From 520f4ea406ec0292bc3005782bd61677ebe15bef Mon Sep 17 00:00:00 2001 From: Devang Date: Fri, 2 Jul 2021 01:23:13 +0530 Subject: [PATCH 1/3] add --github flag for github suited sarif output --- go.mod | 3 +- go.sum | 2 + pkg/cli/root.go | 2 +- pkg/cli/run.go | 15 ++++++++ pkg/cli/scan.go | 1 + pkg/writer/sarif.go | 30 +++++++++------ pkg/writer/sarif_test.go | 79 ++++++++++++++++++++++++++++++++++++++-- 7 files changed, 115 insertions(+), 17 deletions(-) diff --git a/go.mod b/go.mod index e0a9b44ef..6e6abcd3e 100644 --- a/go.mod +++ b/go.mod @@ -12,6 +12,7 @@ require ( github.com/VerbalExpressions/GoVerbalExpressions v0.0.0-20200410162751-4d76a1099a6e github.com/awslabs/goformation/v4 v4.19.1 github.com/ghodss/yaml v1.0.0 + github.com/go-errors/errors v1.0.1 github.com/google/uuid v1.2.0 github.com/gorilla/handlers v1.5.1 github.com/gorilla/mux v1.8.0 @@ -39,7 +40,7 @@ require ( github.com/stretchr/testify v1.7.0 github.com/zclconf/go-cty v1.8.2 go.uber.org/zap v1.16.0 - golang.org/x/sys v0.0.0-20210616094352-59db8d763f22 + golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c golang.org/x/tools v0.1.4 // indirect gopkg.in/src-d/go-git.v4 v4.13.1 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b diff --git a/go.sum b/go.sum index a17b4794a..918fb9543 100644 --- a/go.sum +++ b/go.sum @@ -1188,6 +1188,8 @@ golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210616094352-59db8d763f22 h1:RqytpXGR1iVNX7psjB3ff8y7sNFinVFvkx1c8SjBkio= golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c h1:F1jZWGFhYfh0Ci55sIpILtKKK8p3i2/krTr0H1rg74I= +golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= diff --git a/pkg/cli/root.go b/pkg/cli/root.go index 3d4247b26..ebce9eeef 100644 --- a/pkg/cli/root.go +++ b/pkg/cli/root.go @@ -27,7 +27,7 @@ var ( // LogType Logging output type (console, json) LogType string - // OutputType Violation output type (human, json, yaml, xml) + // OutputType Violation output type (human, json, yaml, xml, sarif) OutputType string // ConfigFile Config file path diff --git a/pkg/cli/run.go b/pkg/cli/run.go index bc04b03a0..f7b6fcbdc 100644 --- a/pkg/cli/run.go +++ b/pkg/cli/run.go @@ -33,6 +33,7 @@ import ( const ( humanOutputFormat = "human" + sarifOutputFormat = "sarif" ) // ScanOptions represents scan command and its optional flags @@ -95,6 +96,9 @@ type ScanOptions struct { // nonRecursive enables recursive scan for the terraform iac provider nonRecursive bool + + // sarifForGithub enables sarif output suited for github code scanning alert format + sarifForGithub bool } // NewScanOptions returns a new pointer to ScanOptions @@ -135,6 +139,14 @@ func (s ScanOptions) validate() error { if s.configOnly && strings.EqualFold(s.outputType, humanOutputFormat) { return errors.New("please use yaml or json output format when using --config-only flag") } + + // only sarif output supports --github flag + // if --github flag is set, then exit with an error + // asking the user to use sarif output format + if s.sarifForGithub && !strings.EqualFold(s.outputType, sarifOutputFormat) { + return errors.New("please use sarif output format when using --github flag") + } + return nil } @@ -235,6 +247,9 @@ func (s ScanOptions) writeResults(results runtime.Output) error { outputWriter := NewOutputWriter(s.UseColors) + if s.sarifForGithub { + writer.SarifForGithub = true + } if s.configOnly { return writer.Write(s.outputType, results.ResourceConfig, outputWriter) } diff --git a/pkg/cli/scan.go b/pkg/cli/scan.go index 70fb5edd5..0ba6aba48 100644 --- a/pkg/cli/scan.go +++ b/pkg/cli/scan.go @@ -69,5 +69,6 @@ func init() { scanCmd.Flags().StringSliceVarP(&scanOptions.categories, "categories", "", []string{}, "list of categories of violations to be reported by terrascan (example: --categories=\"category1,category2\")") scanCmd.Flags().BoolVarP(&scanOptions.showPassedRules, "show-passed", "", false, "display passed rules, along with violations") scanCmd.Flags().BoolVarP(&scanOptions.nonRecursive, "non-recursive", "", false, "do not scan directories and modules recursively") + scanCmd.Flags().BoolVarP(&scanOptions.sarifForGithub, "github", "", false, "arrange sarif output to suit github codescanning alert format") RegisterCommand(rootCmd, scanCmd) } diff --git a/pkg/writer/sarif.go b/pkg/writer/sarif.go index d25bad505..cd8fe495f 100644 --- a/pkg/writer/sarif.go +++ b/pkg/writer/sarif.go @@ -21,6 +21,7 @@ import ( "github.com/accurics/terrascan/pkg/policy" "github.com/accurics/terrascan/pkg/utils" "github.com/accurics/terrascan/pkg/version" + "github.com/go-errors/errors" "github.com/owenrumney/go-sarif/sarif" "go.uber.org/zap" "io" @@ -32,6 +33,9 @@ const ( sarifFormat supportedFormat = "sarif" ) +// SarifForGithub is a flag to know Sarif has to be generated for Github usage format or the generic default format +var SarifForGithub = false + func init() { RegisterWriter(sarifFormat, SarifWriter) } @@ -46,7 +50,6 @@ func SarifWriter(data interface{}, writer io.Writer) error { run := sarif.NewRun("terrascan", "https://github.com/accurics/terrascan") run.Tool.Driver.WithVersion(version.GetNumeric()) - // add a run to the report report.AddRun(run) @@ -55,7 +58,7 @@ func SarifWriter(data interface{}, writer io.Writer) error { m["category"] = passedRule.Category m["severity"] = passedRule.Severity - run.AddRule(string(passedRule.RuleID)). + run.AddRule(passedRule.RuleID). WithDescription(passedRule.Description).WithName(passedRule.RuleName).WithProperties(m) } @@ -65,19 +68,24 @@ func SarifWriter(data interface{}, writer io.Writer) error { m["category"] = violation.Category m["severity"] = violation.Severity - rule := run.AddRule(string(violation.RuleID)). + rule := run.AddRule(violation.RuleID). WithDescription(violation.Description).WithName(violation.RuleName).WithProperties(m) - absFilePath, err := getAbsoluteFilePath(outputData.Summary.ResourcePath, violation.File) - - if err != nil { - return err + var artifactLocation *sarif.ArtifactLocation + + if SarifForGithub { + artifactLocation = sarif.NewSimpleArtifactLocation(violation.File). + WithUriBaseId(outputData.Summary.ResourcePath) + } else { + absFilePath, err := getAbsoluteFilePath(outputData.Summary.ResourcePath, violation.File) + if err != nil { + return errors.Errorf("unable to create absolute path, error: %v", err) + } + artifactLocation = sarif.NewSimpleArtifactLocation(fmt.Sprintf("file://%s", absFilePath)) } - location := sarif.NewLocation(). - WithPhysicalLocation(sarif.NewPhysicalLocation(). - WithArtifactLocation(sarif.NewSimpleArtifactLocation(fmt.Sprintf("file://%s", absFilePath))). - WithRegion(sarif.NewRegion().WithStartLine(violation.LineNumber))) + location := sarif.NewLocation().WithPhysicalLocation(sarif.NewPhysicalLocation(). + WithArtifactLocation(artifactLocation).WithRegion(sarif.NewRegion().WithStartLine(violation.LineNumber))) if len(violation.ResourceType) > 0 && len(violation.ResourceName) > 0 { location.LogicalLocations = append(location.LogicalLocations, sarif.NewLogicalLocation(). diff --git a/pkg/writer/sarif_test.go b/pkg/writer/sarif_test.go index 93a99970d..3be41fe40 100644 --- a/pkg/writer/sarif_test.go +++ b/pkg/writer/sarif_test.go @@ -12,9 +12,11 @@ import ( "github.com/accurics/terrascan/pkg/version" ) -var testpath, _ = getAbsoluteFilePath(violationsInput.Summary.ResourcePath, violationsInput.Violations[0].File) +var abstestpath, _ = getAbsoluteFilePath(violationsInput.Summary.ResourcePath, violationsInput.Violations[0].File) +var testpath = fmt.Sprintf("file://%s", abstestpath) +var testpathForGH = violationsInput.Violations[0].File -var expectedSarifOutput1 = fmt.Sprintf(`{ +const violationTemplate = `{ "version": "2.1.0", "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json", "runs": [ @@ -68,7 +70,67 @@ var expectedSarifOutput1 = fmt.Sprintf(`{ ] } ] - }`, version.GetNumeric(), fmt.Sprintf("file://%s", testpath)) + }` + +const violationTemplateForGH = `{ + "version": "2.1.0", + "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json", + "runs": [ + { + "tool": { + "driver": { + "name": "terrascan", + "version": "%s", + "informationUri": "https://github.com/accurics/terrascan", + "rules": [ + { + "id": "AWS.S3Bucket.DS.High.1043", + "name": "s3EnforceUserACL", + "shortDescription": { + "text": "S3 bucket Access is allowed to all AWS Account Users." + }, + "properties": { + "category": "S3", + "severity": "HIGH" + } + } + ] + } + }, + "results": [ + { + "ruleId": "AWS.S3Bucket.DS.High.1043", + "level": "error", + "message": { + "text": "S3 bucket Access is allowed to all AWS Account Users." + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "%s", + "uriBaseId": "test" + }, + "region": { + "startLine": 20 + } + }, + "logicalLocations": [ + { + "name": "bucket", + "kind": "aws_s3_bucket" + } + ] + } + ] + } + ] + } + ] + }` + +var expectedSarifOutput1 = fmt.Sprintf(violationTemplate, version.GetNumeric(), testpath) +var expectedSarifOutput1GH = fmt.Sprintf(violationTemplateForGH, version.GetNumeric(), testpathForGH) var expectedSarifOutput2 = fmt.Sprintf(`{ "version": "2.1.0", @@ -125,12 +187,19 @@ func TestSarifWriter(t *testing.T) { input funcInput expectedError bool expectedOutput string + forGithub bool }{ { - name: "Human Readable Writer: Violations", + name: "Sarif Writer: Violations", input: violationsInput, expectedOutput: expectedSarifOutput1, }, + { + name: "Sarif Writer for Github: Violations", + input: violationsInput, + expectedOutput: expectedSarifOutput1GH, + forGithub: true, + }, { name: "Human Readable Writer: No Violations", input: policy.EngineOutput{ @@ -150,9 +219,11 @@ func TestSarifWriter(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { writer := &bytes.Buffer{} + SarifForGithub = tt.forGithub if err := SarifWriter(tt.input, writer); (err != nil) != tt.expectedError { t.Errorf("HumanReadbleWriter() error = gotErr: %v, wantErr: %v", err, tt.expectedError) } + SarifForGithub = false outputBytes := writer.Bytes() gotOutput := string(bytes.TrimSpace(outputBytes)) From 1922958e329b3b6ae98152729bdf2c9db6adaa44 Mon Sep 17 00:00:00 2001 From: Devang Date: Fri, 2 Jul 2021 18:05:11 +0530 Subject: [PATCH 2/3] fixed golden file for scan -h --- test/e2e/help/golden/help_scan.