Syncing main with dev branch (#348)

* Improve handling of function references for test command (#331)

* improving handling for tagged values for test command

* removing shorthand functions from known issues

* PR to add Thiserror to cfn-guard (#329)

* PR to add thiserror to guard

* cleanup

* clippy lints

* printing errs to stderr instead of stdout

* merge conflicts

* rustfmt

* cleaning up code

* Redirected verbose output from stdout to custom writer and added unit… (#332)

* Redirected verbose output from stdout to custom writer and added unit tests

* Updated one more occurrence & removed new line from 2 places

---------

Co-authored-by: Akshay Rane <raneaks@amazon.com>

* Addit cargo-audit to CI + bump up clap to 3.0 (#330)

* init commit, bumped up clap to 3.0

* cargo audit for CI

* reverting last commit + changing cargo-audit to not be part of build step, only ran every night

* changing cronjob to run at noon instead of midnight

* fixing error in cronjob scheduling

* Implemented custom reader, increasing test coverage for validate command.  (#334)

* init commit for reader + more unit tests for validate

* init commit for reader + more unit tests for validate

* temp

* temp2

* rebasing

* clippy lints for validate

* more tests for validate

* adding thiserror license to attributions

* removing useless code

* renaming tests

* fix failing test

* fixes as per comments

* attribution update

* moved get_reader fn to utils

* Update CONTRIBUTING.md (#335)

* Clap4 (#336)

* init commit, bumped up clap to 3.0

* cargo audit for CI

* reverting last commit + changing cargo-audit to not be part of build step, only ran every night

* init commit bumping up to clap4

* cleaning some code up

* temp commit

* rebasing + fixing small bug

* cleanup

* adding help messages

* adding more tests for test_command

* more tests for prev engine

* improving code style

* typo

* fixed unecessary match

* cleaning up test command

* fixes as per comments

* fixes as per comments

* fixed failing build

* Added integration tests against aws-guard-rules-registry on Ubuntu (#337)

* Added GitHub action for integration test with rules registry

* Changed branch name for testing

* Changed ref tag

* Changed repo param

* Removed tags temporarily

* Added temp in-place replacement and main branch as ref

* Corrected the sequence of commands

* Added parse-tree integration tests

* Changed dir and limited build to one crate

* Added names to each job

* Added logic to allow capturing of exit codes

* Testing exit code script

* Added if as part of error handling

* Added statements for test command

* Version before changing branch

* Changed branches

* Bug fix for output arg being pulled before we enter command context

* Workaround to skip comments only files

* Added test remote branch back

* Corrected the condition

* Made SKIPPED_RULE_COUNT a variable

* Updated display messages

* Removed tabs

* Updated branches

* Updated code to extract OUTPUT arg from subcommand instead of the app

---------

Co-authored-by: Akshay Rane <raneaks@amazon.com>

* Update check-tags-present.guard (#313)

replaced "is" with "if". 

Also. can you provide more detailed explanation for this guard file

* Adding structured evaluator  (#339)

* init commit for reader + more unit tests for validate

* implemented structured reporter + some small refactorings

* clippy lints

* adding structured reporter for payload code path

* adding test for structured payload

* cleanup

* adding previoius-engine as a conflict with structured

* adding fix for recursive serialization issue

* adding test for structured yaml

* Added deprecated short flag for print-json in parse-tree (#345)

* Added deprecated short flag for print-json in parse-tree

* Formatting changes

* Added docs

---------

Co-authored-by: Akshay Rane <raneaks@amazon.com>

---------

Co-authored-by: Akshay Rane <aks.rane@gmail.com>
Co-authored-by: Akshay Rane <raneaks@amazon.com>
Co-authored-by: swiercek <111157886+swiercek@users.noreply.github.com>
Co-authored-by: Aishwarya4400 <50081627+Aishwarya4400@users.noreply.github.com>

