diff --git a/CHANGELOG.md b/CHANGELOG.md index 7e7d9de7669..b3cc0708959 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,40 @@ # CHANGELOG -## [Unreleased](https://github.com/bridgecrewio/checkov/compare/3.2.281...HEAD) +## [Unreleased](https://github.com/bridgecrewio/checkov/compare/3.2.291...HEAD) + +## [3.2.291](https://github.com/bridgecrewio/checkov/compare/3.2.287...3.2.291) - 2024-11-12 + +### Feature + +- **general:** remove specific botocore version - [#6796](https://github.com/bridgecrewio/checkov/pull/6796) + +### Bug Fix + +- **arm:** fix ARM graph block types - [#6824](https://github.com/bridgecrewio/checkov/pull/6824) +- **dockerfile:** Handle heredoc - [#6828](https://github.com/bridgecrewio/checkov/pull/6828) +- **sast:** filter unsupported policies - [#6833](https://github.com/bridgecrewio/checkov/pull/6833) + +## [3.2.287](https://github.com/bridgecrewio/checkov/compare/3.2.286...3.2.287) - 2024-11-11 + +### Bug Fix + +- **graph:** fix internal checks loading when adding custom policies in cli - [#6819](https://github.com/bridgecrewio/checkov/pull/6819) + +## [3.2.286](https://github.com/bridgecrewio/checkov/compare/3.2.282...3.2.286) - 2024-11-10 + +### Feature + +- **secrets:** Add npm detector - [#6821](https://github.com/bridgecrewio/checkov/pull/6821) + +### Bug Fix + +- **secrets:** fix empty diff scan - [#6822](https://github.com/bridgecrewio/checkov/pull/6822) + +## [3.2.282](https://github.com/bridgecrewio/checkov/compare/3.2.281...3.2.282) - 2024-11-07 + +### Bug Fix + +- **arm:** finish variable rendering and use definitions context - [#6814](https://github.com/bridgecrewio/checkov/pull/6814) ## [3.2.281](https://github.com/bridgecrewio/checkov/compare/3.2.280...3.2.281) - 2024-11-06 diff --git a/Pipfile b/Pipfile index 838d6a4a107..1e16c031179 100644 --- a/Pipfile +++ b/Pipfile @@ -43,7 +43,7 @@ types-colorama = "<0.5.0,>=0.4.3" # REMINDER: Update "install_requires" deps on setup.py when changing # bc-python-hcl2 = "==0.4.2" -bc-detect-secrets = "==1.5.17" +bc-detect-secrets = "==1.5.22" bc-jsonpath-ng = "==1.6.1" pycep-parser = "==0.5.1" tabulate = ">=0.9.0,<0.10.0" @@ -52,7 +52,7 @@ termcolor=">=1.1.0,<2.4.0" junit-xml = ">=1.9,<2.0" dpath = "==2.1.3" pyyaml = ">=6.0.0,<7.0.0" -boto3 = "==1.34.25" +boto3 = "==1.35.49" gitpython = ">=3.1.30,<4.0.0" jmespath = ">=1.0.0,<2.0.0" tqdm = ">=4.65.0,<5.0.0" @@ -85,8 +85,7 @@ spdx-tools = ">=0.8.0,<0.9.0" license-expression = ">=30.1.0,<31.0.0" rustworkx = ">=0.13.0,<0.14.0" pydantic = ">=2.0.0,<3.0.0" -botocore = "==1.34.25" -urllib3 = "*" + [requires] python_version = "3.8" diff --git a/Pipfile.lock b/Pipfile.lock index 97933134946..f8687c73240 100644 --- a/Pipfile.lock +++ b/Pipfile.lock @@ -1,7 +1,7 @@ { "_meta": { "hash": { - "sha256": "b17e583ed0035c01332be89f145d13187191072b21f77a68bacd33ed999f1068" + "sha256": "0bf214e1e9846be034e3ea161db64d99cc33e660fada26816f987aa94691437b" }, "pipfile-spec": 6, "requires": { @@ -182,12 +182,12 @@ }, "bc-detect-secrets": { "hashes": [ - "sha256:a2158062bd7b43c46f974b98039093811648893340d7cc47927a86d5aaf9c237", - "sha256:a9a42de5e95e7a2fbea3987a0c345ec83568a95a95a6816a63ef9c4af2c30f02" + "sha256:74c2be955beb0fb708b8ccc5fcf30a2a803751126c1a1483bf6b0b95e1dad338", + "sha256:785f567f4b9008a54a62317b59506f002fa8125ed50df25cc6e1e99cc9027c9d" ], "index": "pypi", "markers": "python_version >= '3.8'", - "version": "==1.5.17" + "version": "==1.5.22" }, "bc-jsonpath-ng": { "hashes": [ @@ -232,21 +232,20 @@ }, "boto3": { "hashes": [ - "sha256:1b415e0553679ea05b9e2aed3eb271431011a67a165e3e0aefa323e13b8b7e92", - "sha256:87532469188f1eeef4dca67dffbd3f0cc1d51cef7d5e5b5dc95d3b8125f8446e" + "sha256:b660c649a27a6b47a34f6f858f5bd7c3b0a798a16dec8dda7cbebeee80fd1f60", + "sha256:ddecb27f5699ca9f97711c52b6c0652c2e63bf6c2bfbc13b819b4f523b4d30ff" ], "index": "pypi", "markers": "python_version >= '3.8'", - "version": "==1.34.25" + "version": "==1.35.49" }, "botocore": { "hashes": [ - "sha256:35dfab5bdb4620f73ac7c557c4e0d012429706d8760b100f099feea34b5505f8", - "sha256:a39070bb760bd9545b0eef52a8bcb2d03918206e67a5a786ea4bd6f4bd949edd" + "sha256:647b8706ae6484ee4c2208235f38976d9f0e52f80143e81d7941075215e96111", + "sha256:8303309c7b59ddf04b11d79813530809d6b10b411ac9f93916d2032c283d6881" ], - "index": "pypi", "markers": "python_version >= '3.8'", - "version": "==1.34.25" + "version": "==1.35.58" }, "cached-property": { "hashes": [ @@ -1535,103 +1534,103 @@ }, "regex": { "hashes": [ - "sha256:01c2acb51f8a7d6494c8c5eafe3d8e06d76563d8a8a4643b37e9b2dd8a2ff623", - "sha256:02087ea0a03b4af1ed6ebab2c54d7118127fee8d71b26398e8e4b05b78963199", - "sha256:040562757795eeea356394a7fb13076ad4f99d3c62ab0f8bdfb21f99a1f85664", - "sha256:042c55879cfeb21a8adacc84ea347721d3d83a159da6acdf1116859e2427c43f", - "sha256:079400a8269544b955ffa9e31f186f01d96829110a3bf79dc338e9910f794fca", - "sha256:07f45f287469039ffc2c53caf6803cd506eb5f5f637f1d4acb37a738f71dd066", - "sha256:09d77559e80dcc9d24570da3745ab859a9cf91953062e4ab126ba9d5993688ca", - "sha256:0cbff728659ce4bbf4c30b2a1be040faafaa9eca6ecde40aaff86f7889f4ab39", - "sha256:0e12c481ad92d129c78f13a2a3662317e46ee7ef96c94fd332e1c29131875b7d", - "sha256:0ea51dcc0835eea2ea31d66456210a4e01a076d820e9039b04ae8d17ac11dee6", - "sha256:0ffbcf9221e04502fc35e54d1ce9567541979c3fdfb93d2c554f0ca583a19b35", - "sha256:1494fa8725c285a81d01dc8c06b55287a1ee5e0e382d8413adc0a9197aac6408", - "sha256:16e13a7929791ac1216afde26f712802e3df7bf0360b32e4914dca3ab8baeea5", - "sha256:18406efb2f5a0e57e3a5881cd9354c1512d3bb4f5c45d96d110a66114d84d23a", - "sha256:18e707ce6c92d7282dfce370cd205098384b8ee21544e7cb29b8aab955b66fa9", - "sha256:220e92a30b426daf23bb67a7962900ed4613589bab80382be09b48896d211e92", - "sha256:23b30c62d0f16827f2ae9f2bb87619bc4fba2044911e2e6c2eb1af0161cdb766", - "sha256:23f9985c8784e544d53fc2930fc1ac1a7319f5d5332d228437acc9f418f2f168", - "sha256:297f54910247508e6e5cae669f2bc308985c60540a4edd1c77203ef19bfa63ca", - "sha256:2b08fce89fbd45664d3df6ad93e554b6c16933ffa9d55cb7e01182baaf971508", - "sha256:2cce2449e5927a0bf084d346da6cd5eb016b2beca10d0013ab50e3c226ffc0df", - "sha256:313ea15e5ff2a8cbbad96ccef6be638393041b0a7863183c2d31e0c6116688cf", - "sha256:323c1f04be6b2968944d730e5c2091c8c89767903ecaa135203eec4565ed2b2b", - "sha256:35f4a6f96aa6cb3f2f7247027b07b15a374f0d5b912c0001418d1d55024d5cb4", - "sha256:3b37fa423beefa44919e009745ccbf353d8c981516e807995b2bd11c2c77d268", - "sha256:3ce4f1185db3fbde8ed8aa223fc9620f276c58de8b0d4f8cc86fd1360829edb6", - "sha256:46989629904bad940bbec2106528140a218b4a36bb3042d8406980be1941429c", - "sha256:4838e24ee015101d9f901988001038f7f0d90dc0c3b115541a1365fb439add62", - "sha256:49b0e06786ea663f933f3710a51e9385ce0cba0ea56b67107fd841a55d56a231", - "sha256:4db21ece84dfeefc5d8a3863f101995de646c6cb0536952c321a2650aa202c36", - "sha256:54c4a097b8bc5bb0dfc83ae498061d53ad7b5762e00f4adaa23bee22b012e6ba", - "sha256:54d9ff35d4515debf14bc27f1e3b38bfc453eff3220f5bce159642fa762fe5d4", - "sha256:55b96e7ce3a69a8449a66984c268062fbaa0d8ae437b285428e12797baefce7e", - "sha256:57fdd2e0b2694ce6fc2e5ccf189789c3e2962916fb38779d3e3521ff8fe7a822", - "sha256:587d4af3979376652010e400accc30404e6c16b7df574048ab1f581af82065e4", - "sha256:5b513b6997a0b2f10e4fd3a1313568e373926e8c252bd76c960f96fd039cd28d", - "sha256:5ddcd9a179c0a6fa8add279a4444015acddcd7f232a49071ae57fa6e278f1f71", - "sha256:6113c008a7780792efc80f9dfe10ba0cd043cbf8dc9a76ef757850f51b4edc50", - "sha256:635a1d96665f84b292e401c3d62775851aedc31d4f8784117b3c68c4fcd4118d", - "sha256:64ce2799bd75039b480cc0360907c4fb2f50022f030bf9e7a8705b636e408fad", - "sha256:69dee6a020693d12a3cf892aba4808fe168d2a4cef368eb9bf74f5398bfd4ee8", - "sha256:6a2644a93da36c784e546de579ec1806bfd2763ef47babc1b03d765fe560c9f8", - "sha256:6b41e1adc61fa347662b09398e31ad446afadff932a24807d3ceb955ed865cc8", - "sha256:6c188c307e8433bcb63dc1915022deb553b4203a70722fc542c363bf120a01fd", - "sha256:6edd623bae6a737f10ce853ea076f56f507fd7726bee96a41ee3d68d347e4d16", - "sha256:73d6d2f64f4d894c96626a75578b0bf7d9e56dcda8c3d037a2118fdfe9b1c664", - "sha256:7a22ccefd4db3f12b526eccb129390942fe874a3a9fdbdd24cf55773a1faab1a", - "sha256:7fb89ee5d106e4a7a51bce305ac4efb981536301895f7bdcf93ec92ae0d91c7f", - "sha256:846bc79ee753acf93aef4184c040d709940c9d001029ceb7b7a52747b80ed2dd", - "sha256:85ab7824093d8f10d44330fe1e6493f756f252d145323dd17ab6b48733ff6c0a", - "sha256:8dee5b4810a89447151999428fe096977346cf2f29f4d5e29609d2e19e0199c9", - "sha256:8e5fb5f77c8745a60105403a774fe2c1759b71d3e7b4ca237a5e67ad066c7199", - "sha256:98eeee2f2e63edae2181c886d7911ce502e1292794f4c5ee71e60e23e8d26b5d", - "sha256:9d4a76b96f398697fe01117093613166e6aa8195d63f1b4ec3f21ab637632963", - "sha256:9e8719792ca63c6b8340380352c24dcb8cd7ec49dae36e963742a275dfae6009", - "sha256:a0b2b80321c2ed3fcf0385ec9e51a12253c50f146fddb2abbb10f033fe3d049a", - "sha256:a4cc92bb6db56ab0c1cbd17294e14f5e9224f0cc6521167ef388332604e92679", - "sha256:a738b937d512b30bf75995c0159c0ddf9eec0775c9d72ac0202076c72f24aa96", - "sha256:a8f877c89719d759e52783f7fe6e1c67121076b87b40542966c02de5503ace42", - "sha256:a906ed5e47a0ce5f04b2c981af1c9acf9e8696066900bf03b9d7879a6f679fc8", - "sha256:ae2941333154baff9838e88aa71c1d84f4438189ecc6021a12c7573728b5838e", - "sha256:b0d0a6c64fcc4ef9c69bd5b3b3626cc3776520a1637d8abaa62b9edc147a58f7", - "sha256:b5b029322e6e7b94fff16cd120ab35a253236a5f99a79fb04fda7ae71ca20ae8", - "sha256:b7aaa315101c6567a9a45d2839322c51c8d6e81f67683d529512f5bcfb99c802", - "sha256:be1c8ed48c4c4065ecb19d882a0ce1afe0745dfad8ce48c49586b90a55f02366", - "sha256:c0256beda696edcf7d97ef16b2a33a8e5a875affd6fa6567b54f7c577b30a137", - "sha256:c157bb447303070f256e084668b702073db99bbb61d44f85d811025fcf38f784", - "sha256:c57d08ad67aba97af57a7263c2d9006d5c404d721c5f7542f077f109ec2a4a29", - "sha256:c69ada171c2d0e97a4b5aa78fbb835e0ffbb6b13fc5da968c09811346564f0d3", - "sha256:c94bb0a9f1db10a1d16c00880bdebd5f9faf267273b8f5bd1878126e0fbde771", - "sha256:cb130fccd1a37ed894824b8c046321540263013da72745d755f2d35114b81a60", - "sha256:ced479f601cd2f8ca1fd7b23925a7e0ad512a56d6e9476f79b8f381d9d37090a", - "sha256:d05ac6fa06959c4172eccd99a222e1fbf17b5670c4d596cb1e5cde99600674c4", - "sha256:d552c78411f60b1fdaafd117a1fca2f02e562e309223b9d44b7de8be451