From 1873e33d14fad73a672888c870cded4b04d994b8 Mon Sep 17 00:00:00 2001 From: Eli Schleifer Date: Fri, 22 Sep 2023 12:13:20 -0700 Subject: [PATCH 1/2] Introduce trunk check as metalinter --- .trunk/.gitignore | 8 +++ .trunk/configs/.hadolint.yaml | 4 ++ .trunk/configs/.isort.cfg | 2 + .trunk/configs/.markdownlint.yaml | 10 ++++ .trunk/configs/.rustfmt.toml | 1 + .trunk/configs/.shellcheckrc | 7 +++ .trunk/configs/.yamllint.yaml | 10 ++++ .trunk/configs/analyzers.yml | 91 +++++++++++++++++++++++++++++++ .trunk/configs/ruff.toml | 5 ++ .trunk/trunk.yaml | 56 +++++++++++++++++++ 10 files changed, 194 insertions(+) create mode 100644 .trunk/.gitignore create mode 100644 .trunk/configs/.hadolint.yaml create mode 100644 .trunk/configs/.isort.cfg create mode 100644 .trunk/configs/.markdownlint.yaml create mode 100644 .trunk/configs/.rustfmt.toml create mode 100644 .trunk/configs/.shellcheckrc create mode 100644 .trunk/configs/.yamllint.yaml create mode 100644 .trunk/configs/analyzers.yml create mode 100644 .trunk/configs/ruff.toml create mode 100644 .trunk/trunk.yaml diff --git a/.trunk/.gitignore b/.trunk/.gitignore new file mode 100644 index 000000000..1e2465290 --- /dev/null +++ b/.trunk/.gitignore @@ -0,0 +1,8 @@ +*out +*logs +*actions +*notifications +*tools +plugins +user_trunk.yaml +user.yaml diff --git a/.trunk/configs/.hadolint.yaml b/.trunk/configs/.hadolint.yaml new file mode 100644 index 000000000..98bf0cd2e --- /dev/null +++ b/.trunk/configs/.hadolint.yaml @@ -0,0 +1,4 @@ +# Following source doesn't work in most setups +ignored: + - SC1090 + - SC1091 diff --git a/.trunk/configs/.isort.cfg b/.trunk/configs/.isort.cfg new file mode 100644 index 000000000..b9fb3f3e8 --- /dev/null +++ b/.trunk/configs/.isort.cfg @@ -0,0 +1,2 @@ +[settings] +profile=black diff --git a/.trunk/configs/.markdownlint.yaml b/.trunk/configs/.markdownlint.yaml new file mode 100644 index 000000000..fb940393d --- /dev/null +++ b/.trunk/configs/.markdownlint.yaml @@ -0,0 +1,10 @@ +# Autoformatter friendly markdownlint config (all formatting rules disabled) +default: true +blank_lines: false +bullet: false +html: false +indentation: false +line_length: false +spaces: false +url: false +whitespace: false diff --git a/.trunk/configs/.rustfmt.toml b/.trunk/configs/.rustfmt.toml new file mode 100644 index 000000000..3a26366d4 --- /dev/null +++ b/.trunk/configs/.rustfmt.toml @@ -0,0 +1 @@ +edition = "2021" diff --git a/.trunk/configs/.shellcheckrc b/.trunk/configs/.shellcheckrc new file mode 100644 index 000000000..8c7b1ada8 --- /dev/null +++ b/.trunk/configs/.shellcheckrc @@ -0,0 +1,7 @@ +enable=all +source-path=SCRIPTDIR +disable=SC2154 + +# If you're having issues with shellcheck following source, disable the errors via: +# disable=SC1090 +# disable=SC1091 diff --git a/.trunk/configs/.yamllint.yaml b/.trunk/configs/.yamllint.yaml new file mode 100644 index 000000000..4d444662d --- /dev/null +++ b/.trunk/configs/.yamllint.yaml @@ -0,0 +1,10 @@ +rules: + quoted-strings: + required: only-when-needed + extra-allowed: ["{|}"] + empty-values: + forbid-in-block-mappings: true + forbid-in-flow-mappings: true + key-duplicates: {} + octal-values: + forbid-implicit-octal: true diff --git a/.trunk/configs/analyzers.yml b/.trunk/configs/analyzers.yml new file mode 100644 index 000000000..0155084fe --- /dev/null +++ b/.trunk/configs/analyzers.yml @@ -0,0 +1,91 @@ +# Copyright 2021 Praetorian Security, Inc. + +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an AS IS BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# GoKart analyzers configuration + +# Uncomment analyzers section below to create a new vulnerability type + +# analyzers: +# # Each entry specifies