diff --git a/template-configs/megalinter/.mega-linter.yml b/template-configs/megalinter/.mega-linter.yml new file mode 100644 index 0000000..bf322e3 --- /dev/null +++ b/template-configs/megalinter/.mega-linter.yml @@ -0,0 +1,47 @@ +#################################################################### +# .mega-linter.yml +#################################################################### +# MegaLinter Configuration File +# See all available variables at https://megalinter.io/configuration/ and in linters documentation + +APPLY_FIXES: all +# ENABLE: # If you use ENABLE variable, all other languages/formats/tooling formats will be disabled by default +# If you use ENABLE_LINTERS variable, all other linters will be disabled by default +ENABLE_LINTERS: + - ACTION_ACTIONLINT + - ANSIBLE_ANSIBLE_LINT + - BASH_EXEC + - BASH_SHELLCHECK + - DOCKERFILE_HADOLINT + - ENV_DOTENV_LINTER + - HTML_HTMLHINT + - JAVASCRIPT_STANDARD + - JSON_JSONLINT + - MARKDOWN_MARKDOWNLINT + - MARKDOWN_MARKDOWN_LINK_CHECK + - PHP_PHPSTAN + - POWERSHELL_POWERSHELL + - PYTHON_PYLINT + - REPOSITORY_GITLEAKS + - REPOSITORY_TRIVY + - RUBY_RUBOCOP + - SPELL_PROSELINT + - SQL_SQL_LINT + - TYPESCRIPT_STANDARD + - XML_XMLLINT + - YAML_YAMLLINT +# DISABLE: If you use DISABLE variable, the linters in the listed descriptors will be skipped +# DISABLE_LINTERS: # If you use DISABLE_LINTERS variable, the listed linters will be skipped +PRINT_ALL_FILES: false +FILTER_REGEX_EXCLUDE: (\.automation|\.idea|\.vscode|\.venv) +BASH_FILTER_REGEX_EXCLUDE: "(lib)" +MARKDOWN_MARKDOWN_LINK_CHECK_DISABLE_ERRORS: true +DOCKERFILE_HADOLINT_ARGUMENTS: "--ignore DL3008" +SHOW_ELAPSED_TIME: true +FLAVOR_SUGGESTIONS: false +EMAIL_REPORTER: false +FILEIO_REPORTER: false +JSON_REPORTER: true +GITHUB_STATUS_REPORTER: true +REPOSITORY_TRIVY_CONFIG_FILE: .trivy.yml +REPOSITORY_TRIVY_DISABLE_ERRORS: true diff --git a/template-configs/megalinter/linters/.gitleaks.toml b/template-configs/megalinter/linters/.gitleaks.toml new file mode 100644 index 0000000..372d290 --- /dev/null +++ b/template-configs/megalinter/linters/.gitleaks.toml @@ -0,0 +1,18 @@ +title = "gitleaks config" + +[extend] +# useDefault will extend the base configuration with the default gitleaks config: +# https://github.com/zricethezav/gitleaks/blob/master/config/gitleaks.toml +useDefault = true + +[allowlist] + description = "Allowlisted files" + paths = [ + '''.automation/test''', + '''megalinter-reports''', + '''.github/linters''', + '''node_modules''', + '''.mypy_cache''', + '''(.*?)gitleaks\.toml$''', + '''(.*?)(png|jpg|gif|doc|docx|pdf|bin|xls|pyc|zip)$''', + '''(go.mod|go.sum)$'''] diff --git a/template-configs/megalinter/linters/.hadolint.yaml b/template-configs/megalinter/linters/.hadolint.yaml new file mode 100644 index 0000000..8e78ec1 --- /dev/null +++ b/template-configs/megalinter/linters/.hadolint.yaml @@ -0,0 +1,9 @@ +ignored: + - DL3007 + - DL3016 + - DL3018 + - DL3028 + - DL3059 + - SC2086 + - SC2039 + - SC3046 diff --git a/template-configs/megalinter/linters/.htmlhintrc b/template-configs/megalinter/linters/.htmlhintrc new file mode 100644 index 0000000..5daf1dd --- /dev/null +++ b/template-configs/megalinter/linters/.htmlhintrc @@ -0,0 +1,25 @@ +{ + "tagname-lowercase": true, + "attr-lowercase": true, + "attr-value-double-quotes": true, + "attr-value-not-empty": false, + "attr-no-duplication": true, + "doctype-first": true, + "tag-pair": true, + "tag-self-close": false, + "spec-char-escape": true, + "id-unique": true, + "src-not-empty": true, + "title-require": true, + "alt-require": true, + "doctype-html5": true, + "id-class-value": "dash", + "style-disabled": false, + "inline-style-disabled": false, + "inline-script-disabled": false, + "space-tab-mixed-disabled": "space", + "id-class-ad-disabled": false, + "href-abs-or-rel": false, + "attr-unsafe-chars": true, + "head-script-disabled": true +} diff --git a/template-configs/megalinter/linters/.markdown-link-check.json b/template-configs/megalinter/linters/.markdown-link-check.json new file mode 100644 index 0000000..c57a1a8 --- /dev/null +++ b/template-configs/megalinter/linters/.markdown-link-check.json @@ -0,0 +1,9 @@ +{ + "retryOn429": true, + "retryCount": 10, + "ignorePatterns": [ + { + "pattern": "(github\\.com/oxsecurity/megalinter/tree/main/docs)" + } + ] +} diff --git a/template-configs/megalinter/linters/.markdownlint.json b/template-configs/megalinter/linters/.markdownlint.json new file mode 100644 index 0000000..e370499 --- /dev/null +++ b/template-configs/megalinter/linters/.markdownlint.json @@ -0,0 +1,17 @@ +{ + "MD004": false, + "MD007": { + "indent": 2 + }, + "MD013": { + "line_length": 600 + }, + "MD026": { + "punctuation": ".,;:!。