From b4f099f7abde8189bb5c1a6e3293ac9acaa575f6 Mon Sep 17 00:00:00 2001 From: Owen Rumney Date: Fri, 18 Feb 2022 19:44:14 +0000 Subject: [PATCH] chore: bump to latest defsec (#1548) --- ARCHITECTURE.md | 2 +- CONTRIBUTING.md | 2 +- cmd/tfsec-checkgen/main.go | 2 +- cmd/tfsec-docs/webpage.go | 4 +- go.mod | 7 ++- go.sum | 15 +++---- internal/app/tfsec/cmd/output.go | 4 +- internal/pkg/custom/complex_checks.go | 8 ++-- internal/pkg/custom/custom_context.go | 2 +- .../pkg/custom/multiple_submatches_test.go | 4 +- internal/pkg/custom/processing.go | 6 +-- internal/pkg/custom/processing_test.go | 4 +- internal/pkg/executor/executor.go | 2 +- internal/pkg/executor/pool.go | 2 +- .../secrets/sensitive_in_attribute_rule.go | 2 +- .../sensitive_in_attribute_value_rule.go | 2 +- .../secrets/sensitive_in_local_rule.go | 2 +- .../secrets/sensitive_in_variable_rule.go | 2 +- internal/pkg/testutil/util.go | 4 +- pkg/provider/provider.go | 43 ------------------- pkg/rule/check.go | 2 +- pkg/rule/check_test.go | 4 +- pkg/rule/rule.go | 2 +- pkg/scanner/options.go | 2 +- pkg/scanner/scanner.go | 3 +- test/attribute_test.go | 2 +- test/bench_blocks_test.go | 4 +- test/count_test.go | 6 +-- test/deterministic_test.go | 2 +- test/ignore_test.go | 8 ++-- test/json_test.go | 6 +-- test/module_test.go | 12 +++--- test/performance_test.go | 2 +- test/scanner_test.go | 8 ++-- test/wildcard_test.go | 2 +- 35 files changed, 68 insertions(+), 116 deletions(-) delete mode 100644 pkg/provider/provider.go diff --git a/ARCHITECTURE.md b/ARCHITECTURE.md index b18af2eda3..3a72735576 100644 --- a/ARCHITECTURE.md +++ b/ARCHITECTURE.md @@ -31,7 +31,7 @@ Code to support running in the CLI, including flags, output settings etc. ### Parser -Can be found in [trivy-config-parsers](https://github.com/aquasecurity/trivy-config-parsers). +Can be found in [defsec/parsers](https://github.com/aquasecurity/defsec/parsers). Takes plaintext Terraform HCL templates as input and produces logical abstractions from the `internal/pkg/block` package. Returns a slice of *modules* which in turn contain blocks which can contain other blocks, which can in turn ultimately contain attributes, as is the HCL format. Each of the abstractions for these concepts has many utility methods. diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 78c8758de5..78432a8023 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -104,7 +104,7 @@ Fill out the `rules.Rule` struct with appropriate information. The fields are de | Field | Description | | ---------------- | ----------- | | AVDID | This is a unique ID that identifies the rule not just within DefSec, but within the [AVD](https://avd.aquasec.com/). The ID is composed of the prefix `AVD-`, three letters representing the provider in capitals e.g. `AWS`, another `-`, and then a 4-digit, zero-padded number. For example: `AVD-AWS-0086`. The easiest way to assign a new AVD ID is to run `grep -r "AVD-" . | grep AVDID | awk -F'"' '{print $2}' | sort -u` to find the highest number for your provider and increment it by one. -| Provider | You can set this using a constant from the `provider` package, listed [here](https://github.com/aquasecurity/defsec/blob/master/provider/provider.go#L8-L21) +| Provider | You can set this using a constant from the `provider` package, listed [here](https://github.com/aquasecurity/defsec/blob/master/provider/providers.go#L8-L21) | Service | A string representing the service your rule relates to (lower-case), e.g. `s3`. This will generally match the package your rule is inside. | ShortCode | This is a human-readable identifier for your check that uniquely describes