From a1e4dccdd54190986c2056dc39796e6e23740249 Mon Sep 17 00:00:00 2001 From: Cesar Rodriguez Date: Wed, 22 Jul 2020 16:55:15 -0400 Subject: [PATCH 01/17] adds Terrascan --- dependencies/Pipfile | 1 + 1 file changed, 1 insertion(+) diff --git a/dependencies/Pipfile b/dependencies/Pipfile index b9df418b..dbc906c9 100644 --- a/dependencies/Pipfile +++ b/dependencies/Pipfile @@ -10,6 +10,7 @@ yamllint = "*" pylint = "*" yq = "*" cfn-lint = "*" +terrascan = "*" [requires] python_version = "3.8" From 7c4f96b5b74c4c211814b07787bc40228b92688f Mon Sep 17 00:00:00 2001 From: Cesar Rodriguez Date: Wed, 22 Jul 2020 16:55:44 -0400 Subject: [PATCH 02/17] adds Terrascan and bumps urllib and boto3 to latest --- dependencies/Pipfile.lock | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/dependencies/Pipfile.lock b/dependencies/Pipfile.lock index 356eeda1..e36ac249 100644 --- a/dependencies/Pipfile.lock +++ b/dependencies/Pipfile.lock @@ -179,6 +179,12 @@ ], "version": "==0.8.0" }, + "pyhcl": { + "hashes": [ + "sha256:2d9b9dcdf1023d812bfed561ba72c99104c5b3f52e558d595130a44ce081b003" + ], + "version": "==0.4.4" + }, "pylint": { "hashes": [ "sha256:7dd78437f2d8d019717dbf287772d0b2dbdfd13fc016aa7faa08d67bccc46adc", @@ -233,6 +239,14 @@ "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2'", "version": "==1.15.0" }, + "terrascan": { + "hashes": [ + "sha256:b58c926e5c04d161d00c4563a1c9e688a1cf10c1283c6964c2c642a0fb5041bc", + "sha256:ce41ee1297259dad7b409cac49e26a196b1e86788e87de7166b61f407ad3da91" + ], + "index": "pypi", + "version": "==0.2.2" + }, "toml": { "hashes": [ "sha256:926b612be1e5ce0634a2ca03470f95169cf16f939018233a670519cb4ac58b0f", From de8574565dfb2a0d30e3f5c425c24fe68ee90d36 Mon Sep 17 00:00:00 2001 From: Cesar Rodriguez Date: Wed, 22 Jul 2020 21:40:20 -0400 Subject: [PATCH 03/17] Adds the VALIDATE_TERRAFORM_TERRASCAN variable --- Dockerfile | 1 + README.md | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 02452f59..2d143824 100644 --- a/Dockerfile +++ b/Dockerfile @@ -229,6 +229,7 @@ ENV ACTIONS_RUNNER_DEBUG=${ACTIONS_RUNNER_DEBUG} \ VALIDATE_RUBY=${VALIDATE_RUBY} \ VALIDATE_STATES=${VALIDATE_STATES} \ VALIDATE_TERRAFORM=${VALIDATE_TERRAFORM} \ + VALIDATE_TERRAFORM_TERRASCAN=${VALIDATE_TERRAFORM_TERRASCAN} \ VALIDATE_TYPESCRIPT_ES=${VALIDATE_TYPESCRIPT_ES} \ VALIDATE_TYPESCRIPT_STANDARD=${VALIDATE_TYPESCRIPT_STANDARD} \ VALIDATE_XML=${VALIDATE_XML} \ diff --git a/README.md b/README.md index aa163769..e9dd76be 100644 --- a/README.md +++ b/README.md @@ -69,7 +69,7 @@ Developers on **GitHub** can call the **GitHub Action** to lint their code base | **Raku** | [raku](https://raku.org) | | **Ruby** | [RuboCop](https://github.com/rubocop-hq/rubocop) | | **Shell** | [Shellcheck](https://github.com/koalaman/shellcheck) | -| **Terraform** | [tflint](https://github.com/terraform-linters/tflint) | +| **Terraform** | [tflint](https://github.com/terraform-linters/tflint) [terrascan](https://github.com/accurics/terrascan) | | **TypeScript** | [eslint](https://eslint.org/) [standard js](https://standardjs.com/) | | **XML** | [LibXML](http://xmlsoft.org/) | | **YAML** | [YamlLint](https://github.com/adrienverge/yamllint) | @@ -212,6 +212,7 @@ and won't run anything unexpected. | **VALIDATE_RUBY** | `true` | Flag to enable or disable the linting process of the Ruby language. | | **VALIDATE_STATES** | `true` | Flag to enable or disable the linting process for AWS States Language. | | **VALIDATE_TERRAFORM** | `true` | Flag to enable or disable the linting process of the Terraform