From cb2be19ce079b81a07a180aa275d130e7d2778bf Mon Sep 17 00:00:00 2001 From: Pankaj Patil Date: Mon, 17 May 2021 12:41:45 +0530 Subject: [PATCH] Add `module name` in violation summary for terraform scans (#774) * add module name to resource config * add method to get child configs * fix failing tests --- pkg/iac-providers/output/types.go | 15 +- .../terraform/commons/load-dir.go | 41 ++-- .../terraform/commons/load-file.go | 4 + .../v12/testdata/tfjson/config1.json | 10 +- .../tfjson/deep-modules-recursive.json | 4 + .../v12/testdata/tfjson/deep-modules.json | 80 ++++--- .../v12/testdata/tfjson/dummyconfig.json | 4 + .../v12/testdata/tfjson/fullconfig.json | 8 + .../v12/testdata/tfjson/list-vars-test.json | 1 + .../v12/testdata/tfjson/moduleconfigs.json | 13 + .../testdata/tfjson/complex-variables.json | 223 +++++++++--------- .../v14/testdata/tfjson/config1.json | 10 +- .../tfjson/deep-modules-recursive.json | 4 + .../v14/testdata/tfjson/deep-modules.json | 80 ++++--- .../v14/testdata/tfjson/dummyconfig.json | 4 + .../v14/testdata/tfjson/fullconfig.json | 8 + .../v14/testdata/tfjson/moduleconfigs.json | 13 + .../tfjson/recursive-loop-locals.json | 1 + .../tfjson/recursive-loop-variables.json | 31 +-- pkg/policy/opa/engine.go | 1 + pkg/results/types.go | 1 + pkg/writer/human_readable.go | 6 + .../terraform_file_resource_skipping.txt | 14 ++ .../rules_filtering/scan_and_skip_rules.txt | 2 + .../rules_filtering/scan_multiple_rules.txt | 8 + .../rules_filtering/scan_single_rule.txt | 1 + .../rules_filtering/skip_multiple_rules.txt | 1 + .../rules_filtering/skip_single_rule.txt | 8 + .../aws_ami_violation_human.txt | 1 + .../aws_ami_violation_human_verbose.txt | 1 + .../aws_ami_violation_json.txt | 1 + .../aws_ami_violation_json_all.txt | 1 + .../aws_ami_violation_json_recursive.txt | 1 + .../aws_ami_violation_xml.txt | 2 +- .../aws_ami_violation_yaml.txt | 1 + .../aws_db_instance_json.txt | 14 ++ .../aws_db_instance_json_show_passed.txt | 14 ++ .../aws_db_instance_xml.txt | 28 +-- .../aws_db_instance_yaml.txt | 14 ++ .../scanned_with_only_aws_policies.txt | 1 + 40 files changed, 435 insertions(+), 240 deletions(-) diff --git a/pkg/iac-providers/output/types.go b/pkg/iac-providers/output/types.go index 6b55059e8..9dcf08e55 100644 --- a/pkg/iac-providers/output/types.go +++ b/pkg/iac-providers/output/types.go @@ -24,13 +24,14 @@ import ( // ResourceConfig describes a resource present in IaC type ResourceConfig struct { - ID string `json:"id"` - Name string `json:"name"` - Source string `json:"source"` - PlanRoot string `json:"plan_root,omitempty" yaml:"plan_root,omitempty" ` - Line int `json:"line"` - Type string `json:"type"` - Config interface{} `json:"config"` + ID string `json:"id"` + Name string `json:"name"` + ModuleName string `json:"module_name,omitempty" yaml:"module_name,omitempty"` + Source string `json:"source"` + PlanRoot string `json:"plan_root,omitempty" yaml:"plan_root,omitempty" ` + Line int `json:"line"` + Type string `json:"type"` + Config interface{} `json:"config"` // SkipRules will hold the rules to be skipped for the resource. // Each iac provider should append the rules to be skipped for a resource, // while extracting resource from the iac files diff --git a/pkg/iac-providers/terraform/commons/load-dir.go b/pkg/iac-providers/terraform/commons/load-dir.go index 8465beb8b..dec54df0f 100644 --- a/pkg/iac-providers/terraform/commons/load-dir.go +++ b/pkg/iac-providers/terraform/commons/load-dir.go @@ -46,6 +46,7 @@ var ( type ModuleConfig struct { Config *hclConfigs.Config ParentModuleCall *hclConfigs.ModuleCall + Name string } // TerraformDirectoryLoader implements terraform directory loading @@ -136,7 +137,7 @@ func (t TerraformDirectoryLoader) loadDirRecursive(dirList []string) (output.All */ // queue of for BFS, add root module config to it - root := &ModuleConfig{Config: unified.Root} + root := &ModuleConfig{Config: unified.Root, Name: "root"} configsQ := []*ModuleConfig{root} // using BFS traverse through all modules in the unified config tree @@ -160,6 +161,9 @@ func (t TerraformDirectoryLoader) loadDirRecursive(dirList []string) (output.All continue } + // set module name + resourceConfig.ModuleName = current.Name + // resolve references resourceConfig.Config = r.ResolveRefs(resourceConfig.Config.(jsonObj)) @@ -193,13 +197,7 @@ func (t TerraformDirectoryLoader) loadDirRecursive(dirList []string) (output.All } // add all current's children to the queue - for childName, childModule := range current.Config.Children { - childModuleConfig := &ModuleConfig{ - Config: childModule, - ParentModuleCall: current.Config.Module.ModuleCalls[childName], - } - configsQ = append(configsQ, childModuleConfig) - } + configsQ = append(configsQ, current.getChildConfigs()...) } } @@ -253,7 +251,7 @@ func (t TerraformDirectoryLoader) loadDirNonRecursive() (output.AllResourceConfi */ // queue of for BFS, add root module config to it - root := &ModuleConfig{Config: unified.Root} + root := &ModuleConfig{Config: unified.Root, Name: "root"} configsQ := []*ModuleConfig{root} // using BFS traverse through all modules in the unified config tree @@ -276,6 +274,9 @@ func (t TerraformDirectoryLoader) loadDirNonRecursive() (output.AllResourceConfi return allResourcesConfig, multierror.Append(t.errIacLoadDirs, results.DirScanErr{IacType: "terraform", Directory: t.absRootDir, ErrMessage: "failed to create ResourceConfig"}) } + // set module name + resourceConfig.ModuleName = current.Name + // resolve references resourceConfig.Config = r.ResolveRefs(resourceConfig.Config.(jsonObj)) @@ -301,13 +302,7 @@ func (t TerraformDirectoryLoader) loadDirNonRecursive() (output.AllResourceConfi } // add all current's children to the queue - for childName, childModule := range current.Config.Children { - childModuleConfig := &ModuleConfig{ - Config: childModule, - ParentModuleCall: current.Config.Module.ModuleCalls[childName], - } - configsQ = append(configsQ, childModuleConfig) - } + configsQ = append(configsQ, current.getChildConfigs()...) } // successful @@ -389,3 +384,17 @@ func (t TerraformDirectoryLoader) processTerraformRegistrySource(req *hclConfigs return pathToModule, nil } + +// getChildConfigs will get all child configs in a ModuleConfig +func (m *ModuleConfig) getChildConfigs() []*ModuleConfig { + allConfigs := make([]*ModuleConfig, 0) + for childName, childModule := range m.Config.Children { + childModuleConfig := &ModuleConfig{ + Config: childModule, + ParentModuleCall: m.Config.Module.ModuleCalls[childName], + Name: childName, + } + allConfigs = append(allConfigs, childModuleConfig) + } + return allConfigs +} diff --git a/pkg/iac-providers/terraform/commons/load-file.go b/pkg/iac-providers/terraform/commons/load-file.go index 0a43826cc..5bd1b6bbe 100644 --- a/pkg/iac-providers/terraform/commons/load-file.go +++ b/pkg/iac-providers/terraform/commons/load-file.go @@ -58,6 +58,10 @@ func LoadIacFile(absFilePath string) (allResourcesConfig output.AllResourceConfi return allResourcesConfig, fmt.Errorf("failed to create ResourceConfig") } + // set module name + // module name for the file scan will always be root + resourceConfig.ModuleName = "root" + // extract file name from path