From bb1b7bb4c767fa60aac89e8f519b0a40ee36e767 Mon Sep 17 00:00:00 2001 From: Mike Urbanski Date: Sat, 28 May 2022 11:54:30 +0300 Subject: [PATCH] add environment variable to hard fail on parsing errors --- checkov/common/output/report.py | 10 ++++++++-- checkov/common/util/consts.py | 2 ++ tests/common/output/test_get_exit_code.py | 7 +++++++ 3 files changed, 17 insertions(+), 2 deletions(-) diff --git a/checkov/common/output/report.py b/checkov/common/output/report.py index d125145358c..9d04144a829 100644 --- a/checkov/common/output/report.py +++ b/checkov/common/output/report.py @@ -3,6 +3,7 @@ import argparse import json import logging +import os from collections.abc import Iterable from dataclasses import dataclass from typing import List, Dict, Union, Any, Optional, Set, TYPE_CHECKING, cast @@ -16,6 +17,7 @@ from checkov.common.bridgecrew.severities import Severities, BcSeverities from checkov.common.models.enums import CheckResult from checkov.common.output.record import Record +from checkov.common.util.consts import PARSE_ERROR_FAIL_FLAG from checkov.common.util.json_utils import CustomJSONEncoder from checkov.common.util.type_forcers import convert_csv_string_arg_to_list from checkov.runner_filter import RunnerFilter @@ -145,9 +147,13 @@ def get_exit_code( :return: Exit code 0 or 1. """ - logging.debug(f'In get_exit_code; soft_fail: {soft_fail}, soft_fail_on: {soft_fail_on}, hard_fail_on: {hard_fail_on}') + hard_fail_on_parsing_errors = os.getenv(PARSE_ERROR_FAIL_FLAG, "false").lower() == 'true' + logging.debug(f'In get_exit_code; soft_fail: {soft_fail}, soft_fail_on: {soft_fail_on}, hard_fail_on: {hard_fail_on}, hard_fail_on_parsing_errors: {hard_fail_on_parsing_errors}') - if not self.failed_checks or (not soft_fail_on and not hard_fail_on and soft_fail): + if self.parsing_errors and hard_fail_on_parsing_errors: + logging.debug('hard_fail_on_parsing_errors is True and there were parsing errors - returning 1') + return 1 + elif not self.failed_checks or (not soft_fail_on and not hard_fail_on and soft_fail): logging.debug('No failed checks, or soft_fail is True and soft_fail_on and hard_fail_on are empty - returning 0') return 0 elif not soft_fail_on and not hard_fail_on and self.failed_checks: diff --git a/checkov/common/util/consts.py b/checkov/common/util/consts.py index bb855d9ab1d..30be236e41d 100644 --- a/checkov/common/util/consts.py +++ b/checkov/common/util/consts.py @@ -9,3 +9,5 @@ 'Accept': 'application/json', 'Content-Type': 'application/json' } + +PARSE_ERROR_FAIL_FLAG = 'CKV_PARSE_ERROR_FAIL' diff --git a/tests/common/output/test_get_exit_code.py b/tests/common/output/test_get_exit_code.py index 02680ceb83c..f752ad2a115 100644 --- a/tests/common/output/test_get_exit_code.py +++ b/tests/common/output/test_get_exit_code.py @@ -1,9 +1,11 @@ +import os import unittest from checkov.common.bridgecrew.severities import BcSeverities, Severities from checkov.common.models.enums import CheckResult from checkov.common.output.report import Report from checkov.common.output.record import Record +from checkov.common.util.consts import PARSE_ERROR_FAIL_FLAG class TestGetExitCode(unittest.TestCase): @@ -128,6 +130,11 @@ def test_get_exit_code(self): self.assertEqual(combined_test_soft_fail_id_hard_fail_sev, 1) self.assertEqual(combined_test_soft_fail_id_hard_fail_sev_fail, 0) + os.environ[PARSE_ERROR_FAIL_FLAG] = 'true' + r.add_parsing_error('some_file.tf') + self.assertEqual(r.get_exit_code(soft_fail=False, soft_fail_on=None, hard_fail_on=None), 1) + del os.environ[PARSE_ERROR_FAIL_FLAG] + if __name__ == '__main__': unittest.main()