Use Steampunk Scanner to check Ansible

7296d89f · Anze Luzar · 5e8822bb · 7296d89f · 7296d89f · 7296d89f
Unverified Commit 7296d89f authored 3 years ago by Anze Luzar
--- a/src/iac_scan_runner/checks/steampunk_scanner.py
+++ b/src/iac_scan_runner/checks/steampunk_scanner.py
+import os
+from typing import Optional
+import iac_scan_runner.vars as env
+from iac_scan_runner.check import Check
+from iac_scan_runner.check_output import CheckOutput
+from iac_scan_runner.check_target_entity_type import CheckTargetEntityType
+from iac_scan_runner.utils import run_command
+from pydantic import SecretStr
+class SteampunkScannerCheck(Check):
+    def __init__(self):
+        super().__init__("steampunk-scanner", "A quality scanner for Ansible tasks, playbooks, roles and collections",
+                         CheckTargetEntityType.all)
+        self.enabled = False
+        self.configured = False
+        self._username_password = None
+    def configure(self, config_filename: Optional[str], secret: Optional[SecretStr]) -> CheckOutput:
+        if secret:
+            try:
+                if ":" not in secret.get_secret_value():
+                    raise Exception(
+                        f'The secret for {self.name} check should contain ":" to separate username and password.'
+                    )
+                os.environ['SCANNER_USERNAME'], os.environ[
+                    'SCANNER_PASSWORD'] = secret.get_secret_value().strip().split(':', 1)
+                return CheckOutput(f'Check: {self.name} has been configured successfully.', 0)
+            except Exception as e:
+                raise Exception(f'Error when configuring {self.name}. Check your username:password secret.')
+        else:
+            raise Exception(f'Check: {self.name} requires you to pass username:password string as secret.')
+    def run(self, directory: str) -> CheckOutput:
+        return run_command(f'{env.STEAMPUNK_SCANNER_CHECK_PATH} scan .', directory)
--- a/src/iac_scan_runner/scan_runner.py
+++ b/src/iac_scan_runner/scan_runner.py
@@ -21,6 +21,7 @@ from iac_scan_runner.checks.pyup_safety import PyUpSafetyCheck
 from iac_scan_runner.checks.shellcheck import ShellCheck
 from iac_scan_runner.checks.snyk import SnykCheck
 from iac_scan_runner.checks.sonar_scanner import SonarScannerCheck
+from iac_scan_runner.checks.steampunk_scanner import SteampunkScannerCheck
 from iac_scan_runner.checks.stylelint import StyleLintCheck
 from iac_scan_runner.checks.terrascan import TerrascanCheck
 from iac_scan_runner.checks.tflint import TFLintCheck
@@ -42,6 +43,7 @@ class ScanRunner:
        """Initiate predefined check objects"""
        opera_tosca_parser = OperaToscaParserCheck()
        ansible_lint = AnsibleLintCheck()
+        steampunk_scanner = SteampunkScannerCheck()
        tflint = TFLintCheck()
        tfsec = TfsecCheck()
        terrascan = TerrascanCheck()
@@ -67,6 +69,7 @@ class ScanRunner:
        self.iac_checks = {
            opera_tosca_parser.name: opera_tosca_parser,
            ansible_lint.name: ansible_lint,
+            steampunk_scanner.name: steampunk_scanner,
            tflint.name: tflint,
            tfsec.name: tfsec,
            terrascan.name: terrascan,

--- a/src/iac_scan_runner/vars.py
+++ b/src/iac_scan_runner/vars.py
@@ -31,3 +31,4 @@ CLOC_CHECK_PATH = os.getenv("CLOC_CHECK_PATH", f'{NODE_MODULES_DIR}/.bin/cloc')
 CHECKSTYLE_CHECK_PATH = os.getenv("CHECKSTYLE_CHECK_PATH", f'{TOOLS_DIR}/checkstyle.jar')
 SONAR_SCANNER_CHECK_PATH = os.getenv("SONAR_SCANNER_CHECK_PATH", f'{TOOLS_DIR}/sonar-scanner/bin/sonar-scanner')
 SNYK_CHECK_PATH = os.getenv("SNYK_CHECK_PATH", f'{NODE_MODULES_DIR}/.bin/snyk')
+STEAMPUNK_SCANNER_CHECK_PATH = os.getenv("STEAMPUNK_SCANNER_CHECK_PATH", f'{VIRTUALENV_DIR}/bin/steampunk-scanner')