-
Notifications
You must be signed in to change notification settings - Fork 70
/
.semgrep.yml
128 lines (120 loc) · 2.7 KB
/
.semgrep.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
rules:
# Rules to make sure that our schema has descriptions for all fields:
- id: schema-resource-without-description
languages: [go]
paths:
include:
- "resource_*"
- "datasource_*"
patterns:
- pattern: |
&schema.Resource{ ... }
- pattern-not: |
&schema.Resource{ ..., Description: ..., ... }
- pattern-inside: |
func $F() *schema.Resource { ... }
message: |
Each schema resource should have a description
severity: WARNING
- id: schema-element-without-description
languages: [go]
paths:
include:
- "resource_*"
- "datasource_*"
patterns:
- pattern-inside: |
map[string]*schema.Schema{ ... }
- pattern: |
{ ... }
- pattern-not: |
{ ..., Description: ..., ... }
message: |
Each schema field should have a description
severity: WARNING
# Rules to select small service plans in tests:
# TODO: we can maybe use startup-2 for most kafka needs
- id: large-plan-in-test-kafka
languages: [generic]
paths:
include:
- "*_test.go"
patterns:
- pattern-inside:
plan = "..."
- pattern-inside:
resource "aiven_kafka" ... {
...
}
- pattern-not-regex: business-4
fix: |
plan = "business-4"
message: |
Tests should use the smallest kafka plan to save costs
severity: WARNING
- id: large-plan-in-test-m3aggregator
languages: [generic]
paths:
include:
- "*_test.go"
patterns:
- pattern-inside:
plan = "..."
- pattern-inside:
resource "aiven_m3aggregator" ... {
...
}
- pattern-not-regex: business-8
fix: |
plan = "business-8"
message: |
Tests should use the smallest m3aggregator plan to save costs
severity: WARNING
- id: large-plan-in-test-clickhouse
languages: [generic]
paths:
include:
- "*_test.go"
patterns:
- pattern-inside:
plan = "..."
- pattern-inside:
resource "aiven_clickhouse" ... {
...
}
- pattern-not-regex: startup-beta-8
fix: |
plan = "startup-beta-8"
message: |
Tests should use the smallest clickhouse plan to save costs
severity: WARNING
- id: large-plan-in-test-other
languages: [generic]
paths:
include:
- "*_test.go"
patterns:
- pattern-inside:
plan = "..."
- pattern-inside:
resource ... ... {
...
}
- pattern-not-inside:
resource "aiven_kafka" ... {
...
}
- pattern-not-inside:
resource "aiven_m3aggregator" ... {
...
}
- pattern-not-inside:
resource "aiven_clickhouse" ... {
...
}
- pattern-not-regex: (startup-(1|2|4|8)|%s)
fix: |
plan = "startup-4"
message: |
Tests should use the smallest service plan to save costs
severity: WARNING