 index 0000000..11ba9c2 --- /dev/null +++ b/.goplicate.yaml @@ -0,0 +1,69 @@ +--- +# A .goplicate.yaml configuration file that tells goplicate +# which "target" files to sync, where to take the "source" +# configurations from, and how to fill parameter values. + +sync-config: + path: .goplicate.yaml + source: + repository: /tmp/terraform-makefile + path: updates/.goplicate.yaml + +targets: + # goplicate-start:file + - path: .github/dependabot.yml + source: + repository: /tmp/terraform-makefile + path: updates/.github/dependabot.yml + sync-initial: true + + - path: .gitignore + source: + repository: /tmp/terraform-makefile + path: updates/.gitignore + sync-initial: true + + - path: .pre-commit-config.yaml + source: + repository: /tmp/terraform-makefile + path: updates/.pre-commit-config.yaml + sync-initial: true + + - path: .vscode/extensions.json + source: + repository: /tmp/terraform-makefile + path: updates/.vscode/extensions.tmpl.jsonc + sync-initial: true + + - path: .vscode/settings.json + source: + repository: /tmp/terraform-makefile + path: updates/.vscode/settings.tmpl.jsonc + sync-initial: true + + - path: cliff.toml + source: + repository: /tmp/terraform-makefile + path: updates/cliff.tmpl.toml + sync-initial: true + + - path: ecrc.toml + source: + repository: /tmp/terraform-makefile + path: updates/ecrc.toml + sync-initial: true + + - path: SECURITY.md + source: + repository: /tmp/terraform-makefile + path: updates/SECURITY.md + sync-initial: true + # goplicate-end:file + + # goplicate-start:go + - path: .golangci.yml + source: + repository: /tmp/terraform-makefile + path: updates/go/.golangci.yml + sync-initial: false + # goplicate-end:go diff --git a/.licensei.toml b/.licensei.toml new file mode 100644 index 0000000..5aa9c57 --- /dev/null +++ b/.licensei.toml @@ -0,0 +1,15 @@ +[header] +template = """// Copyright 2023-2024, Northwood Labs +// Copyright 2023-2024, Ryan Parman +// +// Licensed under the Apache License, Version 2.0 (the \"License\"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an \"AS IS\" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License.""" diff --git a/.mailmap b/.mailmap new file mode 100644 index 0000000..4012d4c --- /dev/null +++ b/.mailmap @@ -0,0 +1,25 @@ +# This file allows mapping several author and committer email addresses and +# names to a single canonical one for `git shortlog`, `git log --author`, +# or `git check-mailmap`. +# +# For example, if you commit as `random.person@example.com` but sometimes use +# "Rañdom Person" and sometimes "Random Person" as name and you want the former +# to be your canonical name, add +# +# Rañdom Person +# +# If you commit as both `random.person@example.com` and `ranp@example.com` and +# you want the former to be your canonical email address, add +# +# +# +# Combinations of both are possible too, see +# https://git-scm.com/docs/gitmailmap for format details. +# +# You can commit changes for your own names and email addresses without review. +# If you want to add entries for other people, please have them review the +# addition. +# +# Please keep this file sorted. + +Ryan Parman diff --git a/.markdownlint.base.jsonc b/.markdownlint.base.jsonc new file mode 100644 index 0000000..5da4a46 --- /dev/null +++ b/.markdownlint.base.jsonc @@ -0,0 +1,256 @@ +// Original: +// https://github.com/DavidAnson/markdownlint/blob/main/schema/.markdownlint.jsonc +// +// Definitions: +// https://github.com/DavidAnson/markdownlint/tree/main/doc +{ + // Default state for all rules + "default": true, + + // Path to configuration file to extend + "extends": null, + + // MD001 + "heading-increment": true, + + // MD003 + "heading-style": { + "style": "atx" + }, + + // MD004 + "ul-style": { + "style": "asterisk" + }, + + // MD005 + "list-indent": true, + + // MD007 + "ul-indent": { + "indent": 2, + "start_indented": false + }, + + // MD009 + "no-trailing-spaces": { + "br_spaces": 2, + "list_item_empty_lines": false + }, + + // MD010 + "no-hard-tabs": { + "code_blocks": true, + "ignore_code_languages": [], + "spaces_per_tab": 4 + }, + + // MD011 + "no-reversed-links": true, + + // MD012 + "no-multiple-blanks": { + "maximum": 1 + }, + + // MD013 + "line-length": { + "line_length": 10000, + "code_block_line_length": 120, + "code_blocks": false, + "heading_line_length": 80, + "headings": true, + "stern": false, + "strict": false, + "tables": false + }, + + // MD014 + "commands-show-output": false, + + // MD018 + "no-missing-space-atx": true, + + // MD019 + "no-multiple-space-atx": true, + + // MD020 + "no-missing-space-closed-atx": true, + + // MD021 + "no-multiple-space-closed-atx": true, + + // MD022 + "blanks-around-headings": { + "lines_above": 1, + "lines_below": 1 + }, + + // MD023 + "heading-start-left": true, + + // MD024 + "no-duplicate-heading": { + "siblings_only": true + }, + + // MD025 + "single-h1": { + "level": 1 + }, + + // MD026 + "no-trailing-punctuation": { + "punctuation": ".,;:" + }, + + // MD027 + "no-multiple-space-blockquote": true, + + // MD028 + "no-blanks-blockquote": true, + + // MD029 + "ol-prefix": { + "style": "one" + }, + + // MD030 + "list-marker-space": { + "ul_single": 1, + "ol_single": 1, + "ul_multi": 1, + "ol_multi": 1 + }, + + // MD031 + "blanks-around-fences": { + "list_items": true + }, + + // MD032 + "blanks-around-lists": true, + + // MD033 + "no-inline-html": { + "allowed_elements": [ + "a", + "b", + "br", + "code", + "details", + "div", + "img", + "li", + "nobr", + "p", + "pre", + "summary", + "ul" + ] + }, + + // MD034 + "no-bare-urls": true, + + // MD035 + "hr-style": { + "style": "consistent" + }, + + // MD036 + "no-emphasis-as-heading": true, + + // MD037 + "no-space-in-emphasis": false, + + // MD038 + "no-space-in-code": false, + + // MD039 + "no-space-in-links": true, + + // MD040 + "fenced-code-language": { + "allowed_languages": [], + "language_only": true + }, + + // MD041 + "first-line-h1": false, + + // MD042 + "no-empty-links": true, + + // MD043 + "required-headings": { + // "headings": [], + "match_case": true + }, + + // MD044 + "proper-names": { + "names": [], + "code_blocks": false, + "html_elements": false + }, + + // MD045 + "no-alt-text": true, + + // MD046 + "code-block-style": { + "style": "fenced" + }, + + // MD047 + "single-trailing-newline": true, + + // MD048 + "code-fence-style": { + "style": "backtick" + }, + + // MD049 + "emphasis-style": { + "style": "underscore" + }, + + // MD050 + "strong-style": { + "style": "asterisk" + }, + + // MD051 + "link-fragments": true, + + // MD052 + "reference-links-images": { + "shortcut_syntax": false + }, + + // MD053 + "link-image-reference-definitions": { + "ignored_definitions": [ + "//" + ] + }, + + // MD054 + "link-image-style": { + "autolink": true, + "inline": true, + "full": true, + "collapsed": true, + "shortcut": true, + "url_inline": true + }, + + // MD055 + "table-pipe-style": { + "style": "leading_and_trailing" + }, + + // MD056 + "table-column-count": true +} diff --git a/.markdownlint.jsonc b/.markdownlint.jsonc new file mode 100644 index 0000000..41b412f --- /dev/null +++ b/.markdownlint.jsonc @@ -0,0 +1,15 @@ +// This is the file that is read by markdownlint-cli. +// This is our editable copy, which overrides the base copy. +{ + // This is the base copy. Any changes to this file will be overwritten. + "extends": ".markdownlint.base.jsonc", + + // MD044 + "proper-names": { + + // Add strings to this array for words that should be spelled a particular way. + "names": [ + "Northwood Labs" + ] + } +} diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 0000000..14058d2 --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,178 @@ +--- +# See https://pre-commit.com for more information +# See https://pre-commit.com/hooks.html for more hooks +default_language_version: + python: python3.10 + +default_stages: + - commit + - push + +fail_fast: false + +repos: + # ---------------------------------------------------------------------------- + # goplicate-start:always + - repo: https://github.com/pre-commit/pre-commit-hooks + rev: v4.5.0 + hooks: + - id: check-added-large-files + args: + - --maxkb=500 + - --enforce-all + - id: check-case-conflict + - id: check-merge-conflict + - id: check-toml + - id: check-xml + - id: check-yaml + args: + - --allow-multiple-documents + - id: destroyed-symlinks + - id: detect-private-key + - id: end-of-file-fixer + - id: fix-byte-order-marker + - id: mixed-line-ending + args: + - --fix=lf + - id: trailing-whitespace + + - repo: https://github.com/skyzyx/git-hooks + rev: 4a2f0dc93e5c5353ed5e619599b0d15e34df88db + hooks: + - id: git-check + + - repo: https://github.com/igorshubovych/markdownlint-cli + rev: v0.39.0 + hooks: + - id: markdownlint + args: + - --ignore=node_modules + - --ignore=.github + - --ignore=.templates + - --fix + - '**/*.md' + + - repo: local + hooks: + - id: editorconfig-checker + name: editorconfig-checker + description: Double-check editorconfig compliance + entry: bash -c 'editorconfig-checker' + language: system + stages: [commit, push] + + - id: trufflehog + name: TruffleHog + description: Detect secrets in your data. + entry: bash -c 'trufflehog git file://. --since-commit HEAD --only-verified --fail --json 2>/dev/null | jq "."' + language: system + stages: [commit, push] + + - id: trivy-vuln + name: Trivy (Vulnerabilities) + description: Check for security vulnerabilities. (https://trivy.dev) + entry: bash -c 'trivy fs --config trivy-vuln.yaml --ignorefile .trivyignore.yaml .' + language: system + stages: [commit, push] + + - id: yamlfmt + name: yamlfmt + description: Format YAML to canonical style + entry: bash -c 'yamlfmt .' + language: system + stages: [commit, push] + # goplicate-end:always + + # ---------------------------------------------------------------------------- + # goplicate-start:shell + - repo: https://github.com/pre-commit/pre-commit-hooks + rev: v4.5.0 + hooks: + - id: check-executables-have-shebangs + + - repo: https://github.com/skyzyx/git-hooks + rev: 4a2f0dc93e5c5353ed5e619599b0d15e34df88db + hooks: + - id: script-must-have-extension + - id: shellcheck + - id: shfmt + args: + - --simplify + - --write + - --language-dialect=auto + - --indent=4 + - --case-indent + - --space-redirects + # goplicate-end:shell + + # ---------------------------------------------------------------------------- + # goplicate-start:python + - repo: https://github.com/pre-commit/pre-commit-hooks + rev: v4.5.0 + hooks: + - id: fix-encoding-pragma + args: + - --remove + - id: requirements-txt-fixer + + - repo: https://github.com/asottile/pyupgrade + rev: c21b4c4d153be0633357686c7697f539ac194868 + hooks: + - id: pyupgrade + args: + - --py311-plus + + - repo: https://github.com/asottile/reorder_python_imports + rev: c4fe43d9809f1507508b3aba24ad1a72b5407f58 + hooks: + - id: reorder-python-imports + args: + - --py311-plus + # goplicate-end:python + + # ---------------------------------------------------------------------------- + # goplicate-start:golang + - repo: https://github.com/skyzyx/git-hooks + rev: 4a2f0dc93e5c5353ed5e619599b0d15e34df88db + hooks: + - id: gofumpt + - id: golangci-lint + + - repo: local + hooks: + - id: unconvert + name: 'Go: unconvert (current GOOS/GOARCH)' + description: Analyzes Go packages to identify unnecessary type conversions. + entry: bash -c 'unconvert -fastmath -tests -v ./...' + language: system + stages: [commit, push] + + - id: smrcptr + name: 'Go: Same Receiver Pointer' + description: Don't mix receiver types. Choose either pointers or struct types for all available methods. + entry: bash -c 'smrcptr -skip-std=true --constructor=true ./...' + language: system + stages: [commit, push] + + - id: govulncheck + name: 'Go: Vulnerability check' + description: Check for Go security vulnerabilities. (https://go.dev/blog/vuln) + entry: bash -c 'govulncheck -test ./...' + language: system + stages: [commit, push] + + - id: osvscanner + name: OSV Scanner + description: Check for security vulnerabilities. (https://osv.dev) + entry: bash -c 'osv-scanner -r .' + language: system + stages: [commit, push] + # goplicate-end:golang + + # ---------------------------------------------------------------------------- + # goplicate-start:terraform + - repo: https://github.com/skyzyx/git-hooks + rev: 4a2f0dc93e5c5353ed5e619599b0d15e34df88db + hooks: + - id: terraform-fmt + # goplicate-end:terraform diff --git a/.vscode/extensions.json b/.vscode/extensions.json new file mode 100644 index 0000000..18dfda4 --- /dev/null +++ b/.vscode/extensions.json @@ -0,0 +1,187 @@ +{ + /* + https://github.com/ilaif/goplicate + */ + "recommendations": [ + // goplicate-start:always + "albymor.increment-selection", + "annsk.alignment", + "arahata.linter-actionlint", + "chdsbd.github-code-owners", + "christian-kohler.path-intellisense", + "claui.email-addresses", + "Cmacu.gotoanything", + "DavidWang.ini-for-vscode", + "donjayamanne.git-extension-pack", + "donjayamanne.githistory", + "dt.ghlink", + "eamodio.gitlens", + "EditorConfig.EditorConfig", + "elagil.pre-commit-helper", + "emeraldwalk.RunOnSave", + "ExodiusStudios.comment-anchors", + "fnando.linter", + "GitHub.copilot", + "GitHub.remotehub", + "GitHub.vscode-codeql", + "github.vscode-github-actions", + "GitHub.vscode-pull-request-github", + "gurumukhi.selected-lines-count", + "IBM.output-colorizer", + "kevinkyang.auto-comment-blocks", + "logerfo.json-trimmer", + "melt-inc.yamlfmt-vscode", + "mhutchie.git-graph", + "mkhl.direnv", + "mohsen1.prettify-json", + "ms-vscode-remote.remote-containers", + "ms-vscode-remote.vscode-remote-extensionpack", + "ms-vscode.test-adapter-converter", + "nhoizey.gremlins", + "oliversturm.fix-json", + "pflannery.vscode-versionlens", + "qezhu.gitlink", + "quicktype.quicktype", + "redhat.vscode-yaml", + "sidneys1.gitconfig", + "stkb.rewrap", + "tamasfe.even-better-toml", + "technosophos.vscode-make", + "Tyriar.sort-lines", + "usernamehw.errorlens", + "wmaurer.change-case", + "xshrim.txt-syntax", + "zardoy.fix-all-json", + "ziyasal.vscode-open-in-github", + // goplicate-end:always + // + // goplicate-start:aws + "bin3377.iam-policy", + // goplicate-end:aws + // + // goplicate-start:containers + "exiasr.hadolint", + "ms-azuretools.vscode-docker", + "p1c2u.docker-compose", + // goplicate-end:containers + // + // goplicate-start:frontend + "bhshawon.node-json-autocomplete", + "bierner.color-info", + "bradlc.vscode-tailwindcss", + "budparr.language-hugo-vscode", + "casualjim.gotemplate", + "christian-kohler.npm-intellisense", + "cipchk.cssrem", + "dbaeumer.vscode-eslint", + "ecmel.vscode-html-css", + "esbenp.prettier-vscode", + "felixfbecker.css-stacking-contexts", + "formulahendry.auto-close-tag", + "formulahendry.auto-rename-tag", + "howardzuo.vscode-npm-dependency", + "jasonnutter.search-node-modules", + "kamikillerto.vscode-colorize", + "karanba.npm-helper", + "kisstkondoros.vscode-codemetrics", + "MikeBovenlander.formate", + "miramac.vscode-exec-node", + "mskelton.npm-outdated", + "nkurasawa.vscode-ignore-prettier", + "Orta.vscode-jest", + "pranaygp.vscode-css-peek", + "stylelint.vscode-stylelint", + "wix.vscode-import-cost", + "Zignd.html-css-class-completion", + // "lior-chamla.google-fonts", + // "mgmcdermott.vscode-language-babel", + // "mrmlnc.vscode-autoprefixer", + // goplicate-end:frontend + // + // goplicate-start:golang + "akshayn.GoGet", + "golang.go", + "MaxMedia.go-prof", + "msyrus.go-doc", + "premparihar.gotestexplorer", + "windmilleng.vscode-go-autotest", + // goplicate-end:golang + // + // goplicate-start:graphql + "apollographql.vscode-apollo", + "GraphQL.vscode-graphql", + "GraphQL.vscode-graphql-execution", + "GraphQL.vscode-graphql-syntax", + // goplicate-end:graphql + // + // goplicate-start:iac + "hashicorp.hcl", + "hashicorp.terraform", + "Infracost.infracost", + "itayadler.terraform-ssm", + "kddejong.vscode-cfn-lint", + // goplicate-end:iac + // + // goplicate-start:markdown + "arr.marksman", + "bierner.markdown-checkbox", + "bierner.markdown-preview-github-styles", + "bierner.markdown-yaml-preamble", + "DavidAnson.vscode-markdownlint", + "fcrespo82.markdown-table-formatter", + "yzhang.markdown-all-in-one", + // goplicate-end:markdown + // + // goplicate-start:protobuf + "zxh404.vscode-proto3", + // goplicate-end:protobuf + // + // goplicate-start:python + "eeyore.yapf", + "etmoffat.pip-packages", + "fb-pyre-check.pyre-vscode", + "littlefoxteam.vscode-python-test-adapter", + "ms-python.debugpy", + "ms-python.python", + "ms-python.vscode-pylance", + "njpwerner.autodocstring", + "thebutlah.reorder-python-imports", + "VisualStudioExptTeam.intellicode-api-usage-examples", + "VisualStudioExptTeam.vscodeintellicode", + // goplicate-end:python + // + // goplicate-start:security + "1Password.op-vscode", + "anchoreinc.grype-vscode", + "AquaSecurityOfficial.trivy-vulnerability-scanner", + "jflbr.jwt-decoder", + "MS-SarifVSCode.sarif-viewer", + "redhat.fabric8-analytics", + "snyk-security.snyk-vulnerability-scanner", + // goplicate-end:security + // + // goplicate-start:shell + "foxundermoon.shell-format", + "jetmartin.bats", + "mads-hartmann.bash-ide-vscode", + "Remisa.shellman", + "rogalmic.bash-debug", + // goplicate-end:shell + // + // goplicate-start:wasm + "dtsvet.vscode-wasm", + // goplicate-end:wasm + // + // goplicate-start:xml + "redhat.vscode-xml", + // goplicate-end:xml + // + ], + "unwantedRecommendations": [ + // goplicate-start:unwanted + "ms-azuretools.vscode-azureterraform", + "GoogleCloudTools.cloudcode", + "vscodevim.vim", + // goplicate-end:unwanted + ] +} diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 0000000..438beb3 --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,684 @@ +{ + // goplicate-start:always + "[json]": { + "editor.defaultFormatter": "vscode.json-language-features" + }, + "[jsonc]": { + "editor.defaultFormatter": "vscode.json-language-features" + }, + "[yaml]": { + "editor.defaultFormatter": "redhat.vscode-yaml" + }, + "alignment.chars": { + ":": { + "spaceBefore": 0, + "spaceAfter": 1 + }, + "::": { + "spaceBefore": 0, + "spaceAfter": 0 + }, + "=": { + "spaceBefore": 1, + "spaceAfter": 1 + }, + "===": { + "spaceBefore": 1, + "spaceAfter": 1 + }, + "==": { + "spaceBefore": 1, + "spaceAfter": 1 + }, + "=>": { + "spaceBefore": 1, + "spaceAfter": 1 + }, + "+=": { + "spaceBefore": 1, + "spaceAfter": 1 + }, + "-=": { + "spaceBefore": 1, + "spaceAfter": 1 + }, + "*=": { + "spaceBefore": 1, + "spaceAfter": 1 + }, + "/=": { + "spaceBefore": 1, + "spaceAfter": 1 + } + }, + "diffEditor.hideUnchangedRegions.enabled": true, + "editor.experimental.asyncTokenization": true, + "editor.formatOnSave": true, + "editor.formatOnType": true, + "editor.inlineSuggest.enabled": true, + "editor.linkedEditing": true, + "editor.quickSuggestions": { + "comments": "on", + "strings": "on", + "other": "on" + }, + "editor.suggest.showMethods": true, + "editor.tabSize": 4, + "editor.trimAutoWhitespace": true, + "editor.wordSeparators": "./\\()\"'-:,.;<>~!@#%^&*|+=[]{}`~?", + "editor.wordWrap": "off", + "editor.suggest.preview": true, + "editorconfig.generateAuto": true, + "editorconfig.template": "default", + "errorLens.messageTemplate": "[$severity] $message [$source $code]", + "evenBetterToml.completion.maxKeys": 5, + "evenBetterToml.formatter.alignComments": true, + "evenBetterToml.formatter.alignEntries": true, + "evenBetterToml.formatter.allowedBlankLines": 1, + "evenBetterToml.formatter.arrayAutoCollapse": false, + "evenBetterToml.formatter.arrayAutoExpand": true, + "evenBetterToml.formatter.arrayTrailingComma": true, + "evenBetterToml.formatter.columnWidth": 120, + "evenBetterToml.formatter.compactArrays": false, + "evenBetterToml.formatter.compactEntries": false, + "evenBetterToml.formatter.crlf": false, + "evenBetterToml.formatter.indentEntries": true, + "evenBetterToml.formatter.indentString": " ", + "evenBetterToml.formatter.indentTables": true, + "evenBetterToml.formatter.inlineTableExpand": true, + "evenBetterToml.formatter.reorderKeys": true, + "evenBetterToml.formatter.trailingNewline": true, + "evenBetterToml.schema.associations": { + "^(.*(/|\\\\)\\.?taplo\\.toml|\\.?taplo\\.toml)$": "taplo://taplo.toml" + }, + "evenBetterToml.schema.enabled": true, + "evenBetterToml.schema.links": true, + "evenBetterToml.semanticTokens": true, + "evenBetterToml.syntax.semanticTokens": true, + "evenBetterToml.taplo.bundled": true, + "evenBetterToml.taplo.configFile.enabled": true, + "files.associations": { + ".htmlnanorc": "json", + ".parcelrc": "json", + ".postcssrc": "json", + ".posthtmlrc": "json", + ".style.yapf": "ini", + ".terraformrc": "hcl", + "*.hcl": "terraform", + "*.ini": "ini", + "*.md": "markdown", + "*.sh": "shellscript", + "*.tf": "terraform", + "*.toml": "toml", + "*.xml": "xml", + "config": "ini", + "Pipfile": "toml" + }, + "files.autoSave": "onFocusChange", + "files.eol": "\n", + "files.insertFinalNewline": true, + "files.trimFinalNewlines": true, + "files.trimTrailingWhitespace": true, + "formate.additionalSpaces": 0, + "formate.alignColon": false, + "formate.enable": true, + "formate.verticalAlignProperties": false, + "git.alwaysSignOff": true, + "git.autofetch": true, + "git.autoStash": true, + "git.enableSmartCommit": true, + "git.openRepositoryInParentFolders": "always", + "gitHistory.alwaysPromptRepositoryPicker": false, + "gitHistory.avatarCacheExpiration": 60, + "gitHistory.editorTitleButtonOpenRepo": false, + "gitHistory.hideCommitViewExplorer": false, + "gitHistory.includeRemoteBranches": true, + "gitHistory.logLevel": "Info", + "gitHistory.pageSize": 100, + "gitHistory.showEditorTitleMenuBarIcons": true, + "gitHistory.showFileHistorySplit": true, + "gitHistory.sourceCodeProviderIntegrationLocation": "Inline", + "github.copilot.editor.enableAutoCompletions": true, + "github.copilot.enable": { + "*": true, + "go.mod": false, + "markdown": false, + "plaintext": false, + "yaml": false + }, + "github-actions.use-enterprise": false, + "github-actions.workflows.pinned.refresh.enabled": false, + "github-actions.workflows.pinned.refresh.interval": 30, + "github-code-owners.format.alignment-offset": 4, + "github-code-owners.format.enabled": true, + "gitlens.fileAnnotations.command": "blame", + "gitlens.advanced.abbreviatedShaLength": 8, + "gitlens.ai.experimental.generateCommitMessage.enabled": false, + "gitlens.blame.ignoreWhitespace": true, + "gitlens.cloudPatches.enabled": false, + "gitlens.codeLens.enabled": true, + "gitlens.detectNestedRepositories": true, + "gitlens.focus.allowMultiple": true, + "gitlens.gitCommands.avatars": true, + "gitlens.hovers.avatarSize": 64, + "gitlens.rebaseEditor.ordering": "desc", + "gitlens.rebaseEditor.showDetailsView": "selection", + "gitlens.telemetry.enabled": true, + "gitlens.terminal.overrideGitEditor": true, + "gitlens.terminalLinks.enabled": true, + "gitlens.terminalLinks.showDetailsView": true, + "gitlens.views.lineHistory.avatars": true, + "GitLink.defaultRemote": "origin", + "GitLink.hostType": "github", + "json.schemas": [ + { + "fileMatch": [ + ".prettierrc", + "prettier.config.js" + ], + "url": "http://json.schemastore.org/prettierrc" + }, + { + "fileMatch": [ + ".markdownlint.*", + ], + "url": "https://github.com/DavidAnson/markdownlint/raw/main/schema/markdownlint-config-schema.json" + }, + ], + "linter.cache": false, + "linter.debug": false, + "linter.delay": 300, + "linter.enabled": true, + "linter.runOnTextChange": true, + "linter-actionlint.config": { + "capabilities": [], + "command": [], + "configFiles": [ + "actionlint.yaml", + "actionlint.yml" + ], + "enabled": true, + "languages": [ + "yaml" + ], + "name": "actionlint", + "url": "https://github.com/rhysd/actionlint" + }, + "merge-conflict.autoNavigateNextConflict.enabled": true, + "openInGitHub.defaultPullRequestBranch": "main", + "openInGitHub.gitHubDomain": "github.com", + "openInGitHub.providerProtocol": "https", + "openInGitHub.providerType": "github", + "openInGitHub.requireSelectionForLines": true, + "openInGitHub.useCommitSHAInURL": true, + "path-intellisense.absolutePathToWorkspace": false, + "path-intellisense.autoSlashAfterDirectory": true, + "path-intellisense.autoTriggerNextSuggestion": true, + "path-intellisense.extensionOnImport": true, + "path-intellisense.ignoreTsConfigBaseUrl": false, + "path-intellisense.showHiddenFiles": false, + "path-intellisense.showOnAbsoluteSlash": true, + "redhat.telemetry.enabled": false, + "rewrap.autoWrap.enabled": false, + "scm.alwaysShowActions": true, + "scm.alwaysShowRepositories": true, + "sortLines.filterBlankLines": true, + "testExplorer.addToEditorContextMenu": true, + "testExplorer.codeLens": true, + "testExplorer.errorDecoration": true, + "testExplorer.errorDecorationHover": true, + "testExplorer.gutterDecoration": true, + "testExplorer.hideEmptyLog": true, + "testExplorer.hideWhen": "noTests", + "testExplorer.showCollapseButton": true, + "testExplorer.showOnRun": true, + "testExplorer.sort": "byLabel", + "testExplorer.useNativeTesting": true, + "testing.showCoverageInExplorer": true, + "todo-tree.general.tags": [ + "BUG", + "HACK", + "FIXME", + "TODO", + "XXX", + "[ ]", + "[x]" + ], + "todo-tree.regex.regex": "(//|#| + + +## Reporting a Vulnerability + +If you believe you have found a legitimate security vulnerability, please [report it](../security/advisories/new). + +There is no bounty program, and there are no payments for discovering/reporting security vulnerabilities, but we **all** benefit from software that is more secure. Happy to provide public thanks once the issue has been resolved. + +What I need is: + +* An explanation of the bug. +* A minimum viable reproduction case which triggers the issue. +* What you expected to happen. +* What actually happened. +* [OPTIONAL] A suggested patch attached as a .diff file, if you have one. + +I don't check my email every day, and I get LOTS of email. It may take me up to a week to discover your message. I will respond as soon as I see your message and confirm that I can reproduce the issue. + +Thank you for participating in the _responsible disclosure_ of security vulnerabilities. + diff --git a/__update.sh b/__update.sh new file mode 100755 index 0000000..df4b639 --- /dev/null +++ b/__update.sh @@ -0,0 +1,87 @@ +#!