ec5e0", - "sha256:dd4490a33eb909ef5078ab20f5f000087afa2a4daa27b4c072ccb3cb3050ad84", - "sha256:df5cbb1fbc74a8305b6065d4ade43b993be03dbe0f8b30032cced0d7740994bd", - "sha256:e28f9faeb14b6f23ac55bfbbfd3643f5c7c18ede093977f1df249f73fd22c7b1", - "sha256:e464b467f1588e2c42d26814231edecbcfe77f5ac414d92cbf4e7b55b2c2a776", - "sha256:e4c22e1ac1f1ec1e09f72e6c44d8f2244173db7eb9629cc3a346a8d7ccc31142", - "sha256:e53b5fbab5d675aec9f0c501274c467c0f9a5d23696cfc94247e1fb56501ed89", - "sha256:e93f1c331ca8e86fe877a48ad64e77882c0c4da0097f2212873a69bbfea95d0c", - "sha256:e997fd30430c57138adc06bba4c7c2968fb13d101e57dd5bb9355bf8ce3fa7e8", - "sha256:e9a091b0550b3b0207784a7d6d0f1a00d1d1c8a11699c1a4d93db3fbefc3ad35", - "sha256:eab4bb380f15e189d1313195b062a6aa908f5bd687a0ceccd47c8211e9cf0d4a", - "sha256:eb1ae19e64c14c7ec1995f40bd932448713d3c73509e82d8cd7744dc00e29e86", - "sha256:ecea58b43a67b1b79805f1a0255730edaf5191ecef84dbc4cc85eb30bc8b63b9", - "sha256:ee439691d8c23e76f9802c42a95cfeebf9d47cf4ffd06f18489122dbb0a7ad64", - "sha256:eee9130eaad130649fd73e5cd92f60e55708952260ede70da64de420cdcad554", - "sha256:f47cd43a5bfa48f86925fe26fbdd0a488ff15b62468abb5d2a1e092a4fb10e85", - "sha256:f6fff13ef6b5f29221d6904aa816c34701462956aa72a77f1f151a8ec4f56aeb", - "sha256:f745ec09bc1b0bd15cfc73df6fa4f726dcc26bb16c23a03f9e3367d357eeedd0", - "sha256:f8404bf61298bb6f8224bb9176c1424548ee1181130818fcd2cbffddc768bed8", - "sha256:f9268774428ec173654985ce55fc6caf4c6d11ade0f6f914d48ef4719eb05ebb", - "sha256:faa3c142464efec496967359ca99696c896c591c56c53506bac1ad465f66e919" - ], - "markers": "python_version >= '3.8'", - "version": "==2024.9.11" + "sha256:02a02d2bb04fec86ad61f3ea7f49c015a0681bf76abb9857f945d26159d2968c", + "sha256:02e28184be537f0e75c1f9b2f8847dc51e08e6e171c6bde130b2687e0c33cf60", + "sha256:040df6fe1a5504eb0f04f048e6d09cd7c7110fef851d7c567a6b6e09942feb7d", + "sha256:068376da5a7e4da51968ce4c122a7cd31afaaec4fccc7856c92f63876e57b51d", + "sha256:06eb1be98df10e81ebaded73fcd51989dcf534e3c753466e4b60c4697a003b67", + "sha256:072623554418a9911446278f16ecb398fb3b540147a7828c06e2011fa531e773", + "sha256:086a27a0b4ca227941700e0b31425e7a28ef1ae8e5e05a33826e17e47fbfdba0", + "sha256:08986dce1339bc932923e7d1232ce9881499a0e02925f7402fb7c982515419ef", + "sha256:0a86e7eeca091c09e021db8eb72d54751e527fa47b8d5787caf96d9831bd02ad", + "sha256:0c32f75920cf99fe6b6c539c399a4a128452eaf1af27f39bce8909c9a3fd8cbe", + "sha256:0d7f453dca13f40a02b79636a339c5b62b670141e63efd511d3f8f73fba162b3", + "sha256:1062b39a0a2b75a9c694f7a08e7183a80c63c0d62b301418ffd9c35f55aaa114", + "sha256:13291b39131e2d002a7940fb176e120bec5145f3aeb7621be6534e46251912c4", + "sha256:149f5008d286636e48cd0b1dd65018548944e495b0265b45e1bffecce1ef7f39", + "sha256:164d8b7b3b4bcb2068b97428060b2a53be050085ef94eca7f240e7947f1b080e", + "sha256:167ed4852351d8a750da48712c3930b031f6efdaa0f22fa1933716bfcd6bf4a3", + "sha256:1c4de13f06a0d54fa0d5ab1b7138bfa0d883220965a29616e3ea61b35d5f5fc7", + "sha256:202eb32e89f60fc147a41e55cb086db2a3f8cb82f9a9a88440dcfc5d37faae8d", + "sha256:220902c3c5cc6af55d4fe19ead504de80eb91f786dc102fbd74894b1551f095e", + "sha256:2b3361af3198667e99927da8b84c1b010752fa4b1115ee30beaa332cabc3ef1a", + "sha256:2c89a8cc122b25ce6945f0423dc1352cb9593c68abd19223eebbd4e56612c5b7", + "sha256:2d548dafee61f06ebdb584080621f3e0c23fff312f0de1afc776e2a2ba99a74f", + "sha256:2e34b51b650b23ed3354b5a07aab37034d9f923db2a40519139af34f485f77d0", + "sha256:32f9a4c643baad4efa81d549c2aadefaeba12249b2adc5af541759237eee1c54", + "sha256:3a51ccc315653ba012774efca4f23d1d2a8a8f278a6072e29c7147eee7da446b", + "sha256:3cde6e9f2580eb1665965ce9bf17ff4952f34f5b126beb509fee8f4e994f143c", + "sha256:40291b1b89ca6ad8d3f2b82782cc33807f1406cf68c8d440861da6304d8ffbbd", + "sha256:41758407fc32d5c3c5de163888068cfee69cb4c2be844e7ac517a52770f9af57", + "sha256:4181b814e56078e9b00427ca358ec44333765f5ca1b45597ec7446d3a1ef6e34", + "sha256:4f51f88c126370dcec4908576c5a627220da6c09d0bff31cfa89f2523843316d", + "sha256:50153825ee016b91549962f970d6a4442fa106832e14c918acd1c8e479916c4f", + "sha256:5056b185ca113c88e18223183aa1a50e66507769c9640a6ff75859619d73957b", + "sha256:5071b2093e793357c9d8b2929dfc13ac5f0a6c650559503bb81189d0a3814519", + "sha256:525eab0b789891ac3be914d36893bdf972d483fe66551f79d3e27146191a37d4", + "sha256:52fb28f528778f184f870b7cf8f225f5eef0a8f6e3778529bdd40c7b3920796a", + "sha256:5478c6962ad548b54a591778e93cd7c456a7a29f8eca9c49e4f9a806dcc5d638", + "sha256:5670bce7b200273eee1840ef307bfa07cda90b38ae56e9a6ebcc9f50da9c469b", + "sha256:5704e174f8ccab2026bd2f1ab6c510345ae8eac818b613d7d73e785f1310f839", + "sha256:59dfe1ed21aea057a65c6b586afd2a945de04fc7db3de0a6e3ed5397ad491b07", + "sha256:5e7e351589da0850c125f1600a4c4ba3c722efefe16b297de54300f08d734fbf", + "sha256:63b13cfd72e9601125027202cad74995ab26921d8cd935c25f09c630436348ff", + "sha256:658f90550f38270639e83ce492f27d2c8d2cd63805c65a13a14d36ca126753f0", + "sha256:684d7a212682996d21ca12ef3c17353c021fe9de6049e19ac8481ec35574a70f", + "sha256:69ab78f848845569401469da20df3e081e6b5a11cb086de3eed1d48f5ed57c95", + "sha256:6f44ec28b1f858c98d3036ad5d7d0bfc568bdd7a74f9c24e25f41ef