a vulnerability type. + +# # Name of the vulnerability: +# Test Sink: +# # Description of this vulnerability +# doc: Writing data to Printf() +# # Message displayed when this vulnerability is found +# message: Test Sink reachable by user input +# # List of vulnerable functions used to identify this vulnerability +# vuln_calls: +# # Package name +# log: +# # Function name +# - Printf + +# Each entry specifies a source that should be considered untrusted +# If the package already exists in the sources section, add the variable/function/type underneath +# Each package can contain multiple vulnerable sources. +sources: + # Sources that are defined in Go documentation as a variable go here (note: these variables will have an SSA type of Global). + variables: + os: + - Args + # Sources that are defined in Go documentation as a function go here. + functions: + flag: + - Arg + - Args + os: + - Environ + - File + crypto/tls: + - LoadX509KeyPair + - X509KeyPair + os/user: + - Lookup + - LookupId + - Current + crypto/x509: + - Subjects + io: + - ReadAtLeast + - ReadFull + database/sql: + - Query + - QueryRow + bytes: + - String + - ReadBytes + - ReadByte + bufio: + - Text + - Bytes + - ReadString + - ReadSlice + - ReadRune + - ReadLine + - ReadBytes + - ReadByte + archive/tar: + - Next + - FileInfo + - Header + net/url: + - ParseQuery + - ParseUriRequest + - Parse + - Query + # Sources that are defined in Go documentation as a type go here (note: adding types will consider all functions that use that type to be tainted). + types: + net/http: + - Request diff --git a/.trunk/configs/ruff.toml b/.trunk/configs/ruff.toml new file mode 100644 index 000000000..346b1d9aa --- /dev/null +++ b/.trunk/configs/ruff.toml @@ -0,0 +1,5 @@ +# Generic, formatter-friendly config. +select = ["B", "D3", "D4", "E", "F"] + +# Never enforce `E501` (line length violations). This should be handled by formatters. +ignore = ["E501"] diff --git a/.trunk/trunk.yaml b/.trunk/trunk.yaml new file mode 100644 index 000000000..de7e715ec --- /dev/null +++ b/.trunk/trunk.yaml @@ -0,0 +1,56 @@ +# This file controls the behavior of Trunk: https://docs.trunk.io/cli +# To learn more about the format of this file, see https://docs.trunk.io/reference/trunk-yaml +version: 0.1 +cli: + version: 1.16.0 +plugins: + sources: + - id: trunk + ref: v1.2.3 + uri: https://github.com/trunk-io/plugins +runtimes: + enabled: + - go@1.21.0 + - java@13.0.11 + - node@18.12.1 + - python@3.10.8 + - rust@1.72.0 +lint: + enabled: + - actionlint@1.6.25 + - bandit@1.7.5 + - black@23.9.1 + - checkov@2.4.9 + - clippy@1.72.0 + - dotenv-linter@3.3.0 + - git-diff-check + - gofmt@1.20.4 + - gokart@0.5.1 + - golangci-lint@1.54.2 + - hadolint@2.12.0 + - isort@5.12.0 + - ktlint@1.0.0 + - markdownlint@0.37.0 + - osv-scanner@1.4.0 + - oxipng@8.0.0 + - prettier@3.0.3 + - ruff@0.0.290 + - rustfmt@1.72.0 + - shellcheck@0.9.0 + - shfmt@3.6.0 + - taplo@0.8.1 + - terrascan@1.18.3 + - trivy@0.45.1 + - trufflehog@3.56.1 + - yamllint@1.32.0 + ignore: + - linters: [clippy, rustfmt] + paths: + # do not reun + - rust/src/lib.rs +actions: + enabled: + - trunk-announce + - trunk-check-pre-push + - trunk-fmt-pre-commit + - trunk-upgrade-available From 52e4e49ab13ff99a58b015751774b9aee8c719ec Mon Sep 17 00:00:00 2001 From: Eli Schleifer Date: Fri, 22 Sep 2023 12:15:52 -0700 Subject: [PATCH 2/2] --- .trunk/trunk.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.trunk/trunk.yaml b/.trunk/trunk.yaml index de7e715ec..057961497 100644 --- a/.trunk/trunk.yaml +++ b/.trunk/trunk.yaml @@ -48,6 +48,9 @@ lint: paths: # do not reun - rust/src/lib.rs + - linters: [ALL] + paths: + - go/internal/openapi/** actions: enabled: - trunk-announce