.github/workflows/pr.yml

@@ -2,41 +2,109 @@ name: Rust
 
 on:
   push:
-    branches: [ main ]
+    branches: [ main, development ]
   pull_request:
-    branches: [ main ]
+    branches: [ main, development ]
 
 env:
   CARGO_TERM_COLOR: always
 
 jobs:
   build:
-
+    name: Build all crates & run unit tests
     runs-on: ubuntu-latest
-
     steps:
     - uses: actions/checkout@v2
-    - name: Build
+    - name: Build all crates
       run: cargo build --release --verbose
-    - name: Run tests
+    - name: Run unit tests
       run: cargo test --verbose
 
   shellcheck:
-
+    name: Shellcheck
     runs-on: ubuntu-latest
-
     steps:
     - uses: actions/checkout@v2
     - name: Shellcheck
       run: shellcheck install-guard.sh
 
   formatting:
-    name: cargo fmt
+    name: Formatting check (cargo fmt)
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
       - uses: actions-rust-lang/setup-rust-toolchain@v1
         with:
           components: rustfmt
       - name: Rustfmt Check
-        uses: actions-rust-lang/rustfmt@v1
+        uses: actions-rust-lang/rustfmt@v1
+
+  aws-guard-rules-registry-ubuntu-integration-tests:
+    name: Integration tests against aws-guard-rules-registry on Ubuntu
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        name: Checkout cfn-guard
+        with:
+          path: cloudformation-guard
+      - name: Build binary
+        run: |
+          cd cloudformation-guard/guard/
+          cargo build --release
+      - uses: actions/checkout@v3
+        name: Checkout aws-guard-rules-registry
+        with:
+          repository: aws-cloudformation/aws-guard-rules-registry
+          path: aws-guard-rules-registry
+          ref: main
+      - name: Run integration tests using test command
+        run: |
+          if cloudformation-guard/target/release/cfn-guard test -d aws-guard-rules-registry/rules; then
+              echo "The integration tests for test command have passed."
+          else
+              echo "The integration tests for test command have failed."
+              exit 1
+          fi
+
+      - name: Run integration tests using parse-tree command
+        run: |
+          cd aws-guard-rules-registry/rules
+          
+          FAILED_RULES=()
+          SKIPPED_RULES=()
+          rules=( $(find . -type f -name "*.guard") )
+          
+          for rule in "${rules[@]}"
+          do
+              if [ $(sed -e '/^[ \s]*#.*$/d' $rule |  sed -r '/^\s*$/d' | wc -l) -eq 0 ]; then
+                  SKIPPED_RULES+=("$rule")
+              elif ../../cloudformation-guard/target/release/cfn-guard parse-tree --rules $rule; then
+                  continue
+              else
+                  FAILED_RULES+=("$rule")
+              fi
+          done
+          
+          SKIPPED_RULE_COUNT=${#SKIPPED_RULES[@]}
+          if [ $SKIPPED_RULE_COUNT -gt 0 ]; then
+              echo "The following $SKIPPED_RULE_COUNT rule(s) were skipped because they contained only comments:"
+              for skipped_rule in "${SKIPPED_RULES[@]}"
+              do
+                  echo "$skipped_rule"
+              done
+          fi
+          
+          FAILED_RULE_COUNT=${#FAILED_RULES[@]}
+          
+          if [ $FAILED_RULE_COUNT -gt 0 ]; then
+              echo "The following $FAILED_RULE_COUNT rule(s) have failed the parse-tree integration tests with a non-zero error code:"
+              for failed_rule in "${FAILED_RULES[@]}"
+              do
+                  echo "$failed_rule"
+              done
+              exit 1
+          else
+              echo "All the rules have succeeded the parse-tree integration tests."
+          fi
+          
+          

.github/workflows/security_audit.yml

@@ -0,0 +1,12 @@
+name: Security audit
+on:
+  schedule:
+    - cron: '0 17 * * *'
+jobs:
+  audit:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - uses: actions-rs/audit-check@v1
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}

ATTRIBUTION

@@ -1660,4 +1660,31 @@ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.
+THE SOFTWARE.
+
+--
+dtolnay/thiserror
+
+Permission is hereby granted, free of charge, to any
+person obtaining a copy of this software and associated
+documentation files (the "Software"), to deal in the
+Software without restriction, including without
+limitation the rights to use, copy, modify, merge,
+publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software
+is furnished to do so, subject to the following
+conditions:
+
+The above copyright notice and this permission notice
+shall be included in all copies or substantial portions
+of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF
+ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED
+TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
+PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT
+SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR
+IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.

CONTRIBUTING.md

@@ -23,7 +23,7 @@ reported the issue. Please try to include as much information as you can. Detail
 ## Contributing via Pull Requests
 Contributions via pull requests are much appreciated. Before sending us a pull request, please ensure that:
 
-1. You are working against the latest source on the *master* branch.
+1. You are working against the latest source on the *main* branch.
 2. You check existing open, and recently merged, pull requests to make sure someone else hasn't addressed the problem already.
 3. You open an issue to discuss any significant work - we would hate for your time to be wasted.