From 53b2d2a2184e759feee7a8afd1d0472ed98fe50a Mon Sep 17 00:00:00 2001 From: Robert David Hernandez Date: Mon, 24 Oct 2022 14:22:02 -0500 Subject: [PATCH] Feature/megalinter (#23) * add contributing.md, works across many linters now * needs a python file to run python linters * remove unused code Co-authored-by: Robert David Hernandez --- .mega-linter.yml | 46 +- .pylintrc | 565 ++++++++++++++++++ CONTRIBUTING.md | 92 +++ config/megalinter/.arm-ttk.psd1 | 32 + config/megalinter/.checkov.yml | 4 + config/megalinter/.cspell.json | 11 +- config/megalinter/.ecrc | 18 + config/megalinter/.eslintrc-json.json | 34 ++ config/megalinter/.flake8 | 3 + config/megalinter/.gitleaks.toml | 20 + config/megalinter/.hadolint | 21 + config/megalinter/.isort.cfg | 8 + config/megalinter/.jscpd.json | 16 + config/megalinter/.jsonlintrc | 4 + config/megalinter/.markdown-link-check.json | 21 +- config/megalinter/.markdownlint.json | 7 + config/megalinter/.mypy.ini | 4 + .../.powershell-psscriptanalyzer.psd1 | 17 + config/megalinter/.prettierrc.json | 6 + config/megalinter/.pylintrc | 565 ++++++++++++++++++ config/megalinter/.secretlintrc.json | 7 + config/megalinter/.syft.yaml | 198 ++++++ config/megalinter/.v8rrc | 51 ++ config/megalinter/.yamllint.yml | 17 + config/megalinter/actionlint.yml | 7 + config/megalinter/bicepconfig.json | 87 +++ config/megalinter/pyproject.toml | 13 + config/megalinter/pyrightconfig.json | 50 ++ framework/python/main.py | 1 + 29 files changed, 1901 insertions(+), 24 deletions(-) create mode 100644 .pylintrc create mode 100644 CONTRIBUTING.md create mode 100644 config/megalinter/.arm-ttk.psd1 create mode 100644 config/megalinter/.checkov.yml create mode 100644 config/megalinter/.ecrc create mode 100644 config/megalinter/.eslintrc-json.json create mode 100644 config/megalinter/.flake8 create mode 100644 config/megalinter/.gitleaks.toml create mode 100644 config/megalinter/.hadolint create mode 100644 config/megalinter/.isort.cfg create mode 100644 config/megalinter/.jscpd.json create mode 100644 config/megalinter/.jsonlintrc create mode 100644 config/megalinter/.markdownlint.json create mode 100644 config/megalinter/.mypy.ini create mode 100644 config/megalinter/.powershell-psscriptanalyzer.psd1 create mode 100644 config/megalinter/.prettierrc.json create mode 100644 config/megalinter/.pylintrc create mode 100644 config/megalinter/.secretlintrc.json create mode 100644 config/megalinter/.syft.yaml create mode 100644 config/megalinter/.v8rrc create mode 100644 config/megalinter/.yamllint.yml create mode 100644 config/megalinter/actionlint.yml create mode 100644 config/megalinter/bicepconfig.json create mode 100644 config/megalinter/pyproject.toml create mode 100644 config/megalinter/pyrightconfig.json create mode 100644 framework/python/main.py diff --git a/.mega-linter.yml b/.mega-linter.yml index 8e7a0c0..36144ae 100644 --- a/.mega-linter.yml +++ b/.mega-linter.yml @@ -2,18 +2,50 @@ # See all available variables at https://oxsecurity.github.io/megalinter/configuration/ and in linters documentation APPLY_FIXES: all # all, none, or list of linter keys -# ENABLE: # If you use ENABLE variable, all other languages/formats/tooling-formats will be disabled by default -# ENABLE_LINTERS: # If you use ENABLE_LINTERS variable, all other linters will be disabled by default # DISABLE: - # - COPYPASTE # Uncomment to disable checks of excessive copy-pastes - # - SPELL # Uncomment to disable checks of spelling mistakes +# - COPYPASTE # Uncomment to disable checks of excessive copy-pastes +# - SPELL # Uncomment to disable checks of spelling mistakes +DISABLE_LINTERS: + - PYTHON_PYRIGHT + - PYTHON_MYPY SHOW_ELAPSED_TIME: true FILEIO_REPORTER: false # DISABLE_ERRORS: true # Uncomment if you want MegaLinter to detect errors but not block CI to pass FILTER_REGEX_EXCLUDE: '(\./node_modules)' -EXCLUDED_DIRECTORIES: - ['node_modules', '.git'] +EXCLUDED_DIRECTORIES: ["node_modules", ".git"] PRINT_ALPACA: false EMAIL_REPORTER: false DISABLE_ERRORS_LINTERS: - - REPOSITORY_DEVSKIM \ No newline at end of file + - REPOSITORY_DEVSKIM + # - PYTHON_BANDIT # consider disabling? disabled for the megalinter project itself +PARALLEL: true +IGNORE_GITIGNORED_FILES: true +GITHUB_STATUS_REPORTER: true +MARKDOWN_DEFAULT_STYLE: markdownlint +VALIDATE_ALL_CODEBASE: true # Will parse the entire repository and find all files to validate across all types. NOTE: When set to false, only new or edited files will be parsed for validation. +SHOW_SKIPPED_LINTERS: true +PRINT_ALL_FILES: true +PYTHON_PYLINT_CONFIG_FILE: /config/megalinter/.pylintrc +SPELL_CSPELL_CONFIG_FILE: /config/megalinter/.cspell.json +MARKDOWN_MARKDOWN_LINK_CHECK_CONFIG_FILE: /config/megalinter/.markdown-link-check.json +COPYPASTE_JSCPD_CONFIG_FILE: /config/megalinter/.jscpd.json +DOCKERFILE_HADOLINT_CONFIG_FILE: /config/megalinter/.hadolint +EDITORCONFIG_EDITORCONFIG_CHECKER_CONFIG_FILE: /config/megalinter/.ecrc +JSON_JSONLINT_CONFIG_FILE: /config/megalinter/.jsonlintrc +JAVASCRIPT_PRETTIER_CONFIG_FILE: /config/megalinter/.prettierrc.json +MARKDOWN_MARKDOWNLINT_CONFIG_FILE: /config/megalinter/.markdownlint.json +POWERSHELL_POWERSHELL_CONFIG_FILE: /config/megalinter/.powershell-psscriptanalyzer.psd1 +# BICEP_BICEP_LINTER doesn't source a file from a specific path, but a relative path to where a bicep file is invoked.. +# YAML_V8R: .v8rrc # this file needs to be in the root directory, v8r doesn't provide a config file path param, perhaps create PR again v8r? +REPOSITORY_SECRETLINT_CONFIG_FILE: /config/megalinter/.secretlintrc.json +REPOSITORY_SYFT_CONFIG_FILE: /config/megalinter/.syft.yaml +JSON_ESLINT_PLUGIN_JSONC_CONFIG_FILE: /config/megalinter/.eslintrc-json.json +ARM_ARM_TTK_CONFIG_FILE: /config/megalinter/.arm-ttk.psd1 +ACTION_ACTIONLINT_CONFIG_FILE: /config/megalinter/actionlint.yml +REPOSITORY_CHECKOV_CONFIG_FILE: /config/megalinter/.checkov.yml +# PYTHON_PYRIGHT_CONFIG_FILE: /config/megalinter/pyrightconfig.json # DISABLED +PYTHON_MYPY_CONFIG_FILE: /config/megalinter/.mypy.ini +PYTHON_FLAKE8_CONFIG_FILE: /config/megalinter/.flake8 +PYTHON_BLACK_CONFIG_FILE: /config/megalinter/pyproject.toml +PYTHON_BANDIT_CONFIG_FILE: /config/megalinter/.bandit.yml +REPOSITORY_GITLEAKS_CONFIG_FILE: /config/megalinter/.gitleaks.toml \ No newline at end of file diff --git a/.pylintrc b/.pylintrc new file mode 100644 index 0000000..8314c21 --- /dev/null +++ b/.pylintrc @@ -0,0 +1,565 @@ +[MAIN] + +# Specify a configuration file. +#rcfile= + +# Python code to execute, usually for sys.path manipulation such as +# pygtk.require(). +#init-hook= + +# Files or directories to be skipped. They should be base names, not +# paths. +ignore=CVS + +# Add files or directories matching the regex patterns to the ignore-list. The +# regex matches against paths and can be in Posix or Windows format. +ignore-paths= + +# Files or directories matching the regex patterns are skipped. The regex +# matches against base names, not paths. +ignore-patterns=^\.# + +# Pickle collected data for later comparisons. +persistent=yes + +# List of plugins (as comma separated values of python modules names) to load, +# usually to register additional checkers. +load-plugins= + pylint.extensions.check_elif, + pylint.extensions.bad_builtin, + pylint.extensions.docparams, + pylint.extensions.for_any_all, + pylint.extensions.set_membership, + pylint.extensions.code_style, + pylint.extensions.overlapping_exceptions, + pylint.extensions.typing, + pylint.extensions.redefined_variable_type, + pylint.extensions.comparison_placement, + +# Use multiple processes to speed up Pylint. Specifying 0 will auto-detect the +# number of processors available to use. +jobs=1 + +# When enabled, pylint would attempt to guess common misconfiguration and emit +# user-friendly hints instead of false-positive error messages. +suggestion-mode=yes + +# Allow loading of arbitrary C extensions. Extensions are imported into the +# active Python interpreter and may run arbitrary code. +unsafe-load-any-extension=no + +# A comma-separated list of package or module names from where C extensions may +# be loaded. Extensions are loading into the active Python interpreter and may +# run arbitrary code +extension-pkg-allow-list= + +# Minimum supported python version +py-version = 3.7.2 + +# Control the amount of potential inferred values when inferring a single +# object. This can help the performance when dealing with large functions or +# complex, nested conditions. +limit-inference-results=100 + +# Specify a score threshold to be exceeded before program exits with error. +fail-under=10.0 + +# Return non-zero exit code if any of these messages/categories are detected, +# even if score is above --fail-under value. Syntax same as enable. Messages +# specified are enabled, while categories only check already-enabled messages. +fail-on= + + +[MESSAGES CONTROL] + +# Only show