/usr/bin/env bash + +# Remove on the runner. +RUNNER_TEMP="/tmp/terraform-makefile" + +# Clone repo into TMP directory. +rm -Rf "${RUNNER_TEMP}" +git clone \ + --depth 1 \ + --branch main \ + --single-branch \ + https://github.com/northwood-labs/.github.git \ + "${RUNNER_TEMP}" \ + ; + +# Copy all "full-copy" files from the root into the repository. +FILES="$(find "${RUNNER_TEMP}/full-copy/" -maxdepth 1 -type f)" + +# Files that should only be copied the first time. Do not overwrite on +# subsequent copies. +ONE_TIME_ONLY=( + ".markdownlint.jsonc" +) + +# shellcheck disable=2068 +for FILE in ${FILES[@]}; do + for IGNORE in "${ONE_TIME_ONLY[@]}"; do + # If the file does not exist, go ahead and copy it (first time) + if [[ ! -f "${PWD}/${IGNORE}" ]]; then + cp -Rfv "${FILE}" "${PWD}" + + # Otherwise, as long as the copied file is not the ignored file, go + # ahead and copy it (no restricton) + elif [[ "${FILE}" != "${RUNNER_TEMP}/full-copy/${IGNORE}" ]]; then + cp -Rfv "${FILE}" "${PWD}" + fi + done +done + +# Folders to copy +FOLDERS=( + ".githooks" + ".github" + "scripts" +) + +for FOLDER in "${FOLDERS[@]}"; do + # Copy all files from this directory into the root of the repository. + mkdir -p "${PWD}/${FOLDER}" + find "${RUNNER_TEMP}/full-copy/${FOLDER}/" -maxdepth 1 -type f -print0 | + xargs -0 -I% cp -Rfv "%" "${PWD}/${FOLDER}" || + true +done + +TYPES=() + +# Pass GO=true when calling the script. +# shellcheck disable=2154 +if [[ "${GO}" == "true" ]]; then + TYPES+=("go") +fi + +# Pass TF_MOD=true when calling the script. +# shellcheck disable=2154 +if [[ "${TF_MOD}" == "true" ]]; then + TYPES+=("go") + TYPES+=("tf-mod") +fi + +for TYPE in "${TYPES[@]}"; do + # Copy all files from this directory into the root of the repository. + mkdir -p "${PWD}" + find "${RUNNER_TEMP}/full-copy/${TYPE}/" -maxdepth 1 -type f -print0 | + xargs -0 -I% cp -Rfv "%" "${PWD}" || + true +done + +# Run Goplicate +goplicate run --allow-dirty --confirm --stash-changes + +# Generate .ecrc +tomljson ecrc.toml >.ecrc + +# Make shell scripts executable +find "${PWD}" -type f -name "*.sh" -print0 | + xargs -0 -I% chmod +x "%" || + true diff --git a/cliff.toml b/cliff.toml new file mode 100644 index 0000000..27f5e36 --- /dev/null +++ b/cliff.toml @@ -0,0 +1,136 @@ +# git-cliff ~ default configuration file +# https://git-cliff.org/docs/configuration +# +# Lines starting with "#" are comments. +# Configuration options are organized into tables and keys. +# See documentation for more information on available options. + +[remote.github] + owner = "northwood-labs" + repo = "lint-brush" + # token = "" # Use GITHUB_TOKEN environment variable instead. + +# goplicate-start:changelog +[changelog] + header = """ +# CHANGELOG + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com), adheres to [Semantic Versioning](https://semver.org), and uses [Conventional Commit](https://www.conventionalcommits.org) syntax. +""" + + # template for the changelog body + # https://keats.github.io/tera/docs/#introduction + body = """ +{% if version %} + ## {{ version | trim_start_matches(pat="v") }} — {{ timestamp | date(format="%Y-%m-%d") }} + {% if previous.version %} + [Compare: {{ previous.version }} → {{ version }}]({{ self::remote_url() }}/compare/{{ previous.version }}...{{ version }}) + {% endif %}\ +{% else %} + ## Unreleased + {% if previous.version %} + [Compare: {{ previous.version }} → `HEAD`]({{ self::remote_url() }}/compare/{{ previous.version }}..HEAD) + {% endif %}\ +{% endif %}\ +{% for group, commits in commits | filter(attribute="merge_commit", value=false) | group_by(attribute="group") %} + ### {{ group | upper_first }} + {% for commit in commits %} + {% set commit_message = commit.message -%} + * {% if commit.breaking %}**[BC BREAK]** {% endif %}\ + [`{{ commit.id | truncate(length=7, end="") }}`]({{ self::remote_url() }}/commit/{{ commit.id }}): {% if commit.scope %}\ + **{{ commit.scope }}**: {% endif %}{{ commit_message | split(pat="\n") | first | upper_first | trim_end }} \ + ({% if commit.github.username %}[@{{ commit.github.username | replace(from="[bot]", to="") }}](https://github.com/{{ commit.github.username | replace(from="[bot]", to="") }}){%- endif -%})\ + {%- endfor %} +{% endfor %} +{%- macro remote_url() -%} + https://github.com/northwood-labs/terraform-provider-corefunc +{%- endmacro -%} +""" + + # remove the leading and trailing whitespace from the template + trim = true + + # changelog footer + footer = """ + +

Generated on {{ now() | date(format="%Y-%m-%d") }}.

+""" + # goplicate-end:changelog + + postprocessors = [ + { pattern = "([^ ]+)\\(\\)", replace = "`$0`" }, + { pattern = "AUTHORS|CONTRIBUTORS|CONTRIBUTING|README", replace = "$0.md" }, + { pattern = "([^ ]+)\\.md", replace = "`$0`" }, + { pattern = "([^ ]+)\\.ya?ml", replace = "`$0`" }, + { pattern = "\\.md\\.md", replace = ".md" }, + { pattern = "go\\.(mod|sum)", replace = "`$0`" }, + { pattern = "(?i)pkg\\.go\\.dev", replace = "`$0`" }, + { pattern = "Bump ([^ ]+)", replace = "Bump `$1`" }, + { pattern = "\\(#([0-9]+)\\)", replace = "([#${1}](@REPO/issues/${1}))" }, + { pattern = '@REPO', replace = "https://github.com/northwood-labs/lint-brush" }, + ] + +# goplicate-start:git +[git] + + # parse the commits based on https://www.conventionalcommits.org + conventional_commits = true + + # filter out the commits that are not conventional + filter_unconventional = true + + # process each line of a commit as an individual commit + split_commits = false + + # regex for preprocessing the commit messages + commit_preprocessors = [ + # { pattern = '\((\w+\s)?#([0-9]+)\)', replace = "([#${2}](/issues/${2}))"}, # replace issue numbers + ] + + # regex for parsing and grouping commits + commit_parsers = [ + { message = "^feat", group = ":rocket: Features" }, + { message = "^fix", group = ":bug: Bug Fixes" }, + { message = "^perf", group = ":racecar: Performance" }, + { message = "^docs", group = ":books: Documentation" }, + { message = "^refactor", group = ":tractor: Refactor" }, + { message = "^style", group = ":art: Styling" }, + { message = "^sync", group = ":arrows_counterclockwise: Configuration Syncing" }, + { message = "^build|deps", group = ":dependabot: Building and Dependencies" }, + { message = "^test", group = ":test_tube: Testing" }, + { message = "^lint", group = ":soap: Linting" }, + { message = "^chore\\(release\\): prepare for", skip = true }, + { message = "^chore\\(deps\\)", skip = true }, + { message = "^chore\\(pr\\)", skip = true }, + { message = "^chore\\(pull\\)", skip = true }, + { message = "^relprep", skip = true }, + { message = "^chore|ci", group = ":gear: Miscellaneous Tasks" }, + { message = "^security", group = ":closed_lock_with_key: Security" }, + { body = ".*security", group = ":closed_lock_with_key: Security" }, + { message = "^revert", group = ":x: Revert" }, + { message = "^automation", skip = true }, + ] + + # protect breaking changes from being skipped due to matching a skipping commit_parser + protect_breaking_commits = false + + # filter out the commits that are not matched by commit parsers + filter_commits = false + + # regex for matching git tags + tag_pattern = "v[0-9].*" + + # regex for skipping tags + skip_tags = "beta|alpha" + + # regex for ignoring tags + ignore_tags = "rc" + + # sort the tags topologically + topo_order = true + + # sort the commits inside sections by oldest/newest order + sort_commits = "oldest" + # goplicate-end:git diff --git a/cmd/doc.go b/cmd/doc.go new file mode 100644 index 0000000..c0cf11e --- /dev/null +++ b/cmd/doc.go @@ -0,0 +1,18 @@ +// Copyright 2024, Northwood Labs +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an \"AS IS\" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +/* +Package cmd is the entrypoint for the lintbrush CLI. +*/ +package cmd diff --git a/cmd/root.go b/cmd/root.go new file mode 100644 index 0000000..d8aa8ee --- /dev/null +++ b/cmd/root.go @@ -0,0 +1,191 @@ +// Copyright 2024, Northwood Labs +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an \"AS IS\" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package cmd + +import ( + "fmt" + "os" + "time" + + "github.com/charmbracelet/log" + "github.com/hashicorp/go-multierror" + clihelpers "github.com/northwood-labs/cli-helpers" + "github.com/northwood-labs/lintbrush/lintbrush" + "github.com/owenrumney/go-sarif/v2/sarif" + "github.com/rs/xid" + "github.com/spf13/cobra" +) + +var ( + fOutput string + fSarif bool + fVerbose bool + + errs *multierror.Error + now = time.Now() + + // Standard logger + logger = log.NewWithOptions(os.Stderr, log.Options{ + ReportTimestamp: true, + TimeFormat: time.Kitchen, + }) + + // rootCmd represents the base command when called without any subcommands. + rootCmd = &cobra.Command{ + Use: "lintbrush", + Short: `A linter which focuses on low-level file hygeine.