Add cloc check and update SonarScanner install

42353ac5 · Anze Luzar · e659e444 · 42353ac5 · 42353ac5 · 42353ac5
Unverified Commit 42353ac5 authored 3 years ago by Anze Luzar
--- a/install-checks.sh
+++ b/install-checks.sh
@@ -27,6 +27,7 @@ export SHELL_CHECK_PATH="${TOOLS_DIR}/shellcheck"
 export ES_LINT_CHECK_PATH="${NODE_MODULES_DIR}/.bin/eslint"
 export HTMLHINT_CHECK_PATH="${NODE_MODULES_DIR}/.bin/htmlhint"
 export STYLELINT_CHECK_PATH="${NODE_MODULES_DIR}/.bin/stylelint"
+export CLOC_CHECK_PATH="${NODE_MODULES_DIR}/.bin/cloc"
 export CHECKSTYLE_CHECK_PATH="${TOOLS_DIR}/checkstyle.jar"
 export SONAR_SCANNER_CHECK_PATH="${TOOLS_DIR}/sonar-scanner/bin/sonar-scanner"
 export SNYK_CHECK_PATH="${NODE_MODULES_DIR}/.bin/snyk"
@@ -40,7 +41,7 @@ gitSecretsUrl='https://github.com/awslabs/git-secrets.git'
 tflintUrl='https://raw.githubusercontent.com/terraform-linters/tflint/master/install_linux.sh'
 tfsecUrl='https://github.com/tfsec/tfsec/releases/download/v0.51.1/tfsec-linux-amd64'
 terrascanUrl='https://api.github.com/repos/accurics/terrascan/releases/latest'
-sonarScannerUrl='https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.6.2.2472-linux.zip'
+sonarScannerUrl='https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.7.0.2747.zip'

 # functions below are used to install the check tools
 createAndActivateVenvDirIfNot() {
@@ -140,7 +141,7 @@ installSonarScannerIfNot() {
  if [ ! -f "$SONAR_SCANNER_CHECK_PATH" ]; then
    wget ${sonarScannerUrl} -O "${TMP_DIR}/sonar-scanner"
    unzip "${TMP_DIR}/sonar-scanner" -d "${TOOLS_DIR}"
-    mv "${TOOLS_DIR}/sonar-scanner-4.6.2.2472-linux" "${TOOLS_DIR}/sonar-scanner"
+    mv "${TOOLS_DIR}/sonar-scanner-cli-4.7.0.2747" "${TOOLS_DIR}/sonar-scanner"
  fi
 }


--- a/src/iac_scan_runner/api.py
+++ b/src/iac_scan_runner/api.py
@@ -17,7 +17,7 @@ app = FastAPI(
    docs_url="/swagger",
    title="IaC Scan Runner REST API",
    description="Service that scans your Infrastructure as Code for common vulnerabilities",
-    version="0.1.5",
+    version="0.1.6",
    root_path=os.getenv('ROOT_PATH', "/")
 )


--- a/src/iac_scan_runner/checks/cloc.py
+++ b/src/iac_scan_runner/checks/cloc.py
+from typing import Optional
+
+import iac_scan_runner.vars as env
+from iac_scan_runner.check import Check
+from iac_scan_runner.check_output import CheckOutput
+from iac_scan_runner.check_target_entity_type import CheckTargetEntityType
+from iac_scan_runner.utils import run_command
+from pydantic import SecretStr
+
+
+class ClocCheck(Check):
+    def __init__(self):
+        super().__init__("cloc", "Counts blank lines, comment lines, and physical lines of source code in many "
+                                 "programming languages", CheckTargetEntityType.iac)
+
+    def configure(self, config_filename: Optional[str], secret: Optional[SecretStr]) -> CheckOutput:
+        if config_filename:
+            self._config_filename = config_filename
+            return CheckOutput(f'Check: {self.name} has been configured successfully.', 0)
+        else:
+            raise Exception(f'Check: {self.name} requires you to pass a configuration file.')
+
+    def run(self, directory: str) -> CheckOutput:
+        if self._config_filename:
+            return run_command(f'{env.CLOC_CHECK_PATH} --config {env.CONFIG_DIR}/{self._config_filename} .', directory)
+        else:
+            return run_command(f'{env.CLOC_CHECK_PATH} .', directory)
--- a/src/iac_scan_runner/vars.py
+++ b/src/iac_scan_runner/vars.py
@@ -5,7 +5,7 @@ ROOT_DIR = os.getenv("ROOT_DIR", os.path.normpath(os.getcwd() + os.sep + os.pard
 VIRTUALENV_DIR = os.getenv("VIRTUALENV_DIR", f'{ROOT_DIR}/.venv')
 TOOLS_DIR = os.getenv("TOOLS_DIR", f'{ROOT_DIR}/tools')
 CONFIG_DIR = os.getenv("CONFIG_DIR", f'{ROOT_DIR}/config')
-NODE_MODULES_DIR = os.getenv("NODE_MODULES_DIR", f'{TOOLS_DIR}/node_modules')
+NODE_MODULES_DIR = os.getenv("NODE_MODULES_DIR", f'{ROOT_DIR}/node_modules')
 TMP_DIR = os.getenv("TMP_DIR", f'{TOOLS_DIR}/tmp')

 # vars for paths to check executables
@@ -24,9 +24,10 @@ MARKDOWN_LINT_CHECK_PATH = os.getenv("MARKDOWN_LINT_CHECK_PATH", f'{TOOLS_DIR}/m
 HADOLINT_CHECK_PATH = os.getenv("HADOLINT_CHECK_PATH", f'{TOOLS_DIR}/hadolint')
 GIXY_CHECK_PATH = os.getenv("GIXY_CHECK_PATH", f'{VIRTUALENV_DIR}/bin/gixy')
 SHELL_CHECK_PATH = os.getenv("SHELL_CHECK_PATH", f'{TOOLS_DIR}/shellcheck')
-CHECKSTYLE_CHECK_PATH = os.getenv("CHECKSTYLE_CHECK_PATH", f'{TOOLS_DIR}/checkstyle.jar')
 ES_LINT_CHECK_PATH = os.getenv("ES_LINT_CHECK_PATH", f'{NODE_MODULES_DIR}/.bin/eslint')
 HTMLHINT_CHECK_PATH = os.getenv("HTMLHINT_CHECK_PATH", f'{NODE_MODULES_DIR}/.bin/htmlhint')
 STYLELINT_CHECK_PATH = os.getenv("STYLELINT_CHECK_PATH", f'{NODE_MODULES_DIR}/.bin/stylelint')
+CLOC_CHECK_PATH = os.getenv("CLOC_CHECK_PATH", f'{NODE_MODULES_DIR}/.bin/cloc')
+CHECKSTYLE_CHECK_PATH = os.getenv("CHECKSTYLE_CHECK_PATH", f'{TOOLS_DIR}/checkstyle.jar')
 SONAR_SCANNER_CHECK_PATH = os.getenv("SONAR_SCANNER_CHECK_PATH", f'{TOOLS_DIR}/sonar-scanner/bin/sonar-scanner')
 SNYK_CHECK_PATH = os.getenv("SNYK_CHECK_PATH", f'{NODE_MODULES_DIR}/.bin/snyk')