From 42353ac57af199773208e9d940901a0ab34f0b0e Mon Sep 17 00:00:00 2001
From: anzoman <aluzarwork@gmail.com>
Date: Mon, 7 Mar 2022 08:30:42 +0100
Subject: [PATCH] Add cloc check and update SonarScanner install

---
 install-checks.sh                  |  5 +++--
 src/iac_scan_runner/api.py         |  2 +-
 src/iac_scan_runner/checks/cloc.py | 27 +++++++++++++++++++++++++++
 src/iac_scan_runner/vars.py        |  5 +++--
 4 files changed, 34 insertions(+), 5 deletions(-)
 create mode 100644 src/iac_scan_runner/checks/cloc.py

diff --git a/install-checks.sh b/install-checks.sh
index 638664a..3ca1dce 100755
--- a/install-checks.sh
+++ b/install-checks.sh
@@ -27,6 +27,7 @@ export SHELL_CHECK_PATH="${TOOLS_DIR}/shellcheck"
 export ES_LINT_CHECK_PATH="${NODE_MODULES_DIR}/.bin/eslint"
 export HTMLHINT_CHECK_PATH="${NODE_MODULES_DIR}/.bin/htmlhint"
 export STYLELINT_CHECK_PATH="${NODE_MODULES_DIR}/.bin/stylelint"
+export CLOC_CHECK_PATH="${NODE_MODULES_DIR}/.bin/cloc"
 export CHECKSTYLE_CHECK_PATH="${TOOLS_DIR}/checkstyle.jar"
 export SONAR_SCANNER_CHECK_PATH="${TOOLS_DIR}/sonar-scanner/bin/sonar-scanner"
 export SNYK_CHECK_PATH="${NODE_MODULES_DIR}/.bin/snyk"
@@ -40,7 +41,7 @@ gitSecretsUrl='https://github.com/awslabs/git-secrets.git'
 tflintUrl='https://raw.githubusercontent.com/terraform-linters/tflint/master/install_linux.sh'
 tfsecUrl='https://github.com/tfsec/tfsec/releases/download/v0.51.1/tfsec-linux-amd64'
 terrascanUrl='https://api.github.com/repos/accurics/terrascan/releases/latest'
-sonarScannerUrl='https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.6.2.2472-linux.zip'
+sonarScannerUrl='https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.7.0.2747.zip'
 
 # functions below are used to install the check tools
 createAndActivateVenvDirIfNot() {
@@ -140,7 +141,7 @@ installSonarScannerIfNot() {
   if [ ! -f "$SONAR_SCANNER_CHECK_PATH" ]; then
     wget ${sonarScannerUrl} -O "${TMP_DIR}/sonar-scanner"
     unzip "${TMP_DIR}/sonar-scanner" -d "${TOOLS_DIR}"
-    mv "${TOOLS_DIR}/sonar-scanner-4.6.2.2472-linux" "${TOOLS_DIR}/sonar-scanner"
+    mv "${TOOLS_DIR}/sonar-scanner-cli-4.7.0.2747" "${TOOLS_DIR}/sonar-scanner"
   fi
 }
 
diff --git a/src/iac_scan_runner/api.py b/src/iac_scan_runner/api.py
index 4c872b5..acb5757 100644
--- a/src/iac_scan_runner/api.py
+++ b/src/iac_scan_runner/api.py
@@ -17,7 +17,7 @@ app = FastAPI(
     docs_url="/swagger",
     title="IaC Scan Runner REST API",
     description="Service that scans your Infrastructure as Code for common vulnerabilities",
-    version="0.1.5",
+    version="0.1.6",
     root_path=os.getenv('ROOT_PATH', "/")
 )
 
