From 1873e33d14fad73a672888c870cded4b04d994b8 Mon Sep 17 00:00:00 2001
From: Eli Schleifer <eli@trunk.io>
Date: Fri, 22 Sep 2023 12:13:20 -0700
Subject: [PATCH 1/2] Introduce trunk check as metalinter
---
.trunk/.gitignore | 8 +++
.trunk/configs/.hadolint.yaml | 4 ++
.trunk/configs/.isort.cfg | 2 +
.trunk/configs/.markdownlint.yaml | 10 ++++
.trunk/configs/.rustfmt.toml | 1 +
.trunk/configs/.shellcheckrc | 7 +++
.trunk/configs/.yamllint.yaml | 10 ++++
.trunk/configs/analyzers.yml | 91 +++++++++++++++++++++++++++++++
.trunk/configs/ruff.toml | 5 ++
.trunk/trunk.yaml | 56 +++++++++++++++++++
10 files changed, 194 insertions(+)
create mode 100644 .trunk/.gitignore
create mode 100644 .trunk/configs/.hadolint.yaml
create mode 100644 .trunk/configs/.isort.cfg
create mode 100644 .trunk/configs/.markdownlint.yaml
create mode 100644 .trunk/configs/.rustfmt.toml
create mode 100644 .trunk/configs/.shellcheckrc
create mode 100644 .trunk/configs/.yamllint.yaml
create mode 100644 .trunk/configs/analyzers.yml
create mode 100644 .trunk/configs/ruff.toml
create mode 100644 .trunk/trunk.yaml
diff --git a/.trunk/.gitignore b/.trunk/.gitignore
new file mode 100644
index 000000000..1e2465290
--- /dev/null
+++ b/.trunk/.gitignore
@@ -0,0 +1,8 @@
+*out
+*logs
+*actions
+*notifications
+*tools
+plugins
+user_trunk.yaml
+user.yaml
diff --git a/.trunk/configs/.hadolint.yaml b/.trunk/configs/.hadolint.yaml
new file mode 100644
index 000000000..98bf0cd2e
--- /dev/null
+++ b/.trunk/configs/.hadolint.yaml
@@ -0,0 +1,4 @@
+# Following source doesn't work in most setups
+ignored:
+ - SC1090
+ - SC1091
diff --git a/.trunk/configs/.isort.cfg b/.trunk/configs/.isort.cfg
new file mode 100644
index 000000000..b9fb3f3e8
--- /dev/null
+++ b/.trunk/configs/.isort.cfg
@@ -0,0 +1,2 @@
+[settings]
+profile=black
diff --git a/.trunk/configs/.markdownlint.yaml b/.trunk/configs/.markdownlint.yaml
new file mode 100644
index 000000000..fb940393d
--- /dev/null
+++ b/.trunk/configs/.markdownlint.yaml
@@ -0,0 +1,10 @@
+# Autoformatter friendly markdownlint config (all formatting rules disabled)
+default: true
+blank_lines: false
+bullet: false
+html: false
+indentation: false
+line_length: false
+spaces: false
+url: false
+whitespace: false
diff --git a/.trunk/configs/.rustfmt.toml b/.trunk/configs/.rustfmt.toml
new file mode 100644
index 000000000..3a26366d4
--- /dev/null
+++ b/.trunk/configs/.rustfmt.toml
@@ -0,0 +1 @@
+edition = "2021"
diff --git a/.trunk/configs/.shellcheckrc b/.trunk/configs/.shellcheckrc
new file mode 100644
index 000000000..8c7b1ada8
--- /dev/null
+++ b/.trunk/configs/.shellcheckrc
@@ -0,0 +1,7 @@
+enable=all
+source-path=SCRIPTDIR
+disable=SC2154
+
+# If you're having issues with shellcheck following source, disable the errors via:
+# disable=SC1090
+# disable=SC1091
diff --git a/.trunk/configs/.yamllint.yaml b/.trunk/configs/.yamllint.yaml
new file mode 100644
index 000000000..4d444662d
--- /dev/null
+++ b/.trunk/configs/.yamllint.yaml
@@ -0,0 +1,10 @@
+rules:
+ quoted-strings:
+ required: only-when-needed
+ extra-allowed: ["{|}"]
+ empty-values:
+ forbid-in-block-mappings: true
+ forbid-in-flow-mappings: true
+ key-duplicates: {}
+ octal-values:
+ forbid-implicit-octal: true
diff --git a/.trunk/configs/analyzers.yml b/.trunk/configs/analyzers.yml
new file mode 100644
index 000000000..0155084fe
--- /dev/null
+++ b/.trunk/configs/analyzers.yml
@@ -0,0 +1,91 @@
+# Copyright 2021 Praetorian Security, Inc.
+
+# Licensed under the Apache License, Version 2.0 (the License);
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an AS IS BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# GoKart analyzers configuration
+
+# Uncomment analyzers section below to create a new vulnerability type
+
+# analyzers:
+# # Each entry specifies a vulnerability type.
