From 48d1cd6a72b195cd1a00c3e92ff30c9e89bd910a Mon Sep 17 00:00:00 2001 From: gruebel Date: Mon, 16 Oct 2023 23:01:44 +0000 Subject: [PATCH 1/3] chore: update release notes --- CHANGELOG.md | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 95dd03f79cb..f795e17f82e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,16 @@ # CHANGELOG -## [Unreleased](https://github.com/bridgecrewio/checkov/compare/2.5.9...HEAD) +## [Unreleased](https://github.com/bridgecrewio/checkov/compare/2.5.10...HEAD) + +## [2.5.10](https://github.com/bridgecrewio/checkov/compare/2.5.9...2.5.10) - 2023-10-16 + +### Feature + +- **terraform:** support scanning of Terraform managed modules instead of downloading them - [#5635](https://github.com/bridgecrewio/checkov/pull/5635) + +### Bug Fix + +- **terraform:** Fixing issues with checks CKV_AZURE_226 & CKV_AZURE_227 - [#5638](https://github.com/bridgecrewio/checkov/pull/5638) ## [2.5.9](https://github.com/bridgecrewio/checkov/compare/2.5.8...2.5.9) - 2023-10-15 From 7110a247621de3055776bfc55908cf8c58c71a04 Mon Sep 17 00:00:00 2001 From: itai1357 <44339653+itai1357@users.noreply.github.com> Date: Tue, 17 Oct 2023 15:59:18 +0300 Subject: [PATCH 2/3] feat(sca): giving file path on relative the the current dir for cases there is no either specified root_folder and the is no repo scan dir (#5654) * giving file path on relative the the current dir for cases there is no either specifirv root_folder and the is no repo scan dir * adjusting the tests * commit * commit --------- Co-authored-by: ipeleg --- checkov/sca_package_2/runner.py | 22 +++++---- tests/sca_package_2/test_runner.py | 73 +++++++++++++++++------------- 2 files changed, 54 insertions(+), 41 deletions(-) diff --git a/checkov/sca_package_2/runner.py b/checkov/sca_package_2/runner.py index d68525f2800..06caaa53a44 100644 --- a/checkov/sca_package_2/runner.py +++ b/checkov/sca_package_2/runner.py @@ -140,6 +140,13 @@ def run( return report + def _persist_file_if_required(self, package_files_to_persist: List[FileToPersist], + file_path: Path, root_path: Path | None) -> None: + if file_path.name in SCANNABLE_PACKAGE_FILES or file_path.suffix in SCANNABLE_PACKAGE_FILES_EXTENSIONS: + file_path_str = str(file_path) + # in case of root_path is None, we will get the path in related to the current work dir + package_files_to_persist.append(FileToPersist(file_path_str, os.path.relpath(file_path_str, root_path))) + def upload_package_files( self, root_path: Path | None, @@ -154,21 +161,18 @@ def upload_package_files( try: if root_path: for file_path in root_path.glob("**/*"): - if (file_path.name in SCANNABLE_PACKAGE_FILES or file_path.suffix in SCANNABLE_PACKAGE_FILES_EXTENSIONS) and not any( - p in file_path.parts for p in excluded_paths) and file_path.name not in excluded_file_names: - file_path_str = str(file_path) - package_files_to_persist.append( - FileToPersist(file_path_str, os.path.relpath(file_path_str, root_path))) + if any(p in file_path.parts for p in excluded_paths) or file_path.name in excluded_file_names: + logging.debug(f"[sca_package:runner](upload_package_files) - File {file_path} was excluded") + continue + self._persist_file_if_required(package_files_to_persist, file_path, root_path) if files: - root_folder = os.path.split(os.path.commonprefix(files))[0] for file in files: file_path = Path(file) if not file_path.exists(): - logging.warning(f"File {file_path} doesn't exist") + logging.warning(f"[sca_package:runner](upload_package_files) - File {file_path} doesn't exist") continue - if file_path.name in SCANNABLE_PACKAGE_FILES or file_path.suffix in SCANNABLE_PACKAGE_FILES_EXTENSIONS: - package_files_to_persist.append(FileToPersist(file, os.path.relpath(file, root_folder))) + self._persist_file_if_required(package_files_to_persist, file_path, root_path) logging.info(f"{len(package_files_to_persist)} sca package files found.") bc_integration.persist_files(package_files_to_persist) diff --git a/tests/sca_package_2/test_runner.py