warnings with the listed confidence levels. Leave empty to show +# all. Valid levels: HIGH, INFERENCE, INFERENCE_FAILURE, UNDEFINED +# confidence= + +# Enable the message, report, category or checker with the given id(s). You can +# either give multiple identifier separated by comma (,) or put this option +# multiple time (only on the command line, not in the configuration file where +# it should appear only once). See also the "--disable" option for examples. +enable= + use-symbolic-message-instead, + useless-suppression, + +# Disable the message, report, category or checker with the given id(s). You +# can either give multiple identifiers separated by comma (,) or put this +# option multiple times (only on the command line, not in the configuration +# file where it should appear only once).You can also use "--disable=all" to +# disable everything first and then re-enable specific checks. For example, if +# you want to run only the similarities checker, you can use "--disable=all +# --enable=similarities". If you want to run only the classes checker, but have +# no Warning level messages displayed, use"--disable=all --enable=classes +# --disable=W" + +disable= + attribute-defined-outside-init, + invalid-name, + missing-docstring, + protected-access, + too-few-public-methods, + # handled by black + format, + # We anticipate #3512 where it will become optional + fixme, + cyclic-import, + + +[REPORTS] + +# Set the output format. Available formats are text, parseable, colorized, msvs +# (visual studio) and html. You can also give a reporter class, eg +# mypackage.mymodule.MyReporterClass. +output-format=text + +# Tells whether to display a full report or only the messages +reports=no + +# Python expression which should return a note less than 10 (10 is the highest +# note). You have access to the variables 'fatal', 'error', 'warning', 'refactor', 'convention' +# and 'info', which contain the number of messages in each category, as +# well as 'statement', which is the total number of statements analyzed. This +# score is used by the global evaluation report (RP0004). +evaluation=max(0, 0 if fatal else 10.0 - ((float(5 * error + warning + refactor + convention) / statement) * 10)) + +# Template used to display messages. This is a python new-style format string +# used to format the message information. See doc for all details +#msg-template= + +# Activate the evaluation score. +score=yes + + +[LOGGING] + +# Logging modules to check that the string format arguments are in logging +# function parameter format +logging-modules=logging + +# The type of string formatting that logging methods do. `old` means using % +# formatting, `new` is for `{}` formatting. +logging-format-style=old + + +[MISCELLANEOUS] + +# List of note tags to take in consideration, separated by a comma. +notes=FIXME,XXX,TODO + +# Regular expression of note tags to take in consideration. +#notes-rgx= + + +[SIMILARITIES] + +# Minimum lines number of a similarity. +min-similarity-lines=6 + +# Ignore comments when computing similarities. +ignore-comments=yes + +# Ignore docstrings when computing similarities. +ignore-docstrings=yes + +# Ignore imports when computing similarities. +ignore-imports=yes + +# Signatures are removed from the similarity computation +ignore-signatures=yes + + +[VARIABLES] + +# Tells whether we should check for unused import in __init__ files. +init-import=no + +# A regular expression matching the name of dummy variables (i.e. expectedly +# not used). +dummy-variables-rgx=_$|dummy + +# List of additional names supposed to be defined in builtins. Remember that +# you should avoid defining new builtins when possible. +additional-builtins= + +# List of strings which can identify a callback function by name. A callback +# name must start or end with one of those strings. +callbacks=cb_,_cb + +# Tells whether unused global variables should be treated as a violation. +allow-global-unused-variables=yes + +# List of names allowed to shadow builtins +allowed-redefined-builtins= + +# Argument names that match this expression will be ignored. Default to name +# with leading underscore. +ignored-argument-names=_.* + +# List of qualified module names which can have objects that can redefine +# builtins. +redefining-builtins-modules=six.moves,past.builtins,future.builtins,builtins,io + + +[FORMAT] + +# Maximum number of characters on a single line. +max-line-length=100 + +# Regexp for a line that is allowed to be longer than the limit. +ignore-long-lines=^\s*(# )??$ + +# Allow the body of an if to be on the same line as the test if there is no +# else. +single-line-if-stmt=no + +# Allow the body of a class to be on the same line as the declaration if body +# contains single statement. +single-line-class-stmt=no + +# Maximum number of lines in a module +max-module-lines=2000 + +# String used as indentation unit. This is usually " " (4 spaces) or "\t" (1 +# tab). +indent-string=' ' + +# Number of spaces of indent required inside a hanging or continued line. +indent-after-paren=4 + +# Expected format of line ending, e.g. empty (any line ending), LF or CRLF. +expected-line-ending-format= + + +[BASIC] + +# Good variable names which should always be accepted, separated by a comma +good-names=i,j,k,ex,Run,_ + +# Good variable names regexes, separated by a comma. If names match any regex, +# they will always be accepted +good-names-rgxs= + +# Bad variable names which should always be refused, separated by a comma +bad-names=foo,bar,baz,toto,tutu,tata + +# Bad variable names regexes, separated by a comma. If names match any regex, +# they will always be refused +bad-names-rgxs= + +# Colon-delimited sets of names that determine each other's naming style when +# the name regexes allow several styles. +name-group= + +# Include a hint for the correct naming format with invalid-name +include-naming-hint=no + +# Naming style matching correct function names. +function-naming-style=snake_case + +# Regular expression matching correct function names +function-rgx=[a-z_][a-z0-9_]{2,30}$ + +# Naming style matching correct variable names. +variable-naming-style=snake_case + +# Regular expression matching correct variable names +variable-rgx=[a-z_][a-z0-9_]{2,30}$ + +# Naming style matching correct constant names. +const-naming-style=UPPER_CASE + +# Regular expression matching correct constant names +const-rgx=(([A-Z_][A-Z0-9_]*)|(__.*__))$ + +# Naming style matching correct attribute names. +attr-naming-style=snake_case + +# Regular expression matching correct attribute names +attr-rgx=[a-z_][a-z0-9_]{2,}$ + +# Naming style matching correct argument names. +argument-naming-style=snake_case + +# Regular expression matching correct argument names +argument-rgx=[a-z_][a-z0-9_]{2,30}$ + +# Naming style matching correct class attribute names. +class-attribute-naming-style=any + +# Regular expression matching correct class attribute names +class-attribute-rgx=([A-Za-z_][A-Za-z0-9_]{2,30}|(__.*__))$ + +# Naming style matching correct class constant names. +class-const-naming-style=UPPER_CASE + +# Regular expression matching correct class constant names. Overrides class- +# const-naming-style. +#class-const-rgx= + +# Naming style matching correct inline iteration names. +inlinevar-naming-style=any + +# Regular expression matching correct inline iteration names +inlinevar-rgx=[A-Za-z_][A-Za-z0-9_]*$ + +# Naming style matching correct class names. +class-naming-style=PascalCase + +# Regular expression matching correct class names +class-rgx=[A-Z_][a-zA-Z0-9]+$ + + +# Naming style matching correct module names. +module-naming-style=snake_case + +# Regular expression matching correct module names +module-rgx=(([a-z_][a-z0-9_]*)|([A-Z][a-zA-Z0-9]+))$ + + +# Naming style matching correct method names. +method-naming-style=snake_case + +# Regular expression matching correct method names +method-rgx=[a-z_][a-z0-9_]{2,}$ + +# Regular expression which can overwrite the naming style set by typevar-naming-style. +#typevar-rgx= + +# Regular expression which should only match function or class names that do +# not require a docstring. Use ^(?!__init__$)_ to also check __init__. +no-docstring-rgx=__.*__ + +# Minimum line length for functions/classes that require docstrings, shorter +# ones are exempt. +docstring-min-length=-1 + +# List of decorators that define properties, such as abc.abstractproperty. +property-classes=abc.abstractproperty + + +[TYPECHECK] + +# Regex pattern to define which classes are considered mixins if ignore-mixin- +# members is set to 'yes' +mixin-class-rgx=.