fix(graph): remove SCA runner v1 - re-enable (#6024)

* remove sca runner v1 * fix lint * fix ut --------- Co-authored-by: adam varsano <avarsano@paloaltonetworks.com>
bridgecrewio · Feb 11, 2024 · 2ec8816 · 2ec8816
1 parent 42a00af
commit 2ec8816
Show file tree

Hide file tree

Showing 35 changed files with 31 additions and 4,980 deletions.
diff --git a/.github/checkov.yaml b/.github/checkov.yaml
@@ -12,7 +12,6 @@ skip-path:
 - tests/common/utils/conftest.py
 - tests/common/utils/test_secrets_utils.py
 - tests/sca_image/conftest.py
-- tests/sca_package/conftest.py
 - tests/sca_package_2/conftest.py
 - tests/secrets
 - tests/terraform/checks/provider

diff --git a/checkov/common/bridgecrew/platform_integration.py b/checkov/common/bridgecrew/platform_integration.py
@@ -40,7 +40,7 @@
 from checkov.common.runners.base_runner import filter_ignored_paths
 from checkov.common.sast.consts import SastLanguages
 from checkov.common.typing import _CicdDetails, LibraryGraph
-from checkov.common.util.consts import PRISMA_PLATFORM, BRIDGECREW_PLATFORM, CHECKOV_RUN_SCA_PACKAGE_SCAN_V2
+from checkov.common.util.consts import PRISMA_PLATFORM, BRIDGECREW_PLATFORM
 from checkov.common.util.data_structures_utils import merge_dicts
 from checkov.common.util.dockerfile import is_dockerfile
 from checkov.common.util.http_utils import (
@@ -519,7 +519,7 @@ def persist_repository(
             for f in files:
                 f_name = os.path.basename(f)
                 _, file_extension = os.path.splitext(f)
-                if CHECKOV_RUN_SCA_PACKAGE_SCAN_V2 and file_extension in SCANNABLE_PACKAGE_FILES:
+                if file_extension in SCANNABLE_PACKAGE_FILES:
                     continue
                 if file_extension in SUPPORTED_FILE_EXTENSIONS or f_name in SUPPORTED_FILES:
                     files_to_persist.append(FileToPersist(f, os.path.relpath(f, root_dir)))
@@ -537,7 +537,7 @@ def persist_repository(
                 filter_ignored_paths(root_path, f_names, excluded_paths)
                 for file_path in f_names:
                     _, file_extension = os.path.splitext(file_path)
-                    if CHECKOV_RUN_SCA_PACKAGE_SCAN_V2 and file_extension in SCANNABLE_PACKAGE_FILES:
+                    if file_extension in SCANNABLE_PACKAGE_FILES:
                         continue
                     full_file_path = os.path.join(root_path, file_path)
                     relative_file_path = os.path.relpath(full_file_path, root_dir)

diff --git a/checkov/common/output/report.py b/checkov/common/output/report.py
@@ -20,14 +20,12 @@
 from checkov.common.typing import _ExitCodeThresholds, _ScaExitCodeThresholds
 from checkov.common.output.record import Record, SCA_PACKAGE_SCAN_CHECK_NAME
 from checkov.common.sast.consts import POLICIES_ERRORS, POLICIES_ERRORS_COUNT, SOURCE_FILES_COUNT, POLICY_COUNT
-from checkov.common.util.consts import PARSE_ERROR_FAIL_FLAG, CHECKOV_RUN_SCA_PACKAGE_SCAN_V2, S3_UPLOAD_DETAILS_MESSAGE
+from checkov.common.util.consts import PARSE_ERROR_FAIL_FLAG, S3_UPLOAD_DETAILS_MESSAGE
 from checkov.common.util.json_utils import CustomJSONEncoder
 from checkov.runner_filter import RunnerFilter
 
 from checkov.sca_package_2.output import create_cli_output as create_sca_package_cli_output_v2
 
-from checkov.sca_package.output import create_cli_output as create_sca_package_cli_output_v1
-
 from checkov.policies_3d.output import create_cli_output as create_3d_policy_cli_output
 
 from checkov.version import version
@@ -311,7 +309,7 @@ def print_console(
         # output for vulnerabilities is different
         if self.check_type in (CheckType.SCA_PACKAGE, CheckType.SCA_IMAGE):
             if self.failed_checks or self.skipped_checks:
-                create_cli_output = create_sca_package_cli_output_v2 if CHECKOV_RUN_SCA_PACKAGE_SCAN_V2 else create_sca_package_cli_output_v1
+                create_cli_output = create_sca_package_cli_output_v2
                 output_data += create_cli_output(self.check_type == CheckType.SCA_PACKAGE, self.failed_checks,
                                                  self.skipped_checks)
 

diff --git a/checkov/common/util/consts.py b/checkov/common/util/consts.py
@@ -26,8 +26,6 @@
 