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/test/e2e/help/golden/help_scan.txt b/test/e2e/help/golden/help_scan.txt index a789624df..2b0be6bff 100644 --- a/test/e2e/help/golden/help_scan.txt +++ b/test/e2e/help/golden/help_scan.txt @@ -8,6 +8,7 @@ Usage: Flags: --categories strings list of categories of violations to be reported by terrascan (example: --categories="category1,category2") --config-only will output resource config (should only be used for debugging purposes) + --github arrange sarif output to suit github codescanning alert format -h, --help help for scan -d, --iac-dir string path to a directory containing one or more IaC files (default ".") -f, --iac-file string path to a single IaC file From 8071a464446ecc25765041b6da7454abf4a44a5c Mon Sep 17 00:00:00 2001 From: Devang Date: Sun, 11 Jul 2021 03:20:43 +0530 Subject: [PATCH 3/3] changed to using github-sarif writer than --github flag --- pkg/cli/register.go | 2 +- pkg/cli/run.go | 13 --- pkg/cli/scan.go | 1 - pkg/writer/github_sarif.go | 34 ++++++ pkg/writer/github_sarif_test.go | 101 ++++++++++++++++++ pkg/writer/sarif.go | 9 +- pkg/writer/sarif_test.go | 67 ------------ test/e2e/help/golden/help_command.txt | 2 +- test/e2e/help/golden/help_flag.txt | 2 +- test/e2e/help/golden/help_init.txt | 2 +- test/e2e/help/golden/help_scan.txt | 3 +- test/e2e/help/golden/help_server.txt | 2 +- .../help/golden/help_unsupported_command.txt | 2 +- test/e2e/help/golden/help_version.txt | 2 +- test/e2e/help/golden/no_command.txt | 2 +- test/e2e/help/help_test.go | 6 +- 16 files changed, 152 insertions(+), 98 deletions(-) create mode 100644 pkg/writer/github_sarif.go create mode 100644 pkg/writer/github_sarif_test.go diff --git a/pkg/cli/register.go b/pkg/cli/register.go index 8c9724cac..e2eab5268 100644 --- a/pkg/cli/register.go +++ b/pkg/cli/register.go @@ -37,7 +37,7 @@ func RegisterCommand(baseCommand *cobra.Command, command *cobra.Command) { func Execute() { rootCmd.PersistentFlags().StringVarP(&LogLevel, "log-level", "l", "info", "log level (debug, info, warn, error, panic, fatal)") rootCmd.PersistentFlags().StringVarP(&LogType, "log-type", "x", "console", "log output type (console, json)") - rootCmd.PersistentFlags().StringVarP(&OutputType, "output", "o", "human", "output type (human, json, yaml, xml, junit-xml, sarif)") + rootCmd.PersistentFlags().StringVarP(&OutputType, "output", "o", "human", "output type (human, json, yaml, xml, junit-xml, sarif, github-sarif)") rootCmd.PersistentFlags().StringVarP(&ConfigFile, "config-path", "c", "", "config file path") // Function to execute before processing commands diff --git a/pkg/cli/run.go b/pkg/cli/run.go index f7b6fcbdc..951ab0e0f 100644 --- a/pkg/cli/run.go +++ b/pkg/cli/run.go @@ -96,9 +96,6 @@ type ScanOptions struct { // nonRecursive enables recursive scan for the terraform iac provider nonRecursive bool - - // sarifForGithub enables sarif output suited for github code scanning alert format - sarifForGithub bool } // NewScanOptions returns a new pointer to ScanOptions @@ -140,13 +137,6 @@ func (s ScanOptions) validate() error { return errors.New("please use yaml or json output format when using --config-only flag") } - // only sarif output supports --github flag - // if --github flag is set, then exit with an error - // asking the user to use sarif output format - if s.sarifForGithub && !strings.EqualFold(s.outputType, sarifOutputFormat) { - return errors.New("please use sarif output format when using --github flag") - } - return nil } @@ -247,9 +237,6 @@ func (s ScanOptions) writeResults(results runtime.Output) error { outputWriter := NewOutputWriter(s.UseColors) - if s.sarifForGithub { - writer.SarifForGithub = true - } if s.configOnly { return writer.Write(s.outputType, results.ResourceConfig, outputWriter) } diff --git a/pkg/cli/scan.go b/pkg/cli/scan.go index 0ba6aba48..70fb5edd5 100644 --- a/pkg/cli/scan.go +++ b/pkg/cli/scan.go @@ -69,6 +69,5 @@ func init() { scanCmd.Flags().StringSliceVarP(&scanOptions.categories, "categories", "", []string{}, "list