*MixIn + +# List of module names for which member attributes should not be checked +# (useful for modules/projects where namespaces are manipulated during runtime +# and thus existing member attributes cannot be deduced by static analysis). It +# supports qualified module names, as well as Unix pattern matching. +ignored-modules= + +# List of class names for which member attributes should not be checked (useful +# for classes with dynamically set attributes). This supports the use of +# qualified names. +ignored-classes=SQLObject, optparse.Values, thread._local, _thread._local + +# List of members which are set dynamically and missed by pylint inference +# system, and so shouldn't trigger E1101 when accessed. Python regular +# expressions are accepted. +generated-members=REQUEST,acl_users,aq_parent,argparse.Namespace + +# List of decorators that create context managers from functions, such as +# contextlib.contextmanager. +contextmanager-decorators=contextlib.contextmanager + +# Tells whether to warn about missing members when the owner of the attribute +# is inferred to be None. +ignore-none=yes + +# This flag controls whether pylint should warn about no-member and similar +# checks whenever an opaque object is returned when inferring. The inference +# can return multiple potential results while evaluating a Python object, but +# some branches might not be evaluated, which results in partial inference. In +# that case, it might be useful to still emit no-member and other checks for +# the rest of the inferred objects. +ignore-on-opaque-inference=yes + +# Show a hint with possible names when a member name was not found. The aspect +# of finding the hint is based on edit distance. +missing-member-hint=yes + +# The minimum edit distance a name should have in order to be considered a +# similar match for a missing member name. +missing-member-hint-distance=1 + +# The total number of similar names that should be taken in consideration when +# showing a hint for a missing member. +missing-member-max-choices=1 + +[SPELLING] + +# Spelling dictionary name. Available dictionaries: none. To make it working +# install python-enchant package. +spelling-dict= + +# List of comma separated words that should not be checked. +spelling-ignore-words= + +# List of comma separated words that should be considered directives if they +# appear and the beginning of a comment and should not be checked. +spelling-ignore-comment-directives=fmt: on,fmt: off,noqa:,noqa,nosec,isort:skip,mypy:,pragma:,# noinspection + +# A path to a file that contains private dictionary; one word per line. +spelling-private-dict-file=.pyenchant_pylint_custom_dict.txt + +# Tells whether to store unknown words to indicated private dictionary in +# --spelling-private-dict-file option instead of raising a message. +spelling-store-unknown-words=no + +# Limits count of emitted suggestions for spelling mistakes. +max-spelling-suggestions=2 + + +[DESIGN] + +# Maximum number of arguments for function / method +max-args=10 + +# Maximum number of locals for function / method body +max-locals=25 + +# Maximum number of return / yield for function / method body +max-returns=11 + +# Maximum number of branch for function / method body +max-branches=27 + +# Maximum number of statements in function / method body +max-statements=100 + +# Maximum number of parents for a class (see R0901). +max-parents=7 + +# List of qualified class names to ignore when counting class parents (see R0901). +ignored-parents= + +# Maximum number of attributes for a class (see R0902). +max-attributes=11 + +# Minimum number of public methods for a class (see R0903). +min-public-methods=2 + +# Maximum number of public methods for a class (see R0904). +max-public-methods=25 + +# Maximum number of boolean expressions in an if statement (see R0916). +max-bool-expr=5 + +# List of regular expressions of class ancestor names to +# ignore when counting public methods (see R0903). +exclude-too-few-public-methods= + +[CLASSES] + +# List of method names used to declare (i.e. assign) instance attributes. +defining-attr-methods=__init__,__new__,setUp,__post_init__ + +# List of valid names for the first argument in a class method. +valid-classmethod-first-arg=cls + +# List of valid names for the first argument in a metaclass class method. +valid-metaclass-classmethod-first-arg=mcs + +# List of member names, which should be excluded from the protected access +# warning. +exclude-protected=_asdict,_fields,_replace,_source,_make + +# Warn about protected attribute access inside special methods +check-protected-access-in-special-methods=no + +[IMPORTS] + +# List of modules that can be imported at any level, not just the top level +# one. +allow-any-import-level= + +# Allow wildcard imports from modules that define __all__. +allow-wildcard-with-all=no + +# Analyse import fallback blocks. This can be used to support both Python 2 and +# 3 compatible code, which means that the block might have code that exists +# only in one or another interpreter, leading to false positives when analysed. +analyse-fallback-blocks=no + +# Deprecated modules which should not be used, separated by a comma +deprecated-modules=regsub,TERMIOS,Bastion,rexec + +# Create a graph of every (i.e. internal and external) dependencies in the +# given file (report RP0402 must not be disabled) +import-graph= + +# Create a graph of external dependencies in the given file (report RP0402 must +# not be disabled) +ext-import-graph= + +# Create a graph of internal dependencies in the given file (report RP0402 must +# not be disabled) +int-import-graph= + +# Force import order to recognize a module as part of the standard +# compatibility libraries. +known-standard-library= + +# Force import order to recognize a module as part of a third party library. +known-third-party=enchant + +# Couples of modules and preferred modules, separated by a comma. +preferred-modules= + + +[EXCEPTIONS] + +# Exceptions that will emit a warning when being caught. Defaults to +# "Exception" +overgeneral-exceptions=Exception + + +[TYPING] + +# Set to ``no`` if the app / library does **NOT** need to support runtime +# introspection of type annotations. If you use type annotations +# **exclusively** for type checking of an application, you're probably fine. +# For libraries, evaluate if some users what to access the type hints at +# runtime first, e.g., through ``typing.get_type_hints``. Applies to Python +# versions 3.7 - 3.9 +runtime-typing = no + + +[DEPRECATED_BUILTINS] + +# List of builtins function names that should not be used, separated by a comma +bad-functions=map,input + + +[REFACTORING] + +# Maximum number of nested blocks for function / method body +max-nested-blocks=5 + +# Complete name of functions that never returns. When checking for +# inconsistent-return-statements if a never returning function is called then +# it will be considered as an explicit return statement and no message will be +# printed. +never-returning-functions=sys.exit,argparse.parse_error + + +[STRING] + +# This flag controls whether inconsistent-quotes generates a warning when the +# character used as a quote delimiter is used inconsistently within a module. +check-quote-consistency=no + +# This flag controls whether the implicit-str-concat should generate a warning +# on implicit string concatenation in sequences defined over several lines. +check-str-concat-over-line-jumps=no + + +[CODE_STYLE] + +# Max line length for which to sill emit suggestions. Used to prevent optional +# suggestions which would get split by a code formatter (e.g., black). Will +# default to the setting for ``max-line-length``. +#max-line-length-suggestions= diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..39fc8f7 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,92 @@ +# Running MegaLinter + +1. Install Latest stable/long term service Node Version Manager aka $ nvm + a. Installation instructions: +2. Use NVM to install the latest long term service (LTS) version of node and node package manager (npm) + a. `nvm install --lts` +3. Install Mega-Linter using the provided package.json file + a. `npm install package.json` +4. Run Mega-Linter in the root of the project. The Node package executor $ npx is an included utility with npm + a. `npx mega-linter-runner` + b. Note: Do not provide the runner with a directory path or it may not activate all linters (e.g. `npx mega-linter-runner .