Skip to content
Snippets Groups Projects
Select Git revision
  • b109d3792b6abdd0df529d837063a70389673a73
  • main default
  • penenadpi/config-man
  • penenadpi/visualization-extension
  • penenadpi/visulization-html-extended
  • penenadpi/result-persistence
  • penenadpi/result-filter-fix-files
  • penenadpi/result-filter-fix
  • y1
  • 0.1.9
  • 0.1.8
  • 0.1.7
  • 0.1.6
  • 0.1.5
  • 0.1.4
  • 0.1.3
  • 0.1.2
  • 0.1.1
  • 0.1.0
  • 0.0.9
  • 0.0.8
  • 0.0.7
  • 0.0.6
  • 0.0.5
  • 0.0.4
  • 0.0.3
  • 0.0.2
  • 0.0.1
28 results

compatibility.py

Blame
  • compatibility.py 4.65 KiB
    import os
    from typing import List
    
    class Compatibility:
        # TODO: This matrix should be revised and extended, it is just a proof of concept here as for now
        compatibility_matrix = {
            "terraform": ["tfsec", "tflint", "terrascan", "git-leaks", "git-secrets"],
            "yaml": ["git-leaks", "yamllint", "git-leaks", "git-secrets"],
            "shell": ["shellcheck", "git-leaks", "git-secrets"],
            "python": ["pylint", "bandit", "pyup-safety"],
            "ansible": ["ansible-lint", "steampunk-scanner"],
            "java": ["checkstyle"],
            "js": ["es-lint", "ts-lint"],
            "html": ["htmlhint"],
            "docker": ["hadolint"],
            "other": [],        
        }
        
        def __init__(self):
            """
            Initialize new IaC Compatibility matrix
            :param matrix: Dictionary of available checks for given IaC type
            """
            self.scanned_files = dict()
    
        def get_check_list(self, iac_type: str) -> List[str]:
            """
            Returns the list of available scanner check tools for given type of IaC archive
            :iac_type: Type of IaC file for which we consider the list of compatible scans        
            :return: List with names of checks as strings 
            """
            return self.compatibility_matrix[iac_type]
    
        def check_iac_type(self, iac_directory: str) -> List[str]:
            """Check the type of IaC archive
            :param iac_dircetory: Extracted IaC archive path
            :return: List of specific file types within the given IaC directory
            """
    
            types = []
    
            scanned_terraform = []
            scanned_shell = []
            scanned_py = []
            scanned_yaml = []
            scanned_java = []
            scanned_html = []
            scanned_js = []
            scanned_docker = []
            scanned_other = []
               
            # TODO: List of supported file types should be extended
            # TODO: Remove hardcoded check names
            try:
                for root, folders, names in os.walk(iac_directory):
                    for f in names:
                       if (f.find(".tf") or f.find(".tftpl")) > -1:
                            types.append("terraform")
                            scanned_terraform.append(f)
                        
                       elif f.find(".sh") > -1:
                            types.append("shell")
                            scanned_shell.append(f)
    
                       elif f.find(".py") > -1:
                            types.append("python")
                            scanned_py.append(f)
    
                       elif (f.find(".yaml") or f.find(".yml")) > -1:
                            types.append("yaml")
                            scanned_yaml.append(f)
    
                       elif f.find(".java") > -1:
                            types.append("java")
                            scanned_java.append(f)
    
                       elif f.find(".html") > -1:
                            types.append("html")
                            scanned_html.append(f)
    
                       elif f.find(".js") > -1:
                            types.append("js")
                            scanned_js.append(f)
    
                       elif f.find("Dockerfile") > -1:
                            types.append("docker")
                            scanned_docker.append(f)                        
    
                       else: 
                            types.append("other")
                            scanned_other.append(f)      
                            
                self.scanned_files["terraform"] = str(scanned_terraform)
                self.scanned_files["python"] = str(scanned_py)
                self.scanned_files["shell"] = str(scanned_shell)
                self.scanned_files["yaml"] = str(scanned_yaml)
                self.scanned_files["java"] = str(scanned_java)
                self.scanned_files["html"] = str(scanned_html)
                self.scanned_files["js"] = str(scanned_js)
                self.scanned_files["docker"] = str(scanned_docker)
                self.scanned_files["other"] = str(scanned_other)
                                                    
                types = set(types)
                                        
                return types
            except Exception as e:
                raise Exception(f"Error when checking directory type: {str(e)}.")
    
        def get_all_compatible_checks(self, iac_directory: str) -> List[str]:
            """
            Returns the list of available scanner check tools for given type of IaC archive
            :param iac_dircetory: Extracted IaC archive path        
            :return: List with names of compatible checks as strings 
            """
            checks_list = []
            types_list = self.check_iac_type(iac_directory)
            for iac_type in types_list:
                type_checks = self.compatibility_matrix[iac_type]
                for check in type_checks:
                    checks_list.append(check)
    
            return checks_list