Skip to content

Commit

Permalink
feat: add the occurrences field (#1383)
Browse files Browse the repository at this point in the history
* feat: add the occurrences field

* include all occurrences

* add a test
  • Loading branch information
nikpivkin authored Jul 20, 2023
1 parent f21fdf3 commit a6686fe
Show file tree
Hide file tree
Showing 3 changed files with 86 additions and 0 deletions.
2 changes: 2 additions & 0 deletions pkg/scan/flat.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ type FlatResult struct {
Warning bool `json:"warning"`
Status Status `json:"status"`
Resource string `json:"resource"`
Occurrences []Occurrence `json:"occurrences,omitempty"`
Location FlatRange `json:"location"`
}

Expand Down Expand Up @@ -60,6 +61,7 @@ func (r *Result) Flatten() FlatResult {
Severity: r.rule.Severity,
Status: r.status,
Resource: resMetadata.Reference(),
Occurrences: r.Occurrences(),
Warning: r.IsWarning(),
Location: FlatRange{
Filename: rng.GetFilename(),
Expand Down
28 changes: 28 additions & 0 deletions pkg/scan/result.go
Original file line number Diff line number Diff line change
Expand Up @@ -336,3 +336,31 @@ func rawToString(raw interface{}) string {
return "?"
}
}

type Occurrence struct {
Resource string `json:"resource"`
Filename string `json:"filename"`
StartLine int `json:"start_line"`
EndLine int `json:"end_line"`
}

func (r *Result) Occurrences() []Occurrence {
var occurrences []Occurrence

mod := &r.metadata

for {
mod = mod.Parent()
if mod == nil {
break
}
parentRange := mod.Range()
occurrences = append(occurrences, Occurrence{
Resource: mod.Reference(),
Filename: parentRange.GetFilename(),
StartLine: parentRange.GetStartLine(),
EndLine: parentRange.GetEndLine(),
})
}
return occurrences
}
56 changes: 56 additions & 0 deletions pkg/scan/result_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
package scan_test

import (
"testing"

"github.com/aquasecurity/defsec/pkg/scan"
"github.com/aquasecurity/defsec/pkg/types"
"github.com/stretchr/testify/assert"
)

func Test_Occurrences(t *testing.T) {
tests := []struct {
name string
factory func() *scan.Result
expected []scan.Occurrence
}{
{
name: "happy",
factory: func() *scan.Result {
r := scan.Result{}
causeResourceMeta := types.NewMetadata(types.NewRange(
"main.tf", 1, 13, "", nil,
), "module.aws-security-groups[\"db1\"]")

parentMeta := types.NewMetadata(types.NewRange(
"terraform-aws-modules/security-group/aws/main.tf", 191, 227, "", nil,
), "aws_security_group_rule.ingress_with_cidr_blocks[0]").WithParent(causeResourceMeta)

r.OverrideMetadata(types.NewMetadata(types.NewRange(
"terraform-aws-modules/security-group/aws/main.tf", 197, 204, "", nil,
), "aws_security_group_rule.ingress_with_cidr_blocks").WithParent(parentMeta))
return &r
},
expected: []scan.Occurrence{
{
Resource: "aws_security_group_rule.ingress_with_cidr_blocks[0]",
Filename: "terraform-aws-modules/security-group/aws/main.tf",
StartLine: 191,
EndLine: 227,
},
{
Resource: "module.aws-security-groups[\"db1\"]",
Filename: "main.tf",
StartLine: 1,
EndLine: 13,
},
},
},
}

for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
assert.Equal(t, tt.expected, tt.factory().Occurrences())
})
}
}

0 comments on commit a6686fe

Please sign in to comment.