1ebfd81a4", + "sha256:70b7fa6606c2881c1db9479b0eaa11ed5dfa11c8d60a474ff0e095099f39d98e", + "sha256:764e71f22ab3b305e7f4c21f1a97e1526a25ebdd22513e251cf376760213da13", + "sha256:7ab159b063c52a0333c884e4679f8d7a85112ee3078fe3d9004b2dd875585519", + "sha256:805e6b60c54bf766b251e94526ebad60b7de0c70f70a4e6210ee2891acb70bf2", + "sha256:8447d2d39b5abe381419319f942de20b7ecd60ce86f16a23b0698f22e1b70008", + "sha256:86fddba590aad9208e2fa8b43b4c098bb0ec74f15718bb6a704e3c63e2cef3e9", + "sha256:89d75e7293d2b3e674db7d4d9b1bee7f8f3d1609428e293771d1a962617150cc", + "sha256:93c0b12d3d3bc25af4ebbf38f9ee780a487e8bf6954c115b9f015822d3bb8e48", + "sha256:94d87b689cdd831934fa3ce16cc15cd65748e6d689f5d2b8f4f4df2065c9fa20", + "sha256:9714398225f299aa85267fd222f7142fcb5c769e73d7733344efc46f2ef5cf89", + "sha256:982e6d21414e78e1f51cf595d7f321dcd14de1f2881c5dc6a6e23bbbbd68435e", + "sha256:997d6a487ff00807ba810e0f8332c18b4eb8d29463cfb7c820dc4b6e7562d0cf", + "sha256:a03e02f48cd1abbd9f3b7e3586d97c8f7a9721c436f51a5245b3b9483044480b", + "sha256:a36fdf2af13c2b14738f6e973aba563623cb77d753bbbd8d414d18bfaa3105dd", + "sha256:a6ba92c0bcdf96cbf43a12c717eae4bc98325ca3730f6b130ffa2e3c3c723d84", + "sha256:a7c2155f790e2fb448faed6dd241386719802296ec588a8b9051c1f5c481bc29", + "sha256:a93c194e2df18f7d264092dc8539b8ffb86b45b899ab976aa15d48214138e81b", + "sha256:abfa5080c374a76a251ba60683242bc17eeb2c9818d0d30117b4486be10c59d3", + "sha256:ac10f2c4184420d881a3475fb2c6f4d95d53a8d50209a2500723d831036f7c45", + "sha256:ad182d02e40de7459b73155deb8996bbd8e96852267879396fb274e8700190e3", + "sha256:b2837718570f95dd41675328e111345f9b7095d821bac435aac173ac80b19983", + "sha256:b489578720afb782f6ccf2840920f3a32e31ba28a4b162e13900c3e6bd3f930e", + "sha256:b583904576650166b3d920d2bcce13971f6f9e9a396c673187f49811b2769dc7", + "sha256:b85c2530be953a890eaffde05485238f07029600e8f098cdf1848d414a8b45e4", + "sha256:b97c1e0bd37c5cd7902e65f410779d39eeda155800b65fc4d04cc432efa9bc6e", + "sha256:ba9b72e5643641b7d41fa1f6d5abda2c9a263ae835b917348fc3c928182ad467", + "sha256:bb26437975da7dc36b7efad18aa9dd4ea569d2357ae6b783bf1118dabd9ea577", + "sha256:bb8f74f2f10dbf13a0be8de623ba4f9491faf58c24064f32b65679b021ed0001", + "sha256:bde01f35767c4a7899b7eb6e823b125a64de314a8ee9791367c9a34d56af18d0", + "sha256:bec9931dfb61ddd8ef2ebc05646293812cb6b16b60cf7c9511a832b6f1854b55", + "sha256:c36f9b6f5f8649bb251a5f3f66564438977b7ef8386a52460ae77e6070d309d9", + "sha256:cdf58d0e516ee426a48f7b2c03a332a4114420716d55769ff7108c37a09951bf", + "sha256:d1cee317bfc014c2419a76bcc87f071405e3966da434e03e13beb45f8aced1a6", + "sha256:d22326fcdef5e08c154280b71163ced384b428343ae16a5ab2b3354aed12436e", + "sha256:d3660c82f209655a06b587d55e723f0b813d3a7db2e32e5e7dc64ac2a9e86fde", + "sha256:da8f5fc57d1933de22a9e23eec290a0d8a5927a5370d24bda9a6abe50683fe62", + "sha256:df951c5f4a1b1910f1a99ff42c473ff60f8225baa1cdd3539fe2819d9543e9df", + "sha256:e5364a4502efca094731680e80009632ad6624084aff9a23ce8c8c6820de3e51", + "sha256:ea1bfda2f7162605f6e8178223576856b3d791109f15ea99a9f95c16a7636fb5", + "sha256:f02f93b92358ee3f78660e43b4b0091229260c5d5c408d17d60bf26b6c900e86", + "sha256:f056bf21105c2515c32372bbc057f43eb02aae2fda61052e2f7622c801f0b4e2", + "sha256:f1ac758ef6aebfc8943560194e9fd0fa18bcb34d89fd8bd2af18183afd8da3a2", + "sha256:f2a19f302cd1ce5dd01a9099aaa19cae6173306d1302a43b627f62e21cf18ac0", + "sha256:f654882311409afb1d780b940234208a252322c24a93b442ca714d119e68086c", + "sha256:f65557897fc977a44ab205ea871b690adaef6b9da6afda4790a2484b04293a5f", + "sha256:f9d1e379028e0fc2ae3654bac3cbbef81bf3fd571272a42d56c24007979bafb6", + "sha256:fdabbfc59f2c6edba2a6622c647b716e34e8e3867e0ab975412c5c2f79b82da2", + "sha256:fdd6028445d2460f33136c55eeb1f601ab06d74cb3347132e1c24250187500d9", + "sha256:ff590880083d60acc0433f9c3f713c51f7ac6ebb9adf889c79a261ecf541aa91" + ], + "markers": "python_version >= '3.8'", + "version": "==2024.11.6" }, "requests": { "hashes": [ @@ -1904,12 +1903,12 @@ }, "tqdm": { "hashes": [ - "sha256:223e8b5359c2efc4b30555531f09e9f2f3589bcd7fdd389271191031b49b7a63", - "sha256:4bdd694238bef1485ce839d67967ab50af8f9272aab687c0d7702a01da0be090" + "sha256:0cd8af9d56911acab92182e88d763100d4788bdf421d251616040cc4d44863be", + "sha256:fe5a6f95e6fe0b9755e9469b77b9c3cf850048224ecaa8293d7d2d31f97d869a" ], "index": "pypi", "markers": "python_version >= '3.7'", - "version": "==4.66.6" + "version": "==4.67.0" }, "typing-extensions": { "hashes": [ @@ -1940,7 +1939,6 @@ "sha256:0ed14ccfbf1c30a9072c7ca157e4319b70d65f623e91e7b32fadb2853431016e", "sha256:40c2dc0c681e47eb8f90e7e27bf6ff7df2e677421fd46756da1161c39ca70d32" ], - "index": "pypi", "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5'", "version": "==1.26.20" }, @@ -2176,6 +2174,7 @@ "sha256:fe2fb38c2ed905a2582948e2de560675e9dfbee94c6d5ccdb1301c6d0a5bf092", "sha256:ffe595f10566f8276b76dc3a11ae4bb7eba1aac8ddd75811736a15b0d5311414" ], + "index": "pypi", "markers": "python_version >= '3.8'", "version": "==3.10.10" }, @@ -2225,19 +2224,19 @@ "s3" ], "hashes": [ - "sha256:7d5c5212267ffdef85d382a419d63a20de1556a33de22e152bcc95f552356c29", - "sha256:9bdfcde9156c71485857d34f4d2f80071522a177f7d2e93db757afd820345135" + "sha256:02c73966cf1cc517878d32b8ec42a22b98ea27f96c91a48f2dd5b66c27f336c9", + "sha256:4b7515fdf171262a528200f219fc873eb8312115d59f20ce0c65fca3461e03b7" ], "markers": "python_version >= '3.8'", - "version": "==1.35.54" + "version": "==1.35.58" }, "botocore-stubs": { "hashes": [ - "sha256:26ba65907eed959dddc644ab1cd72e3a2cc9761dad79e0b45ff3b8676c47e5ec", - "sha256:49e28813324308bfc5a92bde118df5c9c41a01237eef1e1628891770f3f68a94" + "sha256:9b695d6309e7d5eed08fbaf30f9526669b847f65b0f01006afd23ad977187d1c", + "sha256:cd10f24916177c3a77e4b5a5d4443e19c907e1bf0a5db25da21449a50aebad70" ], "markers": "python_version >= '3.8'", - "version": "==1.35.54" + "version": "==1.35.58" }, "certifi": { "hashes": [ @@ -2363,6 +2362,7 @@ "sha256:fe9f97feb71aa9896b81973a7bbada8c49501dc73e58a10fcef6663af95e5079", "sha256:ffc519621dce0c767e96b9c53f09c5d215578e10b02c285809f76509a3931482" ], + "index": "pypi", "markers": "python_full_version >= '3.7.0'", "version": "==3.4.0" }, @@ -2612,7 +2612,6 @@ "sha256:980862a1d16c9e147a59603677fa2aa5fd82b87f223b6cb870695bcfce830065", "sha256:ac29d5f956f01d5e4bb63102a5a19957f1b9175e45649977264a1416783bb717" ], - "index": "pypi", "markers": "python_version >= '3.8'", "version": "==6.4.5" }, @@ -2831,6 +2830,7 @@ "sha256:048fb0e9405036518eaaf48a55953c750c11e1a1b68e0dd1a9d62ed0c092cfc5", "sha256:8c491190033a9af7e1d931d0b5dacc2ef47509b34dd0de67ed209b5203fc88c7" ], + "index": "pypi", "markers": "python_version >= '3.7'", "version": "==23.2" }, @@ -3121,6 +3121,7 @@ "sha256:f753120cb8181e736c57ef7636e83f31b9c0d1722c516f7e86cf15b7aa57ff12", "sha256:ff3824dc5261f50c9b0dfb3be22b4567a6f938ccce4587b38952d85fd9e9afe4" ], + "index": "pypi", "markers": "python_version >= '3.8'", "version": "==6.0.2" }, @@ -3137,6 +3138,7 @@ "sha256:55365417734eb18255590a9ff9eb97e9e1da868d4ccd6402399eaf68af20a760", "sha256:70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6" ], + "index": "pypi", "markers": "python_version >= '3.8'", "version": "==2.32.3" }, @@ -3374,11 +3376,11 @@ }, "tomli": { "hashes": [ - "sha256:2ebe24485c53d303f690b0ec092806a085f07af5a5aa1464f3931eec36caaa38", - "sha256:d46d457a85337051c36524bc5349dd91b1877838e2979ac5ced3e710ed8a60ed" + "sha256:3f646cae2aec94e17d04973e4249548320197cfabdf130015d023de4b74d8ab8", + "sha256:a5c57c3d1c56f5ccdf89f6523458f60ef716e210fc47c4cfb188c5ba473e0391" ], "markers": "python_version >= '3.8'", - "version": "==2.0.2" + "version": "==2.1.0" }, "types-awscrt": { "hashes": [ @@ -3481,16 +3483,17 @@ "sha256:04e5ca0351e0f3f85c6853954072df659d0d13fac324d0072316b67d7794700d", "sha256:1a7ead55c7e559dd4dee8856e3a88b41225abfe1ce8df57b7c13915fe121ffb8" ], + "index": "pypi", "markers": "python_version >= '3.8'", "version": "==4.12.2" }, "urllib3": { "hashes": [ - "sha256:ca899ca043dcb1bafa3e262d73aa25c465bfb49e0bd9dd5d59f1d0acba2f8fac", - "sha256:e7d814a81dad81e6caf2ec9fdedb284ecc9c73076b62654547cc64ccdcae26e9" + "sha256:0ed14ccfbf1c30a9072c7ca157e4319b70d65f623e91e7b32fadb2853431016e", + "sha256:40c2dc0c681e47eb8f90e7e27bf6ff7df2e677421fd46756da1161c39ca70d32" ], - "markers": "python_version >= '3.8'", - "version": "==2.2.3" + "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5'", + "version": "==1.26.20" }, "urllib3-mock": { "hashes": [ @@ -3609,6 +3612,7 @@ "sha256:fbda058a9a68bec347962595f50546a8a4a34fd7b0654a7b9697917dc2bf810d", "sha256:ffd591e22b22f9cb48e472529db6a47203c41c2c5911ff0a52e85723196c0d75" ], + "index": "pypi", "markers": "python_version >= '3.8'", "version": "==1.15.2" }, diff --git a/README.md b/README.md index 82ac7770856..dbeb72de55d 100644 --- a/README.md +++ b/README.md @@ -389,7 +389,7 @@ The console output is in colour by default, to switch to a monochrome output, se #### VS Code Extension -If you want to use Checkov within VS Code, give a try to the vscode extension available at [VS Code](https://marketplace.visualstudio.com/items?itemName=Bridgecrew.checkov) +If you want to use Checkov within VS Code, give the [Prisma Cloud extension](https://marketplace.visualstudio.com/items?itemName=PrismaCloud.prisma-cloud) a try. ### Configuration using a config file diff --git a/checkov/arm/graph_builder/graph_to_definitions.py b/checkov/arm/graph_builder/graph_to_definitions.py index c0827dd54ff..687387e61bf 100644 --- a/checkov/arm/graph_builder/graph_to_definitions.py +++ b/checkov/arm/graph_builder/graph_to_definitions.py @@ -4,6 +4,7 @@ from pathlib import Path from typing import Any, TYPE_CHECKING +from checkov.arm.graph_builder.graph_components.block_types import BlockType from checkov.arm.utils import ArmElements if TYPE_CHECKING: @@ -16,12 +17,11 @@ def convert_graph_vertices_to_definitions(vertices: list[ArmBlock], root_folder: breadcrumbs: dict[str, dict[str, Any]] = {} for vertex in vertices: block_path = vertex.path - arm_element = vertex.block_type - if arm_element == ArmElements.RESOURCES: - arm_definitions.setdefault(block_path, {}).setdefault(arm_element, []).append(vertex.config) + if vertex.block_type == BlockType.RESOURCE: + arm_definitions.setdefault(block_path, {}).setdefault(ArmElements.RESOURCES, []).append(vertex.config) else: element_name = vertex.name.split('/')[-1] - arm_definitions.setdefault(block_path, {}).setdefault(arm_element, {})[element_name] = vertex.config + arm_definitions.setdefault(block_path, {}).setdefault(vertex.block_type, {})[element_name] = vertex.config if vertex.breadcrumbs: relative_block_path = f"/{os.path.relpath(block_path, root_folder)}" diff --git a/checkov/arm/graph_builder/local_graph.py b/checkov/arm/graph_builder/local_graph.py index 1ec6ff9d2bd..23b3830e7dc 100644 --- a/checkov/arm/graph_builder/local_graph.py +++ b/checkov/arm/graph_builder/local_graph.py @@ -8,6 +8,7 @@ from checkov.arm.utils import ArmElements, extract_resource_name_from_resource_id_func, \ extract_resource_name_from_reference_func from checkov.arm.graph_builder.variable_rendering.renderer import ArmVariableRenderer +from checkov.arm.graph_builder.graph_components.block_types import BlockType from checkov.common.graph.graph_builder import CustomAttributes, Edge from checkov.common.graph.graph_builder.local_graph import LocalGraph from checkov.common.graph.graph_builder.utils import filter_sub_keys, adjust_value @@ -85,7 +86,7 @@ def _create_variables_vertices(self, file_path: str, variables: dict[str, dict[s name=f"{file_path}/{name}", config=config, path=file_path, - block_type=ArmElements.VARIABLES, + block_type=BlockType.VARIABLE, attributes=attributes, id=f"{ArmElements.VARIABLES}.{name}", ) @@ -109,7 +110,7 @@ def _create_parameter_vertices(self, file_path: str, parameters: dict[str, dict[ name=f"{file_path}/{name}", config=config, path=file_path, - block_type=ArmElements.PARAMETERS, + block_type=BlockType.PARAMETER, attributes=attributes, id=f"{ArmElements.PARAMETERS}.{name}", ) @@ -135,7 +136,7 @@ def _create_resource_vertices(self, file_path: str, resources: list[dict[str, An name=resource_name, config=config, path=file_path, - block_type=ArmElements.RESOURCES, + block_type=BlockType.RESOURCE, attributes=attributes, id=f"{resource_type}.{resource_name}" ) @@ -195,8 +196,8 @@ def _create_implicit_edge(self, origin_vertex_index: int, resource_name: str, re def _update_resource_vertices_names(self) -> None: for i, vertex in enumerate(self.vertices): - if (vertex.block_type != ArmElements.RESOURCES or 'name' not in vertex.config or - vertex.name == vertex.config['name']) or not isinstance(vertex.config['name'], str): + if ((vertex.block_type != BlockType.RESOURCE or 'name' not in vertex.config or vertex.name == vertex.config['name']) + or not isinstance(vertex.config['name'], str)): continue if PARAMETER_FUNC in vertex.name or VARIABLE_FUNC in vertex.name: @@ -221,7 +222,7 @@ def update_vertex_config(vertex: Block, changed_attributes: list[str] | dict[str for attr in changed_attributes: new_value = vertex.attributes.get(attr, None) - if vertex.block_type == ArmElements.RESOURCES: + if vertex.block_type == BlockType.RESOURCE: ArmLocalGraph.update_config_attribute( config=vertex.config, key_to_update=attr, new_value=new_value ) diff --git a/checkov/common/checks_infra/registry.py b/checkov/common/checks_infra/registry.py index 074d9bdf724..1185382990e 100644 --- a/checkov/common/checks_infra/registry.py +++ b/checkov/common/checks_infra/registry.py @@ -33,11 +33,12 @@ def __init__(self, checks_dir: str, parser: BaseGraphCheckParser | None = None) super().__init__(parser) self.checks: list[BaseGraphCheck] = [] self.checks_dir = checks_dir + self.internal_checks_dir_loaded = False self.logger = logging.getLogger(__name__) add_resource_code_filter_to_logger(self.logger) def load_checks(self) -> None: - if self.checks: + if self.checks and self.internal_checks_dir_loaded: # checks were previously loaded return @@ -78,6 +79,8 @@ def _load_checks_from_dir(self, directory: str, external_check: bool) -> None: # Note the external check; used in the should_run_check logic RunnerFilter.notify_external_check(check.id) self.checks.append(check) + if not external_check: + self.internal_checks_dir_loaded = True def load_external_checks(self, dir: str) -> None: self._load_checks_from_dir(dir, True) diff --git a/checkov/common/checks_infra/solvers/attribute_solvers/base_attribute_solver.py b/checkov/common/checks_infra/solvers/attribute_solvers/base_attribute_solver.py index 46a472d05e3..231aeeb1731 100644 --- a/checkov/common/checks_infra/solvers/attribute_solvers/base_attribute_solver.py +++ b/checkov/common/checks_infra/solvers/attribute_solvers/base_attribute_solver.py @@ -15,7 +15,7 @@ from concurrent.futures import ThreadPoolExecutor -from checkov.common.graph.graph_builder import CustomAttributes +from checkov.common.graph.graph_builder import CustomAttributes, reserved_attributes_to_scan, wrap_reserved_attributes from checkov.common.graph.graph_builder.graph_components.block_types import BlockType from checkov.common.util.var_utils import is_terraform_variable_dependent from checkov.terraform.graph_builder.graph_components.block_types import BlockType as TerraformBlockType @@ -38,7 +38,7 @@ def __init__( ) -> None: super().