diff --git a/.github/actions/spelling/README.md b/.github/actions/spelling/README.md new file mode 100644 index 0000000..562091e --- /dev/null +++ b/.github/actions/spelling/README.md @@ -0,0 +1,15 @@ +# check-spelling/check-spelling configuration + +| File | Purpose | Format | Info | +| -------------------------------------------------- | --------------------------------------------------------------- | --------------------------------------------------------- | ---------------------------------------------------------------------------------------------------- | +| [allow.txt](allow.txt) | Add words to the dictionary | one word per line (only letters and `'`s allowed) | [allow](https://github.com/check-spelling/check-spelling/wiki/Configuration#allow) | +| [reject.txt](reject.txt) | Remove words from the dictionary (after allow) | grep pattern matching whole dictionary words | [reject](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-reject) | +| [excludes.txt](excludes.txt) | Files to ignore entirely | perl regular expression | [excludes](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-excludes) | +| [only.txt](only.txt) | Only check matching files (applied after excludes) | perl regular expression | [only](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-only) | +| [patterns.txt](patterns.txt) | Patterns to ignore from checked lines | perl regular expression (order matters, first match wins) | [patterns](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-patterns) | +| [line_forbidden.patterns](line_forbidden.patterns) | Patterns to flag in checked lines | perl regular expression (order matters, first match wins) | [patterns](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-patterns) | +| [expect.txt](expect.txt) | Expected words that aren't in the dictionary | one word per line (sorted, alphabetically) | [expect](https://github.com/check-spelling/check-spelling/wiki/Configuration#expect) | +| [advice.md](advice.md) | Supplement for GitHub comment when unrecognized words are found | GitHub Markdown | [advice](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-advice) | + +Note: you can replace any of these files with a directory by the same name (minus the suffix) +and then include multiple files inside that directory (with that suffix) to merge multiple files together. diff --git a/.github/actions/spelling/advice.md b/.github/actions/spelling/advice.md new file mode 100644 index 0000000..cea808b --- /dev/null +++ b/.github/actions/spelling/advice.md @@ -0,0 +1,23 @@ + +
If the flagged items are false positives + +If items relate to a ... + +- binary file (or some other file you wouldn't want to check at all). + + Please add a file path to the `excludes.txt` file matching the containing file. + + File paths are Perl 5 Regular Expressions - you can [test](https://www.regexplanet.com/advanced/perl/) yours before committing to verify it will match your files. + + `^` refers to the file's path from the root of the repository, so `^README\.md$` would exclude README.md (on whichever branch you're using). + +- well-formed pattern. + + If you can write a [pattern](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples:-patterns) that would match it, + try adding it to the `patterns.txt` file. + + Patterns are Perl 5 Regular Expressions - you can [test](https://www.regexplanet.com/advanced/perl/) yours before committing to verify it will match your lines. + + Note that patterns can't match multiline strings. + +
