diff --git a/.copywrite.hcl b/.copywrite.hcl index 6bc55fc..0834e53 100644 --- a/.copywrite.hcl +++ b/.copywrite.hcl @@ -3,7 +3,7 @@ schema_version = 1 project { license = "BUSL-1.1" copyright_holder = "Mondoo, Inc." - copyright_year = 2023 + copyright_year = 2024 header_ignore = [ # GitHub issue template configuration diff --git a/.github/actions/spelling/excludes.txt b/.github/actions/spelling/excludes.txt index c013ab5..5977f03 100644 --- a/.github/actions/spelling/excludes.txt +++ b/.github/actions/spelling/excludes.txt @@ -1,50 +1,83 @@ # See https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples:-excludes (?:^|/)(?i)COPYRIGHT (?:^|/)(?i)LICEN[CS]E +(?:^|/)3rdparty/ (?:^|/)go\.sum$ (?:^|/)package(?:-lock|)\.json$ +(?:^|/)Pipfile$ +(?:^|/)pyproject.toml +(?:^|/)requirements(?:-dev|-doc|-test|)\.txt$ (?:^|/)vendor/ ignore$ \.a$ \.ai$ +\.all-contributorsrc$ \.avi$ \.bmp$ \.bz2$ +\.cer$ +\.class$ +\.coveragerc$ +\.crl$ \.crt$ +\.csr$ \.dll$ +\.docx?$ +\.drawio$ \.DS_Store$ \.eot$ +\.eps$ \.exe$ \.gif$ +\.git-blame-ignore-revs$ \.gitattributes$ +\.gitkeep$ \.graffle$ \.gz$ \.icns$ \.ico$ +\.ipynb$ \.jar$ +\.jks$ \.jpe?g$ \.key$ \.lib$ \.lock$ \.map$ \.min\.. +\.mo$ \.mod$ \.mp[34]$ \.o$ \.ocf$ \.otf$ +\.p12$ +\.parquet$ \.pdf$ \.pem$ +\.pfx$ \.png$ \.psd$ +\.pyc$ +\.pylintrc$ +\.qm$ \.s$ -\.svg$ +\.sig$ +\.so$ +\.svgz?$ +\.sys$ +\.tar$ +\.tgz$ \.tiff?$ \.ttf$ \.wav$ \.webm$ \.webp$ \.woff2?$ +\.xcf$ +\.xlsx?$ +\.xpm$ +\.xz$ \.zip$ ^\.github/actions/spelling/ ^\Q.github/workflows/spelling.yml\E$ diff --git a/.github/actions/spelling/line_forbidden.patterns b/.github/actions/spelling/line_forbidden.patterns index b60cc6b..20dbc91 100644 --- a/.github/actions/spelling/line_forbidden.patterns +++ b/.github/actions/spelling/line_forbidden.patterns @@ -1,6 +1,32 @@ -# Detect common combinations of valid words that are in fact invalid. +# Detect common combinations of valid words that are in fact invalid. # Useful for brand capitalizations +# +# Catch placeholder text +# + +\b[Ll]orem [Ii]psum\b + +# +# Terms to avoid +# + +# s.b. Allow list +\s[Ww]hitelist\b +\s[Ww]hitelisting\b +\s[Ww]hitelisted\b +\s[Ww]hite list\b +\s[Ww]hite listing\b +\s[Ww]hite listed\b + +# s.b. Block list +\s[Bb]lacklist\b +\s[Bb]lacklisting\b +\s[Bb]lacklisted\b +\s[Bb]lack list\b +\s[Bb]lack listing\b +\s[Bb]lack listed\b + # # Our Terms # @@ -9,41 +35,67 @@ \sthe Mondoo Platform\b \sMondoo platform\b +# s.b. Compliance Hub +\s[Cc]ompliance hub\b + +# +# Compliance Terms +# + +# s.b. SOC 2 +\bSOC2\b + +# s.b. ISO 270001 +\bISO270001\b + # # Industry Terms # # s.b. Side scanning -\bSidescanning\b -\bsidescanning\b +\b[Ss]idescanning\b # s.b. DevOps \bDev Ops\b \bDevops\b # s.b. SaaS -\bSaas\b -\bsaas\b +\b[Ss]aas\b # s.b. Docker Hub -\bDockerHub\b -\bDockerhub\b +\bDocker[Hh]ub\b # s.b. REST API -\bRest API\b -\brest API\b +\b[Rr]est API\b \brest api\b # s.b. DevSecOps -\bDevsecops\b +\bDevsec[Oo]ps\b # s.b. on-premises \bon-premise\b +# s.b. email +\be-mail\b + +# s.b. APIs +\bapis\b + # # Product Names # +# s.b. Jira +\bJIRA\b + +# s.b. MariaDB +\bMaria DB\b +\bmariaDB\b +# \bmariaDb\b causes failures in MQL queries + +# s.b. PostgreSQL +\bPostgreSql\b + # s.b. Firefox \bFireFox\b @@ -87,6 +139,11 @@ # s.b. Red Hat \bRedHat\b +\bRedhat\b + +# s.b. EuroLinux +\bEurolinux\b +\bEuro Linux\b # s.b. AlmaLinux \bAlma Linux\b @@ -99,6 +156,7 @@ # s.b. CircleCI \bCircleCi\b +\bCircle CI\b # s.b. AppArmor \bApparmor\b @@ -124,6 +182,62 @@ \bOpenssl\b \bopenSSL\b +# s.b. CloudBees +\b[Cc]loudbees\b + +# s.b. System76 +\bSystem 76\b + +# s.b. VirtualBox +\b[Vv]irtualbox\b +\bVirtual Box\b + +# s.b. SentinelOne +\bSentinal[Oo]ne\b +\bSentinelone\b +\bSentinal One\b + +# s.b. CrowdStrike +\bCrowd Strike\b +\b[Cc]rowdstrike\b + +# +# Kubernetes Terms +# + +# s.b. DaemonSet +\bDaemonset\b + +# s.b. Dockershim +\bDockerShim\b +\bdockershim\b + +# s.b. LimitRange +\bLimitrange\b + +# s.b. Minikube +\bMiniKube\b + +# s.b. ReplicaSet +\bReplicaset\b + +# s.b. StatefulSet +\bStatefulset\b + +# +# HashiCorp Products +# + +# s.b. HashiCorp +\bHashicorp\b + +# s.b. Terraform +\bTerraForm\b + +# s.b. Vagrantfile +\bVagrant file\b +\bVagrantFile\b + # # Microsoft Products # @@ -131,6 +245,14 @@ # s.b. Microsoft \bMicroSoft\b +# s.b. PowerPoint +\bPower Point\b +\bPowerpoint\b + +# s.b. OneNote +\bOne Note\b +\bOnenote\b + # s.b. Windows Server \bWindows server\b @@ -147,6 +269,25 @@ \bgroup policy object\b \bGroup Policy object\b +# s.b. Power BI +\bPowerBI\b + +# s.b. SharePoint +\bSharepoint\b +\bShare Point\b + +# s.b. BitLocker +\bBitlocker\b +\bbitLocker\b + +# s.b. VS Code +\bVSCode\b +\bVScode\b + +# s.b. LinkedIn +\bLinked In\b +\bLinkedin\b + # # VMware Products # @@ -159,6 +300,10 @@ \bVcenter\b \bVCenter\b +# s.b. vSphere +\bVsphere\b +\bVSphere\b + # s.b. ESXi \bEsxi\b @@ -180,13 +325,13 @@ # s.b. CloudFormation \bCloudformation\b +\bCloud Formation\b # s.b. CloudFront \bCloudfront\b # s.b. CloudHSM -\bCloudHsm\b -\bCloudhsm\b +\bCloud[Hh]sm\b # s.b. CloudSearch \bCloudsearch\b @@ -223,6 +368,9 @@ # s.b. CodeStar \bCodestar\b +# s.b. AWS Config +\bAWS config\b + # s.b. Copilot \bCoPilot\b @@ -245,6 +393,7 @@ # s.b. Fargate \bFarGate\b +\bFar Gate\b # s.b. FinSpace \bFinSpace\b @@ -261,6 +410,9 @@ # s.b. Honeycode \bHoneyCode\b +# s.b. Lambda +\bLamba\b + # s.b. Lightsail \bLightSail\b @@ -295,6 +447,9 @@ # s.b. SiteWise \bSitewise\b +# s.b. StackSets +\bStacksets\b + # s.b. WorkDocs \bWorkdocs\b @@ -305,11 +460,21 @@ # GCP Products # -# s.b. Pub/Sub -\bPubSub\b +# s.b. AlloyDB +\bAlloy DB\b -# s.b. Cloud SQL -\bCloudSQL\b +# s.b. AppEngine +\bApp Engine\b + +# s.b. BigLake +\bBig Lake\b + +# s.b. BigQuery +\bBig Query\b + +# s.b. Cloud Build +\bCloudBuild\b +\bCloud build\b # s.b. Cloud CDN \bCloudCDN\b @@ -317,67 +482,60 @@ # s.b. Cloud Functions \bCloud functions\b -# s.b. Vertex AI -\bVertexAI\b +# s.b. Cloud Run +\bCloudRun\b +\bCloud run\b -# s.b. Dialogflow -\bDialogFlow\b +# s.b. Cloud SQL +\bCloudSQL\b + +# s.b. Compute Engine +\bComputeEngine\b +\bCompute engine\b # s.b. Dataplex \bDataPlex\b -# s.b. BigLake -\bBig Lake\b +# s.b. Datastream +\bDataStream\b +\bData Stream\b -# s.b. AlloyDB -\bAlloy DB\b +# s.b. Dialogflow +\bDialogFlow\b # s.b. Firestore \bFireStore\b -# s.b. Datastream -\bDataStream\b -\bData Stream\b +# s.b. gVNIC +\bGVNIC\b + +# s.b. Knative +\bKNative\b # s.b. Memorystore \bMemoryStore\b \bMemory Store\b +# s.b. Pub/Sub +\bPubSub\b + # s.b. TensorFlow \bTensor Flow\b -# s.b. AppEngine -\bApp Engine\b - -# s.b. AppEngine -\bApp Engine\b - -# s.b. Compute Engine -\bComputeEngine\b -\bCompute engine\b +# s.b. Vertex AI +\bVertexAI\b # s.b. VMware Engine \bVMware engine\b \bVMWare Engine\b -# s.b. Knative -\bKNative\b - -# s.b. BigQuery -\bBig Query\b - -# s.b. Cloud Build -\bCloudBuild\b -\bCloud build\b - -# s.b. Cloud Run -\bCloudRun\b -\bCloud run\b - # # Azure Products # +# s.b. Azure Pipelines +\bAzure DevOps Pipelines\b + # s.b. Key Vault \bKey vault\b \bKeyVault\b @@ -417,6 +575,8 @@ # s.b. Cosmos DB \bCosmosDB\b +\bCosmoDB\b +\bCosmo DB\b # s.b. SignalR Service \bSignalR service\b @@ -501,3 +661,11 @@ # Reject duplicate words \s([A-Z]{3,}|[A-Z][a-z]{2,}|[a-z]{3,})\s\g{-1}\s +# s.b. it's or its +\bits['’] + +# s.b. understand +\bunder stand\b + +# find spaces before a comma +( )+, diff --git a/.github/actions/spelling/patterns.txt b/.github/actions/spelling/patterns.txt index 3c3a1d4..caeb662 100644 --- a/.github/actions/spelling/patterns.txt +++ b/.github/actions/spelling/patterns.txt @@ -14,8 +14,8 @@ \b([A-Za-z])\g{-1}{3,}\b # ignore funky space IDs that blow up spell checking -api\.mondoo\.app\/space.*\b -console\.mondoo\.com\/space.*\b +api\.mondoo\.app\/.*\b +console\.mondoo\.com\/.*\b # azure subscription ID [0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12} @@ -39,7 +39,7 @@ Key Vault Vault \broot root\b # AWS resources -(ami|subnet|vpc|sg)-[0-9a-fA-F]{17} +(ami|subnet|vpc|sg|fs)-[0-9a-fA-F]{17} # http and https URLs https?:\/\/(www\.)?[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b([-a-zA-Z0-9()@:%_\+.~#?&//=]*) @@ -53,8 +53,8 @@ HKEY_[\w\\]* # mime types \bapplication\/\S* -# skip mql uids -uid:\s.*$ +# mql certificate IDs +certificate:\w* # ARN values \barn:\S* @@ -66,3 +66,53 @@ uid:\s.*$ aws_session_token\s+\=(\s+)?.+ aws_access_key_id\s+\=(\s+)?.+ aws_secret_access_key\s+\=(\s+)?.+ + +# PGP +\b(?:[0-9A-F]{4} ){9}[0-9A-F]{4}\b +# GPG keys +\b(?:[0-9A-F]{4} ){5}(?: [0-9A-F]{4}){5}\b + +# uuid +\b[0-9a-fA-F]{8}-(?:[0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}\b + +# curl arguments +\b(?:\\n|)curl(?:\s+-[a-zA-Z]{1,2}\b)*(?:\s+-[a-zA-Z]{3,})(?:\s+-[a-zA-Z]+)* + +# set arguments +\bset(?:\s+-[abefimouxE]{1,2})*\s+-[abefimouxE]{3,}(?:\s+-[abefimouxE]+)* + +# tar arguments +\b(?:\\n|)g?tar(?:\.exe|)(?:(?:\s+--[-a-zA-Z]+|\s+-[a-zA-Z]+|\s[ABGJMOPRSUWZacdfh-pr-xz]+\b)(?:=[^ ]*|))+ + +# file permissions +['"`\s][-bcdLlpsw](?:[-r][-w][-Ssx]){2}[-r][-w][-SsTtx]\+?['"`\s] + +# score score is valid in MQL docs +score score + +# macOS temp folders +/var/folders/\w\w/[+\w]+/(?:T|-Caches-)/ + +# ssh +(?:ssh-\S+|-nistp256) [-a-zA-Z=;:\/0-9+]{12,} + +# kubernetes object suffix +-[0-9a-f]{10}-\w{5}\s + +# sed regular expressions +sed 's/(?:[^/]*?[a-zA-Z]{3,}[^/]*?/){2} + +# UNIX device paths +\/dev\/\w* + +# AWS RDS instance types +db.\w{2}.\w* + +# uuid +[<({"'>][0-9a-fA-F]{8}-(?:[0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}[<'"})>] + +# rsa private keys +MII[BCEJ]\w* + +# UID in MQL policy +- uid: \S* diff --git a/.github/actions/spelling/reject.txt b/.github/actions/spelling/reject.txt index 1653f28..2a4063e 100644 --- a/.github/actions/spelling/reject.txt +++ b/.github/actions/spelling/reject.txt @@ -1,5 +1,6 @@ ad-hoc ^attache$ +^bellow$ benefitting occurences? ^dependan.* @@ -11,3 +12,5 @@ Sorce ^wether.* \w*(?