+
+# # Name of the vulnerability:
+# Test Sink:
+# # Description of this vulnerability
+# doc: Writing data to Printf()
+# # Message displayed when this vulnerability is found
+# message: Test Sink reachable by user input
+# # List of vulnerable functions used to identify this vulnerability
+# vuln_calls:
+# # Package name
+# log:
+# # Function name
+# - Printf
+
+# Each entry specifies a source that should be considered untrusted
+# If the package already exists in the sources section, add the variable/function/type underneath
+# Each package can contain multiple vulnerable sources.
+sources:
+ # Sources that are defined in Go documentation as a variable go here (note: these variables will have an SSA type of Global).
+ variables:
+ os:
+ - Args
+ # Sources that are defined in Go documentation as a function go here.
+ functions:
+ flag:
+ - Arg
+ - Args
+ os:
+ - Environ
+ - File
+ crypto/tls:
+ - LoadX509KeyPair
+ - X509KeyPair
+ os/user:
+ - Lookup
+ - LookupId
+ - Current
+ crypto/x509:
+ - Subjects
+ io:
+ - ReadAtLeast
+ - ReadFull
+ database/sql:
+ - Query
+ - QueryRow
+ bytes:
+ - String
+ - ReadBytes
+ - ReadByte
+ bufio:
+ - Text
+ - Bytes
+ - ReadString
+ - ReadSlice
+ - ReadRune
+ - ReadLine
+ - ReadBytes
+ - ReadByte
+ archive/tar:
+ - Next
+ - FileInfo
+ - Header
+ net/url:
+ - ParseQuery
+ - ParseUriRequest
+ - Parse
+ - Query
+ # Sources that are defined in Go documentation as a type go here (note: adding types will consider all functions that use that type to be tainted).
+ types:
+ net/http:
+ - Request
diff --git a/.trunk/configs/ruff.toml b/.trunk/configs/ruff.toml
new file mode 100644
index 000000000..346b1d9aa
--- /dev/null
+++ b/.trunk/configs/ruff.toml
@@ -0,0 +1,5 @@
+# Generic, formatter-friendly config.
+select = ["B", "D3", "D4", "E", "F"]
+
+# Never enforce `E501` (line length violations). This should be handled by formatters.
+ignore = ["E501"]
diff --git a/.trunk/trunk.yaml b/.trunk/trunk.yaml
new file mode 100644
index 000000000..de7e715ec
--- /dev/null
+++ b/.trunk/trunk.yaml
@@ -0,0 +1,56 @@
+# This file controls the behavior of Trunk: https://docs.trunk.io/cli
+# To learn more about the format of this file, see https://docs.trunk.io/reference/trunk-yaml
+version: 0.1
+cli:
+ version: 1.16.0
+plugins:
+ sources:
+ - id: trunk
+ ref: v1.2.3
+ uri: https://github.com/trunk-io/plugins
+runtimes:
+ enabled:
+ - go@1.21.0
+ - java@13.0.11
+ - node@18.12.1
+ - python@3.10.8
+ - rust@1.72.0
+lint:
+ enabled:
+ - actionlint@1.6.25
+ - bandit@1.7.5
+ - black@23.9.1
+ - checkov@2.4.9
+ - clippy@1.72.0
+ - dotenv-linter@3.3.0
+ - git-diff-check
+ - gofmt@1.20.4
+ - gokart@0.5.1
+ - golangci-lint@1.54.2
+ - hadolint@2.12.0
+ - isort@5.12.0
+ - ktlint@1.0.0
+ - markdownlint@0.37.0
+ - osv-scanner@1.4.0
+ - oxipng@8.0.0
+ - prettier@3.0.3
+ - ruff@0.0.290
+ - rustfmt@1.72.0
+ - shellcheck@0.9.0
+ - shfmt@3.6.0
+ - taplo@0.8.1
+ - terrascan@1.18.3
+ - trivy@0.45.1
+ - trufflehog@3.56.1
+ - yamllint@1.32.0
+ ignore:
+ - linters: [clippy, rustfmt]
+ paths:
+ # do not reun
+ - rust/src/lib.rs
+actions:
+ enabled:
+ - trunk-announce
+ - trunk-check-pre-push
+ - trunk-fmt-pre-commit
+ - trunk-upgrade-available
From 52e4e49ab13ff99a58b015751774b9aee8c719ec Mon Sep 17 00:00:00 2001
From: Eli Schleifer <eli@trunk.io>
Date: Fri, 22 Sep 2023 12:15:52 -0700
Subject: [PATCH 2/2]
---
.trunk/trunk.yaml | 3 +++
1 file changed, 3 insertions(+)
diff --git a/.trunk/trunk.yaml b/.trunk/trunk.yaml
index de7e715ec..057961497 100644
--- a/.trunk/trunk.yaml
+++ b/.trunk/trunk.yaml
@@ -48,6 +48,9 @@ lint:
paths:
# do not reun
- rust/src/lib.rs
+ - linters: [ALL]
+ paths:
+ - go/internal/openapi/**
actions:
enabled:
- trunk-announce