feat(sast): add typescript - DONT MERGE (#6193)

* add typescript

* add golang

---------

Co-authored-by: achiar99 <[email protected]>

checkov/common/bridgecrew/check_type.py

@@ -35,6 +35,8 @@ class CheckType:
     SAST_PYTHON = 'sast_python'
     SAST_JAVA = 'sast_java'
     SAST_JAVASCRIPT = 'sast_javascript'
+    SAST_TYPESCRIPT = 'sast_typescript'
+    SAST_GOLANG = 'sast_golang'
     POLICY_3D = "3d_policy"
 
 
@@ -43,6 +45,8 @@ class SastType:
     SAST_PYTHON = 'sast_python'
     SAST_JAVA = 'sast_java'
     SAST_JAVASCRIPT = 'sast_javascript'
+    SAST_TYPESCRIPT = 'sast_typescript'
+    SAST_GOLANG = 'sast_golang'
 
 
 # needs to be at the end

checkov/common/bridgecrew/code_categories.py

@@ -47,6 +47,8 @@ class CodeCategoryType(str, Enum):
     CheckType.SAST_PYTHON: CodeCategoryType.WEAKNESSES,
     CheckType.SAST_JAVA: CodeCategoryType.WEAKNESSES,
     CheckType.SAST_JAVASCRIPT: CodeCategoryType.WEAKNESSES,
+    CheckType.SAST_TYPESCRIPT: CodeCategoryType.WEAKNESSES,
+    CheckType.SAST_GOLANG: CodeCategoryType.WEAKNESSES,
     CheckType.POLICY_3D: CodeCategoryType.IAC
 }
 

checkov/common/models/consts.py

@@ -27,7 +27,9 @@
 SAST_SUPPORTED_FILE_EXTENSIONS = {
     SastLanguages.JAVA: ['.java'],
     SastLanguages.JAVASCRIPT: ['.js'],
-    SastLanguages.PYTHON: ['.py']
+    SastLanguages.TYPESCRIPT: ['.ts'],
+    SastLanguages.PYTHON: ['.py'],
+    SastLanguages.GOLANG: ['.go']
 }
 
 ANY_VALUE = "CKV_ANY"

checkov/common/sast/consts.py

@@ -21,6 +21,8 @@ def set(cls) -> Set["SastLanguages"]:
     PYTHON = 'python'
     JAVA = 'java'
     JAVASCRIPT = 'javascript'
+    TYPESCRIPT = 'typescript'
+    GOLANG = 'golang'
 
 
 class CDKLanguages(Enum):
@@ -33,6 +35,8 @@ def set(cls) -> Set["CDKLanguages"]:
         return set(cls)
 
     PYTHON = 'python'
+    TYPESCRIPT = 'typescript'
+    GOLANG = 'golang'
 
 
 class BqlVersion(str, Enum):
@@ -54,12 +58,16 @@ def get_bql_version_from_string(version_str: str) -> str:
     SastLanguages.PYTHON: ['py'],
     SastLanguages.JAVA: ['java'],
     SastLanguages.JAVASCRIPT: ['js'],
+    SastLanguages.TYPESCRIPT: ['ts'],
+    SastLanguages.GOLANG: ['go'],
 }
 
 FILE_EXT_TO_SAST_LANG = {
     'py': SastLanguages.PYTHON,
     'java': SastLanguages.JAVA,
     'js': SastLanguages.JAVASCRIPT,
+    'ts': SastLanguages.TYPESCRIPT,
+    'go': SastLanguages.GOLANG,
 }
 
 POLICIES_ERRORS = 'policies_errors'

checkov/sast/runner.py

@@ -3,6 +3,8 @@
 import logging
 import os
 import sys
+from checkov.common.util.type_forcers import convert_str_to_bool
+from checkov.common.sast.consts import SastLanguages
 
 
 from checkov.common.bridgecrew.check_type import CheckType
@@ -54,6 +56,20 @@ def run(self, root_folder: Optional[str],
             bc_integration.setup_http_manager()
             bc_integration.set_s3_client()
 