,;:" + }, + "MD029": false, + "MD033": false, + "MD036": false, + "MD041": false, + "blank_lines": false +} diff --git a/template-configs/megalinter/linters/.pylintrc b/template-configs/megalinter/linters/.pylintrc new file mode 100644 index 0000000..56a5249 --- /dev/null +++ b/template-configs/megalinter/linters/.pylintrc @@ -0,0 +1,464 @@ +[MASTER] +errors-only= + +# A comma-separated list of package or module names from where C extensions may +# be loaded. Extensions are loading into the active Python interpreter and may +# run arbitrary code +extension-pkg-whitelist= + +# Add files or directories to the blacklist. They should be base names, not +# paths. +ignore=CVS + +# Add files or directories matching the regex patterns to the blacklist. The +# regex matches against base names, not paths. +ignore-patterns= + +# Python code to execute, usually for sys.path manipulation such as +# pygtk.require(). +#init-hook= + +# Use multiple processes to speed up Pylint. +jobs=1 + +# List of plugins (as comma separated values of python modules names) to load, +# usually to register additional checkers. +load-plugins= + +# Pickle collected data for later comparisons. +persistent=yes + +# Specify a configuration file. +#rcfile= + +# When enabled, pylint would attempt to guess common misconfiguration and emit +# user-friendly hints instead of false-positive error messages +suggestion-mode=yes + +# Allow loading of arbitrary C extensions. Extensions are imported into the +# active Python interpreter and may run arbitrary code. +unsafe-load-any-extension=no + + +[MESSAGES CONTROL] + +# Only show warnings with the listed confidence levels. Leave empty to show +# all. Valid levels: HIGH, INFERENCE, INFERENCE_FAILURE, UNDEFINED +confidence= + +# Disable the message, report, category or checker with the given id(s). You +# can either give multiple identifiers separated by comma (,) or put this +# option multiple times (only on the command line, not in the configuration +# file where it should appear only once).You can also use "--disable=all" to +# disable everything first and then reenable specific checks. For example, if +# you want to run only the similarities checker, you can use "--disable=all +# --enable=similarities". If you want to run only the classes checker, but have +# no Warning level messages displayed, use"--disable=all --enable=classes +# --disable=W" +disable=import-error + +# Enable the message, report, category or checker with the given id(s). You can +# either give multiple identifier separated by comma (,) or put this option +# multiple time (only on the command line, not in the configuration file where +# it should appear only once). See also the "--disable" option for examples. +enable=c-extension-no-member + + +[REPORTS] + +# Python expression which should return a note less than 10 (10 is the highest +# note). You have access to the variables errors warning, statement which +# respectively contain the number of errors / warnings messages and the total +# number of statements analyzed. This is used by the global evaluation report +# (RP0004). +evaluation=10.0 - ((float(5 * error + warning + refactor + convention) / statement) * 10) + +# Template used to display messages. This is a python new-style format string +# used to format the message information. See doc for all details +#msg-template= + +# Set the output format. Available formats are text, parseable, colorized, json +# and msvs (visual studio).You can also give a reporter class, eg +# mypackage.mymodule.MyReporterClass. +output-format=text + +# Tells whether to display a full report or only the messages +reports=no + +# Activate the evaluation score. +score=no + + +[REFACTORING] + +# Maximum number of nested blocks for function / method body +max-nested-blocks=5 + +# Complete name of functions that never returns. When checking for +# inconsistent-return-statements if a never returning function is called then +# it will be considered as an explicit return statement and no message will be +# printed. +never-returning-functions=optparse.Values,sys.exit + + +[VARIABLES] + +# List of additional names supposed to be defined in builtins. Remember that +# you should avoid to define new builtins when possible. +additional-builtins= + +# Tells whether unused global variables should be treated as a violation. +allow-global-unused-variables=yes + +# List of strings which can identify a callback function by name. A callback +# name must start or end with one of those strings. +callbacks=cb_, + _cb + +# A regular expression matching the name of dummy variables (i.e. expectedly +# not used). +dummy-variables-rgx=_+$|(_[a-zA-Z0-9_]*[a-zA-Z0-9]+?$)|dummy|^ignored_|^unused_ + +# Argument names that match this expression will be ignored. Default to name +# with leading underscore +ignored-argument-names=_.*|^ignored_|^unused_ + +# Tells whether we should check for unused import in __init__ files. +init-import=no + +# List of qualified module names which can have objects that can redefine +# builtins. +redefining-builtins-modules=six.moves,past.builtins,future.builtins + + +[LOGGING] + +# Logging modules to check that the string format arguments are in logging +# function parameter format +logging-modules=logging + + +[TYPECHECK] + +# List of decorators that produce context managers, such as +# contextlib.contextmanager. Add to this list to register other decorators that +# produce valid context managers. +contextmanager-decorators=contextlib.contextmanager + +# List of members which are set dynamically and missed by pylint inference +# system, and so shouldn't trigger E1101 when accessed. Python regular +# expressions are accepted. +generated-members= + +# Tells whether missing members accessed in mixin class should be ignored. A +# mixin class is detected if its name ends with "mixin" (case insensitive). +ignore-mixin-members=yes + +# This flag controls whether pylint should warn about no-member and similar +# checks whenever an opaque object is returned when inferring. The inference +# can return multiple potential results while evaluating a Python object, but +# some branches might not be evaluated, which results in partial inference. In +# that case, it might be useful to still emit no-member and other checks for +# the rest of the inferred objects. +ignore-on-opaque-inference=yes + +# List of class names for which member attributes should not be checked (useful +# for classes with dynamically set attributes). This supports the use of +# qualified names. +ignored-classes=optparse.Values,thread._local,_thread._local + +# List of module names for which member attributes should not be checked +# (useful for modules/projects where namespaces are manipulated during runtime +# and thus existing member attributes cannot be deduced by static analysis. It +# supports qualified module names, as well as Unix pattern matching. +ignored-modules= + +# Show a hint with possible names when a member name was not found. The aspect +# of finding the hint is based on edit distance. +missing-member-hint=yes + +# The minimum edit distance a name should have in order to be considered a +# similar match for a missing member name. +missing-member-hint-distance=1 + +# The total number of similar names that should be taken in consideration when +# showing a hint for a missing member. +missing-member-max-choices=1 + + +[MISCELLANEOUS] + +# List of note tags to take in consideration, separated by a comma. +notes=FIXME, + XXX, + TODO + + +[BASIC] + +# Naming style matching correct argument names +argument-naming-style=snake_case + +# Regular expression matching correct argument names. Overrides argument- +# naming-style +#argument-rgx= + +# Naming style matching correct attribute names +attr-naming-style=snake_case + +# Regular