__init__(SolverType.ATTRIBUTE) self.resource_types = resource_types - self.attribute = attribute + self.attribute = attribute if attribute not in reserved_attributes_to_scan else wrap_reserved_attributes(attribute) self.value = value self.is_jsonpath_check = is_jsonpath_check diff --git a/checkov/common/graph/graph_builder/graph_components/attribute_names.py b/checkov/common/graph/graph_builder/graph_components/attribute_names.py index 2439c8efa33..867808ff6ae 100644 --- a/checkov/common/graph/graph_builder/graph_components/attribute_names.py +++ b/checkov/common/graph/graph_builder/graph_components/attribute_names.py @@ -33,7 +33,12 @@ def props(cls: Any) -> List[str]: return [i for i in cls.__dict__.keys() if i[:1] != "_"] +def wrap_reserved_attributes(attribute: str, prefix: str = '_') -> str: + return f"{prefix}{attribute}" + + reserved_attribute_names = props(CustomAttributes) +reserved_attributes_to_scan = [CustomAttributes.RESOURCE_TYPE] class EncryptionValues(str, Enum): diff --git a/checkov/dockerfile/parser.py b/checkov/dockerfile/parser.py index 1af3ce6c242..bf7166be98a 100644 --- a/checkov/dockerfile/parser.py +++ b/checkov/dockerfile/parser.py @@ -3,6 +3,7 @@ from collections import OrderedDict from pathlib import Path from typing import TYPE_CHECKING +import io from dockerfile_parse import DockerfileParser from dockerfile_parse.constants import COMMENT_INSTRUCTION @@ -16,7 +17,9 @@ def parse(filename: str | Path) -> tuple[dict[str, list[_Instruction]], list[str]]: with open(filename) as dockerfile: - dfp = DockerfileParser(fileobj=dockerfile) + content = dockerfile.read() + converted_content = convert_multiline_commands(content) + dfp = DockerfileParser(fileobj=io.StringIO(converted_content)) return dfp_group_by_instructions(dfp) @@ -39,3 +42,25 @@ def collect_skipped_checks(parse_result: dict[str, list[_Instruction]]) -> list[ skipped_checks = collect_suppressions_for_context(code_lines=comment_lines) return skipped_checks + + +def convert_multiline_commands(dockerfile_content: str) -> str: + lines = dockerfile_content.splitlines() + converted_lines = [] + in_multiline = False + multiline_command: list[str] = [] + + for line in lines: + if line.strip().startswith('RUN < PrismaReport: data["imports"] = {} if not data.get("reachability_report"): data["reachability_report"] = {} + + self.remove_none_conf_incidents_policies(data) + return PrismaReport(**data) + @staticmethod + def remove_none_conf_incidents_policies(data: Dict[str, Any]) -> None: + remove_list = [] + for lang, match in data.get('rule_match', dict()).items(): + for check in match.keys(): + if check not in bc_integration.customer_run_config_response['policyMetadata']: + remove_list.append((lang, check)) + + for lang, check in remove_list: + del data['rule_match'][lang][check] + def run_go_library_list_policies(self, document: Dict[str, Any]) -> SastPolicies: try: library = ctypes.cdll.LoadLibrary(self.lib_path) diff --git a/checkov/secrets/runner.py b/checkov/secrets/runner.py index ff12ed2f5b3..a3c0382a053 100644 --- a/checkov/secrets/runner.py +++ b/checkov/secrets/runner.py @@ -126,6 +126,7 @@ def run( {'name': 'IbmCosHmacDetector'}, {'name': 'JwtTokenDetector'}, {'name': 'MailchimpDetector'}, + {'name': 'NpmDetector'}, {'name': 'PrivateKeyDetector'}, {'name': 'SlackDetector'}, {'name': 'SoftlayerDetector'}, diff --git a/checkov/secrets/scan_git_history.py b/checkov/secrets/scan_git_history.py index b9256decbc0..17573ebe40d 100644 --- a/checkov/secrets/scan_git_history.py +++ b/checkov/secrets/scan_git_history.py @@ -207,6 +207,8 @@ def _run_scan_one_commit(commit: Commit) -> Tuple[List[RawStore], int]: scanned_file_count = 0 commit_hash = commit.metadata.commit_hash for file_name, file_diff in commit.files.items(): + if len(file_diff) == 0: + continue file_results = [*scan.scan_diff(file_diff)] if file_results: logging.debug( diff --git a/checkov/terraform/graph_builder/graph_components/module.py b/checkov/terraform/graph_builder/graph_components/module.py index 76231fb7ece..14d3b4297a8 100644 --- a/checkov/terraform/graph_builder/graph_components/module.py +++ b/checkov/terraform/graph_builder/graph_components/module.py @@ -10,6 +10,7 @@ from checkov.terraform import TFDefinitionKey from checkov.terraform.graph_builder.graph_components.block_types import BlockType from checkov.terraform.graph_builder.graph_components.blocks import TerraformBlock +from checkov.common.graph.graph_builder import CustomAttributes, wrap_reserved_attributes, reserved_attributes_to_scan from checkov.terraform.parser_functions import handle_dynamic_values from hcl2 import START_LINE, END_LINE @@ -182,6 +183,16 @@ def _add_module(self, blocks: List[Dict[str, Dict[str, Any]]], path: TFDefinitio ) self._add_to_blocks(module_block) + def _alter_reserved_attributes(self, attributes: Dict[str, Any]) -> Dict[str, Any]: + """ + Reserved attributes (like `resource_type`) needs to be altered in order to be considered in scanning + """ + updated_attributes = pickle_deepcopy(attributes) + for reserved_attribute in reserved_attributes_to_scan: + if