it within the provider and service. e.g. `block-public-acls` | Summary | A short paragraph that summarises what best-practice the rule is trying to enforce. e.g. *Data stored in service X should be encrypted at rest* diff --git a/cmd/tfsec-checkgen/main.go b/cmd/tfsec-checkgen/main.go index b55eb41f1e..812425b41c 100644 --- a/cmd/tfsec-checkgen/main.go +++ b/cmd/tfsec-checkgen/main.go @@ -9,10 +9,10 @@ import ( "strings" "github.com/AlecAivazis/survey/v2" + "github.com/aquasecurity/defsec/parsers/terraform/parser" "github.com/aquasecurity/defsec/rules" "github.com/aquasecurity/tfsec/internal/pkg/custom" "github.com/aquasecurity/tfsec/internal/pkg/executor" - "github.com/aquasecurity/trivy-config-parsers/terraform/parser" "github.com/spf13/cobra" ) diff --git a/cmd/tfsec-docs/webpage.go b/cmd/tfsec-docs/webpage.go index d7c1f27410..2bb64ddd8b 100644 --- a/cmd/tfsec-docs/webpage.go +++ b/cmd/tfsec-docs/webpage.go @@ -6,7 +6,7 @@ import ( "strings" "text/template" - "github.com/aquasecurity/defsec/provider" + "github.com/aquasecurity/defsec/providers" ) const ( @@ -103,7 +103,7 @@ func formatProviderName(providerName string) string { if providerName == "digitalocean" { providerName = "digital ocean" } - return provider.Provider(providerName).DisplayName() + return providers.Provider(providerName).DisplayName() } func generateWebPage(webProviderPath string, r templateObject) error { diff --git a/go.mod b/go.mod index 30f9fc8120..57a8cfb486 100644 --- a/go.mod +++ b/go.mod @@ -4,8 +4,7 @@ go 1.17 require ( github.com/AlecAivazis/survey/v2 v2.3.2 - github.com/aquasecurity/defsec v0.11.0 - github.com/aquasecurity/trivy-config-parsers v0.0.2 + github.com/aquasecurity/defsec v0.12.0 github.com/hashicorp/go-version v1.4.0 github.com/inconshreveable/go-update v0.0.0-20160112193335-8152e7eb6ccf github.com/liamg/clinch v1.5.6 @@ -39,8 +38,8 @@ require ( github.com/inconshreveable/mousetrap v1.0.0 // indirect github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect - github.com/liamg/iamgo v0.0.5 // indirect - github.com/liamg/jfather v0.0.5 // indirect + github.com/liamg/iamgo v0.0.6 // indirect + github.com/liamg/jfather v0.0.7 // indirect github.com/lucasb-eyer/go-colorful v1.0.3 // indirect github.com/mattn/go-colorable v0.1.12 // indirect github.com/mattn/go-isatty v0.0.14 // indirect diff --git a/go.sum b/go.sum index aa929934b4..ef131d1b4f 100644 --- a/go.sum +++ b/go.sum @@ -79,10 +79,8 @@ github.com/apparentlymart/go-textseg v1.0.0 h1:rRmlIsPEEhUTIKQb7T++Nz/A5Q6C9IuX2 github.com/apparentlymart/go-textseg v1.0.0/go.mod h1:z96Txxhf3xSFMPmb5X/1W05FF/Nj9VFpLOpjS5yuumk= github.com/apparentlymart/go-textseg/v13 v13.0.0 h1:Y+KvPE1NYz0xl601PVImeQfFyEy6iT90AvPUL1NNfNw= github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo= -github.com/aquasecurity/defsec v0.11.0 h1:i7cc960N6AeJEV7dCyfZqHWASuY7iGsGOc6GRXjzorQ= -github.com/aquasecurity/defsec v0.11.0/go.mod h1:MM+LWmcHUeHjKwRHM0fJBvUNDqK/4u3H79wGfgMx3Ls= -github.com/aquasecurity/trivy-config-parsers v0.0.2 h1:WU9Sz7JSxUrof1qr2Q4EKA/GSPb9Ht88qlCZaKxFy9g= -github.com/aquasecurity/trivy-config-parsers v0.0.2/go.mod h1:PEfKH2Uuim1Qa8YAMQSn84JsBzPlEbBlm3PjI/9rlNU= +github.com/aquasecurity/defsec v0.12.0 h1:hHpfHP4rCHjE4wgt+I8hmMBraZ5vCiUPtWpYWqb1XDM= +github.com/aquasecurity/defsec v0.12.0/go.mod h1:ePT+j44TFfUwgIZ6yx5FPHgYk2aTXAqsMf/WnE78ujg= github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY= github.com/armon/go-metrics v0.3.10/go.mod h1:4O98XIr/9W0sxpJ8UaYkvjk10Iff7SnFrb4QAOwNTFc= @@ -358,11 +356,10 @@ github.com/liamg/clinch v1.5.6 h1:cgv8uUroVWW+d23Gfee3v0/bSOKy9d4vUWFlMeNoNS8= github.com/liamg/clinch v1.5.6/go.mod