language. | +| **VALIDATE_TERRAFORM_TERRASCAN** | `false` | Flag to enable or disable the linting process of the Terraform language for security related issues. | | **VALIDATE_TSX** | `true` | Flag to enable or disable the linting process for tsx files (Utilizing: eslint) | | **VALIDATE_TYPESCRIPT_ES** | `true` | Flag to enable or disable the linting process of the Typescript language. (Utilizing: eslint) | | **VALIDATE_TYPESCRIPT_STANDARD** | `true` | Flag to enable or disable the linting process of the Typescript language. (Utilizing: standard) | From 2b7a78dd9615851ae924c5aa6f96fd0788bd586c Mon Sep 17 00:00:00 2001 From: Cesar Rodriguez Date: Wed, 22 Jul 2020 21:40:43 -0400 Subject: [PATCH 04/17] Including Terrascan linting command --- lib/linter.sh | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/lib/linter.sh b/lib/linter.sh index 06bb4884..9c9e3864 100755 --- a/lib/linter.sh +++ b/lib/linter.sh @@ -98,7 +98,7 @@ LINTER_ARRAY=('ansible-lint' 'arm-ttk' 'asl-validator' 'cfn-lint' 'clj-kondo' 'coffeelint' 'dart' 'dockerfilelint' 'dotenv-linter' 'eslint' 'golangci-lint' 'htmlhint' 'jsonlint' 'ktlint' 'markdownlint' 'npm-groovy-lint' 'perl' 'protolint' 'pwsh' 'pylint' 'raku' 'rubocop' 'shellcheck' 'spectral' - 'standard' 'stylelint' 'tflint' 'xmllint' 'yamllint') + 'standard' 'stylelint' 'terrascan' 'tflint' 'xmllint' 'yamllint') ############################# @@ -108,7 +108,7 @@ LANGUAGE_ARRAY=('ANSIBLE' 'ARM' 'BASH' 'CLOUDFORMATION' 'CLOJURE' 'COFFEESCRIPT' 'CSS' 'DART' 'DOCKER' 'ENV' 'GO' 'GROOVY' 'HTML' 'JAVASCRIPT_ES' 'JAVASCRIPT_STANDARD' 'JSON' 'JSX' 'KOTLIN' 'MARKDOWN' 'OPENAPI' 'PERL' 'PHP' 'POWERSHELL' 'PROTOBUF' 'PYTHON' - 'RAKU' 'RUBY' 'STATES' 'TERRAFORM' 'TSX' 'TYPESCRIPT_ES' + 'RAKU' 'RUBY' 'STATES' 'TERRAFORM' 'TERRAFORM_TERRASCAN' 'TSX' 'TYPESCRIPT_ES' 'TYPESCRIPT_STANDARD' 'XML' 'YML') ############################################ @@ -161,6 +161,7 @@ VALIDATE_RAKU="${VALIDATE_RAKU}" # Boolean to vali VALIDATE_RUBY="${VALIDATE_RUBY}" # Boolean to validate language VALIDATE_STATES="${VALIDATE_STATES}" # Boolean to validate language VALIDATE_TERRAFORM="${VALIDATE_TERRAFORM}" # Boolean to validate language +VALIDATE_TERRAFORM_TERRASCAN="${VALIDATE_TERRAFORM_TERRASCAN}" # Boolean to validate language VALIDATE_TSX="${VALIDATE_TSX}" # Boolean to validate language VALIDATE_TYPESCRIPT_ES="${VALIDATE_TYPESCRIPT_ES}" # Boolean to validate language VALIDATE_TYPESCRIPT_STANDARD="${VALIDATE_TYPESCRIPT_STANDARD}" # Boolean to validate language @@ -304,6 +305,8 @@ ERRORS_FOUND_STATES=0 # Count of errors found export ERRORS_FOUND_STATES # Workaround SC2034 ERRORS_FOUND_TERRAFORM=0 # Count of errors found export ERRORS_FOUND_TERRAFORM # Workaround SC2034 +ERRORS_FOUND_TERRAFORM_TERRASCAN=0 # Count of errors found +export ERRORS_FOUND_TERRAFORM_TERRASCAN # Workaround SC2034 ERRORS_FOUND_TSX=0 # Count of errors found export ERRORS_FOUND_TSX # Workaround SC2034 ERRORS_FOUND_TYPESCRIPT_STANDARD=0 # Count of errors found @@ -1563,6 +1566,17 @@ if [ "${VALIDATE_TERRAFORM}" == "true" ]; then LintCodebase "TERRAFORM" "tflint" "tflint -c ${TERRAFORM_LINTER_RULES}" ".*\.\(tf\)\$" "${FILE_ARRAY_TERRAFORM[@]}" fi +##################### +# TERRAFORM TERRASCAN LINTING # +##################### +if [ "${VALIDATE_TERRAFORM_TERRASCAN}" == "true" ]; then + ############################ + # Lint the Terraform files # + ############################ + # LintCodebase "FILE_TYPE" "LINTER_NAME" "LINTER_CMD" "FILE_TYPES_REGEX" "FILE_ARRAY" + LintCodebase "TERRAFORM_TERRASCAN" "terrascan" "terrascan -l" ".