fix: use FormattedPath

snyk · Aug 4, 2022 · 2ebfb71 · 2ebfb71
1 parent 4eee185
commit 2ebfb71
Show file tree

Hide file tree

Showing 9 changed files with 497 additions and 42 deletions.
diff --git a/src/lib/iac/test/v2/json.ts b/src/lib/iac/test/v2/json.ts
@@ -249,13 +249,11 @@ function vulnerabilitiesToIacIssues(
   vulnerabilities: Vulnerability[],
 ): IacIssue[] {
   return vulnerabilities.map((v) => {
-    const msg = formattedPath(v.resource.id, v.resource.path);
-
     return {
       severity: v.severity,
       resolve: v.remediation, // potential needs to be deleted because it is supported only by the old format of our rules
       impact: v.rule.description,
-      msg,
+      msg: v.resource.formattedPath,
       remediation: {
         terraform: v.remediation, // in the future we need to add logic that will add remediation only for the relevant field (based on file type)
       },
@@ -328,27 +326,3 @@ function orgSettingsToIgnoreSettings(
       ignoreSettings?.disregardFilesystemIgnores || false,
   };
 }
-
-function formattedPath(id: string, path?: any[]): string {
-  const parts: string[] = [id];
-
-  if (path) {
-    for (let i = 0; i < path.length; i++) {
-      if (i == 0) {
-        if (typeof path[i] === 'number') {
-          parts.push(`[${path[i]}]`);
-        } else {
-          parts.push(`${path[i]}`);
-        }
-      } else {
-        if (typeof path[i] === 'number') {
-          parts.push(`[${path[i]}]`);
-        } else {
-          parts.push(`.${path[i]}`);
-        }
-      }
-    }
-  }
-
-  return parts.join('');
-}
diff --git a/src/lib/iac/test/v2/scan/results.ts b/src/lib/iac/test/v2/scan/results.ts
@@ -34,6 +34,7 @@ export interface Resource {
   id: string;
   type: string;
   path?: any[];
+  formattedPath: string;
   file?: string;
   kind: string;
   line?: number;

diff --git a/src/lib/iac/test/v2/setup/local-cache/policy-engine/constants/index.ts b/src/lib/iac/test/v2/setup/local-cache/policy-engine/constants/index.ts
@@ -3,7 +3,7 @@ import { formatPolicyEngineFileName, getChecksum } from './utils';
 /**
  * The Policy Engine release version associated with this Snyk CLI version.
  */
-export const policyEngineReleaseVersion = '0.13.1';
+export const policyEngineReleaseVersion = '0.14.0';
 
 /**
  * The Policy Engine executable's file name.

diff --git a/src/lib/iac/test/v2/setup/local-cache/policy-engine/constants/utils.ts b/src/lib/iac/test/v2/setup/local-cache/policy-engine/constants/utils.ts
@@ -19,12 +19,12 @@ export function formatPolicyEngineFileName(releaseVersion: string) {
 }
 
 // this const is not placed in `index.ts` to avoid circular dependencies
-const policyEngineChecksums = `4d238d35a90aba8049e4bf569cdd6c0f563984460353148f8f8a230827845de2  snyk-iac-test_0.13.1_Windows_x86_64.exe
-6a19e64f5a685df8fc4ab388d52d0d493d6229a2e80e6429f23a614dfac9e9d3  snyk-iac-test_0.13.1_Darwin_arm64
-6f1a66a1fb4e075887b9d495694f2062ae53936b4a0fa1c8a7bd9287669ea96c  snyk-iac-test_0.13.1_Darwin_x86_64
-98f476ae50a1fb80cdd666a55dec14a1f2be9ceca9960335a8d122a1004d9fa5  snyk-iac-test_0.13.1_Linux_x86_64
-b4b4023088a4184aa88674ee579e6ce96a9b9674fb9bac7173ff49419109de22  snyk-iac-test_0.13.1_Windows_arm64.exe
-cf5d4d743614473535ff5479fc20fcbec89a614121ddad2c9bad853471ae803c  snyk-iac-test_0.13.1_Linux_arm64
+const policyEngineChecksums = `09503affce0653bd3e1d7f0be729f4e72afef48cda5e7cfb0659ccf4e12f6145  snyk-iac-test_0.14.0_Darwin_arm64
+2d415c7718280180db83786f120c666e82ae686df7f2c3df6410a39216245106  snyk-iac-test_0.14.0_Windows_x86_64.exe
+43286fb25c8f99842c89e906a3791f3668f04d336dad762a349398a8a7e8431b  snyk-iac-test_0.14.0_Linux_x86_64
+7ae1033a948f8868d6643759a3ee46bf076fbd2cf0bd28f6c687a9099dbcde04  snyk-iac-test_0.14.0_Darwin_x86_64
+92913a9d3a48c196f29d361d7f3bb79759f558793c37292fe5dfa671f2f18e39  snyk-iac-test_0.14.0_Linux_arm64
+a228cde202ac394e7b5180a1dcd33bc5d8c7053e4c8bf3584dd0a414ff7acc74  snyk-iac-test_0.14.0_Windows_arm64.exe
 `;
 
 export function getChecksum(policyEngineFileName: string): string {

diff --git a/test/jest/unit/iac/process-results/fixtures/experimental-json-output.json b/test/jest/unit/iac/process-results/fixtures/experimental-json-output.json
diff --git a/...t/unit/iac/process-results/fixtures/input-files-for-json-v2/default_vpc_security_group.tf b/...t/unit/iac/process-results/fixtures/input-files-for-json-v2/default_vpc_security_group.tf
@@ -0,0 +1,21 @@
+resource "aws_vpc" "mainvpc" {
+  cidr_block = "10.1.0.0/16"
+}
+
+resource "aws_default_security_group" "default" {
+  vpc_id = "${aws_vpc.mainvpc.id}"
+
+  ingress {
+    protocol  = -1
+    from_port = 0
+    to_port   = 0
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
diff --git a/test/jest/unit/iac/process-results/fixtures/input-files-for-json-v2/s3_cis.tf b/test/jest/unit/iac/process-results/fixtures/input-files-for-json-v2/s3_cis.tf
@@ -0,0 +1,9 @@
+resource "aws_s3_bucket" "writable" {
+  bucket = "writable"
+  acl = "public-read-write"
+}
+
+resource "aws_s3_bucket" "readable" {
+  bucket = "readable"
+  acl = "public-read"
+}