resourceConfig.Source = getFileName(resourceConfig.Source) diff --git a/pkg/iac-providers/terraform/v12/testdata/tfjson/config1.json b/pkg/iac-providers/terraform/v12/testdata/tfjson/config1.json index 2bdd20087..9642a0cea 100644 --- a/pkg/iac-providers/terraform/v12/testdata/tfjson/config1.json +++ b/pkg/iac-providers/terraform/v12/testdata/tfjson/config1.json @@ -3,6 +3,7 @@ { "id": "aws_instance.instance_playground", "name": "instance_playground", + "module_name": "root", "source": "config1.tf", "line": 77, "type": "aws_instance", @@ -46,6 +47,7 @@ { "id": "aws_internet_gateway.igw_playground", "name": "igw_playground", + "module_name": "root", "source": "config1.tf", "line": 14, "type": "aws_internet_gateway", @@ -62,6 +64,7 @@ { "id": "aws_key_pair.ec2key_playground", "name": "ec2key_playground", + "module_name": "root", "source": "config1.tf", "line": 72, "type": "aws_key_pair", @@ -76,6 +79,7 @@ { "id": "aws_route_table.rtb_public_playground", "name": "rtb_public_playground", + "module_name": "root", "source": "config1.tf", "line": 30, "type": "aws_route_table", @@ -98,6 +102,7 @@ { "id": "aws_route_table_association.rta_subnet_public_playground", "name": "rta_subnet_public_playground", + "module_name": "root", "source": "config1.tf", "line": 41, "type": "aws_route_table_association", @@ -112,6 +117,7 @@ { "id": "aws_security_group.sg_playground", "name": "sg_playground", + "module_name": "root", "source": "config1.tf", "line": 46, "type": "aws_security_group", @@ -157,6 +163,7 @@ { "id": "aws_subnet.subnet_public_playground", "name": "subnet_public_playground", + "module_name": "root", "source": "config1.tf", "line": 21, "type": "aws_subnet", @@ -175,6 +182,7 @@ { "id": "aws_vpc.vpc_playground", "name": "vpc_playground", + "module_name": "root", "source": "config1.tf", "line": 5, "type": "aws_vpc", @@ -189,4 +197,4 @@ "skip_rules": null } ] -} +} \ No newline at end of file diff --git a/pkg/iac-providers/terraform/v12/testdata/tfjson/deep-modules-recursive.json b/pkg/iac-providers/terraform/v12/testdata/tfjson/deep-modules-recursive.json index 33a4e710c..c92eb531c 100644 --- a/pkg/iac-providers/terraform/v12/testdata/tfjson/deep-modules-recursive.json +++ b/pkg/iac-providers/terraform/v12/testdata/tfjson/deep-modules-recursive.json @@ -3,6 +3,7 @@ { "id": "aws_s3_bucket.bucket", "name": "bucket", + "module_name": "m1", "source": "modules/m1/main.tf", "plan_root": "./", "line": 20, @@ -16,6 +17,7 @@ { "id": "aws_s3_bucket.bucket", "name": "bucket", + "module_name": "m4", "source": "modules/m4/main.tf", "plan_root": "./", "line": 11, @@ -29,6 +31,7 @@ { "id": "aws_s3_bucket.bucket4a", "name": "bucket4a", + "module_name": "m4a", "source": "modules/m4/modules/m4a/main.tf", "plan_root": "./", "line": 20, @@ -42,6 +45,7 @@ { "id": "aws_s3_bucket.bucket", "name": "bucket", + "module_name": "root", "source": "modules/m4/main.tf", "plan_root": "modules/m4", "line": 11, diff --git a/pkg/iac-providers/terraform/v12/testdata/tfjson/deep-modules.json b/pkg/iac-providers/terraform/v12/testdata/tfjson/deep-modules.json index 78626e6c5..1094371ab 100644 --- a/pkg/iac-providers/terraform/v12/testdata/tfjson/deep-modules.json +++ b/pkg/iac-providers/terraform/v12/testdata/tfjson/deep-modules.json @@ -1,40 +1,46 @@ { - "aws_s3_bucket": [ - { - "id": "aws_s3_bucket.bucket", - "name": "bucket", - "source": "modules/m1/main.tf", - "plan_root": "./", - "line": 20, - "type": "aws_s3_bucket", - "config": { - "bucket": "${module.m3.fullbucketname}", - "policy": "${module.m2.fullbucketpolicy}" - } + "aws_s3_bucket": [ + { + "id": "aws_s3_bucket.bucket", + "name": "bucket", + "module_name": "m1", + "source": "modules/m1/main.tf", + "plan_root": "./", + "line": 20, + "type": "aws_s3_bucket", + "config": { + "bucket": "${module.m3.fullbucketname}", + "policy": "${module.m2.fullbucketpolicy}" }, - { - "id": "aws_s3_bucket.bucket", - "name": "bucket", - "source": "modules/m4/main.tf", - "plan_root": "./", - "line": 11, - "type": "aws_s3_bucket", - "config": { - "bucket": "tf-test-project-2", - "policy": "${module.m4a.fullbucketpolicy}" - } + "skip_rules": null + }, + { + "id": "aws_s3_bucket.bucket", + "name": "bucket", + "module_name": "m4", + "source": "modules/m4/main.tf", + "plan_root": "./", + "line": 11, + "type": "aws_s3_bucket", + "config": { + "bucket": "tf-test-project-2", + "policy": "${module.m4a.fullbucketpolicy}" }, - { - "id": "aws_s3_bucket.bucket4a", - "name": "bucket4a", - "source": "modules/m4/modules/m4a/main.tf", - "plan_root": "./", - "line": 20, - "type": "aws_s3_bucket", - "config": { - "bucket": "${module.m4c.fullbucketname}", - "policy": "${module.m4b.fullbucketpolicy}" - } - } - ] - } \ No newline at end of file + "skip_rules": null + }, + { + "id": "aws_s3_bucket.bucket4a", + "name": "bucket4a", + "module_name": "m4a", + "source": "modules/m4/modules/m4a/main.tf", + "plan_root": "./", + "line": 20, + "type": "aws_s3_bucket", + "config": { + "bucket": "${module.m4c.fullbucketname}", + "policy": "${module.m4b.fullbucketpolicy}" + }, + "skip_rules": null + } + ] +} \ No newline at end of file diff --git a/pkg/iac-providers/terraform/v12/testdata/tfjson/dummyconfig.json b/pkg/iac-providers/terraform/v12/testdata/tfjson/dummyconfig.json index aa5244a40..abd72fb20 100644 --- a/pkg/iac-providers/terraform/v12/testdata/tfjson/dummyconfig.json +++ b/pkg/iac-providers/terraform/v12/testdata/tfjson/dummyconfig.json @@ -3,6 +3,7 @@ { "id": "terraform_remote_state.remote", "name": "remote", + "module_name": "root", "source": "dummyconfig.tf", "line": 41, "type": "terraform_remote_state", @@ -22,6 +23,7 @@ { "id": "type1.resource1", "name": "resource1", + "module_name": "root", "source": "dummyconfig.tf", "line": 1, "type": "type1", @@ -48,6 +50,7 @@ { "id": "type2.resource2", "name": "resource2", + "module_name": "root", "source": "dummyconfig.tf", "line": 13, "type": "type2", @@ -70,6 +73,7 @@ { "id": "type3.resource3", "name": "resource3", + "module_name": "root", "source": "dummyconfig.tf", "line": 26, "type": "type3", diff --git a/pkg/iac-providers/terraform/v12/testdata/tfjson/fullconfig.json b/pkg/iac-providers/terraform/v12/testdata/tfjson/fullconfig.json index 07d176b78..9c14c2197 100644 --- a/pkg/iac-providers/terraform/v12/testdata/tfjson/fullconfig.json +++ b/pkg/iac-providers/terraform/v12/testdata/tfjson/fullconfig.json @@ -3,6 +3,7 @@ { "id": "aws_instance.instance_playground", "name": "instance_playground", + "module_name": "root", "source": "config1.tf", "plan_root": "./", "line": 77, @@ -47,6 +48,7 @@ { "id": "aws_internet_gateway.igw_playground", "name": "igw_playground", + "module_name": "root", "source": "config1.tf", "plan_root": "./", "line": 14, @@ -64,6 +66,7 @@ { "id": "aws_key_pair.ec2key_playground", "name": "ec2key_playground", + "module_name": "root", "source": "config1.tf", "plan_root": "./", "line": 72, @@ -79,6 +82,7 @@ { "id": "aws_route_table.rtb_public_playground", "name": "rtb_public_playground", + "module_name": "root", "source": "config1.tf", "plan_root": "./", "line": 30, @@ -102,6 +106,7 @@ { "id": "aws_route_table_association.rta_subnet_public_playground", "name": "rta_subnet_public_playground", + "module_name": "root", "source": "config1.tf", "plan_root": "./", "line": 