From 3769a90d27b22ed856ffbdf9739b4f7dee5b3078 Mon Sep 17 00:00:00 2001
From: Tim Smith <tim@mondoo.com>
Date: Fri, 29 Sep 2023 12:36:58 -0700
Subject: [PATCH] Update Spellcheck GH Action to latest

Also sync configs

Signed-off-by: Tim Smith <tsmith84@gmail.com>
---
 .github/actions/spelling/README.md            |  21 +-
 .github/actions/spelling/advice.md            |   2 +-
 .github/actions/spelling/allow.txt            |   1 -
 .../actions/spelling/line_forbidden.patterns  | 181 +++++++++++++++++-
 .github/actions/spelling/patterns.txt         |  37 +++-
 .github/actions/spelling/reject.txt           |   1 -
 .github/dependabot.yml                        |   5 +
 .github/workflows/cla.yaml                    |   7 +-
 .github/workflows/spell-check.yaml            |   9 +-
 CHANGELOG.md                                  |   2 +-
 10 files changed, 237 insertions(+), 29 deletions(-)

diff --git a/.github/actions/spelling/README.md b/.github/actions/spelling/README.md
index 516ec07..562091e 100644
--- a/.github/actions/spelling/README.md
+++ b/.github/actions/spelling/README.md
@@ -1,16 +1,15 @@
 # check-spelling/check-spelling configuration
 
-| File                                               | Purpose                                                                          | Format                                                    | Info                                                                                                 |
-| -------------------------------------------------- | -------------------------------------------------------------------------------- | --------------------------------------------------------- | ---------------------------------------------------------------------------------------------------- |
-| [dictionary.txt](dictionary.txt)                   | Replacement dictionary (creating this file will override the default dictionary) | one word per line                                         | [dictionary](https://github.com/check-spelling/check-spelling/wiki/Configuration#dictionary)         |
-| [allow.txt](allow.txt)                             | Add words to the dictionary                                                      | one word per line (only letters and `'`s allowed)         | [allow](https://github.com/check-spelling/check-spelling/wiki/Configuration#allow)                   |
-| [reject.txt](reject.txt)                           | Remove words from the dictionary (after allow)                                   | grep pattern matching whole dictionary words              | [reject](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-reject)     |
-| [excludes.txt](excludes.txt)                       | Files to ignore entirely                                                         | perl regular expression                                   | [excludes](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-excludes) |
-| [only.txt](only.txt)                               | Only check matching files (applied after excludes)                               | perl regular expression                                   | [only](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-only)         |
-| [patterns.txt](patterns.txt)                       | Patterns to ignore from checked lines                                            | perl regular expression (order matters, first match wins) | [patterns](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-patterns) |
-| [line_forbidden.patterns](line_forbidden.patterns) | Patterns to flag in checked lines                                                | perl regular expression (order matters, first match wins) | [patterns](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-patterns) |
-| [expect.txt](expect.txt)                           | Expected words that aren't in the dictionary                                     | one word per line (sorted, alphabetically)                | [expect](https://github.com/check-spelling/check-spelling/wiki/Configuration#expect)                 |
-| [advice.md](advice.md)                             | Supplement for GitHub comment when unrecognized words are found                  | GitHub Markdown                                           | [advice](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-advice)     |
+| File                                               | Purpose                                                         | Format                                                    | Info                                                                                                 |
+| -------------------------------------------------- | --------------------------------------------------------------- | --------------------------------------------------------- | ---------------------------------------------------------------------------------------------------- |
+| [allow.txt](allow.txt)                             | Add words to the dictionary                                     | one word per line (only letters and `'`s allowed)         | [allow](https://github.com/check-spelling/check-spelling/wiki/Configuration#allow)                   |
+| [reject.txt](reject.txt)                           | Remove words from the dictionary (after allow)                  | grep pattern matching whole dictionary words              | [reject](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-reject)     |
+| [excludes.txt](excludes.txt)                       | Files to ignore entirely                                        | perl regular expression                                   | [excludes](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-excludes) |
+| [only.txt](only.txt)                               | Only check matching files (applied after excludes)              | perl regular expression                                   | [only](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-only)         |
+| [patterns.txt](patterns.txt)                       | Patterns to ignore from checked lines                           | perl regular expression (order matters, first match wins) | [patterns](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-patterns) |
+| [line_forbidden.patterns](line_forbidden.patterns) | Patterns to flag in checked lines                               | perl regular expression (order matters, first match wins) | [patterns](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-patterns) |
+| [expect.txt](expect.txt)                           | Expected words that aren't in the dictionary                    | one word per line (sorted, alphabetically)                | [expect](https://github.com/check-spelling/check-spelling/wiki/Configuration#expect)                 |
+| [advice.md](advice.md)                             | Supplement for GitHub comment when unrecognized words are found | GitHub Markdown                                           | [advice](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-advice)     |
 