`) (possible bug in upstream) + +Expected Results: Mega-Linter should run and report any issues it finds in the project. + + ++----SUMMARY------+--------------------------+---------------+-------+-------+--------+--------------+ + +| Descriptor | Linter | Mode | Files | Fixed | Errors | Elapsed time | + ++-----------------+--------------------------+---------------+-------+-------+--------+--------------+ + +| ✅ ACTION | actionlint | list_of_files | 1 | | 0 | 0.17s | + +| ❌ ARM | arm-ttk | file | 3 | | 3 | 24.3s | + +| ✅ BICEP | bicep_linter | file | 3 | | 0 | 22.08s | + +| ❌ COPYPASTE | jscpd | project | n/a | | 7 | 5.66s | + +| ✅ CSHARP | dotnet-format | file | 22 | 8 | 0 | 122.93s | + +| ✅ DOCKERFILE | hadolint | list_of_files | 1 | | 0 | 0.23s | + +| ❌ EDITORCONFIG | editorconfig-checker | list_of_files | 67 | | 1 | 0.6s | + +| ✅ JSON | eslint-plugin-jsonc | list_of_files | 9 | 1 | 0 | 7.12s | + +| ✅ JSON | jsonlint | list_of_files | 9 | | 0 | 0.48s | + +| ✅ JSON | prettier | list_of_files | 9 | 1 | 0 | 5.2s | + +| ✅ JSON | v8r | list_of_files | 9 | | 0 | 14.13s | + +| ◬ MARKDOWN | markdownlint | list_of_files | 5 | 5 | 2 | 1.98s | + +| ❌ MARKDOWN | markdown-link-check | list_of_files | 5 | | 2 | 32.89s | + +| ✅ MARKDOWN | markdown-table-formatter | list_of_files | 5 | 5 | 0 | 1.39s | + +| ❌ POWERSHELL | powershell | file | 11 | | 9 | 25.6s | + +| ✅ PYTHON | bandit | list_of_files | 1 | | 0 | 1.63s | + +| ✅ PYTHON | black | list_of_files | 1 | 0 | 0 | 1.44s | + +| ✅ PYTHON | flake8 | list_of_files | 1 | | 0 | 0.92s | + +| ✅ PYTHON | isort | list_of_files | 1 | 0 | 0 | 0.7s | + +| ✅ PYTHON | mypy | list_of_files | 1 | | 0 | 8.56s | + +| ✅ PYTHON | pylint | list_of_files | 1 | | 0 | 2.34s | + +| ✅ PYTHON | pyright | list_of_files | 1 | | 0 | 21.49s | + +| ❌ REPOSITORY | checkov | project | n/a | | 7 | 54.1s | + +| ◬ REPOSITORY | devskim | project | n/a | | 1 | 1.5s | + +| ✅ REPOSITORY | dustilock | project | n/a | | 0 | 0.45s | + +| ✅ REPOSITORY | gitleaks | project | n/a | | 0 | 1.44s | + +| ❌ REPOSITORY | git_diff | project | n/a | | 1 | 0.21s | + +| ✅ REPOSITORY | secretlint | project | n/a | | 0 | 2.94s | + +| ✅ REPOSITORY | syft | project | n/a | | 0 | 2.34s | + +| ❌ REPOSITORY | trivy | project | n/a | | 1 | 7.0s | + +| ❌ SPELL | cspell | list_of_files | 67 | | 281 | 6.59s | + +| ✅ SPELL | misspell | list_of_files | 67 | 15 | 0 | 1.8s | + +| ✅ YAML | prettier | list_of_files | 2 | 1 | 0 | 3.02s | + +| ✅ YAML | v8r | list_of_files | 2 | | 0 | 9.04s | + +| ✅ YAML | yamllint | list_of_files | 2 | | 0 | 0.47s | + ++-----------------+--------------------------+---------------+-------+-------+--------+--------------+ diff --git a/config/megalinter/.arm-ttk.psd1 b/config/megalinter/.arm-ttk.psd1 new file mode 100644 index 0000000..3ffb6d9 --- /dev/null +++ b/config/megalinter/.arm-ttk.psd1 @@ -0,0 +1,32 @@ +# Documentation: +# - Test Parameters: https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/test-toolkit#test-parameters +# - Test Cases: https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/test-cases +@{ + # Test = @( + # 'Parameters Property Must Exist', + # 'Parameters Must Be Referenced', + # 'Secure String Parameters Cannot Have Default', + # 'Location Should Not Be Hardcoded', + # 'Resources Should Have Location', + # 'VM Size Should Be A Parameter', + # 'Min And Max Value Are Numbers', + # 'artifacts-parameter', + # 'Variables Must Be Referenced', + # 'Dynamic Variable References Should Not Use Concat', + # 'apiVersions Should Be Recent', + # 'Providers apiVersions Is Not Permitted', + # 'Template Should Not Contain Blanks', + # 'IDs Should Be Derived From ResourceIDs', + # 'ResourceIds should not contain', + # 'DependsOn Must Not Be Conditional', + # 'Deployment Resources Must Not Be Debug', + # 'adminUsername Should Not Be A Literal', + # 'VM Images Should Use Latest Version', + # 'Virtual-Machines-Should-Not-Be-Preview', + # 'ManagedIdentityExtension must not be used', + # 'Outputs Must Not Contain Secrets' + # ) + Skip = @( + 'Resources Should Not Be Ambiguous' + ) +} \ No newline at end of file diff --git a/config/megalinter/.checkov.yml b/config/megalinter/.checkov.yml new file mode 100644 index 0000000..6ed3c7b --- /dev/null +++ b/config/megalinter/.checkov.yml @@ -0,0 +1,4 @@ +# You can see all available properties here: https://github.com/bridgecrewio/checkov#configuration-using-a-config-file +quiet: true +skip-check: + - CKV_DOCKER_2 diff --git a/config/megalinter/.cspell.json b/config/megalinter/.cspell.json index 972e4a0..a46a186 100644 --- a/config/megalinter/.cspell.json +++ b/config/megalinter/.cspell.json @@ -1,13 +1,18 @@ { - "version": 0.1, - "language": "en", "ignorePaths": [ "**/node_modules/**", "**/vscode-extension/**", "**/.git/**", + "**/.pnpm-lock.json", ".vscode", + "megalinter", + "package-lock.json", "report" ], + "language": "en", + "noConfigSearch": true, + "words": ["megalinter", "oxsecurity"], + "version": "0.2", "patterns": [ { "name": "comment-single-line", @@ -31,5 +36,3 @@ "Benchpress" ] } - - diff --git a/config/megalinter/.ecrc b/config/megalinter/.ecrc new file mode 100644 index 0000000..6731b56 --- /dev/null +++ b/config/megalinter/.ecrc @@ -0,0 +1,18 @@ +{ + "Verbose": false, + "Debug": false, + "IgnoreDefaults": false, + "SpacesAftertabs": false, + "NoColor": false, + "Exclude": [], + "AllowedContentTypes": [], + "PassedFiles": [], + "Disable": { + "EndOfLine": false, + "Indentation": false, + "IndentSize": false, + "InsertFinalNewline": false, + "TrimTrailingWhitespace": false, + "MaxLineLength": false + } +} \ No newline at end of file diff --git a/config/megalinter/.eslintrc-json.json b/config/megalinter/.eslintrc-json.json new file mode 100644 index 0000000..d2e7660 --- /dev/null +++ b/config/megalinter/.eslintrc-json.json @@ -0,0 +1,34 @@ +{ + "overrides": [ + { + "files": ["*.json"], + "extends": [ + "plugin:jsonc/recommended-with-jsonc" + ], + "parser": "jsonc-eslint-parser", + "parserOptions": { + "jsonSyntax": "JSONC" + } + }, + { + "files": ["*.jsonc"], + "extends": [ + "plugin:jsonc/recommended-with-jsonc" + ], + "parser": "jsonc-eslint-parser", + "parserOptions": { + "jsonSyntax": "JSONC" + } + }, + { + "files": ["*.json5"], + "extends": [ + "plugin:jsonc/recommended-with-json5" + ], + "parser": "jsonc-eslint-parser", + "parserOptions": { + "jsonSyntax": "JSON5" + } + } + ] +} \ No newline at end of file diff --git a/config/megalinter/.flake8 b/config/megalinter/.flake8 new file mode 100644 index 0000000..e0ea542 --- /dev/null +++ b/config/megalinter/.flake8 @@ -0,0 +1,3 @@ +[flake8] +max-line-length = 88 +extend-ignore = E203 \ No newline at end of file diff --git a/config/megalinter/.gitleaks.toml b/config/megalinter/.gitleaks.toml new file mode 100644 index 0000000..2b1d0cd --- /dev/null +++ b/config/megalinter/.gitleaks.toml @@ -0,0 +1,20 @@ + +title = "gitleaks config" + +[extend] +# useDefault will extend the base configuration with the default gitleaks config: +# https://github.com/zricethezav/gitleaks/blob/master/config/gitleaks.toml +useDefault = true + +[allowlist] + description = "Allowlisted files" + paths = [ + '''.automation/test''', + '''megalinter-reports''', + '''.github/linters''', + '''node_modules''', + '''.mypy_cache''', + '''(.*?)gitleaks\.toml$''', + '''(.*?)(png|jpg|gif|doc|docx|pdf|bin|xls|pyc|zip)$''', + '''(go.mod|go.sum)$'''] + diff --git a/config/megalinter/.hadolint b/config/megalinter/.hadolint new file mode 100644 index 0000000..8e8fc26 --- /dev/null +++ b/config/megalinter/.hadolint @@ -0,0 +1,21 @@ +failure-threshold: error # name of threshold level (error | warning | info | style | ignore | none) +# format: string # Output format (tty | json | checkstyle | codeclimate | gitlab_codeclimate | gnu | codacy) +# ignored: [string] # list of rules +label-schema: # See Linting Labels below for specific label-schema details +# author: string # Your name +# contact: string # email address + created: 2022-10-21T20:33:52.854777+00:00 # rfc3339 datetime +# version: string # semver +# documentation: string # url +# git-revision: string # hash +# license: string # spdx +# no-color: boolean # true | false +# no-fail: boolean # true | false +# override: +# error: [string] # list of rules +# warning: [string] # list of rules +# info: [string] # list of rules +# style: [string] # list of rules +# strict-labels: boolean # true | false +# disable-ignore-pragma: boolean # true | false +# trustedRegistries: string | [string] # registry or list of registries \ No newline at end of file diff --git a/config/megalinter/.isort.cfg b/config/megalinter/.isort.cfg new file mode 100644 index 0000000..aaeb668 --- /dev/null +++ b/config/megalinter/.isort.cfg @@ -0,0 +1,8 @@ +[settings] +profile= + +; vertical hanging indent mode also used in black configuration +multi_line_output = 3 + +; necessary because black expect the trailing comma +include_trailing_comma = true \ No newline at end of file diff --git a/config/megalinter/.jscpd.json b/config/megalinter/.jscpd.json new file mode 100644 index 0000000..f061eef --- /dev/null +++ b/config/megalinter/.jscpd.json @@ -0,0 +1,16 @@ +{ + "threshold": 0, + "reporters": ["html", "markdown"], + "ignore": [ + "**/node_modules/**", + "**/.git/**", + "**/.rbenv/**", + "**/.venv/**", + "**/*cache*/**", + "**/.github/**", + "**/.idea/**", + "**/report/**", + "**/obj/**", + "**/*.svg" + ] +} diff --git a/config/megalinter/.jsonlintrc b/config/megalinter/.jsonlintrc new file mode 100644 index 0000000..e8f795f --- /dev/null +++ b/config/megalinter/.jsonlintrc @@ -0,0 +1,4 @@ +{ + "compact": true, + "quiet" : true +} \ No newline at end