41, @@ -117,6 +122,7 @@ { "id": "aws_security_group.sg_playground", "name": "sg_playground", + "module_name": "root", "source": "config1.tf", "plan_root": "./", "line": 46, @@ -163,6 +169,7 @@ { "id": "aws_subnet.subnet_public_playground", "name": "subnet_public_playground", + "module_name": "root", "source": "config1.tf", "plan_root": "./", "line": 21, @@ -182,6 +189,7 @@ { "id": "aws_vpc.vpc_playground", "name": "vpc_playground", + "module_name": "root", "source": "config1.tf", "plan_root": "./", "line": 5, diff --git a/pkg/iac-providers/terraform/v12/testdata/tfjson/list-vars-test.json b/pkg/iac-providers/terraform/v12/testdata/tfjson/list-vars-test.json index ab2bf764c..eaeb3867e 100644 --- a/pkg/iac-providers/terraform/v12/testdata/tfjson/list-vars-test.json +++ b/pkg/iac-providers/terraform/v12/testdata/tfjson/list-vars-test.json @@ -3,6 +3,7 @@ { "id": "aws_instance.app", "name": "app", + "module_name": "root", "source": "main.tf", "plan_root": "./", "line": 5, diff --git a/pkg/iac-providers/terraform/v12/testdata/tfjson/moduleconfigs.json b/pkg/iac-providers/terraform/v12/testdata/tfjson/moduleconfigs.json index b94df2244..002b441a6 100644 --- a/pkg/iac-providers/terraform/v12/testdata/tfjson/moduleconfigs.json +++ b/pkg/iac-providers/terraform/v12/testdata/tfjson/moduleconfigs.json @@ -3,6 +3,7 @@ { "id": "aws_cloudfront_distribution.s3-distribution-TLS-v1", "name": "s3-distribution-TLS-v1", + "module_name": "cloudfront", "source": "cloudfront/main.tf", "plan_root": "./", "line": 6, @@ -133,6 +134,7 @@ { "id": "aws_cloudtrail.missing-multi-region", "name": "missing-multi-region", + "module_name": "cloudtrail", "source": "cloudtrail/main.tf", "plan_root": "./", "line": 1, @@ -150,6 +152,7 @@ { "id": "aws_ecs_task_definition.instanceNotInVpc", "name": "instanceNotInVpc", + "module_name": "ecs", "source": "ecs/main.tf", "plan_root": "./", "line": 1, @@ -166,6 +169,7 @@ { "id": "aws_efs_file_system.efsNotEncrypted", "name": "efsNotEncrypted", + "module_name": "efs", "source": "efs/main.tf", "plan_root": "./", "line": 1, @@ -183,6 +187,7 @@ { "id": "aws_elasticache_cluster.noMemcachedInElastiCache", "name": "noMemcachedInElastiCache", + "module_name": "elasticcache", "source": "../relative-moduleconfigs/elasticcache/main.tf", "plan_root": "./", "line": 1, @@ -202,6 +207,7 @@ { "id": "aws_guardduty_detector.gaurdDutyDisabled", "name": "gaurdDutyDisabled", + "module_name": "guardduty", "source": "guardduty/main.tf", "plan_root": "./", "line": 1, @@ -216,6 +222,7 @@ { "id": "aws_iam_access_key.noAccessKeyForRootAccount", "name": "noAccessKeyForRootAccount", + "module_name": "iam", "source": "iam/main.tf", "plan_root": "./", "line": 1, @@ -232,6 +239,7 @@ { "id": "aws_kinesis_stream.kinesisEncryptedWithKms", "name": "kinesisEncryptedWithKms", + "module_name": "kinesis", "source": "kinesis/main.tf", "plan_root": "./", "line": 1, @@ -257,6 +265,7 @@ { "id": "aws_kms_key.kmsKeyDisabled", "name": "kmsKeyDisabled", + "module_name": "sub-cloudfront", "source": "cloudfront/sub-cloudfront/main.tf", "plan_root": "./", "line": 1, @@ -276,6 +285,7 @@ { "id": "aws_load_balancer_policy.elbWeakCipher", "name": "elbWeakCipher", + "module_name": "elb", "source": "elb/main.tf", "plan_root": "./", "line": 1, @@ -298,6 +308,7 @@ { "id": "aws_s3_bucket.noS3BucketSseRules", "name": "noS3BucketSseRules", + "module_name": "s3", "source": "s3/main.tf", "plan_root": "./", "line": 1, @@ -317,6 +328,7 @@ { "id": "aws_security_group.acme_web", "name": "acme_web", + "module_name": "sg", "source": "sg/main.tf", "plan_root": "./", "line": 1, @@ -358,6 +370,7 @@ { "id": "aws_sqs_queue.sqsQueueExposed", "name": "sqsQueueExposed", + "module_name": "sqs", "source": "sqs/main.tf", "plan_root": "./", "line": 1, diff --git a/pkg/iac-providers/terraform/v14/testdata/tfjson/complex-variables.json b/pkg/iac-providers/terraform/v14/testdata/tfjson/complex-variables.json index 3450e6c89..51b1ad454 100644 --- a/pkg/iac-providers/terraform/v14/testdata/tfjson/complex-variables.json +++ b/pkg/iac-providers/terraform/v14/testdata/tfjson/complex-variables.json @@ -1,119 +1,120 @@ { - "complex_var_resource": [ - { - "id": "complex_var_resource.complex", - "name": "complex", - "source": "main.tf", - "plan_root": "./", - "line": 1, - "type": "complex_var_resource", - "config": { - "boolList": [ - true, - true, - false, - true, - false - ], - "floatList": [ - 1.01, - 2.02, - 3.03 - ], - "intList": [ + "complex_var_resource": [ + { + "id": "complex_var_resource.complex", + "name": "complex", + "module_name": "root", + "source": "main.tf", + "plan_root": "./", + "line": 1, + "type": "complex_var_resource", + "config": { + "boolList": [ + true, + true, + false, + true, + false + ], + "floatList": [ + 1.01, + 2.02, + 3.03 + ], + "intList": [ + 1, + 2, + 3 + ], + "listTuple": [ + [ + "one", 1, - 2, - 3 + true ], - "listTuple": [ - [ - "one", + [ + "two", + 2, + false + ] + ], + "list_no_type": [ + 1, + 2 + ], + "mapVar": { + "10USD": "1xCPU-2GB", + "20USD": "2xCPU-4GB", + "5USD": "1xCPU-1GB" + }, + "mapVarComplex": { + "first": { + "ID": 1, + "name": "Thor" + }, + "second": { + "ID": 2, + "name": "Antman" + } + }, + "objecVar": { + "address": "pune", + "name": "pankaj" + }, + "objectList": [ + { + "external": 8300, + "internal": 8300, + "protocol": "tcp" + }, + { + "external": 3000, + "internal": 4000, + "protocol": "udp" + } + ], + "objectListComplex": [ + { + "key1": [ 1, - true - ], - [ - "two", 2, - false - ] - ], - "list_no_type": [ - 1, - 2 - ], - "mapVar": { - "10USD": "1xCPU-2GB", - "20USD": "2xCPU-4GB", - "5USD": "1xCPU-1GB" - }, - "mapVarComplex": { - "first": { - "ID": 1, - "name": "Thor" + 3 + ], + "key2": { + "port": 9010 }, - "second": { - "ID": 2, - "name": "Antman" - } - }, - "objecVar": { - "address": "pune", - "name": "pankaj" - }, - "objectList": [ - { - "external": 8300, - "internal": 8300, - "protocol": "tcp" + "key3": { + "name": "hero" }, - { - "external": 3000, - "internal": 4000, - "protocol": "udp" + "key4": { + "first": 11.23, + "second": 50 } - ], - "objectListComplex": [ - { - "key1": [ - 1, - 2, - 3 - ], - "key2": { - "port": 9010 - }, - "key3": { - "name": "hero" - }, - "key4": { - "first": 11.23, - "second": 50 - } - } - ], - "setVar": [ - "first", - "second" - ], - "stringList": [ - "one", - "two", - "three" - ], - "tupleVar": [ - "one", - 1, - true - ], - "tupleVarComplex": [ - 10, - { - "field1": 11, - "field2": 12 - } - ] - }, - "skip_rules": null - } - ] - } \ No newline at end of file + } + ], + "setVar": [ + "first", + "second" + ], + "stringList": [ + "one", + "two", + "three" + ], + "tupleVar": [ + "one", + 1, + true + ], + "tupleVarComplex": [ + 10, + { + "field1": 11, + "field2": 12 + } + ] + }, + "skip_rules": null + } + ] +} \ No newline at end of file diff --git a/pkg/iac-providers/terraform/v14/testdata/tfjson/config1.json b/pkg/iac-providers/terraform/v14/testdata/tfjson/config1.json index 2bdd20087..9642a0cea 100644 --- a/pkg/iac-providers/terraform/v14/testdata/tfjson/config1.json +++ b/pkg/iac-providers/terraform/v14/testdata/tfjson/config1.json @@ -3,6 +3,7 @@ { "id": "aws_instance.instance_playground", "name": "instance_playground", + "module_name": "root", "source": "config1.tf", "line": 