*\.\(tf\)\$" "${FILE_ARRAY_TERRAFORM[@]}" +fi + ###################### # TSX LINTING # ###################### From ea9ad2c3fbd5c8d7eebb589efb3dd02f5f49ff14 Mon Sep 17 00:00:00 2001 From: Cesar Rodriguez Date: Wed, 22 Jul 2020 22:01:53 -0400 Subject: [PATCH 05/17] Adds Terrascan testing --- lib/worker.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/worker.sh b/lib/worker.sh index 607c3fd6..1874a49f 100755 --- a/lib/worker.sh +++ b/lib/worker.sh @@ -607,6 +607,7 @@ function RunTestCases() { TestCodebase "RUBY" "rubocop" "rubocop -c ${RUBY_LINTER_RULES}" ".*\.\(rb\)\$" "ruby" TestCodebase "STATES" "asl-validator" "asl-validator --json-path" ".*\.\(json\)\$" "states" TestCodebase "TERRAFORM" "tflint" "tflint -c ${TERRAFORM_LINTER_RULES}" ".*\.\(tf\)\$" "terraform" + TestCodebase "TERRAFORM" "terrascan" "terrascan -l " ".*\.\(tf\)\$" "terraform" TestCodebase "TYPESCRIPT_ES" "eslint" "eslint --no-eslintrc -c ${TYPESCRIPT_LINTER_RULES}" ".*\.\(ts\)\$" "typescript" TestCodebase "TYPESCRIPT_STANDARD" "standard" "standard --parser @typescript-eslint/parser --plugin @typescript-eslint/eslint-plugin ${TYPESCRIPT_STANDARD_LINTER_RULES}" ".*\.\(ts\)\$" "typescript" TestCodebase "XML" "xmllint" "xmllint" ".*\.\(xml\)\$" "xml" From 3f6a75e9ac5f81aed5bc6205238cc3f5b43f0060 Mon Sep 17 00:00:00 2001 From: Cesar Rodriguez Date: Wed, 22 Jul 2020 22:36:59 -0400 Subject: [PATCH 06/17] adds terrascan tests --- .automation/test/terraform_terrascan/README.md | 0 .../test/terraform_terrascan/bad/terraform_bad_1.tf | 9 +++++++++ .../test/terraform_terrascan/good/terraform_good_1.tf | 9 +++++++++ .../terraform_terrascan/reports/expected-TERRAFORM.tap | 7 +++++++ 4 files changed, 25 insertions(+) create mode 100644 .automation/test/terraform_terrascan/README.md create mode 100644 .automation/test/terraform_terrascan/bad/terraform_bad_1.tf create mode 100644 .automation/test/terraform_terrascan/good/terraform_good_1.tf create mode 100644 .automation/test/terraform_terrascan/reports/expected-TERRAFORM.tap diff --git a/.automation/test/terraform_terrascan/README.md b/.automation/test/terraform_terrascan/README.md new file mode 100644 index 00000000..e69de29b diff --git a/.automation/test/terraform_terrascan/bad/terraform_bad_1.tf b/.automation/test/terraform_terrascan/bad/terraform_bad_1.tf new file mode 100644 index 00000000..f2f87778 --- /dev/null +++ b/.automation/test/terraform_terrascan/bad/terraform_bad_1.tf @@ -0,0 +1,9 @@ +resource "aws_instance" "bad" { + ami = "ami-0ff8a91507f77f867" + instance_type = "t2.small" + associate_public_ip_address = true + + ebs_block_device { + encrypted = false + } +} diff --git a/.automation/test/terraform_terrascan/good/terraform_good_1.tf b/.automation/test/terraform_terrascan/good/terraform_good_1.tf new file mode 100644 index 00000000..59d24f7e --- /dev/null +++ b/.automation/test/terraform_terrascan/good/terraform_good_1.tf @@ -0,0 +1,9 @@ +resource "aws_instance" "good" { + ami = "ami-0ff8a91507f77f867" + instance_type = "t2.small" + associate_public_ip_address = false + + ebs_block_device { + encrypted = true + } +} diff --git a/.automation/test/terraform_terrascan/reports/expected-TERRAFORM.tap b/.automation/test/terraform_terrascan/reports/expected-TERRAFORM.tap new file mode 100644 index 00000000..3434675d --- /dev/null +++ b/.automation/test/terraform_terrascan/reports/expected-TERRAFORM.tap @@ -0,0 +1,7 @@ +TAP version 13 +1..2 +not ok 1 - terraform_bad_1.tf + --- + message: Failed to load configurations. 