Skip to content
Snippets Groups Projects
Select Git revision
  • 96a1e48036b15f6911cdee1f1a2574286c651b0c
  • main default
  • penenadpi/config-man
  • penenadpi/visualization-extension
  • penenadpi/visulization-html-extended
  • penenadpi/result-persistence
  • penenadpi/result-filter-fix-files
  • penenadpi/result-filter-fix
  • y1
  • 0.1.9
  • 0.1.8
  • 0.1.7
  • 0.1.6
  • 0.1.5
  • 0.1.4
  • 0.1.3
  • 0.1.2
  • 0.1.1
  • 0.1.0
  • 0.0.9
  • 0.0.8
  • 0.0.7
  • 0.0.6
  • 0.0.5
  • 0.0.4
  • 0.0.3
  • 0.0.2
  • 0.0.1
28 results

compatibility.py

Blame
    • compatibility.py 3.74 KiB
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    53
    54
    55
    56
    57
    58
    59
    60
    61
    62
    63
    64
    65
    66
    67
    68
    69
    70
    71
    72
    73
    74
    75
    76
    77
    78
    79
    80
    81
    82
    83
    84
    85
    86
    87
    88
    89
    90
    91
    92
    93
    94
    95
    96
    97
    98
    99
    100
    101 
    

    

    

    import os


class Compatibility:
    # TODO: This matrix should be revised and extended, it is just a proof of concept here as for now
    compatibility_matrix = {
        "terraform": ["tfsec", "tflint", "terrascan", "git-leaks", "git-secrets"],
        "yaml": ["git-leaks", "yamllint", "git-leaks", "git-secrets"],
        "shell": ["shellcheck", "git-leaks", "git-secrets"],
        "python": ["pylint", "bandit", "pyup-safety"],
        "ansible": ["ansible-lint", "steampunk-scanner"],
        "java": ["checkstyle"],
        "js": ["es-lint"],
        "html": ["htmlhint"],
        "docker": ["hadolint"],
    }
    
    def __init__(self):
        """
        Initialize new IaC Compatibility matrix
        :param matrix: Dictionary of available checks for given IaC type
        """
        self.scanned_files = dict()

    def get_check_list(self, iac_type: str) -> list:
        """
        Returns the list of available scanner check tools for given type of IaC archive
        :iac_type: Type of IaC file for which we consider the list of compatible scans        
        :return: List with names of checks as strings 
        """
        return self.compatibility_matrix[iac_type]

    def check_iac_type(self, iac_directory: str) -> list:
        """Check the type of IaC archive
        :param iac_dircetory: Extracted IaC archive path
        :return: List of specific file types within the given IaC directory
        """

        types = []

        scanned_terraform = []
        scanned_shell = []
        scanned_py = []
        scanned_yaml = []
        scanned_java = []
        scanned_html = []

        # TODO: List of supported file types should be extended
        try:
            for filename in os.listdir(iac_directory):
                f = os.path.join(iac_directory, filename)
                if os.path.isfile(f):
                    if f.find(".tf") > -1:
                        types.append("terraform")
                        scanned_terraform.append(filename)

                    if f.find(".sh") > -1:
                        types.append("shell")
                        scanned_shell.append(filename)

                    if f.find(".py") > -1:
                        types.append("python")
                        scanned_py.append(filename)

                    if f.find(".yaml") > -1:
                        types.append("yaml")
                        scanned_yaml.append(filename)

                    if f.find(".java") > -1:
                        types.append("java")
                        scanned_java.append(filename)

                    if f.find(".html") > -1:
                        types.append("html")
                        scanned_html.append(filename)

            self.scanned_files["terraform"] = str(scanned_terraform)
            self.scanned_files["python"] = str(scanned_py)
            self.scanned_files["shell"] = str(scanned_shell)
            self.scanned_files["yaml"] = str(scanned_yaml)
            self.scanned_files["java"] = str(scanned_java)
            self.scanned_files["html"] = str(scanned_html)
            return types
        except Exception as e:
            raise Exception(f"Error when checking directory type: {str(e)}.")

    def get_all_compatible_checks(self, iac_directory: str) -> list:
        """
        Returns the list of available scanner check tools for given type of IaC archive
        :param iac_dircetory: Extracted IaC archive path        
        :return: List with names of compatible checks as strings 
        """
        checks_list = []
        types_list = self.check_iac_type(iac_directory)
        for iac_type in types_list:
            type_checks = self.compatibility_matrix[iac_type]
            for check in type_checks:
                checks_list.append(check)

        return checks_list