of file diff --git a/config/megalinter/.markdown-link-check.json b/config/megalinter/.markdown-link-check.json index c47b105..737f046 100644 --- a/config/megalinter/.markdown-link-check.json +++ b/config/megalinter/.markdown-link-check.json @@ -1,18 +1,13 @@ { "retryOn429": true, "retryCount": 5, - "httpHeaders": [ - { - "urls": ["https://docs.github.com/"], - "headers": { - "Accept-Encoding": "zstd, br, gzip, deflate" - } - } - ], + "httpHeaders": [ + { + "urls": ["https://docs.github.com/"], + "headers": { + "Accept-Encoding": "zstd, br, gzip, deflate" + } + } + ], "aliveStatusCodes": [ 200, 203 ] } - - - - - \ No newline at end of file diff --git a/config/megalinter/.markdownlint.json b/config/megalinter/.markdownlint.json new file mode 100644 index 0000000..c533074 --- /dev/null +++ b/config/megalinter/.markdownlint.json @@ -0,0 +1,7 @@ +{ + "default": true, + "MD003": { "style": "atx_closed" }, + "MD007": { "indent": 4 }, + "no-hard-tabs": false, + "whitespace": false +} diff --git a/config/megalinter/.mypy.ini b/config/megalinter/.mypy.ini new file mode 100644 index 0000000..1fa5702 --- /dev/null +++ b/config/megalinter/.mypy.ini @@ -0,0 +1,4 @@ +# Global options: + +[mypy] +ignore_missing_imports = True \ No newline at end of file diff --git a/config/megalinter/.powershell-psscriptanalyzer.psd1 b/config/megalinter/.powershell-psscriptanalyzer.psd1 new file mode 100644 index 0000000..006f103 --- /dev/null +++ b/config/megalinter/.powershell-psscriptanalyzer.psd1 @@ -0,0 +1,17 @@ +#Documentation: https://github.com/PowerShell/PSScriptAnalyzer/blob/master/docs/markdown/Invoke-ScriptAnalyzer.md#-settings +@{ + #CustomRulePath='path\to\CustomRuleModule.psm1' + #RecurseCustomRulePath='path\of\customrules' + #Severity = @( + # 'Error' + # 'Warning' + #) + #IncludeDefaultRules=${true} + ExcludeRules = @( + 'PSMissingModuleManifestField' + ) + #IncludeRules = @( + # 'PSAvoidUsingWriteHost', + # 'MyCustomRuleName' + #) +} \ No newline at end of file diff --git a/config/megalinter/.prettierrc.json b/config/megalinter/.prettierrc.json new file mode 100644 index 0000000..e74ed9f --- /dev/null +++ b/config/megalinter/.prettierrc.json @@ -0,0 +1,6 @@ +{ + "trailingComma": "es5", + "tabWidth": 4, + "semi": false, + "singleQuote": true +} diff --git a/config/megalinter/.pylintrc b/config/megalinter/.pylintrc new file mode 100644 index 0000000..8314c21 --- /dev/null +++ b/config/megalinter/.pylintrc @@ -0,0 +1,565 @@ +[MAIN] + +# Specify a configuration file. +#rcfile= + +# Python code to execute, usually for sys.path manipulation such as +# pygtk.require(). +#init-hook= + +# Files or directories to be skipped. They should be base names, not +# paths. +ignore=CVS + +# Add files or directories matching the regex patterns to the ignore-list. The +# regex matches against paths and can be in Posix or Windows format. +ignore-paths= + +# Files or directories matching the regex patterns are skipped. The regex +# matches against base names, not paths. +ignore-patterns=^\.# + +# Pickle collected data for later comparisons. +persistent=yes + +# List of plugins (as comma separated values of python modules names) to load, +# usually to register additional checkers. +load-plugins= + pylint.extensions.check_elif, + pylint.extensions.bad_builtin, + pylint.extensions.docparams, + pylint.extensions.for_any_all, + pylint.extensions.set_membership, + pylint.extensions.code_style, + pylint.extensions.overlapping_exceptions, + pylint.extensions.typing, + pylint.extensions.redefined_variable_type, + pylint.extensions.comparison_placement, + +# Use multiple processes to speed up Pylint. Specifying 0 will auto-detect the +# number of processors available to use. +jobs=1 + +# When enabled, pylint would attempt to guess common misconfiguration and emit +# user-friendly hints instead of false-positive error messages. +suggestion-mode=yes + +# Allow loading of arbitrary C extensions. Extensions are imported into the +# active Python interpreter and may run arbitrary code. +unsafe-load-any-extension=no + +# A comma-separated list of package or module names from where C extensions may +# be loaded. Extensions are loading into the active Python interpreter and may +# run arbitrary code +extension-pkg-allow-list= + +# Minimum supported python version +py-version = 3.7.2 + +# Control the amount of potential inferred values when inferring a single +# object. This can help the performance when dealing with large functions or +# complex, nested conditions. +limit-inference-results=100 + +# Specify a score threshold to be exceeded before program exits with error. +fail-under=10.0 + +# Return non-zero exit code if any of these messages/categories are detected, +# even if score is above --fail-under value. Syntax same as enable. Messages +# specified are enabled, while categories only check already-enabled messages. +fail-on= + + +[MESSAGES CONTROL] + +# Only show warnings with the listed confidence levels. Leave empty to show +# all. Valid levels: HIGH, INFERENCE, INFERENCE_FAILURE, UNDEFINED +# confidence= + +# Enable the message, report, category or checker with the given id(s). You can +# either give multiple identifier separated by comma (,) or put this option +# multiple time (only on the command line, not in the configuration file where +# it should appear only once). See also the "--disable" option for examples. +enable= + use-symbolic-message-instead, + useless-suppression, + +# Disable the message, report, category or checker with the given id(s). You +# can either give multiple identifiers separated by comma (,) or put this +# option multiple times (only on the command line, not in the configuration +# file where it should appear only once).You can also use "--disable=all" to +# disable everything first and then re-enable specific checks. For example, if +# you want to run only the similarities checker, you can use "--disable=all +# --enable=similarities". If you want to run only the classes checker, but have +# no Warning level messages displayed, use"--disable=all --enable=classes +# --disable=W" + +disable= + attribute-defined-outside-init, + invalid-name, + missing-docstring, + protected-access, + too-few-public-methods, + # handled by black + format, + # We anticipate #3512 where it will become optional + fixme, + cyclic-import, + + +[REPORTS] + +# Set the output format. Available formats are text, parseable, colorized, msvs +# (visual studio) and html. You can also give a reporter class, eg +# mypackage.mymodule.MyReporterClass. +output-format=text + +# Tells whether to display a full report or only the messages +reports=no + +# Python expression which should return a note less than 10 (10 is the highest +# note). You have access to the variables 'fatal', 'error', 'warning', 'refactor', 'convention' +# and 'info', which contain the number of messages in each category, as +# well as 'statement', which is the total number of statements analyzed. This +# score is used by the global evaluation report (RP0004). +evaluation=max(0, 0 if fatal else 10.0 - ((float(5 * error + warning + refactor + convention) / statement) * 10)) + +# Template used to display messages. This is a python new-style format string +# used to format the message information. See doc for all details +#msg-template= + +# Activate the evaluation score. +score=yes + + +[LOGGING] + +# Logging modules to check that the string format arguments are in logging +# function parameter format +logging-modules=logging + +# The type of string formatting that logging methods do. `old` means using % +# formatting, `new` is for `{}` formatting. +logging-format-style=old + + +[MISCELLANEOUS] + +# List of note tags to take in consideration, separated by a comma. +notes=FIXME,XXX,TODO + +# Regular expression of note tags to take in consideration. +#notes-rgx= + + +[SIMILARITIES] + +# Minimum lines number of a similarity. +min-similarity-lines=6 + +# Ignore comments when computing similarities. +ignore-comments=yes + +# Ignore docstrings when computing similarities. +ignore-docstrings=yes + +# Ignore imports when computing similarities. +ignore-imports=yes + +# Signatures are removed from the similarity computation +ignore-signatures=yes + + +[VARIABLES] + +# Tells whether we should check for unused import in __init__ files. +init-import=no + +# A regular expression matching the name of dummy variables (i.e. expectedly +# not used). +dummy-variables-rgx=_$|dummy + +# List of additional names supposed to be defined in builtins. Remember that +# you should avoid defining new builtins when possible. +additional-builtins= + +# List of strings which can identify a callback function by name. A callback +# name must start or end with one of those strings. +callbacks=cb_,_cb + +# Tells whether unused global variables should be treated as a violation. +allow-global-unused-variables=yes + +# List of names allowed to shadow builtins +allowed-redefined-builtins= + +# Argument names that match this expression will be ignored. Default to name +# with leading underscore. +ignored-argument-names=_.