From 4a5a4274584c49d8b92ff35604d95ffdd69fa32b Mon Sep 17 00:00:00 2001
From: penenadpi <penenadpi@gmail.com>
Date: Sat, 23 Jul 2022 09:55:23 -0400
Subject: [PATCH] Aggregating scan results into JSON file
Within this commit we're applying the following changes:
- ResultsSummary class for dumping individual scan results into JSON
- Utilities for writing results
---
src/iac_scan_runner/results_summary.py | 63 ++++++++++++++++++++++++++
src/iac_scan_runner/scan_runner.py | 8 ++++
2 files changed, 71 insertions(+)
create mode 100644 src/iac_scan_runner/results_summary.py
diff --git a/src/iac_scan_runner/results_summary.py b/src/iac_scan_runner/results_summary.py
new file mode 100644
index 0000000..d136572
--- /dev/null
+++ b/src/iac_scan_runner/results_summary.py
@@ -0,0 +1,63 @@
+import os
+import json
+
+
+class ResultsSummary:
+ def __init__(self):
+ """
+ Initialize new IaC Compatibility matrix
+ :param matrix: dictionary of available checks for given Iac type
+ """
+ self.outcomes = dict()
+
+ def get_check_outcome(self, check_name: str) -> str:
+ """
+ Returns the list of available scanner check tools for given type of IaC archive
+ :return: list object conatining string names of checks
+ """
+ return self.outcomes[check_name]
+
+ def set_check_outcome(self, check_name: str, outcome: bool):
+ """
+ Returns the list of available scanner check tools for given type of IaC archive
+ :return: list object conatining string names of checks
+ """
+ outcomes[check_name] = outcome
+
+ def summarize_outcome(self, check: str, outcome: str) -> bool:
+ """Summarize the check result to True/False depending on the return tool output
+ :param check: Name of the considered check of interest
+ :return: Whether the check passed (True) or failed (False)
+ """
+ if check == "tfsec":
+ if outcome.find("No problems detected!") > -1:
+ self.outcomes[check] = True
+ return True
+ else:
+ self.outcomes[check] = False
+ return False
+
+ if check == "git-leaks":
+ if outcome.find("No leaks found") > -1:
+ self.outcomes[check] = True
+ return True
+ else:
+ self.outcomes[check] = False
+ return False
+
+ if check == "tflint":
+ if outcome == "":
+ self.outcomes[check] = True
+ return True
+ else:
+ self.outcomes[check] = False
+ return False
+
+ def show_outcomes(self):
+ print(self.outcomes)
+
+ def dump_outcomes(self, file_name: str):
+ file_path = "json_dumps/" + file_name + ".json"
+
+ with open(file_path, "w") as fp:
+ json.dump(self.outcomes, fp)
diff --git a/src/iac_scan_runner/scan_runner.py b/src/iac_scan_runner/scan_runner.py
index 8bce7f7..0400571 100644
--- a/src/iac_scan_runner/scan_runner.py
+++ b/src/iac_scan_runner/scan_runner.py
@@ -6,6 +6,7 @@ import iac_scan_runner.vars as env
from fastapi import UploadFile
from iac_scan_runner.compatibility import Compatibility
+from iac_scan_runner.results_summary import ResultsSummary
from iac_scan_runner.checks.ansible_lint import AnsibleLintCheck
from iac_scan_runner.checks.bandit import BanditCheck
@@ -90,6 +91,7 @@ class ScanRunner:
}
self.checker = Compatibility(init_dict)
+ self.results_summary = ResultsSummary()
self.iac_checks = {
opera_tosca_parser.name: opera_tosca_parser,
@@ -173,6 +175,7 @@ class ScanRunner:
print(selected_check)
check_output = check.run(self.iac_dir)
print("compatible------")
+
if scan_response_type == ScanResponseType.json:
scan_output[selected_check] = check_output.to_dict()
else:
@@ -181,6 +184,11 @@ class ScanRunner:
write_string_to_file(
check.name, dir_name, scan_output[check.name]["output"]
)
+ self.results_summary.summarize_outcome(
+ selected_check, scan_output[check.name]["output"]
+ )
+ self.results_summary.show_outcomes()
+ self.results_summary.dump_outcomes(str(ts))
else:
for iac_check in self.iac_checks.values():
--
GitLab