From d0bf888ca0721b25a32971fec39f8e822f34f519 Mon Sep 17 00:00:00 2001 From: Jacob Bednarz Date: Wed, 29 Jun 2022 15:59:04 +1000 Subject: [PATCH] cI: add semgrep rules for using test account IDs and zone IDs --- .semgrep.yml | 66 ++++++++++++++++++++++++++++++++++++++++++++------ .semgrepignore | 33 ++++++------------------- 2 files changed, 66 insertions(+), 33 deletions(-) diff --git a/.semgrep.yml b/.semgrep.yml index 7e5bb5a012..a9482a6558 100644 --- a/.semgrep.yml +++ b/.semgrep.yml @@ -5,10 +5,10 @@ rules: message: Where a real IPv4 address isn't needed, use IPv4 addresses from RFC5737. paths: include: - - internal/provider/*_test.go - - docs/ - - examples/ - - templates/ + - '*_test.go' + - 'docs/' + - 'examples/' + - 'templates/' patterns: - pattern-regex: '\d+\.\d+\.\d+\.\d+' - pattern-not-regex: '10\.\d+\.\d+.\d+' @@ -23,10 +23,60 @@ rules: message: Where a real IPv6 address isn't needed, use IPv6 addresses from RFC3849. paths: include: - - internal/provider/*_test.go - - docs/ - - examples/ - - templates/ + - '*_test.go' + - 'docs/' + - 'examples/' + - 'templates/' patterns: - pattern-regex: '(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))' severity: WARNING + - id: use-test-zone-ids + languages: + - hcl + message: In examples and acceptance tests, we should only use the test zone ID ("0da42c8d2132a9ddaf714f9e7c920711" or `testZoneID` in tests). + paths: + include: + - '*_test.go' + - 'docs/' + - 'examples/' + - 'templates/' + patterns: + - pattern: zone_id = "..." + - pattern-not: zone_id = "0da42c8d2132a9ddaf714f9e7c920711" + - pattern-either: + - pattern-inside: | + resource "..." "..." { + ... + } + - pattern-inside: | + data "..." "..." { + ... + } + severity: WARNING + - id: use-test-account-ids + languages: + - hcl + message: In examples and acceptance tests, we should only use the test account ID ("f037e56e89293a057740de681ac9abbe" or `testAccountID` in tests). + paths: + include: + - '*_test.go' + - 'docs/' + - 'examples/' + - 'templates/' + patterns: + - pattern: account_id = "..." + - pattern-not: account_id = "f037e56e89293a057740de681ac9abbe" + - pattern-either: + - pattern-inside: | + resource "..." "..." { + ... + } + - pattern-inside: | + data "..." "..." { + ... + } + - pattern-inside: | + provider "..." "..." { + ... + } + severity: WARNING diff --git a/.semgrepignore b/.semgrepignore index 7e16a4ab20..e12718f031 100644 --- a/.semgrepignore +++ b/.semgrepignore @@ -10,30 +10,13 @@ .git/ :include .gitignore -# Common large paths - -node_modules/ -build/ -dist/ -vendor/ -.env/ -.venv/ -.tox/ -\*.min.js - -# Common test paths - -test/ -tests/ - -# \*\_test.go - -# \*\.md - -# Semgrep rules folder - .semgrep - -# Semgrep-action log folder - .semgrep_logs/ + +.github/ +.vscode/ +.changelog/ +CHANGELOG.md +go.mod +go.sum +README.md