expression matching correct attribute names. Overrides attr-naming- +# style +#attr-rgx= + +# Bad variable names which should always be refused, separated by a comma +bad-names=foo, + bar, + baz, + toto, + tutu, + tata + +# Naming style matching correct class attribute names +class-attribute-naming-style=any + +# Regular expression matching correct class attribute names. Overrides class- +# attribute-naming-style +#class-attribute-rgx= + +# Naming style matching correct class names +class-naming-style=PascalCase + +# Regular expression matching correct class names. Overrides class-naming-style +#class-rgx= + +# Naming style matching correct constant names +const-naming-style=UPPER_CASE + +# Regular expression matching correct constant names. Overrides const-naming- +# style +#const-rgx= + +# Minimum line length for functions/classes that require docstrings, shorter +# ones are exempt. +docstring-min-length=-1 + +# Naming style matching correct function names +function-naming-style=snake_case + +# Regular expression matching correct function names. Overrides function- +# naming-style +#function-rgx= + +# Good variable names which should always be accepted, separated by a comma +good-names=i, + j, + k, + ex, + Run, + _ + +# Include a hint for the correct naming format with invalid-name +include-naming-hint=no + +# Naming style matching correct inline iteration names +inlinevar-naming-style=any + +# Regular expression matching correct inline iteration names. Overrides +# inlinevar-naming-style +#inlinevar-rgx= + +# Naming style matching correct method names +method-naming-style=snake_case + +# Regular expression matching correct method names. Overrides method-naming- +# style +#method-rgx= + +# Naming style matching correct module names +module-naming-style=snake_case + +# Regular expression matching correct module names. Overrides module-naming- +# style +#module-rgx= + +# Colon-delimited sets of names that determine each other's naming style when +# the name regexes allow several styles. +name-group= + +# Regular expression which should only match function or class names that do +# not require a docstring. +no-docstring-rgx=^_ + +# List of decorators that produce properties, such as abc.abstractproperty. Add +# to this list to register other decorators that produce valid properties. +property-classes=abc.abstractproperty + +# Naming style matching correct variable names +variable-naming-style=snake_case + +# Regular expression matching correct variable names. Overrides variable- +# naming-style +#variable-rgx= + + +[SPELLING] + +# Limits count of emitted suggestions for spelling mistakes +max-spelling-suggestions=4 + +# Spelling dictionary name. Available dictionaries: none. To make it working +# install python-enchant package. +spelling-dict= + +# List of comma separated words that should not be checked. +spelling-ignore-words= + +# A path to a file that contains private dictionary; one word per line. +spelling-private-dict-file= + +# Tells whether to store unknown words to indicated private dictionary in +# --spelling-private-dict-file option instead of raising a message. +spelling-store-unknown-words=no + + +[FORMAT] + +# Expected format of line ending, e.g. empty (any line ending), LF or CRLF. +expected-line-ending-format= + +# Regexp for a line that is allowed to be longer than the limit. +ignore-long-lines=^\s*(# )??$ + +# Number of spaces of indent required inside a hanging or continued line. +indent-after-paren=4 + +# String used as indentation unit. This is usually " " (4 spaces) or "\t" (1 +# tab). +indent-string=' ' + +# Maximum number of characters on a single line. +max-line-length=100 + +# Maximum number of lines in a module +max-module-lines=1000 + +# Allow the body of a class to be on the same line as the declaration if body +# contains single statement. +single-line-class-stmt=no + +# Allow the body of an if to be on the same line as the test if there is no +# else. +single-line-if-stmt=no + + +[SIMILARITIES] + +# Ignore comments when computing similarities. +ignore-comments=yes + +# Ignore docstrings when computing similarities. +ignore-docstrings=yes + +# Ignore imports