h1:IXM+nLBuZ5sOQAYYf9+G51nkaA0WY9cszxE5nPXexhE= github.com/liamg/gifwrap v0.0.6 h1:U6wiiwViOEPoIvivVzgeM3CsOi1vpvmcR1+l5vzyR1s= github.com/liamg/gifwrap v0.0.6/go.mod h1:oW1r2vIWLYyxW+U0io7YbpPSDIJ79FTlZ+hPnXFLW6E= -github.com/liamg/iamgo v0.0.5 h1:C5I/sxmwIyef3FnPYf3iwF5IIK9zevFmjaKWiT/chGE= -github.com/liamg/iamgo v0.0.5/go.mod h1:esUin2ui3vX8YjLco+cU5Q04UNcecnslHWNlY3TC0rs= -github.com/liamg/jfather v0.0.2/go.mod h1:xXBGiBoiZ6tmHhfy5Jzw8sugzajwYdi6VosIpB3/cPM= -github.com/liamg/jfather v0.0.5 h1:pH0ZGUSJD//nA8yYozSssvoYCpUkxvi+O/nOXFk0rb4= -github.com/liamg/jfather v0.0.5/go.mod h1:xXBGiBoiZ6tmHhfy5Jzw8sugzajwYdi6VosIpB3/cPM= +github.com/liamg/iamgo v0.0.6 h1:VUzOnf39c7QYQfXzOr9upTmIqikmipqu1AvSIoX36PQ= +github.com/liamg/iamgo v0.0.6/go.mod h1:Kk6ZxBF/GQqG9nnaUjIi6jf+WXNpeOTyhwc6gnguaZQ= +github.com/liamg/jfather v0.0.7 h1:Xf78zS263yfT+xr2VSo6+kyAy4ROlCacRqJG7s5jt4k= +github.com/liamg/jfather v0.0.7/go.mod h1:xXBGiBoiZ6tmHhfy5Jzw8sugzajwYdi6VosIpB3/cPM= github.com/liamg/tml v0.3.0/go.mod h1:0h4EAV/zBOsqI91EWONedjRpO8O0itjGJVd+wG5eC+E= github.com/liamg/tml v0.6.0 h1:yOC/Q9p9Io3J11U9LdYVIwpRTnTE1GPMNFLrygkmE2Y= github.com/liamg/tml v0.6.0/go.mod h1:0h4EAV/zBOsqI91EWONedjRpO8O0itjGJVd+wG5eC+E= diff --git a/internal/app/tfsec/cmd/output.go b/internal/app/tfsec/cmd/output.go index 9776ac81f8..71969d62ab 100644 --- a/internal/app/tfsec/cmd/output.go +++ b/internal/app/tfsec/cmd/output.go @@ -11,7 +11,7 @@ import ( "github.com/aquasecurity/tfsec/pkg/scanner" "github.com/aquasecurity/defsec/formatters" - "github.com/aquasecurity/defsec/provider" + "github.com/aquasecurity/defsec/providers" "github.com/aquasecurity/defsec/rules" "github.com/aquasecurity/tfsec/version" "github.com/liamg/tml" @@ -49,7 +49,7 @@ func gatherLinks(result rules.Result) []string { } var docsLink []string - if result.Rule().Provider == provider.CustomProvider { + if result.Rule().Provider == providers.CustomProvider { docsLink = result.Rule().Links } else { docsLink = []string{ diff --git a/internal/pkg/custom/complex_checks.go b/internal/pkg/custom/complex_checks.go index d6dc085848..f86c12c647 100644 --- a/internal/pkg/custom/complex_checks.go +++ b/internal/pkg/custom/complex_checks.go @@ -3,7 +3,7 @@ package custom import ( "fmt" - "github.com/aquasecurity/trivy-config-parsers/terraform" + "github.com/aquasecurity/defsec/parsers/terraform" ) func checkTags(block *terraform.Block, spec *MatchSpec, customCtx *customContext) bool { @@ -18,9 +18,9 @@ func checkTags(block *terraform.Block, spec *MatchSpec, customCtx *customContext var alias string if block.HasChild("provider") { - aliasRef, err := block.GetAttribute("provider").SingleReference() - if err == nil { - alias = aliasRef.String() + aliasRef := block.GetAttribute("provider").AllReferences() + if len(aliasRef) > 0 { + alias = aliasRef[0].String() } } diff --git a/internal/pkg/custom/custom_context.go b/internal/pkg/custom/custom_context.go index 8a9fc95bc9..77de50ec1e 100644 --- a/internal/pkg/custom/custom_context.go +++ b/internal/pkg/custom/custom_context.go @@ -1,6 +1,6 @@ package custom -import "github.com/aquasecurity/trivy-config-parsers/terraform" +import "github.com/aquasecurity/defsec/parsers/terraform" type customCheckVariables map[string]string diff --git a/internal/pkg/custom/multiple_submatches_test.go b/internal/pkg/custom/multiple_submatches_test.go index 63fc464fb6..36b6fde356 100644 --- a/internal/pkg/custom/multiple_submatches_test.go +++ b/internal/pkg/custom/multiple_submatches_test.go @@ -3,8 +3,8 @@ package custom import ( "testing" + "github.com/aquasecurity/defsec/providers" "github.com/aquasecurity/defsec/rules" - "github.com/aquasecurity/tfsec/pkg/provider" "github.com/stretchr/testify/assert" ) @@ -93,7 +93,7 @@ resource "aws_instance" "bastion" { func filterCustomResults(scanResults []rules.Result) []rules.Result { var customResults []rules.Result for _, result := range scanResults { - if result.Rule().Provider.DisplayName() == provider.CustomProvider.DisplayName() { + if result.Rule().Provider.DisplayName() == providers.CustomProvider.DisplayName() { customResults = append(customResults, result) } } diff --git a/internal/pkg/custom/processing.go b/internal/pkg/custom/processing.go index 294cdb66b5..193148adf7 100644 --- a/internal/pkg/custom/processing.go +++ b/internal/pkg/custom/processing.go @@ -8,11 +8,11 @@ import ( "github.com/zclconf/go-cty/cty" "github.com/zclconf/go-cty/cty/gocty" - "github.com/aquasecurity/defsec/provider" + "github.com/aquasecurity/defsec/parsers/terraform" + "github.com/aquasecurity/defsec/providers" "github.com/aquasecurity/defsec/rules" "github.com/aquasecurity/tfsec/internal/pkg/executor" "github.com/aquasecurity/tfsec/pkg/rule" - "github.com/aquasecurity/trivy-config-parsers/terraform" ) var matchFunctions = map[CheckAction]func(*terraform.Block, *MatchSpec, *customContext) bool{ @@ -240,7 +240,7 @@ func ProcessFoundChecks(checks ChecksFile) { Summary: customCheck.Description, Impact: customCheck.Impact, Resolution: customCheck.Resolution, - Provider: provider.CustomProvider, + Provider: providers.CustomProvider, Links: customCheck.RelatedLinks, Severity: customCheck.Severity, }, diff --git a/internal/pkg/custom/processing_test.go b/internal/pkg/custom/processing_test.go index 9e0633af05..e2e828c105 100644 --- a/internal/pkg/custom/processing_test.go +++ b/internal/pkg/custom/processing_test.go @@ -11,9 +11,9 @@ import ( "github.com/aquasecurity/defsec/rules" + "github.com/aquasecurity/defsec/parsers/terraform" + "github.com/aquasecurity/defsec/parsers/terraform/parser" "github.com/aquasecurity/tfsec/internal/pkg/executor" - "github.com/aquasecurity/trivy-config-parsers/terraform" - "github.com/aquasecurity/trivy-config-parsers/terraform/parser" "github.com/stretchr/testify/assert" ) diff --git a/internal/pkg/executor/executor.go b/internal/pkg/executor/executor.go index 7358f4077e..104e9bce23 100644 --- a/internal/pkg/executor/executor.go +++ b/internal/pkg/executor/executor.go @@ -13,9 +13,9 @@ import ( "github.com/aquasecurity/defsec/severity" adapter "github.com/aquasecurity/defsec/adapters/terraform" + "github.com/aquasecurity/defsec/parsers/terraform" "github.com/aquasecurity/defsec/rules" "github.com/aquasecurity/tfsec/internal/pkg/legacy" - "github.com/aquasecurity/trivy-config-parsers/terraform" ) // Executor scans HCL blocks by running all registered rules against them diff --git a/internal/pkg/executor/pool.go b/internal/pkg/executor/pool.go index 3aacc72ea2..43ef822bb2 100644 --- a/internal/pkg/executor/pool.go +++ b/internal/pkg/executor/pool.go @@ -5,10 +5,10 @@ import ( runtimeDebug "runtime/debug" "sync" + "github.com/aquasecurity/defsec/parsers/terraform" "github.com/aquasecurity/defsec/rules" "github.com/aquasecurity/defsec/state" "github.com/aquasecurity/tfsec/pkg/rule" - "github.com/aquasecurity/trivy-config-parsers/terraform" ) type Pool struct { diff --git a/internal/pkg/rules/general/secrets/sensitive_in_attribute_rule.go b/internal/pkg/rules/general/secrets/sensitive_in_attribute_rule.go index b71d04f91d..8268b644c0 100644 --- a/internal/pkg/rules/general/secrets/sensitive_in_attribute_rule.go +++ b/internal/pkg/rules/general/secrets/sensitive_in_attribute_rule.go @@ -5,7 +5,7 @@ import ( "github.com/aquasecurity/defsec/rules/general/secrets" "github.com/zclconf/go-cty/cty" - "github.com/aquasecurity/trivy-config-parsers/terraform" + "github.com/aquasecurity/defsec/parsers/terraform" "github.com/aquasecurity/tfsec/pkg/rule" diff --git a/internal/pkg/rules/general/secrets/sensitive_in_attribute_value_rule.go b/internal/pkg/rules/general/secrets/sensitive_in_attribute_value_rule.go index 672764344e..fc98887d48 100644 --- a/internal/pkg/rules/general/secrets/sensitive_in_attribute_value_rule.go +++ b/internal/pkg/rules/general/secrets/sensitive_in_attribute_value_rule.go @@ -1,12 +1,12 @@ package secrets import ( + "github.com/aquasecurity/defsec/parsers/terraform" "github.com/aquasecurity/defsec/rules" "github.com/aquasecurity/defsec/rules/general/secrets" "github.com/aquasecurity/tfsec/internal/pkg/executor" "github.com/aquasecurity/tfsec/internal/pkg/security" "github.com/aquasecurity/tfsec/pkg/rule" - "github.com/aquasecurity/trivy-config-parsers/terraform" ) func init() { diff --git a/internal/pkg/rules/general/secrets/sensitive_in_local_rule.go b/internal/pkg/rules/general/secrets/sensitive_in_local_rule.go index 17efc14753..001909b2bd 100644 --- a/internal/pkg/rules/general/secrets/sensitive_in_local_rule.go +++ b/internal/pkg/rules/general/secrets/sensitive_in_local_rule.go @@ -4,11 +4,11 @@ import ( "github.com/aquasecurity/defsec/rules/general/secrets" "github.com/zclconf/go-cty/cty" + "github.com/aquasecurity/defsec/parsers/terraform" "github.com/aquasecurity/defsec/rules" "github.com/aquasecurity/tfsec/internal/pkg/executor" "github.com/aquasecurity/tfsec/internal/pkg/security" "github.com/aquasecurity/tfsec/pkg/rule" - "github.com/aquasecurity/trivy-config-parsers/terraform" ) func init() { diff --git a/internal/pkg/rules/general/secrets/sensitive_in_variable_rule.go b/internal/pkg/rules/general/secrets/sensitive_in_variable_rule.go index c01e93107a..70767d74a8 100644 --- a/internal/pkg/rules/general/secrets/sensitive_in_variable_rule.go +++ b/internal/pkg/rules/general/secrets/sensitive_in_variable_rule.go @@ -3,9 +3,9 @@ package secrets import ( "github.com/zclconf/go-cty/cty" + "github.com/aquasecurity/defsec/parsers/terraform" "github.com/aquasecurity/defsec/rules" "github.com/aquasecurity/defsec/rules/general/secrets" - "github.com/aquasecurity/trivy-config-parsers/terraform" "github.com/aquasecurity/tfsec/pkg/rule" diff --git a/internal/pkg/testutil/util.go b/internal/pkg/testutil/util.go index c961bbb8c7..096f0feb98 100644 --- a/internal/pkg/testutil/util.go +++ b/internal/pkg/testutil/util.go @@ -4,11 +4,11 @@ import ( "path/filepath" "testing" + "github.com/aquasecurity/defsec/parsers/terraform" + "github.com/aquasecurity/defsec/parsers/terraform/parser" "github.com/aquasecurity/defsec/rules" "github.com/aquasecurity/tfsec/internal/pkg/executor" "github.com/aquasecurity/tfsec/internal/pkg/testutil/filesystem" - "github.com/aquasecurity/trivy-config-parsers/terraform" - "github.com/aquasecurity/trivy-config-parsers/terraform/parser" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) diff --git a/pkg/provider/provider.go b/pkg/provider/provider.go deleted file mode 100644 index 3df3f82746..0000000000 --- a/pkg/provider/provider.go +++ /dev/null @@ -1,43 +0,0 @@ -package provider - -import "strings" - -// Provider is the provider that the check applies to -type Provider string - -const ( - UnknownProvider Provider = "" - AWSProvider Provider = "aws" - AzureProvider Provider = "azure" - CustomProvider Provider = "custom" - DigitalOceanProvider Provider = "digitalocean" - GeneralProvider Provider = "general" - GitHubProvider Provider = "github" - GoogleProvider