1 error(s) occurred \n\nError Invalid expression\n\n on /tmp/lint/.automation/test/terraform/bad/terraform_bad_1.tf line 3, in resource "aws_instance" "bad" \n 3 instance_type = # invalid type!\n 4 }\n\nExpected the start of an expression, but found an invalid expression token.\n + ... +ok 2 - terraform_good_1.tf From d16206da815da606893c3d28adfa8b8106ee6b43 Mon Sep 17 00:00:00 2001 From: Cesar Rodriguez Date: Thu, 23 Jul 2020 23:08:27 -0400 Subject: [PATCH 07/17] Bumps Terrascan to 0.2.3 and boto3 --- dependencies/Pipfile.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/dependencies/Pipfile.lock b/dependencies/Pipfile.lock index e36ac249..cb152dbc 100644 --- a/dependencies/Pipfile.lock +++ b/dependencies/Pipfile.lock @@ -49,17 +49,17 @@ }, "boto3": { "hashes": [ - "sha256:4735fdf490094537ea0cb93ba4237db442195c37f974ea4ad44b9a5af98e6d7b", - "sha256:838cea329851e11b9a9dae1c00cd5ef2f3b29ac83c061733b2e93b64c333750f" + "sha256:65c131b72c2a75e3cc6044e5fd6426719051b9b1f28bd026b4a5490648d13019", + "sha256:e1e09587763671cc07c9e6d349d93bf53a140f83947cb6cf1ec4cb9f07b0ff95" ], - "version": "==1.14.26" + "version": "==1.14.27" }, "botocore": { "hashes": [ - "sha256:0c4ed6349e8ef6bfe9648757f3ff66c33a8f37d9cbadd9c17987138184990cbd", - "sha256:28832be365204f00d5c7d2c2a0538d9d082dbfc39ed984fdc9556770470b7487" + "sha256:994a9f50e0e770c0f9ea74659f501848f7d12b22186026c219cde8a481ede298", + "sha256:acd955f0315b5d17e3e8ddc2ef74d7f03c4ef37f0ceb042058637f7edfbbad4e" ], - "version": "==1.17.26" + "version": "==1.17.27" }, "cfn-lint": { "hashes": [ @@ -241,11 +241,11 @@ }, "terrascan": { "hashes": [ - "sha256:b58c926e5c04d161d00c4563a1c9e688a1cf10c1283c6964c2c642a0fb5041bc", - "sha256:ce41ee1297259dad7b409cac49e26a196b1e86788e87de7166b61f407ad3da91" + "sha256:2003638e2e38feba9215df3add2ee99565731b86dbd5c43fd8982b1a4ddac927", + "sha256:b44d8c7eac96aa8094865061783ab0e8e849690b8187b75778caf5dd34002d18" ], "index": "pypi", - "version": "==0.2.2" + "version": "==0.2.3" }, "toml": { "hashes": [ From 6327cc5205388fd481f1862bfc9615b3d2db7412 Mon Sep 17 00:00:00 2001 From: Cesar Rodriguez Date: Thu, 23 Jul 2020 23:17:13 -0400 Subject: [PATCH 08/17] Updates Terrascan linting flag --- lib/worker.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lib/worker.sh b/lib/worker.sh index 1874a49f..d28515e4 100755 --- a/lib/worker.sh +++ b/lib/worker.sh @@ -214,7 +214,6 @@ function LintCodebase() { ${LINTER_COMMAND} "${FILE}" 2>&1 ) fi - ####################### # Load the error code # ####################### @@ -607,7 +606,7 @@ function RunTestCases() { TestCodebase "RUBY" "rubocop" "rubocop -c ${RUBY_LINTER_RULES}" ".*\.\(rb\)\$" "ruby" TestCodebase "STATES" "asl-validator" "asl-validator --json-path" ".*\.\(json\)\$" "states" TestCodebase "TERRAFORM" "tflint" "tflint -c ${TERRAFORM_LINTER_RULES}" ".*\.\(tf\)\$" "terraform" - TestCodebase "TERRAFORM" "terrascan" "terrascan -l " ".*\.\(tf\)\$" "terraform" + TestCodebase "TERRAFORM" "terrascan" "terrascan -f " ".*\.\(tf\)\$" "terraform" TestCodebase "TYPESCRIPT_ES" "eslint" "eslint --no-eslintrc -c ${TYPESCRIPT_LINTER_RULES}" ".*\.\(ts\)\$" "typescript" TestCodebase "TYPESCRIPT_STANDARD" "standard" "standard --parser @typescript-eslint/parser --plugin @typescript-eslint/eslint-plugin ${TYPESCRIPT_STANDARD_LINTER_RULES}" ".*\.\(ts\)\$" "typescript" TestCodebase "XML" "xmllint" "xmllint" ".*\.