of categories of violations to be reported by terrascan (example: --categories=\"category1,category2\")") scanCmd.Flags().BoolVarP(&scanOptions.showPassedRules, "show-passed", "", false, "display passed rules, along with violations") scanCmd.Flags().BoolVarP(&scanOptions.nonRecursive, "non-recursive", "", false, "do not scan directories and modules recursively") - scanCmd.Flags().BoolVarP(&scanOptions.sarifForGithub, "github", "", false, "arrange sarif output to suit github codescanning alert format") RegisterCommand(rootCmd, scanCmd) } diff --git a/pkg/writer/github_sarif.go b/pkg/writer/github_sarif.go new file mode 100644 index 000000000..5134252a6 --- /dev/null +++ b/pkg/writer/github_sarif.go @@ -0,0 +1,34 @@ +/* + Copyright (C) 2020 Accurics, Inc. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package writer + +import ( + "io" +) + +const ( + githubSarifFormat supportedFormat = "github-sarif" +) + +func init() { + RegisterWriter(githubSarifFormat, GithubSarifWriter) +} + +// GithubSarifWriter writes sarif formatted violation results report that are well suited for github codescanning alerts display +func GithubSarifWriter(data interface{}, writer io.Writer) error { + return writeSarif(data, writer, true) +} diff --git a/pkg/writer/github_sarif_test.go b/pkg/writer/github_sarif_test.go new file mode 100644 index 000000000..c8017876c --- /dev/null +++ b/pkg/writer/github_sarif_test.go @@ -0,0 +1,101 @@ +package writer + +import ( + "bytes" + "fmt" + "github.com/accurics/terrascan/pkg/utils" + "github.com/accurics/terrascan/pkg/version" + "strings" + "testing" +) + +const violationTemplateForGH = `{ + "version": "2.1.0", + "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json", + "runs": [ + { + "tool": { + "driver": { + "name": "terrascan", + "version": "%s", + "informationUri": "https://github.com/accurics/terrascan", + "rules": [ + { + "id": "AWS.S3Bucket.DS.High.1043", + "name": "s3EnforceUserACL", + "shortDescription": { + "text": "S3 bucket Access is allowed to all AWS Account Users." + }, + "properties": { + "category": "S3", + "severity": "HIGH" + } + } + ] + } + }, + "results": [ + { + "ruleId": "AWS.S3Bucket.DS.High.1043", + "level": "error", + "message": { + "text": "S3 bucket Access is allowed to all AWS Account Users." + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "%s", + "uriBaseId": "test" + }, + "region": { + "startLine": 20 + } + }, + "logicalLocations": [ + { + "name": "bucket", + "kind": "aws_s3_bucket" + } + ] + } + ] + } + ] + } + ] + }` + +var expectedSarifViolationOutputGH = fmt.Sprintf(violationTemplateForGH, version.GetNumeric(), testpathForGH) + +func TestGithubSarifWriter(t *testing.T) { + + type funcInput interface{} + tests := []struct { + name string + input funcInput + expectedError bool + expectedOutput string + }{ + { + name: "Sarif Writer for Github: Violations", + input: violationsInput, + expectedOutput: expectedSarifViolationOutputGH, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + writer := &bytes.Buffer{} + if err := GithubSarifWriter(tt.input, writer); (err != nil) != tt.expectedError { + t.Errorf("HumanReadbleWriter() error = gotErr: %v, wantErr: %v", err, tt.expectedError) + } + outputBytes := writer.Bytes() + gotOutput := string(bytes.TrimSpace(outputBytes)) + + if equal, _ := utils.AreEqualJSON(strings.TrimSpace(gotOutput), strings.TrimSpace(tt.expectedOutput)); !equal { + t.Errorf("HumanReadbleWriter() = got: %v, want: %v", gotOutput, tt.expectedOutput) + } + }) + } +} diff --git a/pkg/writer/sarif.go b/pkg/writer/sarif.go