diff --git a/.github/actions/spelling/allow.txt b/.github/actions/spelling/allow.txt new file mode 100644 index 0000000..e69de29 diff --git a/.github/actions/spelling/excludes.txt b/.github/actions/spelling/excludes.txt new file mode 100644 index 0000000..c013ab5 --- /dev/null +++ b/.github/actions/spelling/excludes.txt @@ -0,0 +1,50 @@ +# See https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples:-excludes +(?:^|/)(?i)COPYRIGHT +(?:^|/)(?i)LICEN[CS]E +(?:^|/)go\.sum$ +(?:^|/)package(?:-lock|)\.json$ +(?:^|/)vendor/ +ignore$ +\.a$ +\.ai$ +\.avi$ +\.bmp$ +\.bz2$ +\.crt$ +\.dll$ +\.DS_Store$ +\.eot$ +\.exe$ +\.gif$ +\.gitattributes$ +\.graffle$ +\.gz$ +\.icns$ +\.ico$ +\.jar$ +\.jpe?g$ +\.key$ +\.lib$ +\.lock$ +\.map$ +\.min\.. +\.mod$ +\.mp[34]$ +\.o$ +\.ocf$ +\.otf$ +\.pdf$ +\.pem$ +\.png$ +\.psd$ +\.s$ +\.svg$ +\.tiff?$ +\.ttf$ +\.wav$ +\.webm$ +\.webp$ +\.woff2?$ +\.zip$ +^\.github/actions/spelling/ +^\Q.github/workflows/spelling.yml\E$ diff --git a/.github/actions/spelling/expect.txt b/.github/actions/spelling/expect.txt new file mode 100644 index 0000000..ef166f9 --- /dev/null +++ b/.github/actions/spelling/expect.txt @@ -0,0 +1,4 @@ +Fatalln +Getenv +mondoogql +Println diff --git a/.github/actions/spelling/line_forbidden.patterns b/.github/actions/spelling/line_forbidden.patterns new file mode 100644 index 0000000..b60cc6b --- /dev/null +++ b/.github/actions/spelling/line_forbidden.patterns @@ -0,0 +1,503 @@ +# Detect common combinations of valid words that are in fact invalid. +# Useful for brand capitalizations + +# +# Our Terms +# + +# s.b. Mondoo Platform +\sthe Mondoo Platform\b +\sMondoo platform\b + +# +# Industry Terms +# + +# s.b. Side scanning +\bSidescanning\b +\bsidescanning\b + +# s.b. DevOps +\bDev Ops\b +\bDevops\b + +# s.b. SaaS +\bSaas\b +\bsaas\b + +# s.b. Docker Hub +\bDockerHub\b +\bDockerhub\b + +# s.b. REST API +\bRest API\b +\brest API\b +\brest api\b + +# s.b. DevSecOps +\bDevsecops\b + +# s.b. on-premises +\bon-premise\b + +# +# Product Names +# + +# s.b. Firefox +\bFireFox\b + +# s.b. CentOS +\bCentos\b +\bCent OS\b +\bcentOS\b + +# s.b. macOS +\bOS X\b +\bMacOS\b +\bMac OS\b + +# s.b. Okta +\bOcta\b + +# s.b. Elasticsearch +\bElasticSearch\b + +# s.b. DocuSign +\bDocu Sign\b + +# s.b. DocuSign +\bDocu Sign\b + +# s.b. DocuSign +\bDocu Sign\b +\bDocusign\b + +# s.b. MongoDB +\bMongo DB\b +\bMongoDb\b + +# s.b. MySQL +\bMysql\b +\bMySql\b + +# s.b. OpenStack +\bOpen Stack\b +\bOpenstack\b + +# s.b. Red Hat +\bRedHat\b + +# s.b. AlmaLinux +\bAlma Linux\b + +# s.b. openSUSE +\bOpenSUSE\b + +# s.b. openSUSE +\bopenSuse\b + +# s.b. CircleCI +\bCircleCi\b + +# s.b. AppArmor +\bApparmor\b +\bApp Armor\b + +# s.b. SELinux +\bSeLinux\b +\bSelinux\b + +# s.b. InSpec +\b[Ii]nspec\b + +# s.b. GitHub +\bGithub\b + +# s.b. GitLab +\bGitlab\b + +# s.b. JavaScript +\bJavascript\b + +# s.b. OpenSSL +\bOpenssl\b +\bopenSSL\b + +# +# Microsoft Products +# + +# s.b. Microsoft +\bMicroSoft\b + +# s.b. Windows Server +\bWindows server\b + +# s.b. Team Foundation Server +\bTeam foundation server\b +\bteam foundation server\b + +# s.b. Active Directory +\bActive directory\b +\bactive directory\b + +# s.b. Group Policy Object +\bGroup policy object\b +\bgroup policy object\b +\bGroup Policy object\b + +# +# VMware Products +# + +# s.b. VMware +\bVmware\b +\bVMWare\b + +# s.b. vCenter +\bVcenter\b +\bVCenter\b + +# s.b. ESXi +\bEsxi\b + +# +# AWS Products +# + +# s.b. App2Container +\bApp2container\b + +# s.b. AppFlow +\bAppflow\b + +# s.b. AppSync +\bAppsync\b + +# s.b. CloudEnsure +\bCloudensure\b + +# s.b. CloudFormation +\bCloudformation\b + +# s.b. CloudFront +\bCloudfront\b + +# s.b. CloudHSM +\bCloudHsm\b +\bCloudhsm\b + +# s.b. CloudSearch +\bCloudsearch\b + +# s.b. CloudShell +# we can't check for Cloud Shell since