Skip to content

Commit

Permalink
Merge pull request #273 from 4k4xs4pH1r3/deepsource-transform-5a3cbf05
Browse files Browse the repository at this point in the history 
style: format code with Autopep8, Black, ClangFormat, dotnet-format, Go fmt, Gofumpt, Google Java Format, isort, PHP CS Fixer, Prettier, RuboCop, Ruff Formatter, Rustfmt, Scalafmt, StandardJS, StandardRB, swift-format and Yapf
  • Loading branch information
@4k4xs4pH1r3
4k4xs4pH1r3 authored Dec 13, 2024
2 parents 60e0e44 + 2e3963d commit b99f7ee
Showing 1 changed file with 21 additions and 65 deletions.
86 changes: 21 additions & 65 deletions DevSecOps/auto_skip_checkov.py
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
"""Auto-add skip comments based on Checkov findings."""

import glob
import logging
import tempfile
Expand All @@ -7,9 +8,7 @@
from tqdm import tqdm # type: ignore

# Logging setup
with tempfile.NamedTemporaryFile(
mode="w", delete=False
) as tmp_file:
with tempfile.NamedTemporaryFile(mode="w", delete=False) as tmp_file:
LOG_FILE = tmp_file.name
logging.basicConfig(
filename=LOG_FILE,
Expand Down Expand Up @@ -41,61 +40,36 @@ def remove_duplicate_skips(lines: List[str]) -> List[str]:
]


def add_skip_comment(
filename: str, checkov_id: str, start_line: int
) -> None:
def add_skip_comment(filename: str, checkov_id: str, start_line: int) -> None:
"""Add skip comment to file."""
try:
with open(filename, "r+", encoding="utf-8") as file:
lines = file.readlines()
skip_comment = f"{SKIP_COMMENT_PREFIX}{checkov_id}\n"
if skip_comment not in lines[
start_line: start_line + 1
]:
if skip_comment not in lines[start_line : start_line + 1]:
lines.insert(start_line, skip_comment)
logging.info(
"Updated: %s - line %s",
filename,
start_line + 1
)
logging.info("Updated: %s - line %s", filename, start_line + 1)
file.seek(0)
file.writelines(lines)
file.truncate()
else:
logging.info(
"Skip exists: %s - %s",
filename,
checkov_id
)
logging.info("Skip exists: %s - %s", filename, checkov_id)
except (OSError, IndexError) as error:
logging.exception(
"Add skip error: %s - %s", filename, error
)
logging.exception("Add skip error: %s - %s", filename, error)


def extract_finding_info(
lines: List[str], lineno: int
) -> Tuple[Optional[str], Optional[str], Optional[int]]:
"""Extract finding info from log."""
try:
_, checkov_id = lines[
lineno - 1
].split(":", 1)
file_path, line_range = lines[lineno + 1].split(
":"
)[1:3]
_, checkov_id = lines[lineno - 1].split(":", 1)
file_path, line_range = lines[lineno + 1].split(":")[1:3]
start_line = int(line_range.split("-")[0])
return checkov_id.strip(), file_path.strip(), start_line
except (IndexError, ValueError) as error:
log_line = lines[lineno] if 0 <= lineno < len(
lines
) else "Out of range"
logging.error(
"Extract info error: %s - %s - %s",
lineno,
log_line,
error
)
log_line = lines[lineno] if 0 <= lineno < len(lines) else "Out of range"
logging.error("Extract info error: %s - %s - %s", lineno, log_line, error)
return None, None, None


Expand All @@ -104,11 +78,7 @@ def check_deprecated_version(line: str) -> Optional[str]:
return next((v for v in DATES if v in line), None)


def process_ckv_aws_363_finding(
filename: str,
file_path: str,
start_line: int
) -> None:
def process_ckv_aws_363_finding(filename: str, file_path: str, start_line: int) -> None:
"""Process a single CKV_AWS_363 finding."""
try:
with open(file_path, "r", encoding="utf-8") as f:
Expand All @@ -117,28 +87,20 @@ def process_ckv_aws_363_finding(
logging.error("File not found: %s", file_path)
return

line_to_check = file_lines[
start_line - 1
] if 0 < start_line <= len(
file_lines
) else ""
line_to_check = (
file_lines[start_line - 1] if 0 < start_line <= len(file_lines) else ""
)
dep_ver = check_deprecated_version(line_to_check)
if dep_ver:
add_skip_comment(file_path, "CKV_AWS_363", start_line - 1)
logging.info(
"Skip added for deprecated "
"version: %s in %s:%s",
"Skip added for deprecated " "version: %s in %s:%s",
dep_ver,
filename,
start_line
start_line,
)
else:
logging.info(
"Not a deprecated version check "
"in %s:%s",
filename,
start_line
)
logging.info("Not a deprecated version check " "in %s:%s", filename, start_line)


def process_findings(filename: str, lines: List[str]) -> None:
Expand All @@ -153,9 +115,7 @@ def process_findings(filename: str, lines: List[str]) -> None:
if all([checkov_id, file_path, start_line]):
if checkov_id == "CKV_AWS_363":
process_ckv_aws_363_finding(
filename,
cast(str, file_path),
cast(int, start_line)
filename, cast(str, file_path), cast(int, start_line)
)


Expand Down Expand Up @@ -197,19 +157,15 @@ def reprocess_from_log(log_file: str) -> None:
for line in lines:
if "Finding not processed" in line:
try:
_, file_path, checkov_id, start_line_str = (
line.split(":")
)
_, file_path, checkov_id, start_line_str = line.split(":")
start_line = int(start_line_str.split()[0])
add_skip_comment(
cast(str, file_path.strip()),
cast(str, checkov_id.strip()),
start_line - 1,
)
except (IndexError, ValueError) as error:
logging.error(
"Reprocess error: %s - %s", line, error
)
logging.error("Reprocess error: %s - %s", line, error)


if __name__ == "__main__":
Expand Down

0 comments on commit b99f7ee

Please sign in to comment.