`, + Long: clihelpers.LongHelpText(` + lintbrush + + A linter which focuses on the low-level things that are common across many + repositories. It favors proactively fixing things first, then falling back to + providing an error when something cannot be fixed automatically. + + Leaves the language-specific linting to more appropriate tools. Instead, this + focuses on general file hygeine, security, and other things that are common + across many repositories. + + -------------------------------------------------------------------------------- + + 👀 Check that executable files have shebangs`), + Run: func(cmd *cobra.Command, args []string) { + if fVerbose { + logger.SetReportCaller(true) + } + + if len(args) == 0 { + logger.Fatal("No files to lint") + } + + // Create a new Sarif report object. + report, err := sarif.New(sarif.Version210) + if err != nil { + logger.Fatal(err.Error()) + } + + run := sarif.NewRunWithInformationURI("lintbrush", "https://github.com/northwood-labs/lintbrush") + run.Tool.Driver.WithSemanticVersion("dev") // @version + + run.WithAutomationDetails( + sarif.NewRunAutomationDetails(). + WithDescriptionText("This scan was run with Lintbrush vX.X.X on NOW."). + WithID("Lintbrush run for repository/branch/DATE"). // @version + WithCorrelationGUID(xid.New().String()), + ) + + // "originalUriBaseIds": { + // "REPOROOT": { + // "description": { + // "text": "The directory into which the repo was cloned." + // }, + // "properties": { + // "comment": "The SARIF producer has chosen not to specify a URI for REPOROOT. See §3.14.14, NOTE 1, for an explanation." + // } + // } + // }, + // "artifacts": [ + // { + // "location": { + // "uri": "sarif-tutorials/samples/Introduction/simple-example.js" + // }, + // "length": 3444, + // "sourceLanguage": "javascript", + // "hashes": { + // "sha-256": "b13ce2678a8807ba0765ab94a0ecd394f869bc81" + // } + // } + // ], + + err = lintbrush.CheckExecutablesHaveShebangs(run, args) + errs = multierror.Append(errs, err) + + // Print all errors. + for i := range errs.Errors { + logger.Errorf("%v", errs.Errors[i]) + } + + // run.AddRule(r.RuleID). + // WithName(""). + // WithDescription(r.Description). + // // WithFullDescription(). + // WithHelpURI(r.Link). + // WithTextHelp("") + + // // add the location as a unique artifact + // run.AddDistinctArtifact(r.Location.Filename) + + // // add each of the results with the details of where the issue occurred + // run.CreateResultForRule(r.RuleID). + // WithLevel(strings.ToLower(r.Severity)). + // WithMessage(sarif.NewTextMessage(r.Description)). + // AddLocation( + // sarif.NewLocationWithPhysicalLocation( + // sarif.NewPhysicalLocation(). + // WithArtifactLocation( + // sarif.NewSimpleArtifactLocation(r.Location.Filename), + // ).WithRegion( + // sarif.NewSimpleRegion(r.Location.StartLine, r.Location.EndLine), + // ), + // ), + // ) + // } + + // add the run to the report + report.AddRun(run) + + // print the report to stdout + _ = report.PrettyWrite(os.Stdout) + fmt.Fprint(os.Stdout, "\n") + }, + } +) + +// Execute adds all child commands to the root command and sets flags appropriately. +// This is called by main.main(). It only needs to happen once to the rootCmd. +func Execute() { + err := rootCmd.Execute() + if err != nil { + os.Exit(1) + } +} + +func init() { + rootCmd.PersistentFlags().StringVarP(&fOutput, "output", "o", "", "Write results to a file instead of stdout") + rootCmd.PersistentFlags().BoolVarP(&fSarif, "sarif", "s", false, "Return results in SARIF format") + rootCmd.PersistentFlags().BoolVarP(&fVerbose, "verbose", "v", false, "Print verbose output") +} + +func returnFirstEnv(envs ...string) (string, bool) { + for i := range envs { + if os.Getenv(envs[i]) != "" { + return os.Getenv(envs[i]), true + } + } + + return "", false +} + +// versionControlDetails := sarif.NewVersionControlDetails() +// versionControlDetails.WithAsOfTimeUTC(&now) + +// if branchName, ok := returnFirstEnv("GITHUB_REF_NAME", "GITHUB_HEAD_REF", "GITHUB_SHA"); ok { +// versionControlDetails.WithBranch(branchName) +// } + +// if repoName, ok := returnFirstEnv("GITHUB_REPOSITORY"); ok { +// versionControlDetails.WithRepositoryURI(os.Getenv("GITHUB_SERVER_URL") + "/" + repoName) +// } + +// run.AddVersionControlProvenance(versionControlDetails) diff --git a/cmd/version.go b/cmd/version.go new file mode 100644 index 0000000..7b8ddc2 --- /dev/null +++ b/cmd/version.go @@ -0,0 +1,23 @@ +// Copyright 2024, Northwood Labs +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package cmd + +import clihelpers "github.com/northwood-labs/cli-helpers" + +var versionCmd = clihelpers.VersionScreen() + +func init() { // lint:allow_init + rootCmd.AddCommand(versionCmd) +} diff --git a/ecrc.toml b/ecrc.toml new file mode 100644 index 0000000..d19eed8 --- /dev/null +++ b/ecrc.toml @@ -0,0 +1,76 @@ +## +# Generate with: +# tomljson ecrc.toml > .ecrc +## + +# goplicate-start:config +Debug = false +IgnoreDefaults = true +NoColor = false +SpacesAfterTabs = false +Verbose = false +# goplicate-end:config + +Exclude = [ + # goplicate-start:excludes + "\\.7z$", + "\\.avif", + "\\.bak$", + "\\.bin$", + "\\.bz2$", + "\\.cache$", + "\\.css\\.map$", + "\\.dcignore$", + "\\.ecrc$", + "\\.eot$", + "\\.example$", + "\\.gif$", + "\\.go$", + "\\.golangci.yml$", + "\\.goreleaser.yml$", + "\\.gotmpl$", + "\\.gz$", + "\\.ico$", + "\\.jpeg$", + "\\.jpg$", + "\\.js\\.map$", + "\\.log$", + "\\.mp4$", + "\\.otf$", + "\\.patch$", + "\\.pbm", + "\\.pdf$", + "\\.pgm", + "\\.png$", + "\\.pnm", + "\\.ppm", + "\\.snap$", + "\\.svg$", + "\\.tar$", + "\\.terraform-docs\\.yml$", + "\\.terraform\\.lock\\.hcl$", + "\\.ttf$", + "\\.txt$", + "\\.vscode/.*?\\.json$", + "\\.webp$", + "\\.wmv$", + "\\.woff$", + "\\.woff2$", + "\\.zip$", + "^\\.pnp\\.cjs$", + "^\\.pnp\\.js$", + "^\\.pnp\\.loader\\.mjs$", + "^\\.yarn/", + "^Cargo\\.lock$", + "^composer\\.lock$", + "^package-lock\\.json$", + "^yarn\\.lock$", + "cliff\\.toml$", + "go\\.mod$", + "go\\.sum$", + "min\\.css$", + "min\\.js$", + "package-lock\\.json$", + "standard\\.mk$", + # goplicate-end:excludes +] diff --git a/example.sarif.json b/example.sarif.json new file mode 100644 index 0000000..63d55cf --- /dev/null +++ b/example.sarif.json @@ -0,0 +1,172 @@ +{ + "version": "2.1.0", + "$schema": "https://docs.oasis-open.org/sarif/sarif/v2.1.0/errata01/os/schemas/sarif-schema-2.1.0.json", + "runs": [ + { + "automationDetails": { + "description": { + "text": "This is the October 10, 2018 nightly run of the CodeScanner tool on all product binaries in the 'master' branch of the 'sarif-sdk' repo" + }, + "id": "Nightly CredScan run for sarif-sdk/master/2018-10-05", + "guid": "d541006e-582d-4600-a603-64925b7f7f35", + "correlationGuid": "53819b2e-a790-4f8b-b68f-a145c13b4f39" + }, + "taxonomies": [ + { + "guid": "1A567403-868F-405E-92CF-771A9ECB03A1", + "name": "Requirement levels", + "shortDescription": { + "text": "This taxonomy classifies rules according to whether their use is required or recommended by company policy." + }, + "taxa": [ + { + "id": "RQL1001", + "name": "Required", + "shortDescription": { + "text": "Rules in this category are required by company policy. All violations must be fixed unless an exemption is granted." + } + } + ] + } + ], + "tool": { + "driver": { + "name": "ESLint", + "semanticVersion": "5.0.0", + "informationUri": "https://eslint.org", + "rules": [ + { + "id": "TUT1001", + "name": "InvalidUri", + "defaultConfiguration": { + "level": "error" + }, + "shortDescription": { + "text": "Properties defined with the 'uri' or 'uri-reference' format must contain valid URIs.", + "markdown": "Properties defined with the `uri` or `uri-reference` format must contain valid URIs." + }, + "fullDescription": { + "text": "Every JSON property whose value is defined by the schema to be a URI (with \"format\": \"uri\" or \"format\": \"uri-reference\") must contain a valid URI.", + "markdown": "Every JSON property whose value is defined by the schema to be a URI (with `\"format\": \"uri\"` or `\"format\": \"uri-reference\"`) must contain a valid URI." + }, + "messageStrings": { + "default": { + "text": "The URI '{0}' is invalid.", + "markdown": "The URI `{0}` is invalid." + } + }, + "relationships": [ + { + "target": { + "id": "RQL1001", + "index": 0, + "toolComponent": { + "name": "Requirement levels", + "guid": "1A567403-868F-405E-92CF-771A9ECB03A1", + "index": 0 + } + }, + "kinds": [ + "superset" + ], + "description": { + "text": "This relationship specifies that this rule is classified as 'Required'." + } + } + ] + } + ] + } + }, + "originalUriBaseIds": { + "REPOROOT": { + "description": { + "text": "The directory into which the repo was cloned." + }, + "properties": { + "comment": "The SARIF producer has chosen not to specify a URI for REPOROOT. See §3.14.14, NOTE 1, for an explanation." + } + }, + "SRCROOT": { + "uri": "src/", + "uriBaseId": "REPOROOT", + "description": { + "text": "The r." + }, + "properties": { + "comment": "SRCROOT is expressed relative to REPOROOT." + } + } + }, + "artifacts": [ + { + "location": { + "uri": "sarif-tutorials/samples/Introduction/simple-example.js" + }, + "length": 3444, + "sourceLanguage": "javascript", + "hashes": { + "sha-256": "b13ce2678a8807ba0765ab94a0ecd394f869bc81" + } + } + ], + "results": [ + { + "properties": { + "comment": "The ruleIndex property points into the array tool.driver.rules." + }, + "ruleId": "TUT1001", + "level": "error", + "ruleIndex": 0, + "message": { + "id": "default", + "arguments": [ + "//C:/code/dev" + ] + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "TextFile.txt", + "index": 0 + }, + "region": { + "charOffset": 1, + "charLength": 2 + } + } + }, + { + "physicalLocation": { + "artifactLocation": { + "uri": "README.md", + "uriBaseId": "REPOROOT", + "properties": { + "comment": "If REPOROOT is C:\\project, this file location resolves to C:\\project\\README.md" + } + }, + "region": { + "startLine": 4, + "startColumn": 19, + "endColumn": 22, + "snippet": { + "text": "BAD" + } + }, + "contextRegion": { + "startLine": 4, + "startColumn": 5, + "endColumn": 28, + "snippet": { + "text": "/// This is a BAD word." + } + } + } + } + ] + } + ] + } + ] +} diff --git a/exception.sarif.json b/exception.sarif.json new file mode 100644 index 0000000..5dbb5a9 --- /dev/null +++ b/exception.sarif.json @@ -0,0 +1,167 @@ +{ + "$schema": "https://schemastore.azurewebsites.net/schemas/json/sarif-2.1.0-rtm.5.json", + "version": "2.1.0", + "properties": { + "comment": "This sample illustrates tool configuration and execution notifications." + }, + "runs": [ + { + "tool": { + "driver": { + "name": "SarifSamples", + "version": "1.0", + "rules": [ + { + "id": "TUT1201", + "name": "MissingSemicolon", + "defaultConfiguration": { + "level": "error" + }, + "messageStrings": { + "default": { + "text": "The statement does not end with a semicolon." + } + } + } + ], + "notifications": [ + { + "id": "TUTN9001", + "name": "unknown-rule", + "defaultConfiguration": { + "level": "warning" + }, + "shortDescription": { + "text": "This notification is triggered when the user supplies a command line argument to enable or disable a rule that does not exist." + }, + "messageStrings": { + "disabled": { + "text": "'{0}' cannot be disabled because this rule does not exist." + }, + "enabled": { + "text": "'{0}' cannot be enabled because this rule does not exist." + } + } + }, + { + "id": "TUTN9002", + "name": "rule-threw-exception", + "defaultConfiguration": { + "level": "error" + }, + "shortDescription": { + "text": "This notification is triggered when an analysis rule throws an exception." + }, + "fullDescription": { + "text": "This notification is triggered when an analysis rule throws an exception while analyzing a file. Depending on the command line options, the rule might either be disabled, or it might continue to run on subsequent files." + }, + "messageStrings": { + "disable": { + "text": "'{0}' threw a '{1}' exception while analyzing file '{2}'. The rule has been disabled." + }, + "continue": { + "text": "'{0}' threw a '{1}' exception while analyzing file '{2}'. The rule will continue to be run on subsequent files." + } + } + } + ] + } + }, + "results": [], + "invocations": [ + { + "executionSuccessful": false, + "toolConfigurationNotifications": [ + { + "descriptor": { + "id": "TUTN9001", + "index": 0 + }, + "message": { + "id": "disabled", + "arguments": [ + "UNK1001" + ] + } + } + ], + "toolExecutionNotifications": [ + { + "descriptor": { + "id": "TUTN9002", + "index": 1 + }, + "message": { + "id": "continue", + "arguments": [ + "TUT1201", + "NullReferenceException", + "example.c" + ] + }, + "exception": { + "kind": "System.NullReferenceException", + "message": "Object reference not set to an instance of an object.", + "stack": { + "frames": [ + { + "location": { + "physicalLocation": { + "artifactLocation": { + "uri": "rules/MissingSemicolon.cs" + }, + "region": { + "startLine": 42 + } + }, + "logicalLocations": [ + { + "fullyQualifiedName": "SarifSample.Rules.MissingSemicolon.Execute()" + } + ] + } + }, + { + "location": { + "physicalLocation": { + "artifactLocation": { + "uri": "EvaluationEngine.cs" + }, + "region": { + "startLine": 104 + } + }, + "logicalLocations": [ + { + "fullyQualifiedName": "SarifSample.EvaluationEngine.Run()" + } + ] + } + }, + { + "location": { + "physicalLocation": { + "artifactLocation": { + "uri": "Program.cs" + }, + "region": { + "startLine": 25 + } + }, + "logicalLocations": [ + { + "fullyQualifiedName": "SarifSample.Program.Main(string[])" + } + ] + } + } + ] + } + } + } + ] + } + ] + } + ] +} \ No newline at end of file diff --git a/go.mod b/go.mod new file mode 100644 index 0000000..1b67d6d --- /dev/null +++ b/go.mod @@ -0,0 +1,47 @@ +module github.com/northwood-labs/lintbrush + +go 1.22.3 + +require ( + github.com/charmbracelet/log v0.4.0 + github.com/hashicorp/go-multierror v1.1.1 + github.com/northwood-labs/cli-helpers v0.0.0-20240514222150-ad603e1e5510 + github.com/spf13/cobra v1.8.0 +) + +require ( + github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect + github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect + github.com/charmbracelet/bubbles v0.18.0 // indirect + github.com/charmbracelet/bubbletea v0.26.2 // indirect + github.com/charmbracelet/lipgloss v0.10.0 // indirect + github.com/davecgh/go-spew v1.1.1 // indirect + github.com/erikgeiser/coninput v0.0.0-20211004153227-1c3628e74d0f // indirect + github.com/go-enry/go-enry/v2 v2.8.8 // indirect + github.com/go-enry/go-oniguruma v1.2.1 // indirect + github.com/go-logfmt/logfmt v0.6.0 // indirect + github.com/hashicorp/errwrap v1.1.0 // indirect + github.com/inconshreveable/mousetrap v1.1.0 // indirect + github.com/lithammer/dedent v1.1.0 // indirect + github.com/lucasb-eyer/go-colorful v1.2.0 // indirect + github.com/mattn/go-isatty v0.0.20 // indirect + github.com/mattn/go-localereader v0.0.1 // indirect + github.com/mattn/go-runewidth v0.0.15 // indirect + github.com/muesli/ansi v0.0.0-20230316100256-276c6243b2f6 // indirect + github.com/muesli/cancelreader v0.2.2 // indirect + github.com/muesli/reflow v0.3.0 // indirect + github.com/muesli/termenv v0.15.2 // indirect + github.com/northwood-labs/archstring v0.0.0-20240514202917-e9357b4b91c8 // indirect + github.com/northwood-labs/debug v0.0.0-20240514204655-f938e2fa11e9 // indirect + github.com/owenrumney/go-sarif v1.1.1 // indirect + github.com/owenrumney/go-sarif/v2 v2.3.1 // indirect + github.com/rivo/uniseg v0.4.7 // indirect + github.com/rs/xid v1.5.0 // indirect + github.com/spf13/pflag v1.0.5 // indirect + github.com/zclconf/go-cty v1.14.4 // indirect + golang.org/x/exp v0.0.0-20231006140011-7918f672742d // indirect + golang.org/x/sync v0.7.0 // indirect + golang.org/x/sys v0.20.0 // indirect + golang.org/x/term v0.20.0 // indirect + golang.org/x/text v0.15.0 // indirect +) diff --git a/go.sum b/go.sum new file mode 100644 index 0000000..54c2506 --- /dev/null +++ b/go.sum @@ -0,0 +1,123 @@ +github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8= +github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d/go.mod h1:asat636LX7Bqt5lYEZ27JNDcqxfjdBQuJ/MM4CN/Lzo= +github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo= +github.com/apparentlymart/go-textseg/v15 v15.0.0 h1:uYvfpb3DyLSCGWnctWKGj857c6ew1u1fNQOlOtuGxQY= +github.com/apparentlymart/go-textseg/v15 v15.0.0/go.mod h1:K8XmNZdhEBkdlyDdvbmmsvpAG721bKi0joRfFdHIWJ4= +github.com/aymanbagabas/go-osc52/v2 v2.0.1 h1:HwpRHbFMcZLEVr42D4p7XBqjyuxQH5SMiErDT4WkJ2k= +github.com/aymanbagabas/go-osc52/v2 v2.0.1/go.mod