77, "type": "aws_instance", @@ -46,6 +47,7 @@ { "id": "aws_internet_gateway.igw_playground", "name": "igw_playground", + "module_name": "root", "source": "config1.tf", "line": 14, "type": "aws_internet_gateway", @@ -62,6 +64,7 @@ { "id": "aws_key_pair.ec2key_playground", "name": "ec2key_playground", + "module_name": "root", "source": "config1.tf", "line": 72, "type": "aws_key_pair", @@ -76,6 +79,7 @@ { "id": "aws_route_table.rtb_public_playground", "name": "rtb_public_playground", + "module_name": "root", "source": "config1.tf", "line": 30, "type": "aws_route_table", @@ -98,6 +102,7 @@ { "id": "aws_route_table_association.rta_subnet_public_playground", "name": "rta_subnet_public_playground", + "module_name": "root", "source": "config1.tf", "line": 41, "type": "aws_route_table_association", @@ -112,6 +117,7 @@ { "id": "aws_security_group.sg_playground", "name": "sg_playground", + "module_name": "root", "source": "config1.tf", "line": 46, "type": "aws_security_group", @@ -157,6 +163,7 @@ { "id": "aws_subnet.subnet_public_playground", "name": "subnet_public_playground", + "module_name": "root", "source": "config1.tf", "line": 21, "type": "aws_subnet", @@ -175,6 +182,7 @@ { "id": "aws_vpc.vpc_playground", "name": "vpc_playground", + "module_name": "root", "source": "config1.tf", "line": 5, "type": "aws_vpc", @@ -189,4 +197,4 @@ "skip_rules": null } ] -} +} \ No newline at end of file diff --git a/pkg/iac-providers/terraform/v14/testdata/tfjson/deep-modules-recursive.json b/pkg/iac-providers/terraform/v14/testdata/tfjson/deep-modules-recursive.json index 33a4e710c..c92eb531c 100644 --- a/pkg/iac-providers/terraform/v14/testdata/tfjson/deep-modules-recursive.json +++ b/pkg/iac-providers/terraform/v14/testdata/tfjson/deep-modules-recursive.json @@ -3,6 +3,7 @@ { "id": "aws_s3_bucket.bucket", "name": "bucket", + "module_name": "m1", "source": "modules/m1/main.tf", "plan_root": "./", "line": 20, @@ -16,6 +17,7 @@ { "id": "aws_s3_bucket.bucket", "name": "bucket", + "module_name": "m4", "source": "modules/m4/main.tf", "plan_root": "./", "line": 11, @@ -29,6 +31,7 @@ { "id": "aws_s3_bucket.bucket4a", "name": "bucket4a", + "module_name": "m4a", "source": "modules/m4/modules/m4a/main.tf", "plan_root": "./", "line": 20, @@ -42,6 +45,7 @@ { "id": "aws_s3_bucket.bucket", "name": "bucket", + "module_name": "root", "source": "modules/m4/main.tf", "plan_root": "modules/m4", "line": 11, diff --git a/pkg/iac-providers/terraform/v14/testdata/tfjson/deep-modules.json b/pkg/iac-providers/terraform/v14/testdata/tfjson/deep-modules.json index 78626e6c5..1094371ab 100644 --- a/pkg/iac-providers/terraform/v14/testdata/tfjson/deep-modules.json +++ b/pkg/iac-providers/terraform/v14/testdata/tfjson/deep-modules.json @@ -1,40 +1,46 @@ { - "aws_s3_bucket": [ - { - "id": "aws_s3_bucket.bucket", - "name": "bucket", - "source": "modules/m1/main.tf", - "plan_root": "./", - "line": 20, - "type": "aws_s3_bucket", - "config": { - "bucket": "${module.m3.fullbucketname}", - "policy": "${module.m2.fullbucketpolicy}" - } + "aws_s3_bucket": [ + { + "id": "aws_s3_bucket.bucket", + "name": "bucket", + "module_name": "m1", + "source": "modules/m1/main.tf", + "plan_root": "./", + "line": 20, + "type": "aws_s3_bucket", + "config": { + "bucket": "${module.m3.fullbucketname}", + "policy": "${module.m2.fullbucketpolicy}" }, - { - "id": "aws_s3_bucket.bucket", - "name": "bucket", - "source": "modules/m4/main.tf", - "plan_root": "./", - "line": 11, - "type": "aws_s3_bucket", - "config": { - "bucket": "tf-test-project-2", - "policy": "${module.m4a.fullbucketpolicy}" - } + "skip_rules": null + }, + { + "id": "aws_s3_bucket.bucket", + "name": "bucket", + "module_name": "m4", + "source": "modules/m4/main.tf", + "plan_root": "./", + "line": 11, + "type": "aws_s3_bucket", + "config": { + "bucket": "tf-test-project-2", + "policy": "${module.m4a.fullbucketpolicy}" }, - { - "id": "aws_s3_bucket.bucket4a", - "name": "bucket4a", - "source": "modules/m4/modules/m4a/main.tf", - "plan_root": "./", - "line": 20, - "type": "aws_s3_bucket", - "config": { - "bucket": "${module.m4c.fullbucketname}", - "policy": "${module.m4b.fullbucketpolicy}" - } - } - ] - } \ No newline at end of file + "skip_rules": null + }, + { + "id": "aws_s3_bucket.bucket4a", + "name": "bucket4a", + "module_name": "m4a", + "source": "modules/m4/modules/m4a/main.tf", + "plan_root": "./", + "line": 20, + "type": "aws_s3_bucket", + "config": { + "bucket": "${module.m4c.fullbucketname}", + "policy": "${module.m4b.fullbucketpolicy}" + }, + "skip_rules": null + } + ] +} \ No newline at end of file diff --git a/pkg/iac-providers/terraform/v14/testdata/tfjson/dummyconfig.json b/pkg/iac-providers/terraform/v14/testdata/tfjson/dummyconfig.json index aa5244a40..abd72fb20 100644 --- a/pkg/iac-providers/terraform/v14/testdata/tfjson/dummyconfig.json +++ b/pkg/iac-providers/terraform/v14/testdata/tfjson/dummyconfig.json @@ -3,6 +3,7 @@ { "id": "terraform_remote_state.remote", "name": "remote", + "module_name": "root", "source": "dummyconfig.tf", "line": 41, "type": "terraform_remote_state", @@ -22,6 +23,7 @@ { "id": "type1.resource1", "name": "resource1", + "module_name": "root", "source": "dummyconfig.tf", "line": 1, "type": "type1", @@ -48,6 +50,7 @@ { "id": "type2.resource2", "name": "resource2", + "module_name": "root", "source": "dummyconfig.tf", "line": 13, "type": "type2", @@ -70,6 +73,7 @@ { "id": "type3.resource3", "name": "resource3", + "module_name": "root", "source": "dummyconfig.tf", "line": 26, "type": "type3", diff --git a/pkg/iac-providers/terraform/v14/testdata/tfjson/fullconfig.json b/pkg/iac-providers/terraform/v14/testdata/tfjson/fullconfig.json index 07d176b78..9c14c2197 100644 --- a/pkg/iac-providers/terraform/v14/testdata/tfjson/fullconfig.json +++ b/pkg/iac-providers/terraform/v14/testdata/tfjson/fullconfig.json @@ -3,6 +3,7 @@ { "id": "aws_instance.instance_playground", "name": "instance_playground", + "module_name": "root", "source": "config1.tf", "plan_root": "./", "line": 77, @@ -47,6 +48,7 @@ { "id": "aws_internet_gateway.igw_playground", "name": "igw_playground", + "module_name": "root", "source": "config1.tf", "plan_root": "./", "line": 14, @@ -64,6 +66,7 @@ { "id": "aws_key_pair.ec2key_playground", "name": "ec2key_playground", + "module_name": "root", "source": "config1.tf", "plan_root": "./", "line": 72, @@ -79,6 +82,7 @@ { "id": "aws_route_table.rtb_public_playground", "name": "rtb_public_playground", + "module_name": "root", "source": "config1.tf", "plan_root": "./", "line": 30, @@ -102,6 +106,7 @@ { "id": "aws_route_table_association.rta_subnet_public_playground", "name": "rta_subnet_public_playground", + "module_name": "root", "source": "config1.tf", "plan_root": "./", "line": 41, @@ -117,6 +122,7 @@ { "id": "aws_security_group.sg_playground", "name": "sg_playground", + "module_name": "root", "source": "config1.tf", "plan_root": "./", "line": 46, @@ -163,6 +169,7 @@ { "id": "aws_subnet.subnet_public_playground", "name": "subnet_public_playground", + "module_name": "root", "source": "config1.tf", "plan_root": "./", "line": 21, @@ -182,6 +189,7 @@ { "id": "aws_vpc.vpc_playground", "name": "vpc_playground", + "module_name": "root", "source": "config1.tf", "plan_root": "./", "line": 5, diff --git a/pkg/iac-providers/terraform/v14/testdata/tfjson/moduleconfigs.json b/pkg/iac-providers/terraform/v14/testdata/tfjson/moduleconfigs.json index b94df2244..002b441a6 100644 --- a/pkg/iac-providers/terraform/v14/testdata/tfjson/moduleconfigs.json +++ b/pkg/iac-providers/terraform/v14/testdata/tfjson/moduleconfigs.json @@ -3,6 +3,7 @@ { "id": "aws_cloudfront_distribution.s3-distribution-TLS-v1", "name": "s3-distribution-TLS-v1", + "module_name": "cloudfront", "source": "cloudfront/main.tf", "plan_root": "./", "line": 6, @@ -133,6 +134,7 @@ { "id": "aws_cloudtrail.missing-multi-region", "name": "missing-multi-region", + "module_name": "cloudtrail", "source": "cloudtrail/main.tf", "plan_root": "./", "line": 1, @@ -150,6 +152,7 @@ { "id": "aws_ecs_task_definition.instanceNotInVpc", "name": "instanceNotInVpc", + "module_name": "ecs", "source": "ecs/main.tf", "plan_root": "./", "line": 1, @@ -166,6 +169,7 @@ { "id": "aws_efs_file_system.efsNotEncrypted", "name": "efsNotEncrypted", + "module_name": "efs", "source": "efs/main.tf", "plan_root": "./", "line": 1, @@ -183,6 +187,7 @@ { "id": "aws_elasticache_cluster.noMemcachedInElastiCache", "name": "noMemcachedInElastiCache", + "module_name": "elasticcache", "source": "../relative-moduleconfigs/elasticcache/main.tf", "plan_root": "./", "line": 1, @@ -202,6 +207,7 @@ { "id": "aws_guardduty_detector.gaurdDutyDisabled", "name": "gaurdDutyDisabled", + "module_name": "guardduty", "source": "guardduty/main.tf", "plan_root": "./", "line": 1, @@ -216,6 +222,7 @@ { "id": "aws_iam_access_key.noAccessKeyForRootAccount", "name": "noAccessKeyForRootAccount", + "module_name": "iam", "source": "iam/main.tf", "plan_root": "./", "line": 1, @@ -232,6 +239,7 @@ { "id": "aws_kinesis_stream.kinesisEncryptedWithKms", "name": "kinesisEncryptedWithKms", + "module_name": "kinesis", "source": "kinesis/main.tf", "plan_root": "./", "line": 1, @@ -257,6 +265,7 @@ { "id": "aws_kms_key.kmsKeyDisabled", "name": "kmsKeyDisabled", + "module_name": "sub-cloudfront", "source": "cloudfront/sub-cloudfront/main.tf", "plan_root": "./", "line": 1, @@ -276,6 +285,7 @@ { "id": "aws_load_balancer_policy.elbWeakCipher", "name": "elbWeakCipher", + "module_name": "elb", "source": "elb/main.tf", "plan_root": "./", "line": 1, @@ -298,6 +308,7 @@ { "id": "aws_s3_bucket.noS3BucketSseRules", "name": "noS3BucketSseRules", + "module_name": "s3", "source": "s3/main.tf", "plan_root": "./", "line": 1, @@ -317,6 +328,7 @@ { "id": "aws_security_group.acme_web", "name": "acme_web", + "module_name": "sg", "source": "sg/main.tf", "plan_root": "./", "line": 1, @@ -358,6 +370,7 @@ { "id": "aws_sqs_queue.sqsQueueExposed", "name": "sqsQueueExposed", + "module_name": "sqs", "source": "sqs/main.tf", "plan_root": "./", "line": 1, diff --git a/pkg/iac-providers/terraform/v14/testdata/tfjson/recursive-loop-locals.json b/pkg/iac-providers/terraform/v14/testdata/tfjson/recursive-loop-locals.json index 43ab81362..19338345f 100644 --- a/pkg/iac-providers/terraform/v14/testdata/tfjson/recursive-loop-locals.json +++ b/pkg/iac-providers/terraform/v14/testdata/tfjson/recursive-loop-locals.json @@ -3,6 +3,7 @@ { "id": "aws_iam_user.lb", "name": "lb", + "module_name": "dummy", "source": "dummy/main.tf", "plan_root": "./", "line": 13, diff --git a/pkg/iac-providers/terraform/v14/testdata/tfjson/recursive-loop-variables.json b/pkg/iac-providers/terraform/v14/testdata/tfjson/recursive-loop-variables.json index e3a3c6d97..9a1b8f284 100644 --- a/pkg/iac-providers/terraform/v14/testdata/tfjson/recursive-loop-variables.json +++ b/pkg/iac-providers/terraform/v14/testdata/tfjson/recursive-loop-variables.json @@ -1,16 +1,17 @@ { - "null_resource": [ - { - "id": "null_resource.example", - "name": "example", - "source": "dummy/main.tf", - "plan_root": "./", - "line": 5, - "type": "null_resource", - "config": { - "container_definitions": "${templatefile(\n ${path.module}/${var.filename},\n {\n foo = \"bar\"\n }\n )}" - }, - "skip_rules": null - } - ] - } \ No newline at end of file + "null_resource": [ + { + "id": "null_resource.example", + "name": "example", + "module_name": "dummy", + "source": "dummy/main.tf", + "plan_root": "./", + "line": 5, + "type": "null_resource", + "config": { + "container_definitions": "${templatefile(\n ${path.module}/${var.filename},\n {\n foo = \"bar\"\n }\n )}" + }, + "skip_rules": null + } + ] +} \ No newline at end of file diff --git a/pkg/policy/opa/engine.go b/pkg/policy/opa/engine.go index 5b7b79727..b780ed2b6 100644 --- a/pkg/policy/opa/engine.go +++ b/pkg/policy/opa/engine.go @@ -296,6 +296,7 @@ func (e *Engine) reportViolation(regoData *RegoData, resource *output.ResourceCo ResourceName: resource.Name, ResourceType: resource.Type, ResourceData: resource.Config, + ModuleName: resource.ModuleName, File: resource.Source, PlanRoot: resource.PlanRoot, LineNumber: resource.Line, diff --git a/pkg/results/types.go b/pkg/results/types.go index b92f8d6db..e90159651 100644 --- a/pkg/results/types.go +++ b/pkg/results/types.go @@ -34,6 +34,7 @@ type Violation struct { ResourceName string `json:"resource_name" yaml:"resource_name" xml:"resource_name,attr"` ResourceType string `json:"resource_type" yaml:"resource_type" xml:"resource_type,attr"` ResourceData interface{} `json:"-" yaml:"-" xml:"-"` + ModuleName string `json:"module_name,omitempty" yaml:"module_name,omitempty" xml:"module_name,attr,omitempty"` File string `json:"file,omitempty" yaml:"file,omitempty" xml:"file,attr,omitempty"` PlanRoot string `json:"plan_root,omitempty" yaml:"plan_root,omitempty" xml:"plan_root,omitempty,attr"` LineNumber int `json:"line,omitempty" yaml:"line,omitempty" xml:"line,attr,omitempty"` diff --git a/pkg/writer/human_readable.go b/pkg/writer/human_readable.go index 7603d09fc..fc5605b32 100644 --- a/pkg/writer/human_readable.go +++ b/pkg/writer/human_readable.go @@ -97,6 +97,12 @@ func defaultViolations(v results.Violation, isSkipped bool) string { part := fmt.Sprintf("%-15v:\t%s\n\t%-15v:\t%s\n\t", "Description", v.Description, "File", v.File) + + if v.ModuleName != "" { + moduleName := fmt.Sprintf("%-15v:\t%s\n\t", "Module Name", v.ModuleName) + part = part + moduleName + } + if v.PlanRoot != "" { planRoot := fmt.Sprintf("%-15v:\t%s\n\t", "Plan Root", v.PlanRoot) part = part + planRoot diff --git a/test/e2e/scan/golden/resource_skipping/terraform_file_resource_skipping.txt b/test/e2e/scan/golden/resource_skipping/terraform_file_resource_skipping.txt index 8da85deb7..e05ea3c46 100644 --- a/test/e2e/scan/golden/resource_skipping/terraform_file_resource_skipping.txt +++ b/test/e2e/scan/golden/resource_skipping/terraform_file_resource_skipping.txt @@ -9,6 +9,7 @@ "category": "Data Security", "resource_name": "PtShGgAdi6", "resource_type": "aws_db_instance", + "module_name": "root", "file": "main.tf", "root_path": "./", "line": 85 @@ -21,6 +22,7 @@ "category": "Data Security", "resource_name": "PtShGgAdi3", "resource_type": "aws_db_instance", + "module_name": "root", "file": "main.tf", "root_path": "./", "line": 39 @@ -33,6 +35,7 @@ "category": "Data