feat(sast): add danger rule (#6012)

* add danger rule * const * test no or * let instead of const * no type * test * change to data_flow * warn to fail
bridgecrewio · Feb 8, 2024 · 0712249 · 0712249
1 parent 6b125f4
commit 0712249
Showing 1 changed file with 16 additions and 1 deletion.
diff --git a/dangerfile.ts b/dangerfile.ts
@@ -1,4 +1,4 @@
-const { danger, fail, schedule } = require('danger');
+const { danger, fail, schedule, warn } = require('danger');
 
 const IGNORE_VAR = [
   'key', 's3_key', 's3_file_key', 'local_file_path', 'self.s3_bucket', 'e', 'error', 'str(e)', 'path', 'customer_name',
@@ -86,3 +86,18 @@ async function failIfLoggingLineContainsSensitiveData() {
 }
 
 schedule(failIfLoggingLineContainsSensitiveData);
+
+async function alertPublicInterfaces() {
+    let changedFiles = danger.git.modified_files || [];
+
+    for (const changedFile of changedFiles) {
+        if (changedFile.endsWith("report_types.py")) {
+            fail("You've changed `report_types.py` file, that contains the contract for checkov input and output. Make sure to stay backwards compatible.")
+        }
+        if (changedFile.endsWith("report.py")) {
+            fail("You've changed `report.py` file, that contains the contract for checkov input and output. Make sure to stay backwards compatible.")
+        }
+    }
+}
+
+schedule(alertPublicInterfaces)