h1:uYgXzlJ7ZpABp8OJ+exZzJJhRNQ2ASbcXHWsFqH8hp8= +github.com/charmbracelet/bubbles v0.18.0 h1:PYv1A036luoBGroX6VWjQIE9Syf2Wby2oOl/39KLfy0= +github.com/charmbracelet/bubbles v0.18.0/go.mod h1:08qhZhtIwzgrtBjAcJnij1t1H0ZRjwHyGsy6AL11PSw= +github.com/charmbracelet/bubbletea v0.26.2 h1:Eeb+n75Om9gQ+I6YpbCXQRKHt5Pn4vMwusQpwLiEgJQ= +github.com/charmbracelet/bubbletea v0.26.2/go.mod h1:6I0nZ3YHUrQj7YHIHlM8RySX4ZIthTliMY+W8X8b+Gs= +github.com/charmbracelet/lipgloss v0.10.0 h1:KWeXFSexGcfahHX+54URiZGkBFazf70JNMtwg/AFW3s= +github.com/charmbracelet/lipgloss v0.10.0/go.mod h1:Wig9DSfvANsxqkRsqj6x87irdy123SR4dOXlKa91ciE= +github.com/charmbracelet/log v0.4.0 h1:G9bQAcx8rWA2T3pWvx7YtPTPwgqpk7D68BX21IRW8ZM= +github.com/charmbracelet/log v0.4.0/go.mod h1:63bXt/djrizTec0l11H20t8FDSvA4CRZJ1KH22MdptM= +github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/erikgeiser/coninput v0.0.0-20211004153227-1c3628e74d0f h1:Y/CXytFA4m6baUTXGLOoWe4PQhGxaX0KpnayAqC48p4= +github.com/erikgeiser/coninput v0.0.0-20211004153227-1c3628e74d0f/go.mod h1:vw97MGsxSvLiUE2X8qFplwetxpGLQrlU1Q9AUEIzCaM= +github.com/go-enry/go-enry/v2 v2.8.8 h1:EhfxWpw4DQ3WEFB1Y77X8vKqZL0D0EDUUWYDUAIv9/4= +github.com/go-enry/go-enry/v2 v2.8.8/go.mod h1:9yrj4ES1YrbNb1Wb7/PWYr2bpaCXUGRt0uafN0ISyG8= +github.com/go-enry/go-oniguruma v1.2.1 h1:k8aAMuJfMrqm/56SG2lV9Cfti6tC4x8673aHCcBk+eo= +github.com/go-enry/go-oniguruma v1.2.1/go.mod h1:bWDhYP+S6xZQgiRL7wlTScFYBe023B6ilRZbCAD5Hf4= +github.com/go-logfmt/logfmt v0.6.0 h1:wGYYu3uicYdqXVgoYbvnkrPVXkuLM1p1ifugDMEdRi4= +github.com/go-logfmt/logfmt v0.6.0/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs= +github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= +github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= +github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= +github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= +github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= +github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= +github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= +github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= +github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= +github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= +github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/lithammer/dedent v1.1.0 h1:VNzHMVCBNG1j0fh3OrsFRkVUwStdDArbgBWoPAffktY= +github.com/lithammer/dedent v1.1.0/go.mod h1:jrXYCQtgg0nJiN+StA2KgR7w6CiQNv9Fd/Z9BP0jIOc= +github.com/lucasb-eyer/go-colorful v1.2.0 h1:1nnpGOrhyZZuNyfu1QjKiUICQ74+3FNCN69Aj6K7nkY= +github.com/lucasb-eyer/go-colorful v1.2.0/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i7ruzyGqttikkLy0= +github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= +github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= +github.com/mattn/go-localereader v0.0.1 h1:ygSAOl7ZXTx4RdPYinUpg6W99U8jWvWi9Ye2JC/oIi4= +github.com/mattn/go-localereader v0.0.1/go.mod h1:8fBrzywKY7BI3czFoHkuzRoWE9C+EiG4R1k4Cjx5p88= +github.com/mattn/go-runewidth v0.0.12/go.mod h1:RAqKPSqVFrSLVXbA8x7dzmKdmGzieGRCM46jaSJTDAk= +github.com/mattn/go-runewidth v0.0.15 h1:UNAjwbU9l54TA3KzvqLGxwWjHmMgBUVhBiTjelZgg3U= +github.com/mattn/go-runewidth v0.0.15/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= +github.com/muesli/ansi v0.0.0-20230316100256-276c6243b2f6 h1:ZK8zHtRHOkbHy6Mmr5D264iyp3TiX5OmNcI5cIARiQI= +github.com/muesli/ansi v0.0.0-20230316100256-276c6243b2f6/go.mod h1:CJlz5H+gyd6CUWT45Oy4q24RdLyn7Md9Vj2/ldJBSIo= +github.com/muesli/cancelreader v0.2.2 h1:3I4Kt4BQjOR54NavqnDogx/MIoWBFa0StPA8ELUXHmA= +github.com/muesli/cancelreader v0.2.2/go.mod h1:3XuTXfFS2VjM+HTLZY9Ak0l6eUKfijIfMUZ4EgX0QYo= +github.com/muesli/reflow v0.3.0 h1:IFsN6K9NfGtjeggFP+68I4chLZV2yIKsXJFNZ+eWh6s= +github.com/muesli/reflow v0.3.0/go.mod h1:pbwTDkVPibjO2kyvBQRBxTWEEGDGq0FlB1BIKtnHY/8= +github.com/muesli/termenv v0.15.2 h1:GohcuySI0QmI3wN8Ok9PtKGkgkFIk7y6Vpb5PvrY+Wo= +github.com/muesli/termenv v0.15.2/go.mod h1:Epx+iuz8sNs7mNKhxzH4fWXGNpZwUaJKRS1noLXviQ8= +github.com/northwood-labs/archstring v0.0.0-20240514202917-e9357b4b91c8 h1:H7u8m9rx04tIT7K7TNi6svLENyBlBxlvj2707rbxLvA= +github.com/northwood-labs/archstring v0.0.0-20240514202917-e9357b4b91c8/go.mod h1:Qhra/q/Lf44v49IQFck2KopjfPq4jUGu4CI0w59BQtI= +github.com/northwood-labs/cli-helpers v0.0.0-20240514222150-ad603e1e5510 h1:e9hJ811tttfQKOMka/zpZkNpUBNl5AxL5CvP+zNKfHU= +github.com/northwood-labs/cli-helpers v0.0.0-20240514222150-ad603e1e5510/go.mod h1:0q3D+6HFCoJczVpxOoIg2cnyw5GB8My7ihU7hdggcHc= +github.com/northwood-labs/debug v0.0.0-20240514204655-f938e2fa11e9 h1:Uuy/Obqj8z6MCER8y0geETA0894Ulo0hqM71u9WtcuQ= +github.com/northwood-labs/debug v0.0.0-20240514204655-f938e2fa11e9/go.mod h1:fu3Hu+ET7MkBAws624vkPDnehxuY/L8AJuR3nlKw64k= +github.com/owenrumney/go-sarif v1.1.1 h1:QNObu6YX1igyFKhdzd7vgzmw7XsWN3/6NMGuDzBgXmE= +github.com/owenrumney/go-sarif v1.1.1/go.mod h1:dNDiPlF04ESR/6fHlPyq7gHKmrM0sHUvAGjsoh8ZH0U= +github.com/owenrumney/go-sarif/v2 v2.3.1 h1:77opmuqxQZE1UF6TylFz5XllVEI72WijgwpwNw4JTmY= +github.com/owenrumney/go-sarif/v2 v2.3.1/go.mod h1:MSqMMx9WqlBSY7pXoOZWgEsVB4FDNfhcaXDA1j6Sr+w= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= +github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= +github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ= +github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= +github.com/rs/xid v1.5.0 h1:mKX4bl4iPYJtEIxp6CYiUuLQ/8DYMoz0PUdtGgMFRVc= +github.com/rs/xid v1.5.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg= +github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= +github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0= +github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyhcho= +github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= +github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= +github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= +github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= +github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= +github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4= +github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI= +github.com/zclconf/go-cty v1.10.0/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk= +github.com/zclconf/go-cty v1.14.4 h1:uXXczd9QDGsgu0i/QFR/hzI5NYCHLf6NQw/atrbnhq8= +github.com/zclconf/go-cty v1.14.4/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/exp v0.0.0-20231006140011-7918f672742d h1:jtJma62tbqLibJ5sFQz8bKtEM8rJBtfilJ2qTU199MI= +golang.org/x/exp v0.0.0-20231006140011-7918f672742d/go.mod h1:ldy0pHrwJyGW56pPQzzkH36rKxoZW1tw7ZJpeKx+hdo= +golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= +golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= +golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= +golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/term v0.20.0 h1:VnkxpohqXaOBYJtBmEppKUG6mXpi+4O6purfc2+sMhw= +golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= +golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk= +golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/lintbrush/check_executables_have_shebangs.go b/lintbrush/check_executables_have_shebangs.go new file mode 100644 index 0000000..550b8a2 --- /dev/null +++ b/lintbrush/check_executables_have_shebangs.go @@ -0,0 +1,78 @@ +// Copyright 2024, Northwood Labs +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an \"AS IS\" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package lintbrush + +import ( + "bufio" + "fmt" + "os" + "strings" + + "github.com/hashicorp/go-multierror" + "github.com/owenrumney/go-sarif/v2/sarif" +) + +func CheckExecutablesHaveShebangs(run *sarif.Run, args []string) error { + var errs *multierror.Error + + for i := range args { + filename := args[i] + + fi, err := os.Lstat(filename) + if err != nil { + continue + } + + // Make sure this file is added to the artifacts list at least once. + CustomAddDistinctArtifact(run, fi) + + // Mask 0111 is the execute bit for ANY of owner, group, or user. + if fi.Mode().Perm()&0111 != 0 { + fp, err := os.Open(filename) + if err != nil { + errs = multierror.Append( + errs, + fmt.Errorf("could not open `%s`: %w", filename, err), + ) + } + + defer fp.Close() + + reader := bufio.NewReader(fp) + + firstBytes, err := reader.Peek(2) + if err != nil { + errs = multierror.Append( + errs, + fmt.Errorf( + "[CHECK_EXECUTABLES_HAVE_SHEBANGS] could not read the first 2 bytes of `%s`: %w", + filename, + err, + ), + ) + } + + if string(firstBytes) != "#!" { + return fmt.Errorf( + "[CHECK_EXECUTABLES_HAVE_SHEBANGS] file %s is executable, but begins with `%s` instead of `#!