 Note: you can replace any of these files with a directory by the same name (minus the suffix)
 and then include multiple files inside that directory (with that suffix) to merge multiple files together.
diff --git a/.github/actions/spelling/advice.md b/.github/actions/spelling/advice.md
index c37267b..cea808b 100644
--- a/.github/actions/spelling/advice.md
+++ b/.github/actions/spelling/advice.md
@@ -9,7 +9,7 @@ If items relate to a ...
 
   File paths are Perl 5 Regular Expressions - you can [test](https://www.regexplanet.com/advanced/perl/) yours before committing to verify it will match your files.
 
-  `^` refers to the file's path from the root of the repository, so `^README\.md$` would exclude [README.md](../tree/HEAD/README.md) (on whichever branch you're using).
+  `^` refers to the file's path from the root of the repository, so `^README\.md$` would exclude README.md (on whichever branch you're using).
 
 - well-formed pattern.
 
diff --git a/.github/actions/spelling/allow.txt b/.github/actions/spelling/allow.txt
index 8b13789..e69de29 100644
--- a/.github/actions/spelling/allow.txt
+++ b/.github/actions/spelling/allow.txt
@@ -1 +0,0 @@
-
diff --git a/.github/actions/spelling/line_forbidden.patterns b/.github/actions/spelling/line_forbidden.patterns
index ec6c475..d52a2b6 100644
--- a/.github/actions/spelling/line_forbidden.patterns
+++ b/.github/actions/spelling/line_forbidden.patterns
@@ -1,6 +1,18 @@
-# Detect common combinations of valid words that are in fact invalid. 
+# Detect common combinations of valid words that are in fact invalid.
 # Useful for brand capitalizations
 
+#
+# Our Terms
+#
+
+# s.b. Mondoo Platform
+\sthe Mondoo Platform\b
+\sMondoo platform\b
+
+# s.b. Compliance Hub
+\scompliance hub\b
+\sCompliance hubplatform\b
+
 #
 # Industry Terms
 #
@@ -17,6 +29,10 @@
 \bSaas\b
 \bsaas\b
 
+# s.b. Docker Hub
+\bDockerHub\b
+\bDockerhub\b
+
 # s.b. REST API
 \bRest API\b
 \brest API\b
@@ -25,15 +41,40 @@
 # s.b. DevSecOps
 \bDevsecops\b
 
+# s.b. on-premises
+\bon-premise\b
+
 #
 # Product Names
 #
 
+# s.b. Jira
+\bJIRA\b
+
+# s.b. MariaDB
+\bMaria DB\b
+\bmariaDB\b
+# \bmariaDb\b causes failures in MQL queries
+
+# s.b. PostgreSQL
+\bPostgreSql\b
+
+# s.b. Firefox
+\bFireFox\b
+
+# s.b. CentOS
+\bCentos\b
+\bCent OS\b
+\bcentOS\b
+
 # s.b. macOS
 \bOS X\b
 \bMacOS\b
 \bMac OS\b
 
+# s.b. Okta
+\bOcta\b
+
 # s.b. Elasticsearch
 \bElasticSearch\b
 
@@ -61,6 +102,7 @@
 
 # s.b. Red Hat
 \bRedHat\b
+\bRedhat\b
 
 # s.b. AlmaLinux
 \bAlma Linux\b
@@ -78,6 +120,10 @@
 \bApparmor\b
 \bApp Armor\b
 
+# s.b. SELinux
+\bSeLinux\b
+\bSelinux\b
+
 # s.b. InSpec
 \b[Ii]nspec\b
 
@@ -90,9 +136,52 @@
 # s.b. JavaScript
 \bJavascript\b
 
+# s.b. OpenSSL
+\bOpenssl\b
+\bopenSSL\b
+
+#
+# Microsoft Products
+#
+
 # s.b. Microsoft
 \bMicroSoft\b
 
+# s.b. Windows Server
+\bWindows server\b
+
+# s.b. Team Foundation Server
+\bTeam foundation server\b
+\bteam foundation server\b
+
+# s.b. Active Directory
+\bActive directory\b
+\bactive directory\b
+
+# s.b. Group Policy Object
+\bGroup policy object\b
+\bgroup policy object\b
+\bGroup Policy object\b
+
+#
+# VMware Products
+#
+
+# s.b. VMware
+\bVmware\b
+\bVMWare\b
+
+# s.b. vCenter
+\bVcenter\b
+\bVCenter\b
+
+# s.b. vSphere
+\bVsphere\b
+\bVSphere\b
+
+# s.b. ESXi
+\bEsxi\b
+
 #
 # AWS Products
 #
@@ -123,7 +212,9 @@
 \bCloudsearch\b
 