that's what Azure calls it +\bCloudshell\b +\bcloudshell\b + +# s.b. CloudTrail +\bCloudtrail\b + +# s.b. CloudWatch +\bCloudwatch\b + +# s.b. CodeArtifact +\bCodeartifact\b + +# s.b. CodeBuild +\bCodebuild\b + +# s.b. CodeCommit +\bCodecommit\b + +# s.b. CodeDeploy +\bCodedeploy\b + +# s.b. CodeGuru +\bCodeguru\b + +# s.b. CodePipeline +\bCodepipeline\b + +# s.b. CodeStar +\bCodestar\b + +# s.b. Copilot +\bCoPilot\b + +# s.b. DeepRacer +\bDeepracer\b + +# s.b. DocumentDB +\bDocument DB\b +\bDocumentDb\b + +# s.b. DynamoDB +\bDynamo DB\b +\bDynamoDb\b + +# s.b. ElastiCache +\bElasticache\b + +# s.b. EventBridge +\bEventbridge\b + +# s.b. Fargate +\bFarGate\b + +# s.b. FinSpace +\bFinSpace\b + +# s.b. FSx +\bFSX\b + +# s.b. GameLift +\bGamelift\b + +# s.b. GuardDuty +\bGuardduty\b + +# s.b. Honeycode +\bHoneyCode\b + +# s.b. Lightsail +\bLightSail\b + +# s.b. MXNet +\bMxnet\b +\bMXnet\b + +# s.b. OpenSearch +\bOpensearch\b + +# s.b. OpenShift +\bOpenshift\b + +# s.b. PrivateLink +\bPrivatelink\b + +# s.b. QuickSight +\bQuicksight\b + +# s.b. Redshift +\bRedShift\b + +# s.b. RoboMaker +\bRobomaker\b + +# s.b. Route 53 +\bRoute53\b + +# s.b. SageMaker +\bSagemaker\b + +# s.b. SiteWise +\bSitewise\b + +# s.b. WorkDocs +\bWorkdocs\b + +# s.b. WorkMail +\bWorkmail\b + +# +# GCP Products +# + +# s.b. Pub/Sub +\bPubSub\b + +# s.b. Cloud SQL +\bCloudSQL\b + +# s.b. Cloud CDN +\bCloudCDN\b + +# s.b. Cloud Functions +\bCloud functions\b + +# s.b. Vertex AI +\bVertexAI\b + +# s.b. Dialogflow +\bDialogFlow\b + +# s.b. Dataplex +\bDataPlex\b + +# s.b. BigLake +\bBig Lake\b + +# s.b. AlloyDB +\bAlloy DB\b + +# s.b. Firestore +\bFireStore\b + +# s.b. Datastream +\bDataStream\b +\bData Stream\b + +# s.b. Memorystore +\bMemoryStore\b +\bMemory Store\b + +# s.b. TensorFlow +\bTensor Flow\b + +# s.b. AppEngine +\bApp Engine\b + +# s.b. AppEngine +\bApp Engine\b + +# s.b. Compute Engine +\bComputeEngine\b +\bCompute engine\b + +# s.b. VMware Engine +\bVMware engine\b +\bVMWare Engine\b + +# s.b. Knative +\bKNative\b + +# s.b. BigQuery +\bBig Query\b + +# s.b. Cloud Build +\bCloudBuild\b +\bCloud build\b + +# s.b. Cloud Run +\bCloudRun\b +\bCloud run\b + +# +# Azure Products +# + +# s.b. Key Vault +\bKey vault\b +\bKeyVault\b + +# s.b. Ampere +\bampere\b + +# s.b. Azure DevOps Server +\bAzure DevOps server\b + +# s.b. Synapse Analytics +\bSynapse analytics\b +\bsynapse analytics\b + +# s.b. Cognitive Services +\bCognitive services\b +\bcognitive services\b + +# s.b. Event Hubs +\bEvent hubs\b +\bevent hubs\b + +# s.b. CloudOps +\bCloud Ops\b +\bCloud ops\b +\bcloud ops\b + +# s.b. Batch Service +\bBatch service\b +\bbatch service\b + +# s.b. Service Fabric Cluster +\bservice fabric cluster\b + +# s.b. Azure Kubernetes Service +\bAzure Kubernetes service\b + +# s.b. Cosmos DB +\bCosmosDB\b + +# s.b. SignalR Service +\bSignalR service\b +\bSignal R Service\b + +# s.b. App Service Certificate +\bapp service certificate\b + +# s.b. Privileged Identity Management +\bprivileged identity management\b + +# s.b. BizTalk Service +\bBizTalk service\b +\bBiztalk service\b +\bBiz Talk service\b +\bBiz Talk Service\b + +# s.b. Data Box +\bdata box\b + +# s.b. Database Migration Service +\bdatabase migration service\b + +# s.b. Internet Analyzer +\bInternet analyzer\b +\binternet analyzer\b + +# s.b. Web Application Firewall +\bWeb application firewall\b +\bweb Application Firewall\b + +# s.b. SQL Vulnerability Assessment +\bSQL vulnerability assessment\b + +# s.b. StorSimple +\bStor Simple\b + +# +# Common Typos +# + +# s.b. another +\ban[- ]other\b + +# s.b. greater than +\bgreater then\b + +# s.b. less than +\bless