engine

type BacktraceableError interface {
	error
	// Backtrace returns a user-friendly error message describing the stack
	// of calls that led to this error, along with the error message itself.
	Backtrace() string
}

type CheckFilter struct {
	FormatterFiltering FormatterFiltering
	// AllowList specifies checks to run. If non-empty, all other checks will be
	// skipped.
	AllowList []string
}

type Cursor struct {
	Line int
	Col  int
	// contains filtered or unexported fields
}

type Dependency struct {

	// url is the URL to the resource without the schema, e.g.
	// "github.com/shac/generic-checks".
	Url string `protobuf:"bytes,1,opt,name=url,proto3" json:"url,omitempty"`
	// alias is an optional shorthand alias. This is how this is referenced to in
	// load() statements.
	Alias string `protobuf:"bytes,2,opt,name=alias,proto3" json:"alias,omitempty"`
	// version is the pinned version to use the dependency.
	Version string `protobuf:"bytes,3,opt,name=version,proto3" json:"version,omitempty"`
	// contains filtered or unexported fields
}

type Document struct {

	// Minimum shac version that is required to run this check. This enables
	// printing a better error message. It is a semver string.
	MinShacVersion string `protobuf:"bytes,1,opt,name=min_shac_version,json=minShacVersion,proto3" json:"min_shac_version,omitempty"`
	// When set to true, it is allowed to have checks that access the network.
	AllowNetwork bool `protobuf:"varint,2,opt,name=allow_network,json=allowNetwork,proto3" json:"allow_network,omitempty"`
	// Full list of all loaded package dependencies.
	Requirements *Requirements `protobuf:"bytes,3,opt,name=requirements,proto3" json:"requirements,omitempty"`
	// Digests of all direct and indirect dependencies to confirm the code was not
	// modified.
	Sum *Sum `protobuf:"bytes,4,opt,name=sum,proto3" json:"sum,omitempty"`
	// When set, refers to a local copy to use.
	VendorPath string `protobuf:"bytes,5,opt,name=vendor_path,json=vendorPath,proto3" json:"vendor_path,omitempty"`
	// File paths to ignore/un-ignore. Syntax matches that of .gitignore. See
	// https://git-scm.com/docs/gitignore.
	Ignore []string `protobuf:"bytes,6,rep,name=ignore,proto3" json:"ignore,omitempty"`
	// Whether to allow checks write access to the SCM root directory.
	// TODO(olivernewman): Remove this option once named caches and pass-throughs
	// are implemented.
	WritableRoot bool   `protobuf:"varint,7,opt,name=writable_root,json=writableRoot,proto3" json:"writable_root,omitempty"`
	Vars         []*Var `protobuf:"bytes,8,rep,name=vars,proto3" json:"vars,omitempty"`
	// Environment variables to pass through the sandbox.
	PassthroughEnv []*PassthroughEnv `protobuf:"bytes,9,rep,name=passthrough_env,json=passthroughEnv,proto3" json:"passthrough_env,omitempty"`
	// contains filtered or unexported fields
}

type FormatterFiltering int

type Known struct {
	Url  string           `protobuf:"bytes,1,opt,name=url,proto3" json:"url,omitempty"`
	Seen []*VersionDigest `protobuf:"bytes,2,rep,name=seen,proto3" json:"seen,omitempty"`
	// contains filtered or unexported fields
}

type Level string

type Options struct {
	// Report gets all the emitted findings and artifacts from the checks.
	//
	// This is the only required argument. It is recommended to use
	// reporting.Get() which returns the right implementation based on the
	// environment (CI, interactive, etc).
	Report Report
	// Dir overrides the current working directory, making shac behave as if it
	// was run in the specified directory. It defaults to the current working
	// directory.
	Dir string
	// Files lists specific files to analyze.
	Files []string
	// AllFiles tells to consider all files as affected.
	AllFiles bool
	// Recurse tells the engine to run all Main files found in subdirectories.
	Recurse bool
	// Filter controls which checks run.
	Filter CheckFilter
	// Vars contains the user-specified runtime variables and their values.
	Vars map[string]string
	// EntryPoint is the main source file to run. Defaults to shac.star.
	EntryPoint string
	// contains filtered or unexported fields
}

type PackageManager struct {
	// contains filtered or unexported fields
}

type PassthroughEnv struct {

	// The name of the environment variable, e.g. "FOO".
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Whether the environment variable's value is a file path that sandboxed
	// processes should be granted access to.
	IsPath bool `protobuf:"varint,2,opt,name=is_path,json=isPath,proto3" json:"is_path,omitempty"`
	// If is_path is true, whether to mount the file/directory as writeable.
	Writeable bool `protobuf:"varint,3,opt,name=writeable,proto3" json:"writeable,omitempty"`
	// contains filtered or unexported fields
}

type Report interface {
	// EmitFinding emits a finding by a check for a specific file. This is not a
	// failure by itself, unless level "error" is used.
	EmitFinding(ctx context.Context, check string, level Level, message, root, file string, s Span, replacements []string) error
	// EmitArtifact emits an artifact by a check.
	//
	// Only one of root or content can be specified. If root is specified, it is
	// a file on disk. The file may disappear after this function is called. If
	// root is not specified, content is the artifact. Either way, file is the
	// display name of the artifact.
	//
	// content must not be modified.
	EmitArtifact(ctx context.Context, check, root, file string, content []byte) error
	// CheckCompleted is called when a check is completed.
	//
	// It is called with the start time, wall clock duration, the highest level emitted and an error
	// if an abnormal error occurred.
	CheckCompleted(ctx context.Context, check string, start time.Time, d time.Duration, r Level, err error)
	// Print is called when print() starlark function is called.
	Print(ctx context.Context, check, file string, line int, message string)
}

type Requirements struct {

	// direct are packages referenced by the starlark code via a load() statement.
	Direct []*Dependency `protobuf:"bytes,1,rep,name=direct,proto3" json:"direct,omitempty"`
	// indirect are packages referenced by direct dependencies or transitively.
	Indirect []*Dependency `protobuf:"bytes,2,rep,name=indirect,proto3" json:"indirect,omitempty"`
	// contains filtered or unexported fields
}

type Span struct {
	// Start is the beginning of the span. If Col is specified, Line must be
	// specified.
	Start Cursor
	// End is the end of the span. If not specified, the span has only one line.
	// If Col is specified, Start.Col must be specified too. It is inclusive.
	// That is, it is impossible to do a 0 width span.
	End Cursor
	// contains filtered or unexported fields
}

type Sum struct {
	Known []*Known `protobuf:"bytes,1,rep,name=known,proto3" json:"known,omitempty"`
	// contains filtered or unexported fields
}

type Var struct {

	// name is the name of the variable, as specified on the command line and as
	// passed into `ctx.vars.get()`.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// desc is an optional description of the meaning of the variable.
	Description string `protobuf:"bytes,2,opt,name=description,proto3" json:"description,omitempty"`
	// default is the default value of the variable. It may be left unspecified,
	// in which case the default is the empty string.
	Default string `protobuf:"bytes,3,opt,name=default,proto3" json:"default,omitempty"`
	// contains filtered or unexported fields
}

type VersionDigest struct {

	// version is one of the version referred to directly or transitively.
	Version string `protobuf:"bytes,1,opt,name=version,proto3" json:"version,omitempty"`
	// digest is the hash of the content of the dependency. It uses the same
	// hashing algorithm than go.sum. See https://golang.org/x/mod/sumdb/dirhash.
	Digest string `protobuf:"bytes,2,opt,name=digest,proto3" json:"digest,omitempty"`
	// contains filtered or unexported fields
}