`.", + filename, + strings.Replace(string(firstBytes), "\n", "\\n", 1), + ) + } + } + } + + return errs.ErrorOrNil() +} diff --git a/lintbrush/doc.go b/lintbrush/doc.go new file mode 100644 index 0000000..fb09706 --- /dev/null +++ b/lintbrush/doc.go @@ -0,0 +1,18 @@ +// Copyright 2024, Northwood Labs +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an \"AS IS\" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +/* +Package lintbrush contains the libraries for the lintbrush CLI. +*/ +package lintbrush diff --git a/lintbrush/utils.go b/lintbrush/utils.go new file mode 100644 index 0000000..1d6a1a5 --- /dev/null +++ b/lintbrush/utils.go @@ -0,0 +1,85 @@ +// Copyright 2024, Northwood Labs +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an \"AS IS\" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package lintbrush + +import ( + "bufio" + "crypto/sha256" + "fmt" + "io" + "io/fs" + "os" + "path/filepath" + + "github.com/go-enry/go-enry/v2" + "github.com/owenrumney/go-sarif/v2/sarif" +) + +func CustomAddDistinctArtifact(run *sarif.Run, fileinfo fs.FileInfo) *sarif.Artifact { + for _, artifact := range run.Artifacts { + if *artifact.Location.URI == fileinfo.Name() { + return artifact + } + } + + hashesMap := make(map[string]string) + + // Only provide the sha256 hash if we can calculate it without errors. + if hash, err := getSha256Hash(fileinfo); err == nil { + hashesMap["sha-256"] = hash + } + + a := &sarif.Artifact{ + Length: int(fileinfo.Size()), + Hashes: hashesMap, + } + a.WithLocation(sarif.NewSimpleArtifactLocation(fileinfo.Name())) + + // Only provide the programming language if we can determine it without errors. + if fd, err := os.Open(fileinfo.Name()); err == nil { + reader := bufio.NewReader(fd) + if byteSet, err := reader.Peek(2048); err == nil { + lang, safe := enry.GetLanguageByContent( + filepath.Base(fileinfo.Name()), + byteSet, + ) + + if safe { + a.WithSourceLanguage(lang) + } + } + } + + run.Artifacts = append(run.Artifacts, a) + + return a +} + +func getSha256Hash(fileinfo fs.FileInfo) (string, error) { + h := sha256.New() + + f, err := os.Open(fileinfo.Name()) + if err != nil { + return "", fmt.Errorf("could not open `%s`: %w", fileinfo.Name(), err) + } + + defer f.Close() + + if _, err := io.Copy(h, f); err != nil { + return "", fmt.Errorf("could calculate hash for `%s`: %w", fileinfo.Name(), err) + } + + return fmt.Sprintf("%x", h.Sum(nil)), nil +} diff --git a/main.go b/main.go new file mode 100644 index 0000000..c569d88 --- /dev/null +++ b/main.go @@ -0,0 +1,21 @@ +// Copyright 2024, Northwood Labs +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an \"AS IS\" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package main + +import "github.com/northwood-labs/lintbrush/cmd" + +func main() { + cmd.Execute() +} diff --git a/scripts/generate-contributors.sh b/scripts/generate-contributors.sh new file mode 100755 index 0000000..e892d0c --- /dev/null +++ b/scripts/generate-contributors.sh @@ -0,0 +1,21 @@ +#!/usr/bin/env bash +set -e + +# see also ".mailmap" for how email addresses and names are deduplicated +OUT="${1:-.}" +{ + # editorconfig-checker-disable + cat <<-'EOF' + # File @generated by scripts/generate-contributors.sh. DO NOT EDIT. + # This file lists all contributors to the repository. + # See scripts/generate-contributors.sh to make modifications. + EOF + # editorconfig-checker-enable + + echo + + # shellcheck disable=2312 + git log --format='%aN <%aE>' | LC_ALL=C.UTF-8 sort -uf + +} >"${OUT}/CONTRIBUTORS" +cat "${OUT}/CONTRIBUTORS" diff --git a/trivy-license.yaml b/trivy-license.yaml new file mode 100644 index 0000000..3033a02 --- /dev/null +++ b/trivy-license.yaml @@ -0,0 +1,201 @@ +--- +# This is a "full copy" file. Any manual changes will be overwritten in the next +# sync. If you want to make changes to this file, open a PR against the upstream +# file. Changes will be reflected in ALL repositories during the next sync. + +cache: + backend: fs + clear: false +db: + download-java-only: false + download-only: false + java-repository: ghcr.io/aquasecurity/trivy-java-db + java-skip-update: false + light: false + no-progress: false + repository: ghcr.io/aquasecurity/trivy-db + skip-update: false +# debug: false +dependency-tree: true +exit-code: 0 +format: table +ignore-policy: "" +ignorefile: .trivyignore +include-dev-deps: false +insecure: false +license: + confidencelevel: "0.9" + forbidden: + - AGPL-1.0 + - AGPL-3.0 + - CC-BY-NC-1.0 + - CC-BY-NC-2.0 + - CC-BY-NC-2.5 + - CC-BY-NC-3.0 + - CC-BY-NC-4.0 + - CC-BY-NC-ND-1.0 + - CC-BY-NC-ND-2.0 + - CC-BY-NC-ND-2.5 + - CC-BY-NC-ND-3.0 + - CC-BY-NC-ND-4.0 + - CC-BY-NC-SA-1.0 + - CC-BY-NC-SA-2.0 + - CC-BY-NC-SA-2.5 + - CC-BY-NC-SA-3.0 + - CC-BY-NC-SA-4.0 + - Commons-Clause + - Facebook-2-Clause + - Facebook-3-Clause + - Facebook-Examples + full: true + ignored: [] + notice: + - AFL-1.1 + - AFL-1.2 + - AFL-2.0 + - AFL-2.1 + - AFL-3.0 + - Apache-1.0 + - Apache-1.1 + - Apache-2.0 + - Artistic-1.0-cl8 + - Artistic-1.0-Perl + - Artistic-1.0 + - Artistic-2.0 + - BSL-1.0 + - BSD-2-Clause-FreeBSD + - BSD-2-Clause-NetBSD + - BSD-2-Clause + - BSD-3-Clause-Attribution + - BSD-3-Clause-Clear + - BSD-3-Clause-LBNL + - BSD-3-Clause + - BSD-4-Clause + - BSD-4-Clause-UC + - BSD-Protection + - CC-BY-1.0 + - CC-BY-2.0 + - CC-BY-2.5 + - CC-BY-3.0 + - CC-BY-4.0 + - FTL + - ISC + - ImageMagick + - Libpng + - Lil-1.0 + - Linux-OpenIB + - LPL-1.02 + - LPL-1.0 + - MS-PL + - MIT + - NCSA + - OpenSSL + - PHP-3.01 + - PHP-3.0 + - PIL + - Python-2.0 + - Python-2.0-complete + - PostgreSQL + - SGI-B-1.0 + - SGI-B-1.1 + - SGI-B-2.0 + - Unicode-DFS-2015 + - Unicode-DFS-2016 + - Unicode-TOU + - UPL-1.0 + - W3C-19980720 + - W3C-20150513 + - W3C + - X11 + - Xnet + - Zend-2.0 + - zlib-acknowledgement + - Zlib + - ZPL-1.1 + - ZPL-2.0 + - ZPL-2.1 + permissive: + - WTFPL + reciprocal: + - APSL-1.0 + - APSL-1.1 + - APSL-1.2 + - APSL-2.0 + - CDDL-1.0 + - CDDL-1.1 + - CPL-1.0 + - EPL-1.0 + - EPL-2.0 + - FreeImage + - IPL-1.0 + - MPL-1.0 + - MPL-1.1 + - MPL-2.0 + - Ruby + restricted: + - BCL + - CC-BY-ND-1.0 + - CC-BY-ND-2.0 + - CC-BY-ND-2.5 + - CC-BY-ND-3.0 + - CC-BY-ND-4.0 + - CC-BY-SA-1.0 + - CC-BY-SA-2.0 + - CC-BY-SA-2.5 + - CC-BY-SA-3.0 + - CC-BY-SA-4.0 + - GPL-1.0 + - GPL-2.0 + - GPL-2.0-with-autoconf-exception + - GPL-2.0-with-bison-exception + - GPL-2.0-with-classpath-exception + - GPL-2.0-with-font-exception + - GPL-2.0-with-GCC-exception + - GPL-3.0 + - GPL-3.0-with-autoconf-exception + - GPL-3.0-with-GCC-exception + - LGPL-2.0 + - LGPL-2.1 + - LGPL-3.0 + - NPL-1.0 + - NPL-1.1 + - OSL-1.0 + - OSL-1.1 + - OSL-2.0 + - OSL-2.1 + - OSL-3.0 + - QPL-1.0 + - Sleepycat + unencumbered: + - 0BSD + - CC0-1.0 + - Unlicense +list-all-pkgs: true +misconfiguration: + include-non-failures: false + policy-bundle-repository: ghcr.io/aquasecurity/defsec:0 + reset-policy-bundle: false +output: "" +quiet: true +report: all +reset: false +scan: + compliance: "" + file-patterns: [] + offline: false + rekor-url: https://rekor.sigstore.dev + sbom-sources: [] + scanners: + - license + skip-dirs: [] + skip-files: [] + slow: false +secret: + config: trivy-secret.yaml +severity: + # - UNKNOWN + # - LOW + # - MEDIUM + - HIGH + - CRITICAL +timeout: 5m0s diff --git a/trivy-vuln.yaml b/trivy-vuln.yaml new file mode 100644 index 0000000..24068e1 --- /dev/null +++ b/trivy-vuln.yaml @@ -0,0 +1,62 @@ +--- +# This is a "full copy" file. Any manual changes will be overwritten in the next +# sync. If you want to make changes to this file, open a PR against the upstream +# file. Changes will be reflected in ALL repositories during the next sync. + +cache: + backend: fs + clear: false +db: + download-java-only: false + download-only: false + java-repository: ghcr.io/aquasecurity/trivy-java-db + java-skip-update: false + light: false + no-progress: false + repository: ghcr.io/aquasecurity/trivy-db + skip-update: false +# debug: false +dependency-tree: true +exit-code: 1 +format: table +ignore-policy: "" +ignorefile: .trivyignore +include-dev-deps: false +insecure: false +list-all-pkgs: true +misconfiguration: + include-non-failures: false + policy-bundle-repository: ghcr.io/aquasecurity/defsec:0 + reset-policy-bundle: false +output: "" +quiet: true +report: all +reset: false +scan: + compliance: "" + file-patterns: [] + offline: false + rekor-url: https://rekor.sigstore.dev + sbom-sources: [] + scanners: + - vuln + - config + - secret + skip-dirs: [] + skip-files: [] + slow: false +secret: + config: trivy-secret.yaml +severity: + - UNKNOWN + - LOW + - MEDIUM + - HIGH + - CRITICAL +timeout: 5m0s +vulnerability: + ignore-status: [] + ignore-unfixed: true + type: + - os + - library