* + +# List of qualified module names which can have objects that can redefine +# builtins. +redefining-builtins-modules=six.moves,past.builtins,future.builtins,builtins,io + + +[FORMAT] + +# Maximum number of characters on a single line. +max-line-length=100 + +# Regexp for a line that is allowed to be longer than the limit. +ignore-long-lines=^\s*(# )??$ + +# Allow the body of an if to be on the same line as the test if there is no +# else. +single-line-if-stmt=no + +# Allow the body of a class to be on the same line as the declaration if body +# contains single statement. +single-line-class-stmt=no + +# Maximum number of lines in a module +max-module-lines=2000 + +# String used as indentation unit. This is usually " " (4 spaces) or "\t" (1 +# tab). +indent-string=' ' + +# Number of spaces of indent required inside a hanging or continued line. +indent-after-paren=4 + +# Expected format of line ending, e.g. empty (any line ending), LF or CRLF. +expected-line-ending-format= + + +[BASIC] + +# Good variable names which should always be accepted, separated by a comma +good-names=i,j,k,ex,Run,_ + +# Good variable names regexes, separated by a comma. If names match any regex, +# they will always be accepted +good-names-rgxs= + +# Bad variable names which should always be refused, separated by a comma +bad-names=foo,bar,baz,toto,tutu,tata + +# Bad variable names regexes, separated by a comma. If names match any regex, +# they will always be refused +bad-names-rgxs= + +# Colon-delimited sets of names that determine each other's naming style when +# the name regexes allow several styles. +name-group= + +# Include a hint for the correct naming format with invalid-name +include-naming-hint=no + +# Naming style matching correct function names. +function-naming-style=snake_case + +# Regular expression matching correct function names +function-rgx=[a-z_][a-z0-9_]{2,30}$ + +# Naming style matching correct variable names. +variable-naming-style=snake_case + +# Regular expression matching correct variable names +variable-rgx=[a-z_][a-z0-9_]{2,30}$ + +# Naming style matching correct constant names. +const-naming-style=UPPER_CASE + +# Regular expression matching correct constant names +const-rgx=(([A-Z_][A-Z0-9_]*)|(__.*__))$ + +# Naming style matching correct attribute names. +attr-naming-style=snake_case + +# Regular expression matching correct attribute names +attr-rgx=[a-z_][a-z0-9_]{2,}$ + +# Naming style matching correct argument names. +argument-naming-style=snake_case + +# Regular expression matching correct argument names +argument-rgx=[a-z_][a-z0-9_]{2,30}$ + +# Naming style matching correct class attribute names. +class-attribute-naming-style=any + +# Regular expression matching correct class attribute names +class-attribute-rgx=([A-Za-z_][A-Za-z0-9_]{2,30}|(__.*__))$ + +# Naming style matching correct class constant names. +class-const-naming-style=UPPER_CASE + +# Regular expression matching correct class constant names. Overrides class- +# const-naming-style. +#class-const-rgx= + +# Naming style matching correct inline iteration names. +inlinevar-naming-style=any + +# Regular expression matching correct inline iteration names +inlinevar-rgx=[A-Za-z_][A-Za-z0-9_]*$ + +# Naming style matching correct class names. +class-naming-style=PascalCase + +# Regular expression matching correct class names +class-rgx=[A-Z_][a-zA-Z0-9]+$ + + +# Naming style matching correct module names. +module-naming-style=snake_case + +# Regular expression matching correct module names +module-rgx=(([a-z_][a-z0-9_]*)|([A-Z][a-zA-Z0-9]+))$ + + +# Naming style matching correct method names. +method-naming-style=snake_case + +# Regular expression matching correct method names +method-rgx=[a-z_][a-z0-9_]{2,}$ + +# Regular expression which can overwrite the naming style set by typevar-naming-style. +#typevar-rgx= + +# Regular expression which should only match function or class names that do +# not require a docstring. Use ^(?!__init__$)_ to also check __init__. +no-docstring-rgx=__.*__ + +# Minimum line length for functions/classes that require docstrings, shorter +# ones are exempt. +docstring-min-length=-1 + +# List of decorators that define properties, such as abc.abstractproperty. +property-classes=abc.abstractproperty + + +[TYPECHECK] + +# Regex pattern to define which classes are considered mixins if ignore-mixin- +# members is set to 'yes' +mixin-class-rgx=.*MixIn + +# List of module names for which member attributes should not be checked +# (useful for modules/projects where namespaces are manipulated during runtime +# and thus existing member attributes cannot be deduced by static analysis). It +# supports qualified module names, as well as Unix pattern matching. +ignored-modules= + +# List of class names for which member attributes should not be checked (useful +# for classes with dynamically set attributes). This supports the use of +# qualified names. +ignored-classes=SQLObject, optparse.Values, thread._local, _thread._local + +# List of members which are set dynamically and missed by pylint inference +# system, and so shouldn't trigger E1101 when accessed. Python regular +# expressions are accepted. +generated-members=REQUEST,acl_users,aq_parent,argparse.Namespace + +# List of decorators that create context managers from functions, such as +# contextlib.contextmanager. +contextmanager-decorators=contextlib.contextmanager + +# Tells whether to warn about missing members when the owner of the attribute +# is inferred to be None. +ignore-none=yes + +# This flag controls whether pylint should warn about no-member and similar +# checks whenever an opaque object is returned when inferring. The inference +# can return multiple potential results while evaluating a Python object, but +# some branches might not be evaluated, which results in partial inference. In +# that case, it might be useful to still emit no-member and other checks for +# the rest of the inferred objects. +ignore-on-opaque-inference=yes + +# Show a hint with possible names when a member name was not found. The aspect +# of finding the hint is based on edit distance. +missing-member-hint=yes + +# The minimum edit distance a name should have in order to be considered a +# similar match for a missing member name. +missing-member-hint-distance=1 + +# The total number of similar names that should be taken in consideration when +# showing a hint for a missing member. +missing-member-max-choices=1 + +[SPELLING] + +# Spelling dictionary name. Available dictionaries: none. To make it working +# install python-enchant package. +spelling-dict= + +# List of comma separated words that should not be checked. +spelling-ignore-words= + +# List of comma separated words that should be considered directives if they +# appear and the beginning of a comment and should not be checked. +spelling-ignore-comment-directives=fmt: on,fmt: off,noqa:,noqa,nosec,isort:skip,mypy:,pragma:,# noinspection + +# A path to a file that contains private dictionary; one word per line. +spelling-private-dict-file=.pyenchant_pylint_custom_dict.txt + +# Tells whether to store unknown words to indicated private dictionary in +# --spelling-private-dict-file option instead of raising a message. +spelling-store-unknown-words=no + +# Limits count of emitted suggestions for spelling mistakes. +max-spelling-suggestions=2 + + +[DESIGN] + +# Maximum number of arguments for function / method +max-args=10 + +# Maximum number of locals for function / method body +max-locals=25 + +# Maximum number of return / yield for function / method body +max-returns=11 + +# Maximum number of branch for function / method body +max-branches=27 + +# Maximum number of statements in function / method body +max-statements=100 + +# Maximum number of parents for a class (see R0901). +max-parents=7 + +# List of qualified class names to ignore when counting class parents (see R0901). +ignored-parents= + +# Maximum number of attributes for a class (see R0902). +max-attributes=11 + +# Minimum number of public methods for a class (see R0903). +min-public-methods=2 + +# Maximum number of public methods for a class (see R0904). +max-public-methods=25 + +# Maximum number of boolean expressions in an if statement (see R0916). +max-bool-expr=5 + +# List of regular expressions of class ancestor names to +# ignore when counting public methods (see R0903). +exclude-too-few-public-methods= + +[CLASSES] + +# List of method names used to declare (i.e. assign) instance attributes. +defining-attr-methods=__init__,__new__,setUp,__post_init__ + +# List of valid names for the first argument in a class method. +valid-classmethod-first-arg=cls + +# List of valid names for the first argument