index cd8fe495f..3fd1b0b31 100644 --- a/pkg/writer/sarif.go +++ b/pkg/writer/sarif.go @@ -33,15 +33,16 @@ const ( sarifFormat supportedFormat = "sarif" ) -// SarifForGithub is a flag to know Sarif has to be generated for Github usage format or the generic default format -var SarifForGithub = false - func init() { RegisterWriter(sarifFormat, SarifWriter) } // SarifWriter writes sarif formatted violation results report func SarifWriter(data interface{}, writer io.Writer) error { + return writeSarif(data, writer, false) +} + +func writeSarif(data interface{}, writer io.Writer, forGithub bool) error { outputData := data.(policy.EngineOutput) report, err := sarif.New(sarif.Version210) if err != nil { @@ -73,7 +74,7 @@ func SarifWriter(data interface{}, writer io.Writer) error { var artifactLocation *sarif.ArtifactLocation - if SarifForGithub { + if forGithub { artifactLocation = sarif.NewSimpleArtifactLocation(violation.File). WithUriBaseId(outputData.Summary.ResourcePath) } else { diff --git a/pkg/writer/sarif_test.go b/pkg/writer/sarif_test.go index 3be41fe40..1552d39e3 100644 --- a/pkg/writer/sarif_test.go +++ b/pkg/writer/sarif_test.go @@ -72,65 +72,7 @@ const violationTemplate = `{ ] }` -const violationTemplateForGH = `{ - "version": "2.1.0", - "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json", - "runs": [ - { - "tool": { - "driver": { - "name": "terrascan", - "version": "%s", - "informationUri": "https://github.com/accurics/terrascan", - "rules": [ - { - "id": "AWS.S3Bucket.DS.High.1043", - "name": "s3EnforceUserACL", - "shortDescription": { - "text": "S3 bucket Access is allowed to all AWS Account Users." - }, - "properties": { - "category": "S3", - "severity": "HIGH" - } - } - ] - } - }, - "results": [ - { - "ruleId": "AWS.S3Bucket.DS.High.1043", - "level": "error", - "message": { - "text": "S3 bucket Access is allowed to all AWS Account Users." - }, - "locations": [ - { - "physicalLocation": { - "artifactLocation": { - "uri": "%s", - "uriBaseId": "test" - }, - "region": { - "startLine": 20 - } - }, - "logicalLocations": [ - { - "name": "bucket", - "kind": "aws_s3_bucket" - } - ] - } - ] - } - ] - } - ] - }` - var expectedSarifOutput1 = fmt.Sprintf(violationTemplate, version.GetNumeric(), testpath) -var expectedSarifOutput1GH = fmt.Sprintf(violationTemplateForGH, version.GetNumeric(), testpathForGH) var expectedSarifOutput2 = fmt.Sprintf(`{ "version": "2.1.0", @@ -187,19 +129,12 @@ func TestSarifWriter(t *testing.T) { input funcInput expectedError bool expectedOutput string - forGithub bool }{ { name: "Sarif Writer: Violations", input: violationsInput, expectedOutput: expectedSarifOutput1, }, - { - name: "Sarif Writer for Github: Violations", - input: violationsInput, - expectedOutput: expectedSarifOutput1GH, - forGithub: true, - }, { name: "Human Readable Writer: No Violations", input: policy.EngineOutput{ @@ -219,11 +154,9 @@ func TestSarifWriter(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { writer := &bytes.Buffer{} - SarifForGithub = tt.forGithub if err := SarifWriter(tt.input, writer); (err != nil) != tt.expectedError { t.Errorf("HumanReadbleWriter() error = gotErr: %v, wantErr: %v", err, tt.expectedError) } - SarifForGithub = false outputBytes := writer.Bytes() gotOutput := string(bytes.TrimSpace(outputBytes)) diff --git a/test/e2e/help/golden/help_command.txt b/test/e2e/help/golden/help_command.txt index 78492c802..b9f0ce554 100644 --- a/test/e2e/help/golden/help_command.txt +++ b/test/e2e/help/golden/help_command.txt @@ -18,6 +18,6 @@ Flags: -h, --help help for