 # s.b. CloudShell
+# we can't check for Cloud Shell since that's what Azure calls it
 \bCloudshell\b
+\bcloudshell\b
 
 # s.b. CloudTrail
 \bCloudtrail\b
@@ -299,10 +390,9 @@
 \bCloudBuild\b
 \bCloud build\b
 
-# disabled for now in this repo due to false positives
 # s.b. Cloud Run
-# \bCloudRun\b
-# \bCloud run\b
+\bCloudRun\b
+\bCloud run\b
 
 #
 # Azure Products
@@ -310,6 +400,81 @@
 
 # s.b. Key Vault
 \bKey vault\b
+\bKeyVault\b
+
+# s.b. Ampere
+\bampere\b
+
+# s.b. Azure DevOps Server
+\bAzure DevOps server\b
+
+# s.b. Synapse Analytics
+\bSynapse analytics\b
+\bsynapse analytics\b
+
+# s.b. Cognitive Services
+\bCognitive services\b
+\bcognitive services\b
+
+# s.b. Event Hubs
+\bEvent hubs\b
+\bevent hubs\b
+
+# s.b. CloudOps
+\bCloud Ops\b
+\bCloud ops\b
+\bcloud ops\b
+
+# s.b. Batch Service
+\bBatch service\b
+\bbatch service\b
+
+# s.b. Service Fabric Cluster
+\bservice fabric cluster\b
+
+# s.b. Azure Kubernetes Service
+\bAzure Kubernetes service\b
+
+# s.b. Cosmos DB
+\bCosmosDB\b
+\bCosmoDB\b
+\bCosmo DB\b
+
+# s.b. SignalR Service
+\bSignalR service\b
+\bSignal R Service\b
+
+# s.b. App Service Certificate
+\bapp service certificate\b
+
+# s.b. Privileged Identity Management
+\bprivileged identity management\b
+
+# s.b. BizTalk Service
+\bBizTalk service\b
+\bBiztalk service\b
+\bBiz Talk service\b
+\bBiz Talk Service\b
+
+# s.b. Data Box
+\bdata box\b
+
+# s.b. Database Migration Service
+\bdatabase migration service\b
+
+# s.b. Internet Analyzer
+\bInternet analyzer\b
+\binternet analyzer\b
+
+# s.b. Web Application Firewall
+\bWeb application firewall\b
+\bweb Application Firewall\b
+
+# s.b. SQL Vulnerability Assessment
+\bSQL vulnerability assessment\b
+
+# s.b. StorSimple
+\bStor Simple\b
 
 #
 # Common Typos
@@ -349,8 +514,12 @@
 # s.b. policies
 [Pp]olices
 
+# s.b. ID
+# \bId\b # disabled in this repo due to false positives
+
+# s.b. CSV
+\bCVS\b
+
 # Reject duplicate words
 \s([A-Z]{3,}|[A-Z][a-z]{2,}|[a-z]{3,})\s\g{-1}\s
 
-# s.b. ID
-\bId\b
diff --git a/.github/actions/spelling/patterns.txt b/.github/actions/spelling/patterns.txt
index b8a1e74..3c3a1d4 100644
--- a/.github/actions/spelling/patterns.txt
+++ b/.github/actions/spelling/patterns.txt
@@ -20,8 +20,11 @@ console\.mondoo\.com\/space.*\b
 # azure subscription ID
 [0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}
 
+# azure subscriptions URL
+\/subscriptions\/\S*
+
 # docker container
-[a-z,0-9]{12}
+\b[a-z,0-9]{12}\b
 