b/tests/sca_package_2/test_runner.py index 8e5fc4b61c8..abad65b06b5 100644 --- a/tests/sca_package_2/test_runner.py +++ b/tests/sca_package_2/test_runner.py @@ -1,3 +1,4 @@ +import os from pathlib import Path from mock.mock import MagicMock @@ -74,40 +75,48 @@ def test_upload_scannable_files_exclude_go_and_requirements(): def test_upload_scannable_files_file_config(): - # when - input_output_paths = Runner().upload_package_files( - root_path=None, - files=[ - str(EXAMPLES_DIR / 'requirements.txt'), - str(EXAMPLES_DIR / 'go.sum'), - str(EXAMPLES_DIR / 'package-lock.json'), - str(EXAMPLES_DIR / 'package.json'), - str(EXAMPLES_DIR / 'go.mod'), - str(EXAMPLES_DIR / 'Microsoft.NET.Sdk.csproj') - ], - excluded_paths=set(), - excluded_file_names=set() - ) - # expected - expected_output = { - FileToPersist(full_file_path=str(EXAMPLES_DIR / 'requirements.txt'), - s3_file_key='requirements.txt'), - FileToPersist(full_file_path=str(EXAMPLES_DIR / 'go.sum'), - s3_file_key='go.sum'), - FileToPersist(full_file_path=str(EXAMPLES_DIR / 'package-lock.json'), - s3_file_key='package-lock.json'), - FileToPersist(full_file_path=str(EXAMPLES_DIR / 'package.json'), - s3_file_key='package.json'), - FileToPersist(full_file_path=str(EXAMPLES_DIR / 'go.mod'), - s3_file_key='go.mod'), - FileToPersist(full_file_path=str(EXAMPLES_DIR / 'Microsoft.NET.Sdk.csproj'), - s3_file_key='Microsoft.NET.Sdk.csproj') - } + origin_cwd = os.getcwd() + try: + # setup + os.chdir(str(Path(__file__).parent)) + + # when + input_output_paths = Runner().upload_package_files( + root_path=None, + files=[ + str(EXAMPLES_DIR / 'requirements.txt'), + str(EXAMPLES_DIR / 'go.sum'), + str(EXAMPLES_DIR / 'package-lock.json'), + str(EXAMPLES_DIR / 'package.json'), + str(EXAMPLES_DIR / 'go.mod'), + str(EXAMPLES_DIR / 'Microsoft.NET.Sdk.csproj') + ], + excluded_paths=set(), + excluded_file_names=set() + ) + # expected (paths are in related to the test-working-dir) + expected_output = { + FileToPersist(full_file_path=str(EXAMPLES_DIR / 'requirements.txt'), + s3_file_key='examples/requirements.txt'), + FileToPersist(full_file_path=str(EXAMPLES_DIR / 'go.sum'), + s3_file_key='examples/go.sum'), + FileToPersist(full_file_path=str(EXAMPLES_DIR / 'package-lock.json'), + s3_file_key='examples/package-lock.json'), + FileToPersist(full_file_path=str(EXAMPLES_DIR / 'package.json'), + s3_file_key='examples/package.json'), + FileToPersist(full_file_path=str(EXAMPLES_DIR / 'go.mod'), + s3_file_key='examples/go.mod'), + FileToPersist(full_file_path=str(EXAMPLES_DIR / 'Microsoft.NET.Sdk.csproj'), + s3_file_key='examples/Microsoft.NET.Sdk.csproj') + } - # then - assert len(input_output_paths) == 6 + # then + assert len(input_output_paths) == 6 - assert set(input_output_paths) == expected_output + assert set(input_output_paths) == expected_output + finally: + # teardown + os.chdir(origin_cwd) def test_run(sca_package_2_report): From f20abfc4d2730fa61cde501f2967aeed9d09a1a6 Mon Sep 17 00:00:00 2001 From: itai1357 <44339653+itai1357@users.noreply.github.com> Date: Tue, 17 Oct 2023 15:59:18 +0300 Subject: [PATCH 3/3] feat(sca): giving file path on relative the the current dir for cases there is no either specified root_folder and the is no repo scan dir (#5654) * giving file path on relative the the current dir for cases there is no either specifirv root_folder and the is no repo scan dir * adjusting the tests * commit * commit --------- Co-authored-by: ipeleg --- checkov/version.py | 2 +- kubernetes/requirements.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/checkov/version.py b/checkov/version.py index 9bd53e22b74..683bc898723 100644 --- a/checkov/version.py +++ b/checkov/version.py @@ -1 +1 @@ -version = '2.5.10' +version = '2.5.11' diff --git a/kubernetes/requirements.txt b/kubernetes/requirements.txt index cad58718eaa..469dc3e56f4 100644 --- a/kubernetes/requirements.txt +++ b/kubernetes/requirements.txt @@ -1 +1 @@ -checkov==2.5.10 +checkov==2.5.11