Create the codes json file during docs build

this will be downloaded by the vscode plugin for ignore resolution
aquasecurity · Jul 27, 2021 · ed3bc5c · ed3bc5c
1 parent ff1bf69
commit ed3bc5c
Show file tree

Hide file tree

Showing 4 changed files with 93 additions and 7 deletions.
diff --git a/cmd/tfsec-docs/extension_codes.go b/cmd/tfsec-docs/extension_codes.go
@@ -0,0 +1,79 @@
+package main
+
+import (
+	"encoding/json"
+	"fmt"
+	"os"
+)
+
+const extensionJsonTemplate = `
+{
+	"checks": [
+		{{ range c := .Checks }}
+		{
+			"code": "{{ c.ID }}",
+			"legacy_code": "{{ c.LegacyID }}",
+			"service": "{{ c.Service }}",
+			"provider": "{{ c.Provider }}",
+			"description": "{{ c.Documentation.Summary }}",
+			"impact": "{{ c.Documentation.Impact }}",
+			"resolution": "{{ c.Documentation.Resolution }}", 
+			"doc_url": "https://tfsec.dev/docs/aws/{{ c.Service }}/{{ c.ShortCode }}
+		}
+		{{ end }}
+	]
+}
+`
+
+type checkBlock struct {
+	Code        string `json:"code"`
+	LegacyCode  string `json:"legacy_code"`
+	Service     string `json:"service"`
+	Provider    string `json:"provider"`
+	Description string `json:"description"`
+	Impact      string `json:"impact"`
+	Resolution  string `json:"resolution"`
+	DocUrl      string `json:"doc_url"`
+}
+
+type checksBlock struct {
+	Checks []checkBlock `json:"checks"`
+}
+
+func generateExtensionCodeFile(registeredChecks []*FileContent) error {
+	var blocks []checkBlock
+
+	for _, c := range registeredChecks {
+		for _, check := range c.Checks {
+			blocks = append(blocks, checkBlock{
+				Code:        check.ID(),
+				LegacyCode:  check.LegacyID,
+				Service:     check.Service,
+				Provider:    string(check.Provider),
+				Description: check.Documentation.Summary,
+				Impact:      check.Documentation.Impact,
+				Resolution:  check.Documentation.Resolution,
+				DocUrl:      fmt.Sprintf("https://tfsec.dev/docs/%s/%s/%s/", check.Provider, check.Service, check.ShortCode),
+			})
+
+		}
+	}
+
+	root := checksBlock{
+		Checks: blocks,
+	}
+
+	file, err := os.Create("checkdocs/codes.json")
+	if err != nil {
+		panic(err)
+	}
+
+	out, err := json.MarshalIndent(root, "", " ")
+	if err != nil {
+		panic(err)
+	}
+
+	_, err = file.Write(out)
+
+	return err
+}
diff --git a/cmd/tfsec-docs/main.go b/cmd/tfsec-docs/main.go
@@ -46,6 +46,10 @@ var rootCmd = &cobra.Command{
 			return err
 		}
 
+		if err := generateExtensionCodeFile(fileContents); err != nil {
+			return err
+		}
+
 		return generateWebPages(fileContents)
 	},
 }

diff --git a/example/custom/custom_check.tf b/example/custom/custom_check.tf
@@ -9,8 +9,8 @@ resource "aws_instance" "non_compliant" {
 }
 
 resource "aws_instance" "compliant" {
-  ami           = "ami-12345"
-  instance_type = "t2.small"
+  ami            = "ami-12345"
+  instance_type  = "t2.small"
   cpu_core_count = 4
 
   tags = {
@@ -24,6 +24,7 @@ resource "aws_s3_bucket" "unversioned_bucket" {
   acl    = "private"
 }
 
+#tfsec:ignore:AWS017:exp:2021-01-01:ws:testworkspace
 resource "aws_s3_bucket" "versioned_bucket" {
   bucket = "my-tf-test-bucket"
   acl    = "private"
@@ -32,7 +33,7 @@ resource "aws_s3_bucket" "versioned_bucket" {
     enabled = true
   }
 }
-
+# tfsec:ignore:AWS017  
 resource "aws_s3_bucket" "disabled_versioned_bucket" {
   bucket = "my-tf-test-bucket"
   acl    = "private"
@@ -48,11 +49,12 @@ module "custom_bucket" {
   acl         = "private"
 }
 
+#tfsec:ignore:aws-s3-enable-bucket-encryption
 resource "aws_s3_bucket" "bucket_with_public_acl" {
   bucket = "my-tf-test-bucket"
-//  acl    = "public-read"
-//
-versioning {
+  //  acl    = "public-read"
+  //
+  versioning {
     enabled = true
   }
-}
+}
diff --git a/scripts/publish-docs.sh b/scripts/publish-docs.sh
@@ -26,6 +26,7 @@ clone_site
 go run ./cmd/tfsec-docs
 cp -r checkdocs/docs/* ./_site/_docs/
 cp -r checkdocs/data/* ./_site/_data/
+cp =r checkdocs/codes.json ./_site/assets/codes.json
 deploy
 
 rm -rf checkdocs