\(xml\)\$" "xml" From dcc97ab0b96f9cf045ea52da8b7e5407028945e3 Mon Sep 17 00:00:00 2001 From: Cesar Rodriguez Date: Thu, 23 Jul 2020 23:33:17 -0400 Subject: [PATCH 09/17] Simplify test --- .../bad/terraform_bad_1.tf | 2 +- .../reports/expected-TERRAFORM.tap | 21 ++++++++++++++++--- 2 files changed, 19 insertions(+), 4 deletions(-) diff --git a/.automation/test/terraform_terrascan/bad/terraform_bad_1.tf b/.automation/test/terraform_terrascan/bad/terraform_bad_1.tf index f2f87778..57b891dc 100644 --- a/.automation/test/terraform_terrascan/bad/terraform_bad_1.tf +++ b/.automation/test/terraform_terrascan/bad/terraform_bad_1.tf @@ -4,6 +4,6 @@ resource "aws_instance" "bad" { associate_public_ip_address = true ebs_block_device { - encrypted = false + encrypted = true } } diff --git a/.automation/test/terraform_terrascan/reports/expected-TERRAFORM.tap b/.automation/test/terraform_terrascan/reports/expected-TERRAFORM.tap index 3434675d..6fcc7cb9 100644 --- a/.automation/test/terraform_terrascan/reports/expected-TERRAFORM.tap +++ b/.automation/test/terraform_terrascan/reports/expected-TERRAFORM.tap @@ -1,7 +1,22 @@ TAP version 13 1..2 not ok 1 - terraform_bad_1.tf - --- - message: Failed to load configurations. 1 error(s) occurred \n\nError Invalid expression\n\n on /tmp/lint/.automation/test/terraform/bad/terraform_bad_1.tf line 3, in resource "aws_instance" "bad" \n 3 instance_type = # invalid type!\n 4 }\n\nExpected the start of an expression, but found an invalid expression token.\n - ... + terrascan version 0.2.3 + Logging level set to error. + ........................................................................ + ---------------------------------------------------------------------- + Ran 72 tests in 0.008s + + OK + + Processed 1 files in /tmp/lint/.terrascan + + + Processed on 07/24/2020 at 03:22 + Results (took 0.42 seconds): + + Failures: (1) + [high] [aws_instance.bad.associate_public_ip_address] should not be 'True'. Is: 'True' in module .terrascan, file /tmp/lint/.terrascan/terraform_bad_1.tf + + Errors: (0) ok 2 - terraform_good_1.tf From 43192d2d1f882a399a48682e06b8ab2bbbff23a5 Mon Sep 17 00:00:00 2001 From: Cesar Rodriguez Date: Fri, 24 Jul 2020 00:04:11 -0400 Subject: [PATCH 10/17] Locks dependencies --- dependencies/Pipfile.lock | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/dependencies/Pipfile.lock b/dependencies/Pipfile.lock index cb152dbc..32180e96 100644 --- a/dependencies/Pipfile.lock +++ b/dependencies/Pipfile.lock @@ -1,7 +1,7 @@ { "_meta": { "hash": { - "sha256": "1ccc4fd5c20ba56f1cca85abdd09b24798c3ad68b921cb42c501177598d986c9" + "sha256": "c62b95247cb67b10711da0012966cc031d5a9ec08885a45736c0ee77bba3a844" }, "pipfile-spec": 6, "requires": { @@ -28,7 +28,6 @@ "sha256:2f4078c2a41bf377eea06d71c9d2ba4eb8f6b1af2135bec27bbbb7d8f12bb703", "sha256:bc58d83eb610252fd8de6363e39d4f1d0619c894b0ed24603b881c02e64c7386" ], - "markers": "python_version >= '3.5'", "version": "==2.4.2" }, "attrs": { @@ -36,7 +35,6 @@ "sha256:08a96c641c3a74e44eb59afb61a24f2cb9f4d7188748e76ba4bb5edfa3cb7d1c", "sha256:f7b7ce16570fe9965acd6d30101a28f62fb4a7f9e926b3bbc9b61f8b04247e72" ], - "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", "version": "==19.3.0" }, "aws-sam-translator": { @@ -82,7 +80,6 @@ "sha256:9e4d7ecfc600058e07ba661411a2b7de2fd0fafa17d1a7f7361cd47b1175c827", "sha256:a2aeea129088da402665e92e0b25b04b073c04b2dce4ab65caaa38b7ce2e1a99" ], - "markers": "python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2'", "version": "==0.15.2" }, "isort": { @@ -90,7 +87,6 @@ "sha256:54da7e92468955c4fceacd0c86bd0ec997b0e1ee80d97f67c35a78b719dccab1", "sha256:6e811fcb295968434526407adb8796944f1988c5b65e8139058f2014cbe100fd" ], - "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", "version": "==4.3.21" }, "jmespath": { @@ -98,7 +94,6 @@ "sha256:b85d0567b8666149a93172712e68920734333c0ce7e89b78b3e987f71e5ed4f9", "sha256:cdf6525904cc597730141d61b36f2e4b8ecc257c420fa2f4549bac2c2d0cb72f" ], - "markers": "python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2'", "version": "==0.10.0" }, "jsonpatch": { @@ -114,7 +109,6 @@ "sha256:c192ba86648e05fdae4f08a17ec25180a9aef5008d973407b581798a83975362", "sha256:ff379fa021d1b81ab539f5ec467c7745beb1a5671463f9dcc2b2d458bd361c1e" ], - "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", "version": "==2.0" }, "jsonschema": { @@ -154,7 +148,6 @@ "sha256:efa1909120ce98bbb3777e8b6f92237f5d5c8ea6758efea36a473e1d38f7d3e4", "sha256:f3900e8a5de27447acbf900b4750b0ddfd7ec1ea7fbaf11dfa911141bc522af0" ], - "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'", "version": "==1.4.3" }, "mccabe": { @@ -204,7 +197,6 @@ "sha256:73ebfe9dbf22e832286dafa60473e4cd239f8592f699aa5adaf10050e6e1823c", "sha256:75bb3f31ea686f1197762692a9ee6a7550b59fc6ca3a1f4b5d7e32fb98e2da2a" ], - "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2'", "version": "==2.8.1" }, "pyyaml": { @@ -236,7 +228,6 @@ "sha256:30639c035cdb23534cd4aa2dd52c3bf48f06e5f4a941509c8bafd8ce11080259", "sha256:8b74bedcbbbaca38ff6d7491d76f2b06b3592611af620f8426e82dddb04a5ced" ], - "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2'", "version": "==1.15.0" }, "terrascan": { From d423b1c36ac854928f733f4aa3129f8432b30ce1 Mon Sep 17 00:00:00 2001 From: Cesar Rodriguez Date: Fri, 24 Jul 2020 00:19:49 -0400 Subject: [PATCH 11/17] Fixes Terrascan command --- lib/linter.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/linter.sh b/lib/linter.sh index 9c9e3864..5e5aa6da 100755 --- a/lib/linter.sh +++ b/lib/linter.sh @@ -1574,7 +1574,7 @@ if [ "${VALIDATE_TERRAFORM_TERRASCAN}" == "true" ]; then # Lint the Terraform files # ############################ # LintCodebase "FILE_TYPE" "LINTER_NAME" "LINTER_CMD" "FILE_TYPES_REGEX" "FILE_ARRAY" - LintCodebase "TERRAFORM_TERRASCAN" "terrascan" "terrascan -l" ".*\.\(tf\)\$" "${FILE_ARRAY_TERRAFORM[@]}" + LintCodebase "TERRAFORM_TERRASCAN" "terrascan" "terrascan -f " ".*\.\(tf\)\$" "${FILE_ARRAY_TERRAFORM_TERRASCAN[@]}" fi ###################### From 20a91b5de5a369a73fd9716385b536c48b1dcf6a Mon Sep 17 00:00:00 2001 From: Cesar Rodriguez Date: Fri, 24 Jul 2020 00:20:08 -0400 Subject: [PATCH 12/17] Adds file array variable for Terrascan --- lib/buildFileList.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/buildFileList.sh b/lib/buildFileList.sh index 468e0360..00aebf1f 100755 --- a/lib/buildFileList.sh +++ b/lib/buildFileList.sh @@ -353,6 +353,7 @@ function BuildFileList() { # Append the file to the array # ################################ FILE_ARRAY_TERRAFORM+=("${FILE}") + FILE_ARRAY_TERRAFORM_TERRASCAN+=("${FILE}") ########################################################## # Set the READ_ONLY_CHANGE_FLAG since this could be exec # ########################################################## From 7a48eb4e9a174461e403395b40602f52d2be6ebe Mon Sep 17 00:00:00 2001 From: Cesar Rodriguez Date: Fri, 24 Jul 2020 00:30:37 -0400 Subject: [PATCH 13/17] Default to not use Terrascan --- lib/validation.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/validation.sh b/lib/validation.sh index 39618a3e..5e78307c 100755 --- a/lib/validation.sh +++ b/lib/validation.sh @@ -89,6 +89,8 @@ function GetValidationInfo() { else # No linter flags were set - default all to true eval "${VALIDATE_LANGUAGE}='true'" + # Default Terrascan to false + VALIDATE_TERRAFORM_TERRASCAN="false" fi done From 85d4c8954489fd64553159b56a88733610b25721 Mon Sep 17 00:00:00 2001 From: Cesar Rodriguez Date: Fri, 24 Jul 2020 00:37:40 -0400 Subject: [PATCH 14/17] Fixing bash linting issue --- lib/validation.