modify iac dir path validation (#720)

tenable · Apr 30, 2021 · 02c8bce · 02c8bce
1 parent 4878eeb
commit 02c8bce
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 0 deletions.
diff --git a/pkg/cli/run_test.go b/pkg/cli/run_test.go
@@ -65,6 +65,7 @@ func TestRun(t *testing.T) {
 	kustomizeTestDirPath := filepath.Join(runTestDir, "kustomize-test")
 	testTerraformFilePath := filepath.Join(runTestDir, "config-only.tf")
 	testRemoteModuleFilePath := filepath.Join(runTestDir, "remote-modules.tf")
+	testTFJSONFilePath := filepath.Join(runTestDir, "tf-plan.json")
 
 	ruleSlice := []string{"AWS.ECR.DataSecurity.High.0579", "AWS.SecurityGroup.NetworkPortsSecurity.Low.0561"}
 
@@ -128,6 +129,18 @@ func TestRun(t *testing.T) {
 				outputType:  "yaml",
 			},
 		},
+		{
+			// test for https://github.com/accurics/terrascan/issues/718
+			// a valid tfplan file is supplied, error is not expected
+			name: "iac type is tfplan and -f option used to specify the tfplan.json",
+			scanOptions: &ScanOptions{
+				policyType:  []string{"all"},
+				iacType:     "tfplan",
+				iacFilePath: testTFJSONFilePath,
+				outputType:  "yaml",
+			},
+			wantErr: false,
+		},
 		{
 			name: "config-only flag k8s",
 			scanOptions: &ScanOptions{

diff --git a/pkg/cli/testdata/run-test/tf-plan.json b/pkg/cli/testdata/run-test/tf-plan.json
@@ -0,0 +1 @@
+{"format_version":"0.1","terraform_version":"0.13.5","variables":{"s3_bucket_prefix":{"value":"sample_prefix_test20"}},"planned_values":{"root_module":{"resources":[{"address":"aws_s3_bucket.demo-example","mode":"managed","type":"aws_s3_bucket","name":"demo-example","provider_name":"registry.terraform.io/hashicorp/aws","schema_version":0,"values":{"acl":"private","bucket":"demoexample-1","bucket_prefix":null,"cors_rule":[],"force_destroy":false,"grant":[],"lifecycle_rule":[],"logging":[],"object_lock_configuration":[],"policy":null,"replication_configuration":[],"server_side_encryption_configuration":[],"tags":null,"versioning":[{"enabled":false,"mfa_delete":false}],"website":[]}},{"address":"aws_s3_bucket.demo-s3","mode":"managed","type":"aws_s3_bucket","name":"demo-s3","provider_name":"registry.terraform.io/hashicorp/aws","schema_version":0,"values":{"acl":"private","bucket":"sample_prefix_test20-terraformcloud","bucket_prefix":null,"cors_rule":[],"force_destroy":false,"grant":[],"lifecycle_rule":[],"logging":[],"object_lock_configuration":[],"policy":null,"replication_configuration":[],"server_side_encryption_configuration":[],"tags":null,"versioning":[{"enabled":false,"mfa_delete":false}],"website":[]}}]}},"resource_changes":[{"address":"aws_s3_bucket.demo-example","mode":"managed","type":"aws_s3_bucket","name":"demo-example","provider_name":"registry.terraform.io/hashicorp/aws","change":{"actions":["create"],"before":null,"after":{"acl":"private","bucket":"demoexample-1","bucket_prefix":null,"cors_rule":[],"force_destroy":false,"grant":[],"lifecycle_rule":[],"logging":[],"object_lock_configuration":[],"policy":null,"replication_configuration":[],"server_side_encryption_configuration":[],"tags":null,"versioning":[{"enabled":false,"mfa_delete":false}],"website":[]},"after_unknown":{"acceleration_status":true,"arn":true,"bucket_domain_name":true,"bucket_regional_domain_name":true,"cors_rule":[],"grant":[],"hosted_zone_id":true,"id":true,"lifecycle_rule":[],"logging":[],"object_lock_configuration":[],"region":true,"replication_configuration":[],"request_payer":true,"server_side_encryption_configuration":[],"versioning":[{}],"website":[],"website_domain":true,"website_endpoint":true}}},{"address":"aws_s3_bucket.demo-s3","mode":"managed","type":"aws_s3_bucket","name":"demo-s3","provider_name":"registry.terraform.io/hashicorp/aws","change":{"actions":["create"],"before":null,"after":{"acl":"private","bucket":"sample_prefix_test20-terraformcloud","bucket_prefix":null,"cors_rule":[],"force_destroy":false,"grant":[],"lifecycle_rule":[],"logging":[],"object_lock_configuration":[],"policy":null,"replication_configuration":[],"server_side_encryption_configuration":[],"tags":null,"versioning":[{"enabled":false,"mfa_delete":false}],"website":[]},"after_unknown":{"acceleration_status":true,"arn":true,"bucket_domain_name":true,"bucket_regional_domain_name":true,"cors_rule":[],"grant":[],"hosted_zone_id":true,"id":true,"lifecycle_rule":[],"logging":[],"object_lock_configuration":[],"region":true,"replication_configuration":[],"request_payer":true,"server_side_encryption_configuration":[],"versioning":[{}],"website":[],"website_domain":true,"website_endpoint":true}}}],"configuration":{"provider_config":{"aws":{"name":"aws","expressions":{"region":{"constant_value":"us-east-1"}}}},"root_module":{"resources":[{"address":"aws_s3_bucket.demo-example","mode":"managed","type":"aws_s3_bucket","name":"demo-example","provider_config_key":"aws","expressions":{"bucket":{"constant_value":"demoexample-1"},"versioning":[{"enabled":{"constant_value":false},"mfa_delete":{"constant_value":false}}]},"schema_version":0},{"address":"aws_s3_bucket.demo-s3","mode":"managed","type":"aws_s3_bucket","name":"demo-s3","provider_config_key":"aws","expressions":{"bucket":{"references":["var.s3_bucket_prefix"]},"versioning":[{"enabled":{"constant_value":false},"mfa_delete":{"constant_value":false}}]},"schema_version":0}],"variables":{"s3_bucket_prefix":{"default":"sample_prefix_test20"}}}}}
diff --git a/pkg/runtime/validate.go b/pkg/runtime/validate.go
@@ -71,6 +71,9 @@ func (e *Executor) ValidateInputs() error {
 			return errNotValidFile
 		}
 
+		// the default value of dirPath is '.', make it empty
+		e.dirPath = ""
+
 		zap.S().Debugf("file '%s' exists", e.filePath)
 	} else {
 		// if directory, check if directory exists