 # URLs in markdown links / images
 ]\(.*\)
@@ -31,3 +34,35 @@ Key Vault Vault
 
 # luna containers in scan output
 \bluna/.*\b
+
+# this comes up in permissions and is valid
+\broot root\b
+
+# AWS resources
+(ami|subnet|vpc|sg)-[0-9a-fA-F]{17}
+
+# http and https URLs
+https?:\/\/(www\.)?[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b([-a-zA-Z0-9()@:%_\+.~#?&//=]*)
+
+# registry key paths
+HKEY_[\w\\]*
+
+# Container digests
+\bsha256:\w*
+
+# mime types
+\bapplication\/\S*
+
+# skip mql uids
+uid:\s.*$
+
+# ARN values
+\barn:\S*
+
+# mac user dir path
+\/Users\/\S*
+
+# AWS Token, ID access key, etc
+aws_session_token\s+\=(\s+)?.+
+aws_access_key_id\s+\=(\s+)?.+
+aws_secret_access_key\s+\=(\s+)?.+
diff --git a/.github/actions/spelling/reject.txt b/.github/actions/spelling/reject.txt
index 1653f28..122f5ad 100644
--- a/.github/actions/spelling/reject.txt
+++ b/.github/actions/spelling/reject.txt
@@ -10,4 +10,3 @@ Sorce
 ^untilling$
 ^wether.*
 \w*(?<!right-)click
-press
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 253bcb7..fecd7b8 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,6 +1,11 @@
+---
 version: 2
 updates:
   - package-ecosystem: github-actions
     directory: /
     schedule:
       interval: daily
+  - package-ecosystem: bundler
+    directory: /
+    schedule:
+      interval: daily
\ No newline at end of file
diff --git a/.github/workflows/cla.yaml b/.github/workflows/cla.yaml
index eaea8f1..21cc208 100644
--- a/.github/workflows/cla.yaml
+++ b/.github/workflows/cla.yaml
@@ -1,9 +1,10 @@
+---
 name: "CLA Assistant"
 on:
   issue_comment:
     types: [created]
   pull_request_target:
-    types: [opened,closed,synchronize]
+    types: [opened, closed, synchronize]
 
 jobs:
   CLAssistant:
@@ -11,10 +12,10 @@ jobs:
     steps:
       - name: "CLA Assistant"
         if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the Mondoo CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target'
-        uses: contributor-assistant/github-action@v2.3.0
+        uses: contributor-assistant/github-action@v2.3.1
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          PERSONAL_ACCESS_TOKEN : ${{ secrets.CLA_ACCESS_TOKEN }}
+          PERSONAL_ACCESS_TOKEN: ${{ secrets.CLA_ACCESS_TOKEN }}
         with:
           path-to-signatures: 'signatures/version1/cla.json'
           path-to-document: 'https://github.com/mondoohq/.github/blob/master/CLA.md'
diff --git a/.github/workflows/spell-check.yaml b/.github/workflows/spell-check.yaml
index ff89278..13c1d12 100644
--- a/.github/workflows/spell-check.yaml
+++ b/.github/workflows/spell-check.yaml
@@ -23,13 +23,14 @@ jobs:
     steps:
       - name: check-spelling
         id: spelling
-        uses: check-spelling/check-spelling@v0.0.21
+        uses: check-spelling/check-spelling@v0.0.22
         with:
           suppress_push_for_open_pull_request: 1
           checkout: true
           post_comment: 0
-          dictionary_source_prefixes: '{"mondoo": "https://raw.githubusercontent.com/mondoohq/spellcheck-dictionary/main/", "cspell": "https://raw.githubusercontent.com/check-spelling/cspell-dicts/v20220816/dictionaries/"}'
-          extra_dictionaries: cspell:aws/aws.txt
+          dictionary_source_prefixes: '{"mondoo": "https://raw.githubusercontent.com/mondoohq/spellcheck-dictionary/main/", "cspell": "https://raw.githubusercontent.com/check-spelling/cspell-dicts/v20230509/dictionaries/"}'
+          extra_dictionaries:
+            cspell:aws/aws.txt
             cspell:filetypes/filetypes.txt
             cspell:software-terms/src/software-terms.txt
             cspell:software-terms/src/software-tools.txt
@@ -46,7 +47,7 @@ jobs:
     if: (success() || failure()) && needs.spelling.outputs.followup
     steps:
       - name: comment
-        uses: check-spelling/check-spelling@v0.0.21
+        uses: check-spelling/check-spelling@v0.0.22
         with:
           checkout: true
           task: ${{ needs.spelling.outputs.followup }}
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 536bcba..2aa8b93 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,7 +9,7 @@ This file is used to list changes made in each version of the mondoo cookbook.
 
 ## 0.6.0 (May 9th, 2023)
 
-- Add a new attribute `default['mondoo']['api_proxy']` to support setting a proxy server for all asset -> Mondoo platform communication. This value will be applied to new assets during registration and existing assets via the configuration file. This release also now depends on the line cookbook, which is used to manage entries in the configuration file.
+- Add a new attribute `default['mondoo']['api_proxy']` to support setting a proxy server for all asset -> Mondoo Platform communication. This value will be applied to new assets during registration and existing assets via the configuration file. This release also now depends on the line cookbook, which is used to manage entries in the configuration file.
 
 ## 0.5.0 (May 25th, 2022)