in a metaclass class method. +valid-metaclass-classmethod-first-arg=mcs + +# List of member names, which should be excluded from the protected access +# warning. +exclude-protected=_asdict,_fields,_replace,_source,_make + +# Warn about protected attribute access inside special methods +check-protected-access-in-special-methods=no + +[IMPORTS] + +# List of modules that can be imported at any level, not just the top level +# one. +allow-any-import-level= + +# Allow wildcard imports from modules that define __all__. +allow-wildcard-with-all=no + +# Analyse import fallback blocks. This can be used to support both Python 2 and +# 3 compatible code, which means that the block might have code that exists +# only in one or another interpreter, leading to false positives when analysed. +analyse-fallback-blocks=no + +# Deprecated modules which should not be used, separated by a comma +deprecated-modules=regsub,TERMIOS,Bastion,rexec + +# Create a graph of every (i.e. internal and external) dependencies in the +# given file (report RP0402 must not be disabled) +import-graph= + +# Create a graph of external dependencies in the given file (report RP0402 must +# not be disabled) +ext-import-graph= + +# Create a graph of internal dependencies in the given file (report RP0402 must +# not be disabled) +int-import-graph= + +# Force import order to recognize a module as part of the standard +# compatibility libraries. +known-standard-library= + +# Force import order to recognize a module as part of a third party library. +known-third-party=enchant + +# Couples of modules and preferred modules, separated by a comma. +preferred-modules= + + +[EXCEPTIONS] + +# Exceptions that will emit a warning when being caught. Defaults to +# "Exception" +overgeneral-exceptions=Exception + + +[TYPING] + +# Set to ``no`` if the app / library does **NOT** need to support runtime +# introspection of type annotations. If you use type annotations +# **exclusively** for type checking of an application, you're probably fine. +# For libraries, evaluate if some users what to access the type hints at +# runtime first, e.g., through ``typing.get_type_hints``. Applies to Python +# versions 3.7 - 3.9 +runtime-typing = no + + +[DEPRECATED_BUILTINS] + +# List of builtins function names that should not be used, separated by a comma +bad-functions=map,input + + +[REFACTORING] + +# Maximum number of nested blocks for function / method body +max-nested-blocks=5 + +# Complete name of functions that never returns. When checking for +# inconsistent-return-statements if a never returning function is called then +# it will be considered as an explicit return statement and no message will be +# printed. +never-returning-functions=sys.exit,argparse.parse_error + + +[STRING] + +# This flag controls whether inconsistent-quotes generates a warning when the +# character used as a quote delimiter is used inconsistently within a module. +check-quote-consistency=no + +# This flag controls whether the implicit-str-concat should generate a warning +# on implicit string concatenation in sequences defined over several lines. +check-str-concat-over-line-jumps=no + + +[CODE_STYLE] + +# Max line length for which to sill emit suggestions. Used to prevent optional +# suggestions which would get split by a code formatter (e.g., black). Will +# default to the setting for ``max-line-length``. +#max-line-length-suggestions= diff --git a/config/megalinter/.secretlintrc.json b/config/megalinter/.secretlintrc.json new file mode 100644 index 0000000..5d902af --- /dev/null +++ b/config/megalinter/.secretlintrc.json @@ -0,0 +1,7 @@ +{ + "rules": [ + { + "id": "@secretlint/secretlint-rule-preset-recommend" + } + ] +} \ No newline at end of file diff --git a/config/megalinter/.syft.yaml b/config/megalinter/.syft.yaml new file mode 100644 index 0000000..12f08db --- /dev/null +++ b/config/megalinter/.syft.yaml @@ -0,0 +1,198 @@ +# the output format(s) of the SBOM report (options: table, text, json, spdx, ...) +# same as -o, --output, and SYFT_OUTPUT env var +# to specify multiple output files in differing formats, use a list: +# output: +# - "json=" +# - "spdx-json=" +output: "table" + +# suppress all output (except for the SBOM report) +# same as -q ; SYFT_QUIET env var +quiet: false + +# same as --file; write output report to a file (default is to write to stdout) +file: "" + +# enable/disable checking for application updates on startup +# same as SYFT_CHECK_FOR_APP_UPDATE env var +check-for-app-update: true + +# a list of globs to exclude from scanning. same as --exclude ; for example: +# exclude: +# - "/etc/**" +# - "./out/**/*.json" +exclude: [] + +# os and/or architecture to use when referencing container images (e.g. "windows/armv6" or "arm64") +# same as --platform; SYFT_PLATFORM env var +platform: "" + +# set the list of package catalogers to use when generating the SBOM +# default = empty (cataloger set determined automatically by the source type [image or file/directory]) +# catalogers: +# - ruby-gemfile +# - ruby-gemspec +# - python-index +# - python-package +# - javascript-lock +# - javascript-package +# - php-composer-installed +# - php-composer-lock +# - alpmdb +# - dpkgdb +# - rpmdb +# - java +# - apkdb +# - go-module-binary +# - go-mod-file +# - dartlang-lock +# - rust +# - dotnet-deps +# rust-audit-binary scans Rust binaries built with https://github.com/Shnatsel/rust-audit +# - rust-audit-binary +catalogers: + +# cataloging packages is exposed through the packages and power-user subcommands +package: + + # search within archives that do contain a file index to search against (zip) + # note: for now this only applies to the java package cataloger + # SYFT_PACKAGE_SEARCH_INDEXED_ARCHIVES env var + search-indexed-archives: true + + # search within archives that do not contain a file index to search against (tar, tar.gz, tar.bz2, etc) + # note: enabling this may result in a performance impact since all discovered compressed tars will be decompressed + # note: for now this only applies to the java package cataloger + # SYFT_PACKAGE_SEARCH_UNINDEXED_ARCHIVES env var + search-unindexed-archives: false + + cataloger: + # enable/disable cataloging of packages + # SYFT_PACKAGE_CATALOGER_ENABLED env var + enabled: true + + # the search space to look for packages (options: all-layers, squashed) + # same as -s ; SYFT_PACKAGE_CATALOGER_SCOPE env var + scope: "squashed" + +# cataloging file classifications is exposed through the power-user subcommand +file-classification: + cataloger: + # enable/disable cataloging of file classifications + # SYFT_FILE_CLASSIFICATION_CATALOGER_ENABLED env var + enabled: true + + # the search space to look for file classifications (options: all-layers, squashed) + # SYFT_FILE_CLASSIFICATION_CATALOGER_SCOPE env var + scope: "squashed" + +# cataloging file contents is exposed through the power-user subcommand +file-contents: + cataloger: + # enable/disable cataloging of secrets + # SYFT_FILE_CONTENTS_CATALOGER_ENABLED env var + enabled: true + + # the search space to look for secrets (options: all-layers, squashed) + # SYFT_FILE_CONTENTS_CATALOGER_SCOPE env var + scope: "squashed" + + # skip searching a file entirely if it is above the given size (default = 1MB; unit = bytes) + # SYFT_FILE_CONTENTS_SKIP_FILES_ABOVE_SIZE env var + skip-files-above-size: 1048576 + + # file globs for the cataloger to match on + # SYFT_FILE_CONTENTS_GLOBS env var + globs: [] + +# cataloging file metadata is exposed through the power-user subcommand +file-metadata: + cataloger: + # enable/disable cataloging of file metadata + # SYFT_FILE_METADATA_CATALOGER_ENABLED env var + enabled: true + + # the search space to look for file metadata (options: all-layers, squashed) + # SYFT_FILE_METADATA_CATALOGER_SCOPE env var + scope: "squashed" + + # the file digest algorithms to use when cataloging files (options: "sha256", "md5", "sha1") + # SYFT_FILE_METADATA_DIGESTS env var + digests: ["sha256"] + +# cataloging secrets is exposed through the power-user subcommand +secrets: + cataloger: + # enable/disable cataloging of secrets + # SYFT_SECRETS_CATALOGER_ENABLED env var + enabled: true + + # the search space to look for secrets (options: all-layers, squashed) + # SYFT_SECRETS_CATALOGER_SCOPE env var + scope: "all-layers" + + # show extracted secret values in the final JSON report + # SYFT_SECRETS_REVEAL_VALUES env var + reveal-values: false + + # skip searching a file entirely if it is above the given size (default = 1MB; unit = bytes) + # SYFT_SECRETS_SKIP_FILES_ABOVE_SIZE env var + skip-files-above-size: 1048576 + + # name-regex pairs to consider when searching files for secrets. Note: the regex must match single line patterns + # but may also have OPTIONAL multiline capture groups. Regexes with a named capture group of "value" will + # use the entire regex to match, but the secret value will