Security", "resource_name": "PtShGgAdi1", "resource_type": "aws_db_instance", + "module_name": "root", "file": "main.tf", "root_path": "./", "line": 10 @@ -45,6 +48,7 @@ "category": "Data Security", "resource_name": "PtShGgAdi2", "resource_type": "aws_db_instance", + "module_name": "root", "file": "main.tf", "root_path": "./", "line": 25 @@ -57,6 +61,7 @@ "category": "Data Security", "resource_name": "PtShGgAdi5", "resource_type": "aws_db_instance", + "module_name": "root", "file": "main.tf", "root_path": "./", "line": 71 @@ -69,6 +74,7 @@ "category": "Data Security", "resource_name": "PtShGgAdi3", "resource_type": "aws_db_instance", + "module_name": "root", "file": "main.tf", "root_path": "./", "line": 39 @@ -81,6 +87,7 @@ "category": "Data Security", "resource_name": "PtShGgAdi6", "resource_type": "aws_db_instance", + "module_name": "root", "file": "main.tf", "root_path": "./", "line": 85 @@ -93,6 +100,7 @@ "category": "Data Security", "resource_name": "PtShGgAdi2", "resource_type": "aws_db_instance", + "module_name": "root", "file": "main.tf", "root_path": "./", "line": 25 @@ -105,6 +113,7 @@ "category": "Data Security", "resource_name": "PtShGgAdi3", "resource_type": "aws_db_instance", + "module_name": "root", "file": "main.tf", "root_path": "./", "line": 39 @@ -117,6 +126,7 @@ "category": "Network Security", "resource_name": "PtShGgAdi3", "resource_type": "aws_db_instance", + "module_name": "root", "file": "main.tf", "root_path": "./", "line": 39 @@ -129,6 +139,7 @@ "category": "Data Security", "resource_name": "PtShGgAdi3", "resource_type": "aws_db_instance", + "module_name": "root", "file": "main.tf", "root_path": "./", "line": 39 @@ -144,6 +155,7 @@ "skip_comment": "need to skip this rule", "resource_name": "PtShGgAdi4", "resource_type": "aws_db_instance", + "module_name": "root", "file": "main.tf", "root_path": "./", "line": 55 @@ -157,6 +169,7 @@ "skip_comment": "need to skip this rule", "resource_name": "PtShGgAdi4", "resource_type": "aws_db_instance", + "module_name": "root", "file": "main.tf", "root_path": "./", "line": 55 @@ -170,6 +183,7 @@ "skip_comment": "need to skip this rule", "resource_name": "PtShGgAdi5", "resource_type": "aws_db_instance", + "module_name": "root", "file": "main.tf", "root_path": "./", "line": 71 diff --git a/test/e2e/scan/golden/rules_filtering/scan_and_skip_rules.txt b/test/e2e/scan/golden/rules_filtering/scan_and_skip_rules.txt index a2cf8c564..461fd81c0 100644 --- a/test/e2e/scan/golden/rules_filtering/scan_and_skip_rules.txt +++ b/test/e2e/scan/golden/rules_filtering/scan_and_skip_rules.txt @@ -9,6 +9,7 @@ "category": "Data Security", "resource_name": "PtShGgAdi3", "resource_type": "aws_db_instance", + "module_name": "root", "file": "main.tf", "root_path": "./", "line": 39 @@ -21,6 +22,7 @@ "category": "Network Security", "resource_name": "PtShGgAdi3", "resource_type": "aws_db_instance", + "module_name": "root", "file": "main.tf", "root_path": "./", "line": 39 diff --git a/test/e2e/scan/golden/rules_filtering/scan_multiple_rules.txt b/test/e2e/scan/golden/rules_filtering/scan_multiple_rules.txt index b83dc836b..0a11603dd 100644 --- a/test/e2e/scan/golden/rules_filtering/scan_multiple_rules.txt +++ b/test/e2e/scan/golden/rules_filtering/scan_multiple_rules.txt @@ -9,6 +9,7 @@ "category": "Data Security", "resource_name": "PtShGgAdi3", "resource_type": "aws_db_instance", + "module_name": "root", "file": "main.tf", "root_path": "./", "line": 39 @@ -21,6 +22,7 @@ "category": "Network Security", "resource_name": "PtShGgAdi3", "resource_type": "aws_db_instance", + "module_name": "root", "file": "main.tf", "root_path": "./", "line": 39 @@ -33,6 +35,7 @@ "category": "Data Security", "resource_name": "PtShGgAdi3", "resource_type": "aws_db_instance", + "module_name": "root", "file": "main.tf", "root_path": "./", "line": 39 @@ -45,6 +48,7 @@ "category": "Data Security", "resource_name": "PtShGgAdi2", "resource_type": "aws_db_instance", + "module_name": "root", "file": "main.tf", "root_path": "./", "line": 25 @@ -57,6 +61,7 @@ "category": "Data Security", "resource_name": "PtShGgAdi4", "resource_type": "aws_db_instance", + "module_name": "root", "file": "main.tf", "root_path": "./", "line": 55 @@ -69,6 +74,7 @@ "category": "Data Security", "resource_name": "PtShGgAdi5", "resource_type": "aws_db_instance", + "module_name": "root", "file": "main.tf", "root_path": "./", "line": 69 @@ -81,6 +87,7 @@ "category": "Data Security", "resource_name": "PtShGgAdi6", "resource_type": "aws_db_instance", + "module_name": "root", "file": "main.tf", "root_path": "./", "line": 82 @@ -93,6 +100,7 @@ "category": "Data Security", "resource_name": "PtShGgAdi3", "resource_type": "aws_db_instance", + "module_name": "root", "file": "main.tf", "root_path": "./", "line": 39 diff --git a/test/e2e/scan/golden/rules_filtering/scan_single_rule.txt b/test/e2e/scan/golden/rules_filtering/scan_single_rule.txt index bc9714ea9..cdecf9306 100644 --- a/test/e2e/scan/golden/rules_filtering/scan_single_rule.txt +++ b/test/e2e/scan/golden/rules_filtering/scan_single_rule.txt @@ -9,6 +9,7 @@ "category": "Data Security", "resource_name": "PtShGgAdi3", "resource_type": "aws_db_instance", + "module_name": "root", "file": "main.tf", "root_path": "./", "line": 39 diff --git a/test/e2e/scan/golden/rules_filtering/skip_multiple_rules.txt b/test/e2e/scan/golden/rules_filtering/skip_multiple_rules.txt index 742441bb1..af7e80c57 100644 --- a/test/e2e/scan/golden/rules_filtering/skip_multiple_rules.txt +++ b/test/e2e/scan/golden/rules_filtering/skip_multiple_rules.txt @@ -9,6 +9,7 @@ "category": "Network Security", "resource_name": "PtShGgAdi3", "resource_type": "aws_db_instance", + "module_name": "root", "file": "main.tf", "root_path": "./", "line": 39 diff --git a/test/e2e/scan/golden/rules_filtering/skip_single_rule.txt b/test/e2e/scan/golden/rules_filtering/skip_single_rule.txt index b053f71e4..a847f77da 100644 --- a/test/e2e/scan/golden/rules_filtering/skip_single_rule.txt +++ b/test/e2e/scan/golden/rules_filtering/skip_single_rule.txt @@ -9,6 +9,7 @@ "category": "Data Security", "resource_name": "PtShGgAdi3", "resource_type": "aws_db_instance", + "module_name": "root", "file": "main.tf", "root_path": "./", "line": 39 @@ -21,6 +22,7 @@ "category": "Data Security", "resource_name": "PtShGgAdi6", "resource_type": "aws_db_instance", + "module_name": "root", "file": "main.tf", "root_path": "./", "line": 82 @@ -33,6 +35,7 @@ "category": "Data Security", "resource_name": "PtShGgAdi2", "resource_type": "aws_db_instance", + "module_name": "root", "file": "main.tf", "root_path": "./", "line": 25 @@ -45,6 +48,7 @@ "category": "Data Security", "resource_name": "PtShGgAdi5", "resource_type": "aws_db_instance", + "module_name": "root", "file": "main.tf", "root_path": "./", "line": 69 @@ -57,6 +61,7 @@ "category": "Data Security", "resource_name": "PtShGgAdi3", "resource_type": "aws_db_instance", + "module_name": "root", "file": "main.tf", "root_path": "./", "line": 39 @@ -69,6 +74,7 @@ "category": "Data Security", "resource_name": "PtShGgAdi4", "resource_type": "aws_db_instance", + "module_name": "root", "file": "main.tf", "root_path": "./", "line": 55 @@ -81,6 +87,7 @@ "category": "Data