From 7296d89fc8f40eadcaded33a60adb3637c6fdb61 Mon Sep 17 00:00:00 2001
From: anzoman <aluzarwork@gmail.com>
Date: Fri, 22 Apr 2022 14:01:15 +0200
Subject: [PATCH] Use Steampunk Scanner to check Ansible
---
.../checks/steampunk_scanner.py | 37 +++++++++++++++++++
src/iac_scan_runner/scan_runner.py | 3 ++
src/iac_scan_runner/vars.py | 1 +
3 files changed, 41 insertions(+)
create mode 100644 src/iac_scan_runner/checks/steampunk_scanner.py
diff --git a/src/iac_scan_runner/checks/steampunk_scanner.py b/src/iac_scan_runner/checks/steampunk_scanner.py
new file mode 100644
index 0000000..20d6a86
--- /dev/null
+++ b/src/iac_scan_runner/checks/steampunk_scanner.py
@@ -0,0 +1,37 @@
+import os
+from typing import Optional
+
+import iac_scan_runner.vars as env
+from iac_scan_runner.check import Check
+from iac_scan_runner.check_output import CheckOutput
+from iac_scan_runner.check_target_entity_type import CheckTargetEntityType
+from iac_scan_runner.utils import run_command
+from pydantic import SecretStr
+
+
+class SteampunkScannerCheck(Check):
+ def __init__(self):
+ super().__init__("steampunk-scanner", "A quality scanner for Ansible tasks, playbooks, roles and collections",
+ CheckTargetEntityType.all)
+ self.enabled = False
+ self.configured = False
+ self._username_password = None
+
+ def configure(self, config_filename: Optional[str], secret: Optional[SecretStr]) -> CheckOutput:
+ if secret:
+ try:
+ if ":" not in secret.get_secret_value():
+ raise Exception(
+ f'The secret for {self.name} check should contain ":" to separate username and password.'
+ )
+
+ os.environ['SCANNER_USERNAME'], os.environ[
+ 'SCANNER_PASSWORD'] = secret.get_secret_value().strip().split(':', 1)
+ return CheckOutput(f'Check: {self.name} has been configured successfully.', 0)
+ except Exception as e:
+ raise Exception(f'Error when configuring {self.name}. Check your username:password secret.')
+ else:
+ raise Exception(f'Check: {self.name} requires you to pass username:password string as secret.')
+
+ def run(self, directory: str) -> CheckOutput:
+ return run_command(f'{env.STEAMPUNK_SCANNER_CHECK_PATH} scan .', directory)
diff --git a/src/iac_scan_runner/scan_runner.py b/src/iac_scan_runner/scan_runner.py
index d0e31e9..def2b0e 100644
--- a/src/iac_scan_runner/scan_runner.py
+++ b/src/iac_scan_runner/scan_runner.py
@@ -21,6 +21,7 @@ from iac_scan_runner.checks.pyup_safety import PyUpSafetyCheck
from iac_scan_runner.checks.shellcheck import ShellCheck
from iac_scan_runner.checks.snyk import SnykCheck
from iac_scan_runner.checks.sonar_scanner import SonarScannerCheck
+from iac_scan_runner.checks.steampunk_scanner import SteampunkScannerCheck
from iac_scan_runner.checks.stylelint import StyleLintCheck
from iac_scan_runner.checks.terrascan import TerrascanCheck
from iac_scan_runner.checks.tflint import TFLintCheck
@@ -42,6 +43,7 @@ class ScanRunner:
"""Initiate predefined check objects"""
opera_tosca_parser = OperaToscaParserCheck()
ansible_lint = AnsibleLintCheck()
+ steampunk_scanner = SteampunkScannerCheck()
tflint = TFLintCheck()
tfsec = TfsecCheck()
terrascan = TerrascanCheck()
@@ -67,6 +69,7 @@ class ScanRunner:
self.iac_checks = {
opera_tosca_parser.name: opera_tosca_parser,
ansible_lint.name: ansible_lint,
+ steampunk_scanner.name: steampunk_scanner,
tflint.name: tflint,
tfsec.name: tfsec,
terrascan.name: terrascan,
diff --git a/src/iac_scan_runner/vars.py b/src/iac_scan_runner/vars.py
index c364f4d..fa2a78c 100644
--- a/src/iac_scan_runner/vars.py
+++ b/src/iac_scan_runner/vars.py
@@ -31,3 +31,4 @@ CLOC_CHECK_PATH = os.getenv("CLOC_CHECK_PATH", f'{NODE_MODULES_DIR}/.bin/cloc')
CHECKSTYLE_CHECK_PATH = os.getenv("CHECKSTYLE_CHECK_PATH", f'{TOOLS_DIR}/checkstyle.jar')
SONAR_SCANNER_CHECK_PATH = os.getenv("SONAR_SCANNER_CHECK_PATH", f'{TOOLS_DIR}/sonar-scanner/bin/sonar-scanner')
SNYK_CHECK_PATH = os.getenv("SNYK_CHECK_PATH", f'{NODE_MODULES_DIR}/.bin/snyk')
+STEAMPUNK_SCANNER_CHECK_PATH = os.getenv("STEAMPUNK_SCANNER_CHECK_PATH", f'{VIRTUALENV_DIR}/bin/steampunk-scanner')
--
GitLab