be assumed to be entirely contained within the + # "value" named capture group. + additional-patterns: {} + + # names to exclude from the secrets search, valid values are: "aws-access-key", "aws-secret-key", "pem-private-key", + # "docker-config-auth", and "generic-api-key". Note: this does not consider any names introduced in the + # "secrets.additional-patterns" config option. + # SYFT_SECRETS_EXCLUDE_PATTERN_NAMES env var + exclude-pattern-names: [] + +# options when pulling directly from a registry via the "registry:" scheme +registry: + # skip TLS verification when communicating with the registry + # SYFT_REGISTRY_INSECURE_SKIP_TLS_VERIFY env var + insecure-skip-tls-verify: false + # use http instead of https when connecting to the registry + # SYFT_REGISTRY_INSECURE_USE_HTTP env var + insecure-use-http: false + + # credentials for specific registries + auth: + # the URL to the registry (e.g. "docker.io", "localhost:5000", etc.) + # SYFT_REGISTRY_AUTH_AUTHORITY env var + - authority: "" + # SYFT_REGISTRY_AUTH_USERNAME env var + username: "" + # SYFT_REGISTRY_AUTH_PASSWORD env var + password: "" + # note: token and username/password are mutually exclusive + # SYFT_REGISTRY_AUTH_TOKEN env var + token: "" + # - ... # note, more credentials can be provided via config file only + +# generate an attested SBOM +attest: + # path to the private key file to use for attestation + # SYFT_ATTEST_KEY env var + key: "cosign.key" + + # password to decrypt to given private key + # SYFT_ATTEST_PASSWORD env var, additionally responds to COSIGN_PASSWORD + password: "" + +log: + # use structured logging + # same as SYFT_LOG_STRUCTURED env var + structured: false + + # the log level; note: detailed logging suppress the ETUI + # same as SYFT_LOG_LEVEL env var + level: "error" + + # location to write the log file (default is not to have a log file) + # same as SYFT_LOG_FILE env var + file: "" \ No newline at end of file diff --git a/config/megalinter/.v8rrc b/config/megalinter/.v8rrc new file mode 100644 index 0000000..8da8e84 --- /dev/null +++ b/config/megalinter/.v8rrc @@ -0,0 +1,51 @@ +# - One or more filenames or glob patterns describing local file or files to validate +# - overridden by passing one or more positional arguments +patterns: ['*json'] + +# - Level of verbose logging. 0 is standard, higher numbers are more verbose +# - overridden by passing --verbose / -v +# - default = 0 +verbose: 2 + +# - Exit with code 0 even if an error was encountered. True means a non-zero exit +# code is only issued if validation could be completed successfully and one or +# more files were invalid +# - overridden by passing --ignore-errors +# - default = false +ignoreErrors: true + +# - Remove cached HTTP responses older than cacheTtl seconds old. +# Specifying 0 clears and disables cache completely +# - overridden by passing --cache-ttl +# - default = 600 +cacheTtl: 86400 + +# - Output format for validation results +# - overridden by passing --format +# - default = text +format: "json" + +# - A custom schema catalog. +# This catalog will be searched ahead of any custom catalogs passed using +# --catalogs or SchemaStore.org +# The format of this is subtly different to the format of a catalog +# passed via --catalogs (which matches the SchemaStore.org format) +customCatalog: + schemas: + - name: Custom Schema # The name of the schema (required) + description: Custom Schema # A description of the schema (optional) + + # A Minimatch glob expression for matching up file names with a schema (required) + fileMatch: ["*.geojson"] + + # A URL or local file path for the schema location (required) + # Unlike the SchemaStore.org format, which has a `url` key, + # custom catalogs defined in v8r config files have a `location` key + # which can refer to either a URL or local file. + # Relative paths are interpreted as relative to the config file location. + location: foo/bar/geojson-schema.json + + # A custom parser to use for files matching fileMatch + # instead of trying to infer the correct parser from the filename (optional) + # This property is specific to custom catalogs defined in v8r config files + parser: json5 \ No newline at end of file diff --git a/config/megalinter/.yamllint.yml b/config/megalinter/.yamllint.yml new file mode 100644 index 0000000..f42b8d8 --- /dev/null +++ b/config/megalinter/.yamllint.yml @@ -0,0 +1,17 @@ +--- +########################################### +# These are the rules used for # +# linting all the yaml files in the stack # +# NOTE: # +# You can disable line with: # +# # yamllint disable-line # +########################################### +extends: default +rules: + new-lines: + level: warning + type: unix + line-length: + max: 500 + comments: + min-spaces-from-content: 1 # Used to follow prettier standard: https://github.com/prettier/prettier/pull/10926 \ No newline at end of file diff --git a/config/megalinter/actionlint.yml b/config/megalinter/actionlint.yml new file mode 100644 index 0000000..77cded9 --- /dev/null +++ b/config/megalinter/actionlint.yml @@ -0,0 +1,7 @@ +self-hosted-runner: + # Labels of self-hosted runner in array of string + labels: + # example labels + # - linux.2xlarge + # - windows-latest-xl + # - linux-multi-gpu \ No newline at end of file diff --git a/config/megalinter/bicepconfig.json b/config/megalinter/bicepconfig.json new file mode 100644 index 0000000..d968e1a --- /dev/null +++ b/config/megalinter/bicepconfig.json @@ -0,0 +1,87 @@ +{ + "analyzers": { + "core": { + "enabled": true, + "rules": { + "adminusername-should-not-be-literal": { + "level": "warning" + }, + "artifacts-parameters": { + "level": "warning" + }, + "max-outputs": { + "level": "warning" + }, + "max-params": { + "level": "warning" + }, + "max-resources": { + "level": "warning" + }, + "max-variables": { + "level": "warning" + }, + "no-hardcoded-env-urls": { + "level": "warning" + }, + "no-hardcoded-location": { + "level": "warning" + }, + "no-loc-expr-outside-params": { + "level": "warning" + }, + "no-unnecessary-dependson": { + "level": "warning" + }, + "no-unused-existing-resources": { + "level": "warning" + }, + "no-unused-params": { + "level": "warning" + }, + "no-unused-vars": { + "level": "warning" + }, + "outputs-should-not-contain-secrets": { + "level": "warning" + }, + "prefer-interpolation": { + "level": "warning" + }, + "prefer-unquoted-property-names": { + "level": "warning" + }, + "protect-commandtoexecute-secrets": { + "level": "warning" + }, + "secure-parameter-default": { + "level": "warning" + }, + "secure-params-in-nested-deploy": { + "level": "warning" + }, + "secure-secrets-in-params": { + "level": "warning" + }, + "simplify-interpolation": { + "level": "warning" + }, + "use-protectedsettings-for-commandtoexecute-secrets": { + "level": "warning" + }, + "use-recent-api-versions": { + "level": "warning" + }, + "use-resource-id-functions": { + "level": "warning" + }, + "use-stable-resource-identifiers": { + "level": "warning" + }, + "use-stable-vm-image": { + "level": "warning" + } + } + } + } +} diff --git a/config/megalinter/pyproject.toml b/config/megalinter/pyproject.toml new file mode 100644 index 0000000..a6b73f4 --- /dev/null +++ b/config/megalinter/pyproject.toml @@ -0,0 +1,13 @@ +[tool.black] +line-length = 120 +target-version = ['py37'] +include = '\.pyi?$' +# 'extend-exclude' excludes files or directories in addition to the defaults +extend-exclude = ''' +# A regex preceded with ^/ will apply only to files and directories +# in the root of the project. +( + ^/foo.py # exclude a file named foo.py in the root of the project + | .*_pb2.py # exclude autogenerated Protocol Buffer files anywhere in the project +) +''' \ No newline at end of file diff --git a/config/megalinter/pyrightconfig.json b/config/megalinter/pyrightconfig.json new file mode 100644 index 0000000..9b889ee --- /dev/null +++ b/config/megalinter/pyrightconfig.json @@ -0,0 +1,50 @@ +{ + "include": [ + "src" + ], + "exclude": [ + "**/node_modules", + "**/__pycache__", + "src/experimental", + "src/typestubs" + ], + "ignore": [ + "src/oldstuff" + ], + "defineConstant": { + "DEBUG": true + }, + "stubPath": "src/stubs", + "venv": "env367", + "reportMissingImports": true, + "reportMissingTypeStubs": false, + "pythonVersion": "3.6", + "pythonPlatform": "Linux", + "executionEnvironments": [ + { + "root": "src/web", + "pythonVersion": "3.5", + "pythonPlatform": "Windows", + "extraPaths": [ + "src/service_libs" + ] + }, + { + "root": "src/sdk", + "pythonVersion": "3.0", + "extraPaths": [ + "src/backend" + ] + }, + { + "root": "src/tests", + "extraPaths": [ + "src/tests/e2e", + "src/sdk" + ] + }, + { + "root": "src" + } + ] +} \ No newline at end of file diff --git a/framework/python/main.py b/framework/python/main.py new file mode 100644 index 0000000..44159b3 --- /dev/null +++ b/framework/python/main.py @@ -0,0 +1 @@ +print("Hello world")