fix linting and tests

bridgecrewio · Oct 24, 2023 · 1d04712 · 1d04712
1 parent b3e4958
commit 1d04712
Show file tree

Hide file tree

Showing 5 changed files with 33 additions and 8 deletions.
diff --git a/.github/workflows/pr-test.yml b/.github/workflows/pr-test.yml
@@ -178,11 +178,13 @@ jobs:
         env:
           LOG_LEVEL: INFO
           BC_API_KEY: ${{ secrets.BC_API_KEY }}
+        if: env.BC_API_KEY != null
         run: bash -c './sast_integration_tests/prepare_data.sh'
       - name: Run integration tests
         env:
           LOG_LEVEL: INFO
           BC_API_KEY: ${{ secrets.BC_API_KEY }}
+        if: env.BC_API_KEY != null
         run: |
           pipenv run pytest sast_integration_tests
 
@@ -216,11 +218,13 @@ jobs:
         env:
           LOG_LEVEL: INFO
           BC_API_KEY: ${{ secrets.BC_API_KEY }}
+        if: env.BC_API_KEY != null
         run: bash -c './cdk_integration_tests/prepare_data.sh'
       - name: Run integration tests
         env:
           LOG_LEVEL: INFO
           BC_API_KEY: ${{ secrets.BC_API_KEY }}
+        if: env.BC_API_KEY != null
         run: |
           pipenv run pytest cdk_integration_tests
 

diff --git a/checkov/main.py b/checkov/main.py
@@ -12,7 +12,7 @@
 import sys
 from collections import defaultdict
 from pathlib import Path
-from typing import TYPE_CHECKING, Any, Dict, Literal, Optional, List, cast
+from typing import TYPE_CHECKING, Any, Dict, Literal, Optional, List
 
 import argcomplete
 import configargparse

diff --git a/integration_tests/test_checkov_config.py b/integration_tests/test_checkov_config.py
@@ -21,8 +21,8 @@ def test_terragoat_report(self):
                                f"expecting more than 1 failed checks, got: {data['summary']['failed']}")
             self.assertEqual(data['check_type'], 'terraform',
                              f"expecting 'terraform' but got: {data['check_type']}")
-            self.assertIsNone(data['results']['failed_checks'][0]['guideline'],
-                              "expecting no guideline for checks.")
+            self.assertIsNotNone(data['results']['failed_checks'][0]['guideline'],
+                              "expecting a guideline for checks.")
 
 
 if __name__ == '__main__':

diff --git a/tests/cloudformation/checks/resource/aws/S3Templates/ExampleS3.yaml b/tests/cloudformation/checks/resource/aws/S3Templates/ExampleS3.yaml
@@ -4,6 +4,11 @@ Resources:
     Type: AWS::S3::Bucket
   S3BucketPublicRead:
     Type: AWS::S3::Bucket
+    Metadata:
+      cfn-lint:
+        config:
+          ignore_checks:
+            - E3045
     Properties:
       AccessControl: PublicRead
       BucketEncryption:
@@ -12,6 +17,11 @@ Resources:
               SSEAlgorithm: AES256
   S3Bucket:
     Type: AWS::S3::Bucket
+    Metadata:
+      cfn-lint:
+        config:
+          ignore_checks:
+            - E3045
     Properties:
       AccessControl: PublicRead
       BucketEncryption:
@@ -25,6 +35,11 @@ Resources:
     DeletionPolicy: Retain
   S3Bucket2:
     Type: AWS::S3::Bucket
+    Metadata:
+      cfn-lint:
+        config:
+          ignore_checks:
+            - E3045
     Properties:
       AccessControl: PublicReadWrite
       VersioningConfiguration:

diff --git a/tests/common/test_runner_filter.py b/tests/common/test_runner_filter.py
@@ -818,20 +818,26 @@ def test_resource_attr_to_omit_load_config_sanity_combine(self):
 
         for k, v in combined_file_real_parsed_content.items():
             assert v == runner_filter.resource_attr_to_omit.get(k)
-    
+
     def test_get_sast_languages(self):
-        sast_langs = RunnerFilter.get_sast_languages(['sast'])
+        sast_langs = RunnerFilter.get_sast_languages(['sast'], [])
         assert SastLanguages.PYTHON in sast_langs
         assert SastLanguages.JAVA in sast_langs
         assert SastLanguages.JAVASCRIPT in sast_langs
-        sast_langs = RunnerFilter.get_sast_languages(['sast_python'])
+        sast_langs = RunnerFilter.get_sast_languages(['sast_python'], [])
         assert SastLanguages.PYTHON in sast_langs
-        sast_langs = RunnerFilter.get_sast_languages(['sast_python', 'sast_javascript'])
+        sast_langs = RunnerFilter.get_sast_languages(['sast_python', 'sast_javascript'], [])
         assert SastLanguages.PYTHON in sast_langs
         assert SastLanguages.JAVASCRIPT in sast_langs
-        sast_langs = RunnerFilter.get_sast_languages(['all'])
+        sast_langs = RunnerFilter.get_sast_languages(['all'], [])
         assert all(lang in sast_langs for lang in SastLanguages)
 
+        # skip
+        sast_langs = RunnerFilter.get_sast_languages(['all'], ['sast_python', 'sast_javascript'])
+        assert SastLanguages.JAVA in sast_langs
+        assert SastLanguages.PYTHON not in sast_langs
+        assert SastLanguages.JAVASCRIPT not in sast_langs
+
     def test_scan_secrets_history_limits_to_secrets_framework(self):
         # when
         filter = RunnerFilter(enable_git_history_secret_scan=True)