From 0f383950deaf87a81aa8f247d148c5be9b961943 Mon Sep 17 00:00:00 2001 From: nenad_petrovic <nenad.petrovic@xlab.si> Date: Sat, 10 Sep 2022 14:56:04 +0200 Subject: [PATCH] Fixed ansible compatibility issues --- src/iac_scan_runner/compatibility.py | 16 +++++++----- src/iac_scan_runner/results_summary.py | 36 ++++++++++++++------------ src/iac_scan_runner/scan_runner.py | 8 +++--- 3 files changed, 34 insertions(+), 26 deletions(-) diff --git a/src/iac_scan_runner/compatibility.py b/src/iac_scan_runner/compatibility.py index d918b8b..2874468 100644 --- a/src/iac_scan_runner/compatibility.py +++ b/src/iac_scan_runner/compatibility.py @@ -5,10 +5,10 @@ class Compatibility: # TODO: This matrix should be revised and extended, it is just a proof of concept here as for now compatibility_matrix = { "terraform": ["tfsec", "tflint", "terrascan", "git-leaks", "git-secrets"], - "yaml": ["git-leaks", "yamllint", "git-secrets"], + "yaml": ["git-leaks", "yamllint", "git-secrets", "ansible-lint", "steampunk-scanner"], "shell": ["shellcheck", "git-leaks", "git-secrets"], "python": ["pylint", "bandit", "pyup-safety"], - "ansible": ["ansible-lint", "steampunk-scanner"], + #"ansible": ["ansible-lint", "steampunk-scanner"], "java": ["checkstyle"], "js": ["es-lint", "ts-lint"], "html": ["htmlhint"], @@ -54,9 +54,15 @@ class Compatibility: try: for root, folders, names in os.walk(iac_directory): for f in names: - if (f.find(".tf") or f.find(".tftpl")) > -1: + print(f) + if (f.find(".tf") > -1) or (f.find(".tftpl") > -1): types.append("terraform") scanned_terraform.append(f) + + elif (f.find(".yaml") > -1) or (f.find(".yml") > -1): + print(f) + types.append("yaml") + scanned_yaml.append(f) elif f.find(".sh") > -1: types.append("shell") @@ -66,10 +72,6 @@ class Compatibility: types.append("python") scanned_py.append(f) - elif (f.find(".yaml") or f.find(".yml")) > -1: - types.append("yaml") - scanned_yaml.append(f) - elif f.find(".java") > -1: types.append("java") scanned_java.append(f) diff --git a/src/iac_scan_runner/results_summary.py b/src/iac_scan_runner/results_summary.py index de058eb..ebf9f1e 100644 --- a/src/iac_scan_runner/results_summary.py +++ b/src/iac_scan_runner/results_summary.py @@ -40,6 +40,7 @@ class ResultsSummary: file_list = "" for t in compatibility_matrix: if check in compatibility_matrix[t]: + print(compatibility_matrix[t]) file_list = str(scanned_files[t]) self.outcomes[check]["files"] = file_list @@ -55,7 +56,7 @@ class ResultsSummary: self.outcomes[check]["status"] = "Problems" return "Problems" - if check == "git-leaks": + elif check == "git-leaks": if outcome.find("No leaks found") > -1: self.outcomes[check]["status"] = "Passed" return "Passed" @@ -63,7 +64,7 @@ class ResultsSummary: self.outcomes[check]["status"] = "Problems" return "Problems" - if check == "tflint": + elif check == "tflint": if outcome == "": self.outcomes[check]["status"] = "Passed" return "Passed" @@ -71,7 +72,7 @@ class ResultsSummary: self.outcomes[check]["status"] = "Problems" return "Problems" - if check == "htmlhint": + elif check == "htmlhint": if outcome.find("no errors")>-1: self.outcomes[check]["status"] = "Passed" return "Passed" @@ -79,7 +80,7 @@ class ResultsSummary: self.outcomes[check]["status"] = "Problems" return "Problems" - if check == "checkstyle": + elif check == "checkstyle": if outcome == "": self.outcomes[check]["status"] = "Passed" return "Passed" @@ -87,7 +88,7 @@ class ResultsSummary: self.outcomes[check]["status"] = "Problems" return "Problems" - if check == "es-lint": + elif check == "es-lint": if outcome.find("wrong")>-1: self.outcomes[check]["status"] = "Problems" return "Passed" @@ -95,7 +96,7 @@ class ResultsSummary: self.outcomes[check]["status"] = "Passed" return "Problems" - if check == "ts-lint": + elif check == "ts-lint": if outcome.find("wrong")>-1: self.outcomes[check]["status"] = "Problems" return "Passed" @@ -103,7 +104,7 @@ class ResultsSummary: self.outcomes[check]["status"] = "Passed" return "Problems" - if check == "pylint": + elif check == "pylint": if outcome.find("no problems")>-1: self.outcomes[check]["status"] = "Passed" return "Passed" @@ -111,7 +112,7 @@ class ResultsSummary: self.outcomes[check]["status"] = "Problems" return "Problems" - if check == "hadolint": + elif check == "hadolint": if outcome=="": self.outcomes[check]["status"] = "Passed" return "Passed" @@ -119,20 +120,23 @@ class ResultsSummary: self.outcomes[check]["status"] = "Problems" return "Problems" - if check == "terrascan": + elif check == "terrascan": if outcome=="": self.outcomes[check]["status"] = "Passed" return "Passed" else: self.outcomes[check]["status"] = "Problems" return "Problems" - - if check == "other": - self.outcomes[check]["status"] = "No scan performed" - return "No scan" - else: - self.outcomes[check]["status"] = "Not fully supported yet" - return "Not fully supported yet" + + elif check == "ansible-lint": + if outcome=="": + self.outcomes[check]["status"] = "Passed" + return "Passed" + else: + self.outcomes[check]["status"] = "Problems" + return "Problems" + self.outcomes[check]["status"] = "Not fully supported yet" + return "Not fully supported yet" def summarize_no_files(self, check: str): """ diff --git a/src/iac_scan_runner/scan_runner.py b/src/iac_scan_runner/scan_runner.py index 2e55508..c89109c 100644 --- a/src/iac_scan_runner/scan_runner.py +++ b/src/iac_scan_runner/scan_runner.py @@ -146,13 +146,15 @@ class ScanRunner: compatible_checks = self.compatibility_matrix.get_all_compatible_checks(self.iac_dir) non_compatible_checks = [] - scan_output = {} - - if selected_checks and selected_checks!="": + + if selected_checks: for selected_check in selected_checks: check = self.iac_checks[selected_check] + print(selected_check) if check.enabled: + print("enabled") + print(compatible_checks) if selected_check in compatible_checks: check_output = check.run(self.iac_dir) scan_output[selected_check] = check_output.to_dict() -- GitLab