Security", "resource_name": "PtShGgAdi1", "resource_type": "aws_db_instance", + "module_name": "root", "file": "main.tf", "root_path": "./", "line": 10 @@ -93,6 +100,7 @@ "category": "Network Security", "resource_name": "PtShGgAdi3", "resource_type": "aws_db_instance", + "module_name": "root", "file": "main.tf", "root_path": "./", "line": 39 diff --git a/test/e2e/scan/golden/terraform_scans/aws/aws_ami_violations/aws_ami_violation_human.txt b/test/e2e/scan/golden/terraform_scans/aws/aws_ami_violations/aws_ami_violation_human.txt index bfe0192da..955515e99 100644 --- a/test/e2e/scan/golden/terraform_scans/aws/aws_ami_violations/aws_ami_violation_human.txt +++ b/test/e2e/scan/golden/terraform_scans/aws/aws_ami_violations/aws_ami_violation_human.txt @@ -2,6 +2,7 @@ Violation Details - Description : Enable AWS AMI Encryption File : main.tf + Module Name : root Plan Root : ./ Line : 5 Severity : MEDIUM diff --git a/test/e2e/scan/golden/terraform_scans/aws/aws_ami_violations/aws_ami_violation_human_verbose.txt b/test/e2e/scan/golden/terraform_scans/aws/aws_ami_violations/aws_ami_violation_human_verbose.txt index c1313c44a..4560f9240 100644 --- a/test/e2e/scan/golden/terraform_scans/aws/aws_ami_violations/aws_ami_violation_human_verbose.txt +++ b/test/e2e/scan/golden/terraform_scans/aws/aws_ami_violations/aws_ami_violation_human_verbose.txt @@ -2,6 +2,7 @@ Violation Details - Description : Enable AWS AMI Encryption File : main.tf + Module Name : root Plan Root : ./ Line : 5 Severity : MEDIUM diff --git a/test/e2e/scan/golden/terraform_scans/aws/aws_ami_violations/aws_ami_violation_json.txt b/test/e2e/scan/golden/terraform_scans/aws/aws_ami_violations/aws_ami_violation_json.txt index 529907af8..e0ad8f51f 100644 --- a/test/e2e/scan/golden/terraform_scans/aws/aws_ami_violations/aws_ami_violation_json.txt +++ b/test/e2e/scan/golden/terraform_scans/aws/aws_ami_violations/aws_ami_violation_json.txt @@ -9,6 +9,7 @@ "category": "Encryption \u0026 KeyManagement", "resource_name": "awsAmiEncrypted", "resource_type": "aws_ami", + "module_name": "root", "file": "main.tf", "plan_root": "./", "line": 5 diff --git a/test/e2e/scan/golden/terraform_scans/aws/aws_ami_violations/aws_ami_violation_json_all.txt b/test/e2e/scan/golden/terraform_scans/aws/aws_ami_violations/aws_ami_violation_json_all.txt index 9713e8c4b..b341e9b4f 100644 --- a/test/e2e/scan/golden/terraform_scans/aws/aws_ami_violations/aws_ami_violation_json_all.txt +++ b/test/e2e/scan/golden/terraform_scans/aws/aws_ami_violations/aws_ami_violation_json_all.txt @@ -21,6 +21,7 @@ "category": "Encryption \u0026 KeyManagement", "resource_name": "awsAmiEncrypted", "resource_type": "aws_ami", + "module_name": "root", "file": "main.tf", "plan_root": "./", "line": 5 diff --git a/test/e2e/scan/golden/terraform_scans/aws/aws_ami_violations/aws_ami_violation_json_recursive.txt b/test/e2e/scan/golden/terraform_scans/aws/aws_ami_violations/aws_ami_violation_json_recursive.txt index 54b01bd40..4f8e93e56 100644 --- a/test/e2e/scan/golden/terraform_scans/aws/aws_ami_violations/aws_ami_violation_json_recursive.txt +++ b/test/e2e/scan/golden/terraform_scans/aws/aws_ami_violations/aws_ami_violation_json_recursive.txt @@ -21,6 +21,7 @@ "category": "Encryption \u0026 KeyManagement", "resource_name": "awsAmiEncrypted", "resource_type": "aws_ami", + "module_name": "root", "file": "subFolder1/subFolder2/main.tf", "plan_root": "subFolder1/subFolder2", "line": 5 diff --git a/test/e2e/scan/golden/terraform_scans/aws/aws_ami_violations/aws_ami_violation_xml.txt b/test/e2e/scan/golden/terraform_scans/aws/aws_ami_violations/aws_ami_violation_xml.txt index ee7626527..cde9b898f 100644 --- a/test/e2e/scan/golden/terraform_scans/aws/aws_ami_violations/aws_ami_violation_xml.txt +++ b/test/e2e/scan/golden/terraform_scans/aws/aws_ami_violations/aws_ami_violation_xml.txt @@ -2,7 +2,7 @@ - + diff --git a/test/e2e/scan/golden/terraform_scans/aws/aws_ami_violations/aws_ami_violation_yaml.txt b/test/e2e/scan/golden/terraform_scans/aws/aws_ami_violations/aws_ami_violation_yaml.txt index afaa372d3..3c5766729 100644 --- a/test/e2e/scan/golden/terraform_scans/aws/aws_ami_violations/aws_ami_violation_yaml.txt +++ b/test/e2e/scan/golden/terraform_scans/aws/aws_ami_violations/aws_ami_violation_yaml.txt @@ -7,6 +7,7 @@ results: category: Encryption & KeyManagement resource_name: awsAmiEncrypted resource_type: aws_ami + module_name: root file: main.tf plan_root: ./ line: 5 diff --git a/test/e2e/scan/golden/terraform_scans/aws/aws_db_instance_violations/aws_db_instance_json.txt b/test/e2e/scan/golden/terraform_scans/aws/aws_db_instance_violations/aws_db_instance_json.txt index 2c6534c0b..9ace7e031 100644 --- a/test/e2e/scan/golden/terraform_scans/aws/aws_db_instance_violations/aws_db_instance_json.txt +++ b/test/e2e/scan/golden/terraform_scans/aws/aws_db_instance_violations/aws_db_instance_json.txt @@ -9,6 +9,7 @@ "category": "Network Security", "resource_name": "PtShGgAdi3", "resource_type": "aws_db_instance", + "module_name": "root", "file": "main.tf", "root_path": "./", "line": 39 @@ -21,6 +22,7 @@ "category": "Data Security", "resource_name": "PtShGgAdi3", "resource_type": "aws_db_instance", + "module_name": "root", "file": "main.tf", "root_path": "./", "line": 39 @@ -33,6 +35,7 @@ "category": "Data Security", "resource_name": "PtShGgAdi6", "resource_type": "aws_db_instance", + "module_name": "root", "file": "main.tf", "root_path": "./", "line": 82 @@ -45,6 +48,7 @@ "category": "Data Security", "resource_name": "PtShGgAdi4", "resource_type": "aws_db_instance", + "module_name": "root", "file": "main.tf", "root_path": "./", "line": 55 @@ -57,6 +61,7 @@ "category": "Data Security", "resource_name": "PtShGgAdi5", "resource_type": "aws_db_instance", + "module_name": "root", "file": "main.tf", "root_path": "./", "line": 69 @@ -69,6 +74,7 @@ "category": "Data Security", "resource_name": "PtShGgAdi1", "resource_type": "aws_db_instance", + "module_name": "root", "file": "main.tf", "root_path": "./", "line": 10 @@ -81,6 +87,7 @@ "category": "Data Security", "resource_name": "PtShGgAdi2", "resource_type": "aws_db_instance", + "module_name": "root", "file": "main.tf", "root_path": "./", "line": 25 @@ -93,6 +100,7 @@ "category": "Data Security", "resource_name": "PtShGgAdi3", "resource_type": "aws_db_instance", + "module_name": "root", "file": "main.tf", "root_path": "./", "line": 39 @@ -105,6 +113,7 @@ "category": "Data Security", "resource_name": "PtShGgAdi4", "resource_type": "aws_db_instance", + "module_name": "root", "file": "main.tf", "root_path": "./", "line": 55 @@ -117,6 +126,7 @@ "category": "Data Security", "resource_name": "PtShGgAdi5", "resource_type": "aws_db_instance", + "module_name": "root", "file": "main.tf", "root_path": "./", "line": 69 @@ -129,6 +139,7 @@ "category": "Data Security", "resource_name": "PtShGgAdi6", "resource_type": "aws_db_instance", + "module_name": "root", "file": "main.tf", "root_path": "./", "line": 82 @@ -141,6 +152,7 @@ "category": "Data Security", "resource_name": "PtShGgAdi2", "resource_type": "aws_db_instance", + "module_name": "root", "file": "main.tf", "root_path": "./", "line": 25 @@ -153,6 +165,7 @@ "category": "Data Security", "resource_name": "PtShGgAdi3", "resource_type": "aws_db_instance", + "module_name": "root", "file": "main.tf", "root_path": "./", "line": 