From bbae8325a69bad148c54bfcab4e2ac9d0728a823 Mon Sep 17 00:00:00 2001 From: Simar Date: Wed, 26 Apr 2023 15:06:43 -0700 Subject: [PATCH] feat(terraform): Support tfvars files during scans Signed-off-by: Simar --- pkg/detection/detect.go | 2 +- pkg/scanners/terraform/parser/load_vars.go | 32 +++---------------- .../terraform/parser/load_vars_test.go | 24 ++++++++++++-- 3 files changed, 26 insertions(+), 32 deletions(-) diff --git a/pkg/detection/detect.go b/pkg/detection/detect.go index 04d9c326b..9df89ff5d 100644 --- a/pkg/detection/detect.go +++ b/pkg/detection/detect.go @@ -74,7 +74,7 @@ func init() { matchers[FileTypeTerraform] = func(name string, _ io.ReadSeeker) bool { ext := filepath.Ext(filepath.Base(name)) - return strings.EqualFold(ext, ".tf") || strings.EqualFold(ext, ".tf.json") + return strings.EqualFold(ext, ".tf") || strings.EqualFold(ext, ".tf.json") || strings.EqualFold(ext, ".tfvars") } matchers[FileTypeTerraformPlan] = func(name string, r io.ReadSeeker) bool { diff --git a/pkg/scanners/terraform/parser/load_vars.go b/pkg/scanners/terraform/parser/load_vars.go index e1009d257..58f67ce93 100644 --- a/pkg/scanners/terraform/parser/load_vars.go +++ b/pkg/scanners/terraform/parser/load_vars.go @@ -5,7 +5,6 @@ import ( "io/fs" "os" "path/filepath" - "runtime" "strings" "github.com/hashicorp/hcl/v2" @@ -14,23 +13,6 @@ import ( "github.com/zclconf/go-cty/cty" ) -func getAbsPath(inputPath string) (string, error) { - p, err := filepath.Abs(inputPath) - if err != nil { - return "", fmt.Errorf("unable to determine path: %w", err) - } - switch runtime.GOOS { - case "windows": - if volume := filepath.VolumeName(p); volume != "" { - p = strings.TrimPrefix(filepath.ToSlash(p), volume+"/") - return filepath.FromSlash(p), nil - } - return strings.TrimPrefix(filepath.Clean(p), fmt.Sprintf("%c", os.PathSeparator)), nil - default: - return strings.TrimPrefix(filepath.Clean(p), fmt.Sprintf("%c", os.PathSeparator)), nil - } -} - func loadTFVars(srcFS fs.FS, filenames []string) (map[string]cty.Value, error) { combinedVars := make(map[string]cty.Value) @@ -67,20 +49,14 @@ func loadTFVarsFile(srcFS fs.FS, filename string) (map[string]cty.Value, error) return inputVars, nil } - absPath, err := getAbsPath(filename) - if err != nil { - return nil, err - } - absPath = filepath.ToSlash(absPath) // in memory fs is only slash based - - src, err := fs.ReadFile(srcFS, absPath) + src, err := fs.ReadFile(srcFS, filepath.ToSlash(filename)) if err != nil { return nil, err } var attrs hcl.Attributes - if strings.HasSuffix(absPath, ".json") { - variableFile, err := hcljson.Parse(src, absPath) + if strings.HasSuffix(filename, ".json") { + variableFile, err := hcljson.Parse(src, filename) if err != nil { return nil, err } @@ -89,7 +65,7 @@ func loadTFVarsFile(srcFS fs.FS, filename string) (map[string]cty.Value, error) return nil, err } } else { - variableFile, err := hclsyntax.ParseConfig(src, absPath, hcl.Pos{Line: 1, Column: 1}) + variableFile, err := hclsyntax.ParseConfig(src, filename, hcl.Pos{Line: 1, Column: 1}) if err != nil { return nil, err } diff --git a/pkg/scanners/terraform/parser/load_vars_test.go b/pkg/scanners/terraform/parser/load_vars_test.go index 24e86fe10..46cac9686 100644 --- a/pkg/scanners/terraform/parser/load_vars_test.go +++ b/pkg/scanners/terraform/parser/load_vars_test.go @@ -3,22 +3,40 @@ package parser import ( "testing" + "github.com/aquasecurity/defsec/test/testutil" + "github.com/zclconf/go-cty/cty" - "github.com/aquasecurity/defsec/pkg/extrafs" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) func Test_TFVarsFile(t *testing.T) { t.Run("tfvars file", func(t *testing.T) { - vars, err := loadTFVars(extrafs.OSDir("/"), []string{"testdata/tfvars/terraform.tfvars"}) + fs := testutil.CreateFS(t, map[string]string{ + "test.tfvars": `instance_type = "t2.large"`, + }) + + vars, err := loadTFVars(fs, []string{"test.tfvars"}) require.NoError(t, err) assert.Equal(t, "t2.large", vars["instance_type"].AsString()) }) t.Run("tfvars json file", func(t *testing.T) { - vars, err := loadTFVars(extrafs.OSDir("/"), []string{"testdata/tfvars/terraform.tfvars.json"}) + fs := testutil.CreateFS(t, map[string]string{ + "test.tfvars.json": `{ + "variable": { + "foo": { + "default": "bar" + }, + "baz": "qux" + }, + "foo2": true, + "foo3": 3 +}`, + }) + + vars, err := loadTFVars(fs, []string{"test.tfvars.json"}) require.NoError(t, err) assert.Equal(t, "bar", vars["variable"].GetAttr("foo").GetAttr("default").AsString()) assert.Equal(t, "qux", vars["variable"].GetAttr("baz").AsString())