diff --git a/install-checks.sh b/install-checks.sh index 638664afdb7fa25dcccf797ed312882e1588d771..3ca1dce8fea43dc68303bdb1987018e965c73a57 100755 --- a/install-checks.sh +++ b/install-checks.sh @@ -27,6 +27,7 @@ export SHELL_CHECK_PATH="${TOOLS_DIR}/shellcheck" export ES_LINT_CHECK_PATH="${NODE_MODULES_DIR}/.bin/eslint" export HTMLHINT_CHECK_PATH="${NODE_MODULES_DIR}/.bin/htmlhint" export STYLELINT_CHECK_PATH="${NODE_MODULES_DIR}/.bin/stylelint" +export CLOC_CHECK_PATH="${NODE_MODULES_DIR}/.bin/cloc" export CHECKSTYLE_CHECK_PATH="${TOOLS_DIR}/checkstyle.jar" export SONAR_SCANNER_CHECK_PATH="${TOOLS_DIR}/sonar-scanner/bin/sonar-scanner" export SNYK_CHECK_PATH="${NODE_MODULES_DIR}/.bin/snyk" @@ -40,7 +41,7 @@ gitSecretsUrl='https://github.com/awslabs/git-secrets.git' tflintUrl='https://raw.githubusercontent.com/terraform-linters/tflint/master/install_linux.sh' tfsecUrl='https://github.com/tfsec/tfsec/releases/download/v0.51.1/tfsec-linux-amd64' terrascanUrl='https://api.github.com/repos/accurics/terrascan/releases/latest' -sonarScannerUrl='https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.6.2.2472-linux.zip' +sonarScannerUrl='https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.7.0.2747.zip' # functions below are used to install the check tools createAndActivateVenvDirIfNot() { @@ -140,7 +141,7 @@ installSonarScannerIfNot() { if [ ! -f "$SONAR_SCANNER_CHECK_PATH" ]; then wget ${sonarScannerUrl} -O "${TMP_DIR}/sonar-scanner" unzip "${TMP_DIR}/sonar-scanner" -d "${TOOLS_DIR}" - mv "${TOOLS_DIR}/sonar-scanner-4.6.2.2472-linux" "${TOOLS_DIR}/sonar-scanner" + mv "${TOOLS_DIR}/sonar-scanner-cli-4.7.0.2747" "${TOOLS_DIR}/sonar-scanner" fi } diff --git a/src/iac_scan_runner/api.py b/src/iac_scan_runner/api.py index 4c872b5353f9fbf85f3331e6915f33c5cbac2b68..acb57574b7b17d9f50904fd8f194404094cc3503 100644 --- a/src/iac_scan_runner/api.py +++ b/src/iac_scan_runner/api.py @@ -17,7 +17,7 @@ app = FastAPI( docs_url="/swagger", title="IaC Scan Runner REST API", description="Service that scans your Infrastructure as Code for common vulnerabilities", - version="0.1.5", + version="0.1.6", root_path=os.getenv('ROOT_PATH', "/") ) diff --git a/src/iac_scan_runner/checks/cloc.py b/src/iac_scan_runner/checks/cloc.py new file mode 100644 index 0000000000000000000000000000000000000000..8de7f3d0a327573868a2c493ee20358345521040 --- /dev/null +++ b/src/iac_scan_runner/checks/cloc.py @@ -0,0 +1,27 @@ +from typing import Optional + +import iac_scan_runner.vars as env +from iac_scan_runner.check import Check +from iac_scan_runner.check_output import CheckOutput +from iac_scan_runner.check_target_entity_type import CheckTargetEntityType +from iac_scan_runner.utils import run_command +from pydantic import SecretStr + + +class ClocCheck(Check): + def __init__(self): + super().__init__("cloc", "Counts blank lines, comment lines, and physical lines of source code in many " + "programming languages", CheckTargetEntityType.iac) + + def configure(self, config_filename: Optional[str], secret: Optional[SecretStr]) -> CheckOutput: + if config_filename: + self._config_filename = config_filename + return CheckOutput(f'Check: {self.name} has been configured successfully.', 0) + else: + raise Exception(f'Check: {self.name} requires you to pass a configuration file.') + + def run(self, directory: str) -> CheckOutput: + if self._config_filename: + return run_command(f'{env.CLOC_CHECK_PATH} --config {env.CONFIG_DIR}/{self._config_filename} .', directory) + else: + return run_command(f'{env.CLOC_CHECK_PATH} .', directory) diff --git a/src/iac_scan_runner/vars.py b/src/iac_scan_runner/vars.py index 9ee672be374fdae87c844a111f7252ccdf33fc29..60a8f460e7051b8e3c10398cfef734d1b30c712a 100644 --- a/src/iac_scan_runner/vars.py +++ b/src/iac_scan_runner/vars.py @@ -5,7 +5,7 @@ ROOT_DIR = os.getenv("ROOT_DIR", os.path.normpath(os.getcwd() + os.sep + os.pard VIRTUALENV_DIR = os.getenv("VIRTUALENV_DIR", f'{ROOT_DIR}/.venv') TOOLS_DIR = os.getenv("TOOLS_DIR", f'{ROOT_DIR}/tools') CONFIG_DIR = os.getenv("CONFIG_DIR", f'{ROOT_DIR}/config') -NODE_MODULES_DIR = os.getenv("NODE_MODULES_DIR", f'{TOOLS_DIR}/node_modules') +NODE_MODULES_DIR = os.getenv("NODE_MODULES_DIR", f'{ROOT_DIR}/node_modules') TMP_DIR = os.getenv("TMP_DIR", f'{TOOLS_DIR}/tmp') # vars for paths to check executables @@ -24,9 +24,10 @@ MARKDOWN_LINT_CHECK_PATH = os.getenv("MARKDOWN_LINT_CHECK_PATH", f'{TOOLS_DIR}/m HADOLINT_CHECK_PATH = os.getenv("HADOLINT_CHECK_PATH", f'{TOOLS_DIR}/hadolint') GIXY_CHECK_PATH = os.getenv("GIXY_CHECK_PATH", f'{VIRTUALENV_DIR}/bin/gixy') SHELL_CHECK_PATH = os.getenv("SHELL_CHECK_PATH", f'{TOOLS_DIR}/shellcheck') -CHECKSTYLE_CHECK_PATH = os.getenv("CHECKSTYLE_CHECK_PATH", f'{TOOLS_DIR}/checkstyle.jar') ES_LINT_CHECK_PATH = os.getenv("ES_LINT_CHECK_PATH", f'{NODE_MODULES_DIR}/.bin/eslint') HTMLHINT_CHECK_PATH = os.getenv("HTMLHINT_CHECK_PATH", f'{NODE_MODULES_DIR}/.bin/htmlhint') STYLELINT_CHECK_PATH = os.getenv("STYLELINT_CHECK_PATH", f'{NODE_MODULES_DIR}/.bin/stylelint') +CLOC_CHECK_PATH = os.getenv("CLOC_CHECK_PATH", f'{NODE_MODULES_DIR}/.bin/cloc') +CHECKSTYLE_CHECK_PATH = os.getenv("CHECKSTYLE_CHECK_PATH", f'{TOOLS_DIR}/checkstyle.jar') SONAR_SCANNER_CHECK_PATH = os.getenv("SONAR_SCANNER_CHECK_PATH", f'{TOOLS_DIR}/sonar-scanner/bin/sonar-scanner') SNYK_CHECK_PATH = os.getenv("SNYK_CHECK_PATH", f'{NODE_MODULES_DIR}/.bin/snyk')