then\b + +# s.b. otherwise +\bother[- ]wise\b + +# s.b. nonexistent +\bnon existing\b +\b[Nn]o[nt][- ]existent\b + +# s.b. preexisting +[Pp]re-existing + +# s.b. preempt +[Pp]re-empt\b + +# s.b. preemptively +[Pp]re-emptively + +# s.b. reentrancy +[Rr]e-entrancy + +# s.b. reentrant +[Rr]e-entrant + +# s.b. policies +[Pp]olices + +# s.b. ID +# \bId\b # disabled in this repo due to false positives + +# s.b. CSV +\bCVS\b + +# Reject duplicate words +\s([A-Z]{3,}|[A-Z][a-z]{2,}|[a-z]{3,})\s\g{-1}\s + diff --git a/.github/actions/spelling/only.txt b/.github/actions/spelling/only.txt new file mode 100644 index 0000000..cfa27f7 --- /dev/null +++ b/.github/actions/spelling/only.txt @@ -0,0 +1 @@ +\.md$ diff --git a/.github/actions/spelling/patterns.txt b/.github/actions/spelling/patterns.txt new file mode 100644 index 0000000..3c3a1d4 --- /dev/null +++ b/.github/actions/spelling/patterns.txt @@ -0,0 +1,68 @@ +# See https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples:-patterns + +# acceptable duplicates +# ls directory listings +[-bcdlpsw](?:[-r][-w][-sx]){3}\s+\d+\s+(\S+)\s+\g{-1}\s+\d+\s+ + +# Commit message -- Signed-off-by and friends +^\s*(?:(?:Based-on-patch|Co-authored|Helped|Mentored|Reported|Reviewed|Signed-off)-by|Thanks-to): (?:[^<]*<[^>]*>|[^<]*)\s*$ + +# Autogenerated revert commit message +^This reverts commit [0-9a-f]{40}\.$ + +# ignore long runs of a single character: +\b([A-Za-z])\g{-1}{3,}\b + +# ignore funky space IDs that blow up spell checking +api\.mondoo\.app\/space.*\b +console\.mondoo\.com\/space.*\b + +# azure subscription ID +[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12} + +# azure subscriptions URL +\/subscriptions\/\S* + +# docker container +\b[a-z,0-9]{12}\b + +# URLs in markdown links / images +]\(.*\) + +# Azure Key Vault Vault. It feels wrong, but it's technically right +Key Vault Vault + +# luna containers in scan output +\bluna/.*\b + +# this comes up in permissions and is valid +\broot root\b + +# AWS resources +(ami|subnet|vpc|sg)-[0-9a-fA-F]{17} + +# http and https URLs +https?:\/\/(www\.)?[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b([-a-zA-Z0-9()@:%_\+.~#?&//=]*) + +# registry key paths +HKEY_[\w\\]* + +# Container digests +\bsha256:\w* + +# mime types +\bapplication\/\S* + +# skip mql uids +uid:\s.*$ + +# ARN values +\barn:\S* + +# mac user dir path +\/Users\/\S* + +# AWS Token, ID access key, etc +aws_session_token\s+\=(\s+)?.+ +aws_access_key_id\s+\=(\s+)?.+ +aws_secret_access_key\s+\=(\s+)?.+ diff --git a/.github/actions/spelling/reject.txt b/.github/actions/spelling/reject.txt new file mode 100644 index 0000000..1653f28 --- /dev/null +++ b/.github/actions/spelling/reject.txt @@ -0,0 +1,13 @@ +ad-hoc +^attache$ +benefitting +occurences? +^dependan.* +^oer$ +Sorce +^[Ss]pae.* +^untill$ +^untilling$ +^wether.* +\w*(?=1.21.0" + +jobs: + # Check if there is any dirty change for go mod tidy + go-mod: + runs-on: ubuntu-latest + steps: + - name: Install Go + uses: actions/setup-go@v4 + with: + go-version: ${{ env.GO_VERSION }} + cache: false + - name: Checkout code + uses: actions/checkout@v4 + - name: Check go mod + run: | + go mod tidy + git diff --exit-code go.mod + + golangci-lint: + runs-on: ubuntu-latest + steps: + - name: Install Go + uses: actions/setup-go@v4 + with: + go-version: ${{ env.GO_VERSION }} + cache: false + - name: Checkout code + uses: actions/checkout@v4 + - name: Run golangci-lint + uses: golangci/golangci-lint-action@v3.7.0 + with: + version: latest + args: --timeout=30m + + go-test: + runs-on: ubuntu-latest + steps: + - name: Install Go + uses: actions/setup-go@v4 + with: + go-version: ${{ env.GO_VERSION }} + cache: false + - name: Checkout code + uses: actions/checkout@v4 + # https://github.com/actions/cache/blob/main/examples.md#go---modules + - uses: actions/cache@v3 + with: + path: | + ~/.cache/go-build + ~/go/pkg/mod + key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} + restore-keys: | + ${{ runner.os }}-go- + - run: make test + - uses: actions/upload-artifact@v3 # upload test results + if: success() || failure() # run this step even if previous step failed + with: + name: test-results + path: report.xml \ No newline at end of file diff --git a/.github/workflows/spell-check.yaml b/.github/workflows/spell-check.yaml new file mode 100644 index 0000000..22c77fc --- /dev/null +++ b/.github/workflows/spell-check.yaml @@ -0,0 +1,53 @@ +--- +name: Spell Checking + +on: + pull_request: + types: [opened, reopened, synchronize] + +jobs: + spelling: + name: Run spell check + permissions: + contents: read + pull-requests: read + actions: read + outputs: + followup: ${{ steps.spelling.outputs.followup }} + runs-on: ubuntu-latest + if: "contains(github.event_name, 'pull_request') || github.event_name == 'push'" + concurrency: + group: spelling-${{ github.event.pull_request.number || github.ref }} + # note: If you use only_check_changed_files, you do not want cancel-in-progress + cancel-in-progress: true + steps: + - name: check-spelling + id: spelling + uses: check-spelling/check-spelling@v0.0.21 + with: + suppress_push_for_open_pull_request: 1 + checkout: true + post_comment: 0 + dictionary_source_prefixes: '{"mondoo": "https://raw.githubusercontent.com/mondoohq/spellcheck-dictionary/main/", "cspell": "https://raw.githubusercontent.com/check-spelling/cspell-dicts/v20220816/dictionaries/"}' + extra_dictionaries: + cspell:aws/aws.txt + cspell:filetypes/filetypes.txt + cspell:software-terms/src/software-terms.txt + cspell:software-terms/src/software-tools.txt + cspell:companies/src/companies.txt + mondoo:mondoo_dictionary.txt + + comment: + name: Report + runs-on: ubuntu-latest + needs: spelling + permissions: + contents: write + pull-requests: write + if: (success() || failure()) && needs.spelling.outputs.followup + steps: + - name: comment + uses: check-spelling/check-spelling@v0.0.21 + with: + checkout: true + task: ${{ needs.spelling.outputs.followup }} diff --git a/.golangci.yml b/.golangci.yml new file mode 100644 index 0000000..4d66e0b --- /dev/null +++ b/.golangci.yml @@ -0,0 +1,8 @@ +# See https://golangci-lint.run/usage/configuration/ for configuration options +run: + timeout: 5m + skip-dirs: + skip-files: + - ".*\\.pb\\.go$" + - ".*\\.lr\\.go$" + modules-download-mode: readonly diff --git a/Makefile b/Makefile index 37e1abc..8ea41f4 100644 --- a/Makefile +++ b/Makefile @@ -13,5 +13,17 @@ license/headers/check: license/headers/apply: copywrite headers -test: - go test -cover $(shell go list ./... | grep -v '/providers/') \ No newline at end of file +test: test/go test/lint + +test/go: + go test -cover $(shell go list ./...) + +test/lint: test/lint/golangci-lint/run + +prep/tools: + go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest + +.PHONY: test/lint/golangci-lint/run +test/lint/golangci-lint/run: prep/tools + golangci-lint --version + golangci-lint run \ No newline at end of file diff --git a/client_test.go b/client_test.go index a20342a..d63d1a1 100644 --- a/client_test.go +++ b/client_test.go @@ -43,7 +43,7 @@ func TestGraphQLClient(t *testing.T) { })) defer ts.Close() - client, err := NewClient(option.WithEndpoint(ts.URL + "/query")) + client, err := NewClient(option.WithEndpoint(ts.URL+"/query"), option.WithoutAuthentication()) require.NoError(t, err) var q struct {