Fix inline ignore issue (#964)

- Fixed inline ignore issue - Simplified adding results to set in rule functions - Added Printf style function for descriptions - Added check for missing nested attributes Co-authored-by: Liam Galvin <liam.galvin@aquasec.com>
aquasecurity · Jul 29, 2021 · 20c7b6e · 20c7b6e
1 parent 9b94b3b
commit 20c7b6e
Show file tree

Hide file tree

Showing 204 changed files with 1,776 additions and 2,761 deletions.
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -110,9 +110,8 @@ CheckFunc: func(set result.Set, block *parser.Block, _ *hclcontext.Context) {
 
             if attr := block.GetAttribute("hackable"); attr != nil && attr.Value().Type() == cty.Bool {
                 if attr.Value().True() {
-                    set.Add(
-                        result.New(resourceBlock).
-						WithDescription(fmt.Sprintf("The Gibson '%s' is configured to be hackable.", block.Name())).
+                    set.Add().
+                        						WithDescription("The Gibson '%s' is configured to be hackable.", block.Name()).
 						WithAttribute(attr).
 						,
 					)

diff --git a/example/main.tf b/example/main.tf
@@ -62,3 +62,7 @@ resource "aws_dynamodb_table" "bad_example" {
     enabled = true
   }
 }
+
+resource "aws_instance" "my_project" {
+
+}
diff --git a/internal/app/tfsec/block/attribute.go b/internal/app/tfsec/block/attribute.go
@@ -14,12 +14,15 @@ type Attribute interface {
 	StartsWith(prefix interface{}) bool
 	EndsWith(suffix interface{}) bool
 	Equals(checkValue interface{}, equalityOptions ...EqualityOption) bool
+	NotEqual(checkValue interface{}, equalityOptions ...EqualityOption) bool
 	RegexMatches(pattern interface{}) bool
 	IsAny(options ...interface{}) bool
 	IsNone(options ...interface{}) bool
 	IsTrue() bool
 	IsFalse() bool
 	IsEmpty() bool
+	IsNil() bool
+	IsNotNil() bool
 	MapValue(mapKey string) cty.Value
 	LessThan(checkValue interface{}) bool
 	LessThanOrEqualTo(checkValue interface{}) bool

diff --git a/internal/app/tfsec/block/block.go b/internal/app/tfsec/block/block.go
@@ -30,6 +30,7 @@ type Block interface {
 	IsCountExpanded() bool
 	HasChild(childElement string) bool
 	MissingChild(childElement string) bool
+	MissingNestedChild(childElement string) bool
 	InModule() bool
 	Label() string
 	HasBlock(childElement string) bool
@@ -38,4 +39,6 @@ type Block interface {
 	Values() cty.Value
 	Context() *hcl.EvalContext
 	ReadLines() (lines []string, comments []string, err error)
+	IsNil() bool
+	IsNotNil() bool
 }