39 @@ -165,6 +178,7 @@ "category": "Data Security", "resource_name": "PtShGgAdi3", "resource_type": "aws_db_instance", + "module_name": "root", "file": "main.tf", "root_path": "./", "line": 39 diff --git a/test/e2e/scan/golden/terraform_scans/aws/aws_db_instance_violations/aws_db_instance_json_show_passed.txt b/test/e2e/scan/golden/terraform_scans/aws/aws_db_instance_violations/aws_db_instance_json_show_passed.txt index 92ade3e97..b2dd65745 100644 --- a/test/e2e/scan/golden/terraform_scans/aws/aws_db_instance_violations/aws_db_instance_json_show_passed.txt +++ b/test/e2e/scan/golden/terraform_scans/aws/aws_db_instance_violations/aws_db_instance_json_show_passed.txt @@ -32,6 +32,7 @@ "category": "Data Security", "resource_name": "PtShGgAdi6", "resource_type": "aws_db_instance", + "module_name": "root", "file": "main.tf", "root_path": "./", "line": 82 @@ -44,6 +45,7 @@ "category": "Data Security", "resource_name": "PtShGgAdi2", "resource_type": "aws_db_instance", + "module_name": "root", "file": "main.tf", "root_path": "./", "line": 25 @@ -56,6 +58,7 @@ "category": "Data Security", "resource_name": "PtShGgAdi3", "resource_type": "aws_db_instance", + "module_name": "root", "file": "main.tf", "root_path": "./", "line": 39 @@ -68,6 +71,7 @@ "category": "Data Security", "resource_name": "PtShGgAdi1", "resource_type": "aws_db_instance", + "module_name": "root", "file": "main.tf", "root_path": "./", "line": 10 @@ -80,6 +84,7 @@ "category": "Data Security", "resource_name": "PtShGgAdi4", "resource_type": "aws_db_instance", + "module_name": "root", "file": "main.tf", "root_path": "./", "line": 55 @@ -92,6 +97,7 @@ "category": "Data Security", "resource_name": "PtShGgAdi5", "resource_type": "aws_db_instance", + "module_name": "root", "file": "main.tf", "root_path": "./", "line": 69 @@ -104,6 +110,7 @@ "category": "Data Security", "resource_name": "PtShGgAdi2", "resource_type": "aws_db_instance", + "module_name": "root", "file": "main.tf", "root_path": "./", "line": 25 @@ -116,6 +123,7 @@ "category": "Data Security", "resource_name": "PtShGgAdi3", "resource_type": "aws_db_instance", + "module_name": "root", "file": "main.tf", "root_path": "./", "line": 39 @@ -128,6 +136,7 @@ "category": "Data Security", "resource_name": "PtShGgAdi6", "resource_type": "aws_db_instance", + "module_name": "root", "file": "main.tf", "root_path": "./", "line": 82 @@ -140,6 +149,7 @@ "category": "Data Security", "resource_name": "PtShGgAdi4", "resource_type": "aws_db_instance", + "module_name": "root", "file": "main.tf", "root_path": "./", "line": 55 @@ -152,6 +162,7 @@ "category": "Data Security", "resource_name": "PtShGgAdi5", "resource_type": "aws_db_instance", + "module_name": "root", "file": "main.tf", "root_path": "./", "line": 69 @@ -164,6 +175,7 @@ "category": "Data Security", "resource_name": "PtShGgAdi3", "resource_type": "aws_db_instance", + "module_name": "root", "file": "main.tf", "root_path": "./", "line": 39 @@ -176,6 +188,7 @@ "category": "Network Security", "resource_name": "PtShGgAdi3", "resource_type": "aws_db_instance", + "module_name": "root", "file": "main.tf", "root_path": "./", "line": 39 @@ -188,6 +201,7 @@ "category": "Data Security", "resource_name": "PtShGgAdi3", "resource_type": "aws_db_instance", + "module_name": "root", "file": "main.tf", "root_path": "./", "line": 39 diff --git a/test/e2e/scan/golden/terraform_scans/aws/aws_db_instance_violations/aws_db_instance_xml.txt b/test/e2e/scan/golden/terraform_scans/aws/aws_db_instance_violations/aws_db_instance_xml.txt index 244324cde..b41106396 100644 --- a/test/e2e/scan/golden/terraform_scans/aws/aws_db_instance_violations/aws_db_instance_xml.txt +++ b/test/e2e/scan/golden/terraform_scans/aws/aws_db_instance_violations/aws_db_instance_xml.txt @@ -2,20 +2,20 @@ - - - - - - - - - - - - - - + + + + + + + + + + + + + + diff --git a/test/e2e/scan/golden/terraform_scans/aws/aws_db_instance_violations/aws_db_instance_yaml.txt b/test/e2e/scan/golden/terraform_scans/aws/aws_db_instance_violations/aws_db_instance_yaml.txt index 3ec76b582..ad8380207 100644 --- a/test/e2e/scan/golden/terraform_scans/aws/aws_db_instance_violations/aws_db_instance_yaml.txt +++ b/test/e2e/scan/golden/terraform_scans/aws/aws_db_instance_violations/aws_db_instance_yaml.txt @@ -7,6 +7,7 @@ results: category: Network Security resource_name: PtShGgAdi3 resource_type: aws_db_instance + module_name: root file: main.tf root_path: ./ line: 39 @@ -17,6 +18,7 @@ results: category: Data Security resource_name: PtShGgAdi3 resource_type: aws_db_instance + module_name: root file: main.tf root_path: ./ line: 39 @@ -27,6 +29,7 @@ results: category: Data Security resource_name: PtShGgAdi6 resource_type: aws_db_instance + module_name: root file: main.tf root_path: ./ line: 82 @@ -37,6 +40,7 @@ results: category: Data Security resource_name: PtShGgAdi4 resource_type: aws_db_instance + module_name: root file: main.tf root_path: ./ line: 55 @@ -47,6 +51,7 @@ results: category: Data Security resource_name: PtShGgAdi5 resource_type: aws_db_instance + module_name: root file: main.tf root_path: ./ line: 69 @@ -57,6 +62,7 @@ results: category: Data Security resource_name: PtShGgAdi1 resource_type: aws_db_instance + module_name: root file: main.tf root_path: ./ line: 10 @@ -67,6 +73,7 @@ results: category: Data Security resource_name: PtShGgAdi2 resource_type: aws_db_instance + module_name: root file: main.tf root_path: ./ line: 25 @@ -77,6 +84,7 @@ results: category: Data Security resource_name: PtShGgAdi3 resource_type: aws_db_instance + module_name: root file: main.tf root_path: ./ line: 39 @@ -87,6 +95,7 @@ results: category: Data Security resource_name: PtShGgAdi6 resource_type: aws_db_instance + module_name: root file: main.tf root_path: ./ line: 82 @@ -97,6 +106,7 @@ results: category: Data Security resource_name: PtShGgAdi4 resource_type: aws_db_instance + module_name: root file: main.tf root_path: ./ line: 55 @@ -107,6 +117,7 @@ results: category: Data Security resource_name: PtShGgAdi5 resource_type: aws_db_instance + module_name: root file: main.tf root_path: ./ line: 69 @@ -117,6 +128,7 @@ results: category: Data Security resource_name: PtShGgAdi2 resource_type: aws_db_instance + module_name: root file: main.tf root_path: ./ line: 25 @@ -127,6 +139,7 @@ results: category: Data Security resource_name: PtShGgAdi3 resource_type: aws_db_instance + module_name: root file: main.tf root_path: ./ line: 39 @@ -137,6 +150,7 @@ results: category: Data Security resource_name: PtShGgAdi3 resource_type: aws_db_instance + module_name: root file: main.tf root_path: ./ line: 39 diff --git a/test/e2e/scan/golden/terraform_scans/scanned_with_only_aws_policies.txt b/test/e2e/scan/golden/terraform_scans/scanned_with_only_aws_policies.txt index 3b0ef3cc1..4f353515c 100644 --- a/test/e2e/scan/golden/terraform_scans/scanned_with_only_aws_policies.txt +++ b/test/e2e/scan/golden/terraform_scans/scanned_with_only_aws_policies.txt @@ -9,6 +9,7 @@ "category": "Encryption \u0026 KeyManagement", "resource_name": "awsAmiEncrypted", "resource_type": "aws_ami", + "module_name": "root", "file": "main.tf", "plan_root": "./", "line": 5