Skip to content

Commit

Permalink
Allow to define _UNSECURED_ENV_VARIABLES for specific linters (#2703)
Browse files Browse the repository at this point in the history
* Manage _UNSECURED_ENV_VARIABLES for linters

Fixes #2699

* Doc + schema

* Build doc & json schema

* Doc

* typo

* Fix typo

* [MegaLinter] Apply linters fixes

---------

Co-authored-by: nvuillam <nvuillam@users.noreply.github.com>
  • Loading branch information
nvuillam and nvuillam authored May 30, 2023
1 parent 429032d commit 5cd8a86
Show file tree
Hide file tree
Showing 158 changed files with 21,078 additions and 19,758 deletions.
21 changes: 19 additions & 2 deletions .automation/build.py
Original file line number Diff line number Diff line change
Expand Up @@ -803,7 +803,9 @@ def generate_documentation():
+ "and **ready to use out of the box**, as a GitHub action or any CI system "
+ "**highly configurable** and **free for all uses**.\n\n"
+ "[**Switch to MegaLinter v7 !**]"
+ "(https://github.com/oxsecurity/megalinter/issues/2692)"
+ "(https://github.com/oxsecurity/megalinter/issues/2692)\n\n"
+ "[![Upgrade to v7 Video](https://img.youtube.com/vi/6NSBzq01S9g/0.jpg)]"
+ "(https://www.youtube.com/watch?v=6NSBzq01S9g)"
)
# Update README.md file
replace_in_file(
Expand Down Expand Up @@ -1436,12 +1438,15 @@ def process_type(linters_by_type, type1, type_label, linters_tables_md):
remove_in_config_schema_file(
[f"{linter.name}_FILE_EXTENSIONS", f"{linter.name}_FILE_NAMES_REGEX"]
)
# Pre/post commands
# Pre/post commands & unsecured variables
linter_doc_md += [
f"| {linter.name}_PRE_COMMANDS | List of bash commands to run before the linter"
f"| {dump_as_json(linter.pre_commands,'None')} |",
f"| {linter.name}_POST_COMMANDS | List of bash commands to run after the linter"
f"| {dump_as_json(linter.post_commands,'None')} |",
f"| {linter.name}_UNSECURED_ENV_VARIABLES | List of env variables explicitly "
+ f"not filtered before calling {linter.name} and its pre/post commands"
f"| {dump_as_json(linter.post_commands,'None')} |",
]
add_in_config_schema_file(
[
Expand Down Expand Up @@ -1529,6 +1534,18 @@ def process_type(linters_by_type, type1, type_label, linters_tables_md):
"items": {"type": "string"},
},
],
[
f"{linter.name}_UNSECURED_ENV_VARIABLES",
{
"$id": f"#/properties/{linter.name}_UNSECURED_ENV_VARIABLES",
"type": "array",
"default": [],
"description": "List of env variables explicitly "
+ f"not filtered before calling {linter.name} and its pre/post commands",
"title": f"{title_prefix}{linter.name}: Unsecured env variables",
"items": {"type": "string"},
},
],
]
)