when computing similarities. +ignore-imports=no + +# Minimum lines number of a similarity. +min-similarity-lines=4 + + +[DESIGN] + +# Maximum number of arguments for function / method +max-args=5 + +# Maximum number of attributes for a class (see R0902). +max-attributes=7 + +# Maximum number of boolean expressions in a if statement +max-bool-expr=5 + +# Maximum number of branch for function / method body +max-branches=12 + +# Maximum number of locals for function / method body +max-locals=15 + +# Maximum number of parents for a class (see R0901). +max-parents=7 + +# Maximum number of public methods for a class (see R0904). +max-public-methods=20 + +# Maximum number of return / yield for function / method body +max-returns=6 + +# Maximum number of statements in function / method body +max-statements=50 + +# Minimum number of public methods for a class (see R0903). +min-public-methods=2 + + +[IMPORTS] + +# Allow wildcard imports from modules that define __all__. +allow-wildcard-with-all=no + +# Analyse import fallback blocks. This can be used to support both Python 2 and +# 3 compatible code, which means that the block might have code that exists +# only in one or another interpreter, leading to false positives when analysed. +analyse-fallback-blocks=no + +# Deprecated modules which should not be used, separated by a comma +deprecated-modules=regsub, + TERMIOS, + Bastion, + rexec + +# Create a graph of external dependencies in the given file (report RP0402 must +# not be disabled) +ext-import-graph= + +# Create a graph of every (i.e. internal and external) dependencies in the +# given file (report RP0402 must not be disabled) +import-graph= + +# Create a graph of internal dependencies in the given file (report RP0402 must +# not be disabled) +int-import-graph= + +# Force import order to recognize a module as part of the standard +# compatibility libraries. +known-standard-library= + +# Force import order to recognize a module as part of a third party library. +known-third-party=enchant + + +[CLASSES] + +# List of method names used to declare (i.e. assign) instance attributes. +defining-attr-methods=__init__, + __new__, + setUp + +# List of member names, which should be excluded from the protected access +# warning. +exclude-protected=_asdict, + _fields, + _replace, + _source, + _make + +# List of valid names for the first argument in a class method. +valid-classmethod-first-arg=cls + +# List of valid names for the first argument in a metaclass class method. +valid-metaclass-classmethod-first-arg=mcs + + +[EXCEPTIONS] + +# Exceptions that will emit a warning when being caught. Defaults to +# "Exception" +overgeneral-exceptions=builtins.Exception diff --git a/template-configs/megalinter/linters/.ruby-lint.yml b/template-configs/megalinter/linters/.ruby-lint.yml new file mode 100644 index 0000000..b9c4d88 --- /dev/null +++ b/template-configs/megalinter/linters/.ruby-lint.yml @@ -0,0 +1,8 @@ +--- +####################### +# Rubocop Config file # +####################### + +inherit_gem: + rubocop-github: + - config/default.yml diff --git a/template-configs/megalinter/linters/.sql-config.json b/template-configs/megalinter/linters/.sql-config.json new file mode 100644 index 0000000..db91b91 --- /dev/null +++ b/template-configs/megalinter/linters/.sql-config.json @@ -0,0 +1,3 @@ +{ + "_comment": "details can be found at: https://sql-lint.readthedocs.io/en/latest/files/configuration.html" +} diff --git a/template-configs/megalinter/linters/.yamllint.yml b/template-configs/megalinter/linters/.yamllint.yml new file mode 100644 index 0000000..17fb475 --- /dev/null +++ b/template-configs/megalinter/linters/.yamllint.yml @@ -0,0 +1,27 @@ +extends: default + +rules: + braces: + level: warning + max-spaces-inside: 1 + brackets: + level: warning + max-spaces-inside: 1 + colons: + level: warning + commas: + level: warning + comments: disable + comments-indentation: disable + document-start: disable + empty-lines: + level: warning + hyphens: + level: warning + indentation: + level: warning + indent-sequences: consistent + line-length: + level: warning + allow-non-breakable-inline-mappings: true + truthy: disable