terrascan -l, --log-level string log level (debug, info, warn, error, panic, fatal) (default "info") -x, --log-type string log output type (console, json) (default "console") - -o, --output string output type (human, json, yaml, xml, junit-xml, sarif) (default "human") + -o, --output string output type (human, json, yaml, xml, junit-xml, sarif, github-sarif) (default "human") Use "terrascan [command] --help" for more information about a command. diff --git a/test/e2e/help/golden/help_flag.txt b/test/e2e/help/golden/help_flag.txt index 8916859d9..3c91a0c8c 100644 --- a/test/e2e/help/golden/help_flag.txt +++ b/test/e2e/help/golden/help_flag.txt @@ -16,6 +16,6 @@ Flags: -c, --config-path string config file path -l, --log-level string log level (debug, info, warn, error, panic, fatal) (default "info") -x, --log-type string log output type (console, json) (default "console") - -o, --output string output type (human, json, yaml, xml, junit-xml, sarif) (default "human") + -o, --output string output type (human, json, yaml, xml, junit-xml, sarif, github-sarif) (default "human") Use "terrascan [command] --help" for more information about a command. diff --git a/test/e2e/help/golden/help_init.txt b/test/e2e/help/golden/help_init.txt index d853c544a..d01b8a78c 100644 --- a/test/e2e/help/golden/help_init.txt +++ b/test/e2e/help/golden/help_init.txt @@ -12,4 +12,4 @@ Global Flags: -c, --config-path string config file path -l, --log-level string log level (debug, info, warn, error, panic, fatal) (default "info") -x, --log-type string log output type (console, json) (default "console") - -o, --output string output type (human, json, yaml, xml, junit-xml, sarif) (default "human") + -o, --output string output type (human, json, yaml, xml, junit-xml, sarif, github-sarif) (default "human") diff --git a/test/e2e/help/golden/help_scan.txt b/test/e2e/help/golden/help_scan.txt index 2b0be6bff..becd5d030 100644 --- a/test/e2e/help/golden/help_scan.txt +++ b/test/e2e/help/golden/help_scan.txt @@ -8,7 +8,6 @@ Usage: Flags: --categories strings list of categories of violations to be reported by terrascan (example: --categories="category1,category2") --config-only will output resource config (should only be used for debugging purposes) - --github arrange sarif output to suit github codescanning alert format -h, --help help for scan -d, --iac-dir string path to a directory containing one or more IaC files (default ".") -f, --iac-file string path to a single IaC file @@ -30,4 +29,4 @@ Global Flags: -c, --config-path string config file path -l, --log-level string log level (debug, info, warn, error, panic, fatal) (default "info") -x, --log-type string log output type (console, json) (default "console") - -o, --output string output type (human, json, yaml, xml, junit-xml, sarif) (default "human") + -o, --output string output type (human, json, yaml, xml, junit-xml, sarif, github-sarif) (default "human") diff --git a/test/e2e/help/golden/help_server.txt b/test/e2e/help/golden/help_server.txt index 02146225d..8cd6f0e41 100644 --- a/test/e2e/help/golden/help_server.txt +++ b/test/e2e/help/golden/help_server.txt @@ -15,4 +15,4 @@ Global Flags: -c, --config-path string config file path -l, --log-level string log level (debug, info, warn, error, panic, fatal) (default "info") -x, --log-type string log output type (console, json) (default "console") - -o, --output string output type (human, json, yaml, xml, junit-xml, sarif) (default "human") + -o, --output string output type (human, json, yaml, xml, junit-xml, sarif, github-sarif) (default "human") diff --git a/test/e2e/help/golden/help_unsupported_command.txt b/test/e2e/help/golden/help_unsupported_command.txt index 0a52fb382..b05ff236e 100644 --- a/test/e2e/help/golden/help_unsupported_command.txt +++ b/test/e2e/help/golden/help_unsupported_command.txt @@ -13,6 +13,6 @@ Flags: -c, --config-path string config file path -l, --log-level string log level (debug, info, warn, error, panic, fatal) (default "info") -x, --log-type string log output type (console, json) (default "console") - -o, --output string output type (human, json, yaml, xml, junit-xml, sarif) (default "human") + -o, --output string output type (human, json, yaml, xml, junit-xml, sarif, github-sarif) (default "human") Use "terrascan [command] --help" for more information about a command. diff --git a/test/e2e/help/golden/help_version.txt b/test/e2e/help/golden/help_version.txt index bd13423cb..c4bdbf7a1 100644 --- a/test/e2e/help/golden/help_version.txt +++ b/test/e2e/help/golden/help_version.txt @@ -12,4 +12,4 @@ Global Flags: -c, --config-path string config file path -l, --log-level string log level (debug, info, warn, error, panic, fatal) (default "info") -x, --log-type string log output type (console, json) (default "console") - -o, --output string output type (human, json, yaml, xml, junit-xml, sarif) (default "human") + -o, --output string output type (human, json, yaml, xml, junit-xml, sarif, github-sarif) (default "human") diff --git a/test/e2e/help/golden/no_command.txt b/test/e2e/help/golden/no_command.txt index 78492c802..b9f0ce554 100644 --- a/test/e2e/help/golden/no_command.txt +++ b/test/e2e/help/golden/no_command.txt @@ -18,6 +18,6 @@ Flags: -h, --help help for terrascan -l, --log-level string log level (debug, info, warn, error, panic, fatal) (default "info") -x, --log-type string log output type (console, json) (default "console") - -o, --output string output type (human, json, yaml, xml, junit-xml, sarif) (default "human") + -o, --output string output type (human, json, yaml, xml, junit-xml, sarif, github-sarif) (default "human") Use "terrascan [command] --help" for more information about a command. diff --git a/test/e2e/help/help_test.go b/test/e2e/help/help_test.go index 6fc056373..828c2623a 100644 --- a/test/e2e/help/help_test.go +++ b/test/e2e/help/help_test.go @@ -88,21 +88,21 @@ var _ = Describe("Help", func() { }) Context("for scan command", func() { - It("should print help for init and exit with status code 0", func() { + It("should print help for scan and exit with status code 0", func() { session = helper.RunCommand(terrascanBinaryPath, outWriter, errWriter, helpCommand, "scan") helpUtils.ValidateExitCodeAndOutput(session, helper.ExitCodeZero, filepath.Join("golden", "help_scan.txt"), true) }) }) Context("for server command", func() { - It("should print help for init and exit with status code 0", func() { + It("should print help for server and exit with status code 0", func() { session = helper.RunCommand(terrascanBinaryPath, outWriter, errWriter, helpCommand, "server") helpUtils.ValidateExitCodeAndOutput(session, helper.ExitCodeZero, filepath.Join("golden", "help_server.txt"), true) }) }) Context("for version command", func() { - It("should print help for init and exit with status code 0", func() { + It("should print help for version and exit with status code 0", func() { session = helper.RunCommand(terrascanBinaryPath, outWriter, errWriter, helpCommand, "version") helpUtils.ValidateExitCodeAndOutput(session, helper.ExitCodeZero, filepath.Join("golden", "help_version.txt"), true) })