Expand Down
261 changes: 131 additions & 130 deletions .cspell.json
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,131 @@
"misspell",
"report"
],
"ignoreWords": [
"AROA47DSWDEZA3",
"Cpageref",
"Cpagerefrange",
"Crefrange",
"FATA",
"KNNXNNXO",
"KNXNX0kxdddddddoc",
"Ksection",
"OXXXXKd",
"Paren",
"Prego",
"QIDAQAB",
"RQASWB",
"Ywarn",
"abefhkmnptuvx",
"admiralawkbar",
"alignat",
"aproba",
"arrify",
"baprs",
"cacache",
"categor",
"cdkOOOOOOOO0KXXXXXXXXXXK0OOOOOOOkxo",
"chokidar",
"chownr",
"citep",
"citet",
"citetext",
"citeyear",
"ckKXNNNXkc",
"cloneable-readable",
"crcr",
"dKNNXXO",
"dargs",
"depd",
"dezalgo",
"dont",
"drmaa",
"eadme",
"enableassertions",
"enablesystemassertions",
"esprima",
"etailed",
"eventemitter3",
"execa",
"fastq",
"ffenses",
"filelist",
"fs.realpath",
"gotit",
"has-bigints",
"has-tostringtag",
"hiqr",
"humanwhocodes",
"ilrsD",
"imple",
"iname",
"inimal",
"is-arrayish",
"isaacs",
"kleur",
"kxdddddddoc",
"lKXXXX0",
"leavevmode",
"lodddddddxk0XXXX0c",
"looool",
"metavuln",
"minimatch",
"minimist",
"minipass",
"minizlib",
"mkdirp",
"msgon",
"nextick",
"noni",
"noout",
"nopt",
"npm-packlist",
"npmpackagejsonlintignore",
"npmpackagejsonlintrc",
"oKXXN0",
"oKXXXXNXXX0l",
"oool",
"ormal",
"orst",
"os-tmpdir",
"pacote",
"paren",
"pbab",
"pify",
"punycode",
"pushexample",
"pypi-AgEIcHlwaS5vcmc",
"qedhere",
"readdir-scoped-modules",
"rechoir",
"repositoryformatversion",
"reusify",
"rimraf",
"rulesetsoverridetype",
"sffamily",
"shelljs",
"sisteransi",
"taketalk",
"tootallnate",
"treeverse",
"ubar",
"uiet",
"universalify",
"untildify",
"usedif",
"utteranc",
"verbatiminput",
"verbatimtab",
"verbatimtabinput",
"versionthe",
"wcwidth",
"webidl-conversions",
"wemn",
"whatwg-url",
"xXNXXXXXXXXXKo",
"yallist",
"yocto-queue"
],
"language": "en,en-GB",
"noConfigSearch": true,
"version": "0.2",
Expand Down Expand Up @@ -78,7 +203,7 @@
"Callout",
"Checkmake",
"Checkstyle",
"Choinière",
"Choini\u00e8re",
"Citep",
"Citet",
"Classpath",
Expand All @@ -89,7 +214,7 @@
"Constantin",
"Cres",
"Csrf",
"Cédric",
"C\u00e9dric",
"DARTANALYZER",
"DEVSKIM",
"DIRC",
Expand Down Expand Up @@ -166,7 +291,7 @@
"Ktlint",
"Kubernetes",
"Kubescape",
"Kučera",
"Ku\u010dera",
"LASTEXITCODE",
"LINTR",
"LOCALFOLDER",
Expand Down Expand Up @@ -536,7 +661,7 @@
"dupl",
"dustilock",
"dzhu",
"développement",
"d\u00e9veloppement",
"echoix",
"ecrc",
"editorconfig",
Expand Down Expand Up @@ -573,6 +698,7 @@
"exiasr",
"exitstatus",
"expandafter",
"explicitely",
"expressjs",
"extglob",
"extraheader",
Expand Down Expand Up @@ -1022,7 +1148,7 @@
"pytype",
"pyyaml",
"qsub",
"qualité",
"qualit\u00e9",
"quickfixes",
"quickstart",
"qzkc",
Expand Down Expand Up @@ -1305,130 +1431,5 @@
"yosay",
"zaach",
"zricethezav"
],
"ignoreWords": [
"AROA47DSWDEZA3",
"Cpageref",
"Cpagerefrange",
"Crefrange",
"FATA",
"KNNXNNXO",
"KNXNX0kxdddddddoc",
"Ksection",
"OXXXXKd",
"Paren",
"Prego",
"QIDAQAB",
"RQASWB",
"Ywarn",
"abefhkmnptuvx",
"admiralawkbar",
"alignat",
"aproba",
"arrify",
"baprs",
"cacache",
"categor",
"cdkOOOOOOOO0KXXXXXXXXXXK0OOOOOOOkxo",
"chokidar",
"chownr",
"citep",
"citet",
"citetext",
"citeyear",
"ckKXNNNXkc",
"cloneable-readable",
"crcr",
"dKNNXXO",
"dargs",
"depd",
"dezalgo",
"dont",
"drmaa",
"eadme",
"enableassertions",
"enablesystemassertions",
"esprima",
"etailed",
"eventemitter3",
"execa",
"fastq",
"ffenses",
"filelist",
"fs.realpath",
"gotit",
"has-bigints",
"has-tostringtag",
"hiqr",
"humanwhocodes",
"ilrsD",
"imple",
"iname",
"inimal",
"is-arrayish",
"isaacs",
"kleur",
"kxdddddddoc",
"lKXXXX0",
"leavevmode",
"lodddddddxk0XXXX0c",
"looool",
"metavuln",
"minimatch",
"minimist",
"minipass",
"minizlib",
"mkdirp",
"msgon",
"nextick",
"noni",
"noout",
"nopt",
"npm-packlist",
"npmpackagejsonlintignore",
"npmpackagejsonlintrc",
"oKXXN0",
"oKXXXXNXXX0l",
"oool",
"ormal",
"orst",
"os-tmpdir",
"pacote",
"paren",
"pbab",
"pify",
"punycode",
"pushexample",
"pypi-AgEIcHlwaS5vcmc",
"qedhere",
"readdir-scoped-modules",
"rechoir",
"repositoryformatversion",
"reusify",
"rimraf",
"rulesetsoverridetype",
"sffamily",
"shelljs",
"sisteransi",
"taketalk",
"tootallnate",
"treeverse",
"ubar",
"uiet",
"universalify",
"untildify",
"usedif",
"utteranc",
"verbatiminput",
"verbatimtab",
"verbatimtabinput",
"versionthe",
"wcwidth",
"webidl-conversions",
"wemn",
"whatwg-url",
"xXNXXXXXXXXXKo",
"yallist",
"yocto-queue"
]
}
2 changes: 2 additions & 0 deletions .trivyignore
Original file line number Diff line number Diff line change
Expand Up @@ -158,11 +158,13 @@ CVE-2022-43680
CVE-2022-46175
CVE-2023-0286
CVE-2023-0842
CVE-2023-2253
CVE-2023-28840
CVE-2023-29017
CVE-2023-29199
CVE-2023-29491
CVE-2023-30547
CVE-2023-30551
CVE-2023-32314
DS001
DS002
Expand Down
Loading

0 comments on commit 5cd8a86

Please sign in to comment.