+        # Todo remove when typescript is stable in platform
+        if not bool(convert_str_to_bool(os.getenv('ENABLE_SAST_TYPESCRIPT', False))):
+            if SastLanguages.TYPESCRIPT in runner_filter.sast_languages:
+                runner_filter.sast_languages.remove(SastLanguages.TYPESCRIPT)
+            if CDKLanguages.TYPESCRIPT in self.cdk_langs:
+                self.cdk_langs.remove(CDKLanguages.TYPESCRIPT)
+
+        # Todo remove when golang is stable in platform
+        if not bool(convert_str_to_bool(os.getenv('ENABLE_SAST_GOLANG', False))):
+            if SastLanguages.GOLANG in runner_filter.sast_languages:
+                runner_filter.sast_languages.remove(SastLanguages.GOLANG)
+            if CDKLanguages.GOLANG in self.cdk_langs:
+                self.cdk_langs.remove(CDKLanguages.GOLANG)
+
         # registry get all the paths
         self.registry.set_runner_filter(runner_filter)
         self.registry.add_external_dirs(external_checks_dir)

dogfood_tests/test_checkov_dogfood.py

@@ -56,6 +56,8 @@ def test_all_frameworks_are_tested() -> None:
         CheckType.SAST_JAVA,
         CheckType.SAST_PYTHON,
         CheckType.SAST_JAVASCRIPT,
+        CheckType.SAST_TYPESCRIPT,
+        CheckType.SAST_GOLANG,
         CheckType.SECRETS,
         CheckType.SERVERLESS,
         CheckType.TERRAFORM,

tests/common/integration_features/test_licensing_integration.py

@@ -74,6 +74,8 @@ def test_constants(self):
             'sast_python',
             'sast_java',
             'sast_javascript',
+            'sast_typescript',
+            'sast_golang',
             '3d_policy'
         })
 

tests/common/test_runner_filter.py

@@ -743,6 +743,8 @@ def test_apply_enforcement_rules(self):
             'sast_python': Severities[BcSeverities.OFF],
             'sast_java': Severities[BcSeverities.OFF],
             'sast_javascript': Severities[BcSeverities.OFF],
+            'sast_typescript': Severities[BcSeverities.OFF],
+            'sast_golang': Severities[BcSeverities.OFF],
         }
         self.assertEqual(instance.enforcement_rule_configs, expected)
 
@@ -844,8 +846,12 @@ def test_get_sast_languages(self):
         assert SastLanguages.PYTHON in sast_langs
         assert SastLanguages.JAVA in sast_langs
         assert SastLanguages.JAVASCRIPT in sast_langs
-        sast_langs = RunnerFilter.get_sast_languages(['sast_python'], [])
+        assert SastLanguages.TYPESCRIPT in sast_langs
+        assert SastLanguages.GOLANG in sast_langs
+        sast_langs = RunnerFilter.get_sast_languages(['sast_python', 'sast_typescript', 'sast_golang'], [])
         assert SastLanguages.PYTHON in sast_langs
+        assert SastLanguages.TYPESCRIPT in sast_langs
+        assert SastLanguages.GOLANG in sast_langs
         sast_langs = RunnerFilter.get_sast_languages(['sast_python', 'sast_javascript'], [])
         assert SastLanguages.PYTHON in sast_langs
         assert SastLanguages.JAVASCRIPT in sast_langs
@@ -857,6 +863,8 @@ def test_get_sast_languages(self):
         assert SastLanguages.JAVA in sast_langs
         assert SastLanguages.PYTHON not in sast_langs
         assert SastLanguages.JAVASCRIPT not in sast_langs
+        assert SastLanguages.TYPESCRIPT in sast_langs
+        assert SastLanguages.GOLANG in sast_langs
 
     def test_scan_secrets_history_limits_to_secrets_framework(self):
         # when