 MAX_IAC_FILE_SIZE = int(os.getenv('CHECKOV_MAX_IAC_FILE_SIZE', '50_000_000'))  # 50 MB is default limit
 
-CHECKOV_RUN_SCA_PACKAGE_SCAN_V2 = os.getenv('CHECKOV_RUN_SCA_PACKAGE_SCAN_V2', 'true').lower() == 'true'
-
 RESOURCE_ATTRIBUTES_TO_OMIT_UNIVERSAL_MASK = '*'
 
 S3_UPLOAD_DETAILS_MESSAGE = 'An error occurred uploading results to the platform. A details URL is not available for this run. ' \

diff --git a/checkov/common/util/env_vars_config.py b/checkov/common/util/env_vars_config.py
@@ -57,7 +57,6 @@ def __init__(self) -> None:
         self.RENDER_VARIABLES_ASYNC = convert_str_to_bool(os.getenv("RENDER_VARIABLES_ASYNC", False))
         self.RUN_IN_DOCKER = convert_str_to_bool(os.getenv("RUN_IN_DOCKER", False))
         self.REQUEST_MAX_TRIES = force_int(os.getenv("REQUEST_MAX_TRIES", 3))
-        self.RUN_SCA_PACKAGE_SCAN_V2 = convert_str_to_bool(os.getenv("CHECKOV_RUN_SCA_PACKAGE_SCAN_V2", True))
         self.RUN_SECRETS_MULTIPROCESS = convert_str_to_bool(os.getenv("RUN_SECRETS_MULTIPROCESS", False))
         self.SLEEP_BETWEEN_REQUEST_TRIES = force_int(os.getenv("SLEEP_BETWEEN_REQUEST_TRIES", 1))
         self.SLS_FILE_MASK = os.getenv("CKV_SLS_FILE_MASK", "serverless.yml,serverless.yaml").split(",")

diff --git a/checkov/main.py b/checkov/main.py
@@ -55,7 +55,6 @@
 from checkov.common.util import prompt
 from checkov.common.util.banner import banner as checkov_banner, tool as checkov_tool
 from checkov.common.util.config_utils import get_default_config_paths
-from checkov.common.util.consts import CHECKOV_RUN_SCA_PACKAGE_SCAN_V2
 from checkov.common.util.ext_argument_parser import ExtArgumentParser, flatten_csv
 from checkov.common.util.runner_dependency_handler import RunnerDependencyHandler
 from checkov.common.util.type_forcers import convert_str_to_bool
@@ -77,7 +76,6 @@
 from checkov.sast.report import SastData, SastReport
 from checkov.sast.runner import Runner as sast_runner
 from checkov.sca_image.runner import Runner as sca_image_runner
-from checkov.sca_package.runner import Runner as sca_package_runner
 from checkov.sca_package_2.runner import Runner as sca_package_runner_2
 from checkov.secrets.runner import Runner as secrets_runner
 from checkov.serverless.runner import Runner as sls_runner
@@ -122,6 +120,7 @@
     bicep_runner(),
     openapi_runner(),
     sca_image_runner(),
+    sca_package_runner_2(),
     argo_workflows_runner(),
     circleci_pipelines_runner(),
     azure_pipelines_runner(),
@@ -348,11 +347,6 @@ def run(self, banner: str = checkov_banner, tool: str = checkov_tool, source_typ
                 logger.debug('Using --list; setting source to DISABLED')
                 source = SourceTypes[BCSourceType.DISABLED]
 
-            if CHECKOV_RUN_SCA_PACKAGE_SCAN_V2:
-                self.runners.append(sca_package_runner_2())
-            else:
-                self.runners.append(sca_package_runner())
-
             if outer_registry:
                 runner_registry = outer_registry
                 runner_registry.runner_filter = runner_filter

diff --git a/checkov/sca_image/runner.py b/checkov/sca_image/runner.py
@@ -25,7 +25,7 @@
 from checkov.common.util.dockerfile import is_dockerfile
 from checkov.common.util.http_utils import request_wrapper
 from checkov.runner_filter import RunnerFilter
-from checkov.sca_package.runner import Runner as PackageRunner
+from checkov.sca_package_2.runner import Runner as PackageRunner
 
 
 class Runner(PackageRunner):

diff --git a/checkov/sca_package/__init__.py b/checkov/sca_package/__init__.py