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/validation.sh b/lib/validation.sh index 5e78307c..082e8066 100755 --- a/lib/validation.sh +++ b/lib/validation.sh @@ -90,7 +90,7 @@ function GetValidationInfo() { # No linter flags were set - default all to true eval "${VALIDATE_LANGUAGE}='true'" # Default Terrascan to false - VALIDATE_TERRAFORM_TERRASCAN="false" + export VALIDATE_TERRAFORM_TERRASCAN="false" fi done From 9cbcacb5295d8b3933adb3f60e3fd8f539933b09 Mon Sep 17 00:00:00 2001 From: Cesar Rodriguez Date: Fri, 24 Jul 2020 00:55:31 -0400 Subject: [PATCH 15/17] Fixes Terrascan tests --- lib/worker.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/worker.sh b/lib/worker.sh index d28515e4..a7da7f04 100755 --- a/lib/worker.sh +++ b/lib/worker.sh @@ -606,7 +606,7 @@ function RunTestCases() { TestCodebase "RUBY" "rubocop" "rubocop -c ${RUBY_LINTER_RULES}" ".*\.\(rb\)\$" "ruby" TestCodebase "STATES" "asl-validator" "asl-validator --json-path" ".*\.\(json\)\$" "states" TestCodebase "TERRAFORM" "tflint" "tflint -c ${TERRAFORM_LINTER_RULES}" ".*\.\(tf\)\$" "terraform" - TestCodebase "TERRAFORM" "terrascan" "terrascan -f " ".*\.\(tf\)\$" "terraform" + TestCodebase "TERRAFORM_TERRASCAN" "terrascan" "terrascan -f " ".*\.\(tf\)\$" "terraform_terrascan" TestCodebase "TYPESCRIPT_ES" "eslint" "eslint --no-eslintrc -c ${TYPESCRIPT_LINTER_RULES}" ".*\.\(ts\)\$" "typescript" TestCodebase "TYPESCRIPT_STANDARD" "standard" "standard --parser @typescript-eslint/parser --plugin @typescript-eslint/eslint-plugin ${TYPESCRIPT_STANDARD_LINTER_RULES}" ".*\.\(ts\)\$" "typescript" TestCodebase "XML" "xmllint" "xmllint" ".*\.\(xml\)\$" "xml" From 03ae51501825cee008981ec302314fb8511bf24f Mon Sep 17 00:00:00 2001 From: Lucas Gravley <29484535+admiralAwkbar@users.noreply.github.com> Date: Fri, 24 Jul 2020 08:14:01 -0500 Subject: [PATCH 16/17] remove dead loop, set terrascan to default true --- lib/validation.sh | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/lib/validation.sh b/lib/validation.sh index 082e8066..07387fd5 100755 --- a/lib/validation.sh +++ b/lib/validation.sh @@ -89,25 +89,9 @@ function GetValidationInfo() { else # No linter flags were set - default all to true eval "${VALIDATE_LANGUAGE}='true'" - # Default Terrascan to false - export VALIDATE_TERRAFORM_TERRASCAN="false" fi done - ###################################### - # Validate if we should check GROOVY # - ###################################### - if [[ $ANY_SET == "true" ]]; then - # Some linter flags were set - only run those set to true - if [[ -z $VALIDATE_GROOVY ]]; then - # GROOVY flag was not set - default to false - VALIDATE_GROOVY="false" - fi - else - # No linter flags were set - default all to true - VALIDATE_GROOVY="true" - fi - ####################################### # Print which linters we are enabling # ####################################### From 4c7f32ef9ab3f89dcc75be35488443e3b809fd8a Mon Sep 17 00:00:00 2001 From: Lucas Gravley <29484535+admiralAwkbar@users.noreply.github.com> Date: Fri, 24 Jul 2020 08:20:41 -0500 Subject: [PATCH 17/17] small cleanup --- .automation/test/terraform/README.md | 19 +++++++++++++ .../test/terraform_terrascan/README.md | 19 +++++++++++++ lib/linter.sh | 28 +++++++++---------- 3 files changed, 52 insertions(+), 14 deletions(-) diff --git a/.automation/test/terraform/README.md b/.automation/test/terraform/README.md index e69de29b..6cb4f692 100644 --- a/.automation/test/terraform/README.md +++ b/.automation/test/terraform/README.md @@ -0,0 +1,19 @@ +# AWS States language Test Cases + +This folder holds the test cases for **Terraform**. + +## Additional Docs + +No Additional information is needed for this test case. + +## Good Test Cases + +The test cases denoted: `LANGUAGE_good_FILE.EXTENSION` are all valid, and should pass successfully when linted. + +- **Note:** They are linted utilizing the default linter rules. + +## Bad Test Cases + +The test cases denoted: `LANGUAGE_bad_FILE.EXTENSION` are **NOT** valid, and should trigger errors when linted. + +- **Note:** They are linted utilizing the default linter rules. diff --git a/.automation/test/terraform_terrascan/README.md b/.automation/test/terraform_terrascan/README.md index e69de29b..036699d9 100644 --- a/.automation/test/terraform_terrascan/README.md +++ b/.automation/test/terraform_terrascan/README.md @@ -0,0 +1,19 @@ +# AWS States language Test Cases + +This folder holds the test cases for **Terraform terrascan**. + +## Additional Docs + +No Additional information is needed for this test case. + +## Good Test Cases + +The test cases denoted: `LANGUAGE_good_FILE.EXTENSION` are all valid, and should pass successfully when linted. + +- **Note:** They are linted utilizing the default linter rules. + +## Bad Test Cases + +The test cases denoted: `LANGUAGE_bad_FILE.EXTENSION` are **NOT** valid, and should trigger errors when linted. + +- **Note:** They are linted utilizing the default linter rules. diff --git a/lib/linter.sh b/lib/linter.sh index 5e5aa6da..d712ab4b 100755 --- a/lib/linter.sh +++ b/lib/linter.sh @@ -1375,13 +1375,13 @@ if [ "${VALIDATE_JSON}" == "true" ]; then LintCodebase "JSON" "jsonlint" "jsonlint" ".*\.\(json\)\$" "${FILE_ARRAY_JSON[@]}" fi -###################### -# JSX LINTING # -###################### +############### +# JSX LINTING # +############### if [ "${VALIDATE_JSX}" == "true" ]; then - ############################# - # Lint the JSX files # - ############################# + ###################### + # Lint the JSX files # + ###################### # LintCodebase "FILE_TYPE" "LINTER_NAME" "LINTER_CMD" "FILE_TYPES_REGEX" "FILE_ARRAY" LintCodebase "JSX" "eslint" "eslint --no-eslintrc -c ${JAVASCRIPT_LINTER_RULES}" ".*\.\(jsx\)\$" "${FILE_ARRAY_JSX[@]}" fi @@ -1566,9 +1566,9 @@ if [ "${VALIDATE_TERRAFORM}" == "true" ]; then LintCodebase "TERRAFORM" "tflint" "tflint -c ${TERRAFORM_LINTER_RULES}" ".*\.\(tf\)\$" "${FILE_ARRAY_TERRAFORM[@]}" fi -##################### +############################### # TERRAFORM TERRASCAN LINTING # -##################### +############################### if [ "${VALIDATE_TERRAFORM_TERRASCAN}" == "true" ]; then ############################ # Lint the Terraform files # @@ -1577,13 +1577,13 @@ if [ "${VALIDATE_TERRAFORM_TERRASCAN}" == "true" ]; then LintCodebase "TERRAFORM_TERRASCAN" "terrascan" "terrascan -f " ".*\.\(tf\)\$" "${FILE_ARRAY_TERRAFORM_TERRASCAN[@]}" fi -###################### -# TSX LINTING # -###################### +############### +# TSX LINTING # +############### if [ "${VALIDATE_TSX}" == "true" ]; then - ############################# - # Lint the TSX files # - ############################# + ###################### + # Lint the TSX files # + ###################### LintCodebase "TSX" "eslint" "eslint --no-eslintrc -c ${TYPESCRIPT_LINTER_RULES}" ".*\.\(tsx\)\$" "${FILE_ARRAY_TSX[@]}" fi