diff --git a/src/iac_scan_runner/checks/cloc.py b/src/iac_scan_runner/checks/cloc.py
new file mode 100644
index 0000000..8de7f3d
--- /dev/null
+++ b/src/iac_scan_runner/checks/cloc.py
@@ -0,0 +1,27 @@
+from typing import Optional
+
+import iac_scan_runner.vars as env
+from iac_scan_runner.check import Check
+from iac_scan_runner.check_output import CheckOutput
+from iac_scan_runner.check_target_entity_type import CheckTargetEntityType
+from iac_scan_runner.utils import run_command
+from pydantic import SecretStr
+
+
+class ClocCheck(Check):
+    def __init__(self):
+        super().__init__("cloc", "Counts blank lines, comment lines, and physical lines of source code in many "
+                                 "programming languages", CheckTargetEntityType.iac)
+
+    def configure(self, config_filename: Optional[str], secret: Optional[SecretStr]) -> CheckOutput:
+        if config_filename:
+            self._config_filename = config_filename
+            return CheckOutput(f'Check: {self.name} has been configured successfully.', 0)
+        else:
+            raise Exception(f'Check: {self.name} requires you to pass a configuration file.')
+
+    def run(self, directory: str) -> CheckOutput:
+        if self._config_filename:
+            return run_command(f'{env.CLOC_CHECK_PATH} --config {env.CONFIG_DIR}/{self._config_filename} .', directory)
+        else:
+            return run_command(f'{env.CLOC_CHECK_PATH} .', directory)
diff --git a/src/iac_scan_runner/vars.py b/src/iac_scan_runner/vars.py
index 9ee672b..60a8f46 100644
--- a/src/iac_scan_runner/vars.py
+++ b/src/iac_scan_runner/vars.py
@@ -5,7 +5,7 @@ ROOT_DIR = os.getenv("ROOT_DIR", os.path.normpath(os.getcwd() + os.sep + os.pard
 VIRTUALENV_DIR = os.getenv("VIRTUALENV_DIR", f'{ROOT_DIR}/.venv')
 TOOLS_DIR = os.getenv("TOOLS_DIR", f'{ROOT_DIR}/tools')
 CONFIG_DIR = os.getenv("CONFIG_DIR", f'{ROOT_DIR}/config')
-NODE_MODULES_DIR = os.getenv("NODE_MODULES_DIR", f'{TOOLS_DIR}/node_modules')
+NODE_MODULES_DIR = os.getenv("NODE_MODULES_DIR", f'{ROOT_DIR}/node_modules')
 TMP_DIR = os.getenv("TMP_DIR", f'{TOOLS_DIR}/tmp')
 
 # vars for paths to check executables
@@ -24,9 +24,10 @@ MARKDOWN_LINT_CHECK_PATH = os.getenv("MARKDOWN_LINT_CHECK_PATH", f'{TOOLS_DIR}/m
 HADOLINT_CHECK_PATH = os.getenv("HADOLINT_CHECK_PATH", f'{TOOLS_DIR}/hadolint')
 GIXY_CHECK_PATH = os.getenv("GIXY_CHECK_PATH", f'{VIRTUALENV_DIR}/bin/gixy')
 SHELL_CHECK_PATH = os.getenv("SHELL_CHECK_PATH", f'{TOOLS_DIR}/shellcheck')
-CHECKSTYLE_CHECK_PATH = os.getenv("CHECKSTYLE_CHECK_PATH", f'{TOOLS_DIR}/checkstyle.jar')
 ES_LINT_CHECK_PATH = os.getenv("ES_LINT_CHECK_PATH", f'{NODE_MODULES_DIR}/.bin/eslint')
 HTMLHINT_CHECK_PATH = os.getenv("HTMLHINT_CHECK_PATH", f'{NODE_MODULES_DIR}/.bin/htmlhint')
 STYLELINT_CHECK_PATH = os.getenv("STYLELINT_CHECK_PATH", f'{NODE_MODULES_DIR}/.bin/stylelint')
+CLOC_CHECK_PATH = os.getenv("CLOC_CHECK_PATH", f'{NODE_MODULES_DIR}/.bin/cloc')
+CHECKSTYLE_CHECK_PATH = os.getenv("CHECKSTYLE_CHECK_PATH", f'{TOOLS_DIR}/checkstyle.jar')
 SONAR_SCANNER_CHECK_PATH = os.getenv("SONAR_SCANNER_CHECK_PATH", f'{TOOLS_DIR}/sonar-scanner/bin/sonar-scanner')
 SNYK_CHECK_PATH = os.getenv("SNYK_CHECK_PATH", f'{NODE_MODULES_DIR}/.bin/snyk')
-- 
GitLab