Provider = "google" - KubernetesProvider Provider = "kubernetes" - OracleProvider Provider = "oracle" - OpenStackProvider Provider = "openstack" - CloudStackProvider Provider = "cloudstack" -) - -func RuleProviderToString(provider Provider) string { - return strings.ToUpper(string(provider)) -} - -func (p Provider) DisplayName() string { - switch p { - case "aws": - return strings.ToUpper(string(p)) - case "digitalocean": - return "Digital Ocean" - case "openstack": - return "OpenStack" - case "cloudstack": - return "Cloudstack" - default: - return strings.Title(strings.ToLower(string(p))) - } -} -func (p Provider) ConstName() string { - return strings.ReplaceAll(p.DisplayName(), " ", "") -} diff --git a/pkg/rule/check.go b/pkg/rule/check.go index 32072e1ec3..cfb1b73499 100644 --- a/pkg/rule/check.go +++ b/pkg/rule/check.go @@ -6,9 +6,9 @@ import ( "path/filepath" "strings" + "github.com/aquasecurity/defsec/parsers/terraform" "github.com/aquasecurity/defsec/rules" "github.com/aquasecurity/defsec/state" - "github.com/aquasecurity/trivy-config-parsers/terraform" ) func (r *Rule) CheckAgainstState(s *state.State) rules.Results { diff --git a/pkg/rule/check_test.go b/pkg/rule/check_test.go index b2aa2c38fe..c56db31b71 100644 --- a/pkg/rule/check_test.go +++ b/pkg/rule/check_test.go @@ -5,10 +5,10 @@ import ( "path/filepath" "testing" + "github.com/aquasecurity/defsec/parsers/terraform" + "github.com/aquasecurity/defsec/parsers/terraform/parser" "github.com/aquasecurity/defsec/rules" "github.com/aquasecurity/tfsec/internal/pkg/testutil/filesystem" - "github.com/aquasecurity/trivy-config-parsers/terraform" - "github.com/aquasecurity/trivy-config-parsers/terraform/parser" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) diff --git a/pkg/rule/rule.go b/pkg/rule/rule.go index 63911bfa1a..317081541c 100644 --- a/pkg/rule/rule.go +++ b/pkg/rule/rule.go @@ -1,8 +1,8 @@ package rule import ( + "github.com/aquasecurity/defsec/parsers/terraform" "github.com/aquasecurity/defsec/rules" - "github.com/aquasecurity/trivy-config-parsers/terraform" ) // Rule is a targeted security test which can be applied to terraform templates. It includes the types to run on e.g. diff --git a/pkg/scanner/options.go b/pkg/scanner/options.go index 9f753fc4cd..adf1c92b6b 100644 --- a/pkg/scanner/options.go +++ b/pkg/scanner/options.go @@ -8,8 +8,8 @@ import ( "github.com/aquasecurity/defsec/rules" + "github.com/aquasecurity/defsec/parsers/terraform/parser" "github.com/aquasecurity/tfsec/internal/pkg/executor" - "github.com/aquasecurity/trivy-config-parsers/terraform/parser" ) type Option func(s *Scanner) diff --git a/pkg/scanner/scanner.go b/pkg/scanner/scanner.go index a57d99ab3f..402c0c5fc8 100644 --- a/pkg/scanner/scanner.go +++ b/pkg/scanner/scanner.go @@ -15,10 +15,9 @@ import ( "github.com/aquasecurity/tfsec/internal/pkg/config" + "github.com/aquasecurity/defsec/parsers/terraform/parser" "github.com/aquasecurity/defsec/rules" - "github.com/aquasecurity/tfsec/internal/pkg/executor" - "github.com/aquasecurity/trivy-config-parsers/terraform/parser" ) type Scanner struct { diff --git a/test/attribute_test.go b/test/attribute_test.go index 3435813a9b..02104a9078 100644 --- a/test/attribute_test.go +++ b/test/attribute_test.go @@ -3,7 +3,7 @@ package test import ( "testing" - "github.com/aquasecurity/trivy-config-parsers/terraform" + "github.com/aquasecurity/defsec/parsers/terraform" "github.com/aquasecurity/tfsec/internal/pkg/testutil" diff --git a/test/bench_blocks_test.go b/test/bench_blocks_test.go index d786e58c54..2ad405dbb1 100644 --- a/test/bench_blocks_test.go +++ b/test/bench_blocks_test.go @@ -3,9 +3,9 @@ package test import ( "testing" + "github.com/aquasecurity/defsec/parsers/terraform" + "github.com/aquasecurity/defsec/parsers/terraform/parser" "github.com/aquasecurity/tfsec/internal/pkg/testutil/filesystem" - "github.com/aquasecurity/trivy-config-parsers/terraform" - "github.com/aquasecurity/trivy-config-parsers/terraform/parser" ) func BenchmarkBlockParsing(b *testing.B) { diff --git a/test/count_test.go b/test/count_test.go index e8cd7cd6a5..ff5ba9993e 100644 --- a/test/count_test.go +++ b/test/count_test.go @@ -3,13 +3,13 @@ package test import ( "testing" - "github.com/aquasecurity/defsec/provider" + "github.com/aquasecurity/defsec/parsers/terraform" + "github.com/aquasecurity/defsec/providers" "github.com/aquasecurity/defsec/rules" "github.com/aquasecurity/defsec/severity" "github.com/aquasecurity/tfsec/internal/pkg/executor" "github.com/aquasecurity/tfsec/internal/pkg/testutil" "github.com/aquasecurity/tfsec/pkg/rule" - "github.com/aquasecurity/trivy-config-parsers/terraform" "github.com/stretchr/testify/assert" ) @@ -154,7 +154,7 @@ variable "things" { r1 := rule.Rule{ Base: rules.Register( rules.Rule{ - Provider: provider.AWSProvider, + Provider: providers.AWSProvider, Service: "service", ShortCode: "abc123", Severity: severity.High, diff --git a/test/deterministic_test.go b/test/deterministic_test.go index 2389f0753e..4acc3d9920 100644 --- a/test/deterministic_test.go +++ b/test/deterministic_test.go @@ -6,8 +6,8 @@ import ( "github.com/aquasecurity/tfsec/internal/pkg/testutil/filesystem" "github.com/stretchr/testify/require" + "github.com/aquasecurity/defsec/parsers/terraform/parser" "github.com/aquasecurity/tfsec/internal/pkg/executor" - "github.com/aquasecurity/trivy-config-parsers/terraform/parser" ) func Test_DeterministicResults(t *testing.T) { diff --git a/test/ignore_test.go b/test/ignore_test.go index 7a9d2fe99f..14bfadfe0d 100644 --- a/test/ignore_test.go +++ b/test/ignore_test.go @@ -8,11 +8,11 @@ import ( "github.com/aquasecurity/tfsec/internal/pkg/legacy" "github.com/aquasecurity/tfsec/internal/pkg/testutil" - "github.com/aquasecurity/defsec/provider" + "github.com/aquasecurity/defsec/providers" "github.com/aquasecurity/defsec/rules" "github.com/aquasecurity/defsec/severity" - "github.com/aquasecurity/trivy-config-parsers/terraform" + "github.com/aquasecurity/defsec/parsers/terraform" "github.com/aquasecurity/tfsec/pkg/rule" @@ -25,7 +25,7 @@ import ( var exampleRule = rule.Rule{ Base: rules.Register(rules.Rule{ - Provider: provider.AWSProvider, + Provider: providers.AWSProvider, Service: "service", ShortCode: "abc123", Severity: severity.High, @@ -266,7 +266,7 @@ func Test_IgnoreSpecific(t *testing.T) { r2 := rule.Rule{ Base: rules.Register(rules.Rule{ - Provider: provider.AWSProvider, + Provider: providers.AWSProvider, Service: "service", ShortCode: "def456", Severity: severity.High, diff --git a/test/json_test.go b/test/json_test.go index 287c504565..3a325db875 100644 --- a/test/json_test.go +++ b/test/json_test.go @@ -3,13 +3,13 @@ package test import ( "testing" - "github.com/aquasecurity/defsec/provider" + "github.com/aquasecurity/defsec/parsers/terraform" + "github.com/aquasecurity/defsec/providers" "github.com/aquasecurity/defsec/rules" "github.com/aquasecurity/defsec/severity" "github.com/aquasecurity/tfsec/internal/pkg/executor" "github.com/aquasecurity/tfsec/internal/pkg/testutil" "github.com/aquasecurity/tfsec/pkg/rule" - "github.com/aquasecurity/trivy-config-parsers/terraform" ) func TestScanningJSON(t *testing.T) { @@ -67,7 +67,7 @@ func TestScanningJSON(t *testing.T) { t.Run(test.name, func(t *testing.T) { r1 := rule.Rule{ Base: rules.Register(rules.Rule{ - Provider: provider.AWSProvider, + Provider: providers.AWSProvider, Service: "service", ShortCode: "abc123", Severity: severity.High, diff --git a/test/module_test.go b/test/module_test.go index 5d043a430e..b6b2c061d3 100644 --- a/test/module_test.go +++ b/test/module_test.go @@ -7,19 +7,19 @@ import ( "github.com/aquasecurity/tfsec/internal/pkg/testutil/filesystem" "github.com/stretchr/testify/require" - "github.com/aquasecurity/defsec/provider" + "github.com/aquasecurity/defsec/parsers/terraform" + "github.com/aquasecurity/defsec/parsers/terraform/parser" + "github.com/aquasecurity/defsec/providers" "github.com/aquasecurity/defsec/rules" "github.com/aquasecurity/defsec/rules/aws/iam" "github.com/aquasecurity/defsec/severity" "github.com/aquasecurity/tfsec/internal/pkg/executor" "github.com/aquasecurity/tfsec/pkg/rule" - "github.com/aquasecurity/trivy-config-parsers/terraform" - "github.com/aquasecurity/trivy-config-parsers/terraform/parser" ) var badRule = rule.Rule{ Base: rules.Register(rules.Rule{ - Provider: provider.AWSProvider, + Provider: providers.AWSProvider, Service: "service", ShortCode: "abc", Summary: "A stupid example check for a test.", @@ -523,7 +523,7 @@ resource "bad" "thing" { r1 := rule.Rule{ Base: rules.Register(rules.Rule{ - Provider: provider.AWSProvider, + Provider: providers.AWSProvider, Service: "service", ShortCode: "abc123", Severity: severity.High, @@ -574,7 +574,7 @@ resource "bad" "thing" { r1 := rule.Rule{ Base: rules.Register(rules.Rule{ - Provider: provider.AWSProvider, + Provider: providers.AWSProvider, Service: "service", ShortCode: "abc123", Severity: severity.High, diff --git a/test/performance_test.go b/test/performance_test.go index 09a41a5e14..3398837ec9 100644 --- a/test/performance_test.go +++ b/test/performance_test.go @@ -4,9 +4,9 @@ import ( "fmt" "testing" + "github.com/aquasecurity/defsec/parsers/terraform/parser" "github.com/aquasecurity/tfsec/internal/pkg/executor" "github.com/aquasecurity/tfsec/internal/pkg/testutil/filesystem" - "github.com/aquasecurity/trivy-config-parsers/terraform/parser" ) func BenchmarkCalculate(b *testing.B) { diff --git a/test/scanner_test.go b/test/scanner_test.go index f7ba42c1b7..e40bb03176 100644 --- a/test/scanner_test.go +++ b/test/scanner_test.go @@ -5,24 +5,24 @@ import ( "github.com/aquasecurity/tfsec/internal/pkg/testutil/filesystem" - "github.com/aquasecurity/defsec/provider" + "github.com/aquasecurity/defsec/providers" "github.com/aquasecurity/defsec/rules" "github.com/aquasecurity/tfsec/internal/pkg/testutil" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + "github.com/aquasecurity/defsec/parsers/terraform" + "github.com/aquasecurity/defsec/parsers/terraform/parser" "github.com/aquasecurity/defsec/severity" "github.com/aquasecurity/tfsec/internal/pkg/executor" "github.com/aquasecurity/tfsec/pkg/rule" - "github.com/aquasecurity/trivy-config-parsers/terraform" - "github.com/aquasecurity/trivy-config-parsers/terraform/parser" ) var panicRule = rule.Rule{ Base: rules.Register( rules.Rule{ - Provider: provider.AWSProvider, + Provider: providers.AWSProvider, Service: "service", ShortCode: "abc", Severity: severity.High, diff --git a/test/wildcard_test.go b/test/wildcard_test.go index f2f397861d..a109631d78 100644 --- a/test/wildcard_test.go +++ b/test/wildcard_test.go @@ -9,7 +9,7 @@ import ( "github.com/aquasecurity/defsec/rules" "github.com/aquasecurity/defsec/severity" - "github.com/aquasecurity/trivy-config-parsers/terraform" + "github.com/aquasecurity/defsec/parsers/terraform" "github.com/aquasecurity/tfsec/pkg/rule"