reserved_attribute in updated_attributes: + updated_attributes[wrap_reserved_attributes(reserved_attribute)] = updated_attributes[reserved_attribute] + return updated_attributes + def _add_resource(self, blocks: List[Dict[str, Dict[str, Any]]], path: TFDefinitionKeyType) -> None: for resource_dict in blocks: for resource_type, resources in resource_dict.items(): @@ -200,7 +211,8 @@ def _add_resource(self, blocks: List[Dict[str, Dict[str, Any]]], path: TFDefinit provisioner = attributes.get("provisioner") if provisioner: self._handle_provisioner(provisioner, attributes) - attributes["resource_type"] = [resource_type] + attributes = self._alter_reserved_attributes(attributes) + attributes[CustomAttributes.RESOURCE_TYPE] = [resource_type] block_name = f"{resource_type}.{name}" resource_block = TerraformBlock( block_type=BlockType.RESOURCE, diff --git a/checkov/version.py b/checkov/version.py index fe45eddc1dd..b95540607a5 100644 --- a/checkov/version.py +++ b/checkov/version.py @@ -1 +1 @@ -version = '3.2.282' +version = '3.2.292' diff --git a/kubernetes/requirements.txt b/kubernetes/requirements.txt index 3c8f70970eb..f29a5f22a78 100644 --- a/kubernetes/requirements.txt +++ b/kubernetes/requirements.txt @@ -1 +1 @@ -checkov==3.2.282 +checkov==3.2.292 diff --git a/setup.py b/setup.py index 8285d7cc059..31190061b26 100644 --- a/setup.py +++ b/setup.py @@ -66,7 +66,7 @@ def run(self) -> None: }, install_requires=[ "bc-python-hcl2==0.4.2", - "bc-detect-secrets==1.5.17", + "bc-detect-secrets==1.5.22", "bc-jsonpath-ng==1.6.1", "pycep-parser==0.5.1", "tabulate>=0.9.0,<0.10.0", @@ -75,7 +75,7 @@ def run(self) -> None: "junit-xml>=1.9,<2.0", "dpath==2.1.3", "pyyaml<7.0.0,>=6.0.0", - "boto3==1.34.25", + "boto3==1.35.49", "gitpython>=3.1.30,<4.0.0", "jmespath>=1.0.0,<2.0.0", "tqdm<5.0.0,>=4.65.0", @@ -107,9 +107,7 @@ def run(self) -> None: "spdx-tools>=0.8.0,<0.9.0", "license-expression<31.0.0,>=30.1.0", "rustworkx>=0.13.0,<0.14.0", - "pydantic<3.0.0,>=2.0.0", - "botocore==1.34.25", - "urllib3", + "pydantic<3.0.0,>=2.0.0" ], dependency_links=[], # keep it empty, needed for pipenv-setup license="Apache License 2.0", diff --git a/tests/arm/graph_builder/test_local_graph.py b/tests/arm/graph_builder/test_local_graph.py index 6a8d819e2bd..4a27ad30d94 100644 --- a/tests/arm/graph_builder/test_local_graph.py +++ b/tests/arm/graph_builder/test_local_graph.py @@ -4,7 +4,8 @@ from checkov.arm.graph_builder.graph_to_definitions import convert_graph_vertices_to_definitions from checkov.arm.graph_builder.local_graph import ArmLocalGraph, ArmBlock from checkov.arm.graph_manager import ArmGraphManager -from checkov.arm.utils import get_files_definitions, ArmElements +from checkov.arm.graph_builder.graph_components.block_types import BlockType +from checkov.arm.utils import get_files_definitions from checkov.common.graph.db_connectors.rustworkx.rustworkx_db_connector import RustworkxConnector EXAMPLES_DIR = Path(__file__).parent.parent / "examples" @@ -23,7 +24,7 @@ def test_graph_explicit_deps(): assert len(test_graph.vertices) == 6 assert len(test_graph.edges) == 5 - assert len(test_graph.vertices_by_block_type[ArmElements.RESOURCES]) == 6 + assert len(test_graph.vertices_by_block_type[BlockType.RESOURCE]) == 6 def test_graph_implicit_deps(): @@ -37,7 +38,7 @@ def test_graph_implicit_deps(): assert len(test_graph.vertices) == 6 assert len(test_graph.edges) == 4 - assert len(test_graph.vertices_by_block_type[ArmElements.RESOURCES]) == 6 + assert len(test_graph.vertices_by_block_type[BlockType.RESOURCE]) == 6 def test_graph_params_vars(): @@ -52,9 +53,9 @@ def test_graph_params_vars(): assert len(local_graph.vertices) == 18 assert len(local_graph.edges) == 20 - assert len(local_graph.vertices_by_block_type[ArmElements.PARAMETERS]) == 11 - assert len(local_graph.vertices_by_block_type[ArmElements.RESOURCES]) == 4 - assert len(local_graph.vertices_by_block_type[ArmElements.VARIABLES]) == 3 + assert len(local_graph.vertices_by_block_type[BlockType.PARAMETER]) == 11 + assert len(local_graph.vertices_by_block_type[BlockType.RESOURCE]) == 4 + assert len(local_graph.vertices_by_block_type[BlockType.VARIABLE]) == 3 def test_graph_from_file_def_and_graph_def(): @@ -77,17 +78,17 @@ def test_graph_from_file_def_and_graph_def(): assert len(local_graph.edges) == len(local_graph_from_new_def.edges) - assert len(local_graph.vertices_by_block_type[ArmElements.PARAMETERS]) == len(local_graph_from_new_def.vertices_by_block_type[ArmElements.PARAMETERS]) - assert len(local_graph.vertices_by_block_type[ArmElements.RESOURCES]) == len(local_graph_from_new_def.vertices_by_block_type[ArmElements.RESOURCES]) - assert len(local_graph.vertices_by_block_type[ArmElements.VARIABLES]) == len(local_graph_from_new_def.vertices_by_block_type[ArmElements.VARIABLES]) + assert len(local_graph.vertices_by_block_type[BlockType.PARAMETER]) == len(local_graph_from_new_def.vertices_by_block_type[BlockType.PARAMETER]) + assert len(local_graph.vertices_by_block_type[BlockType.RESOURCE]) == len(local_graph_from_new_def.vertices_by_block_type[BlockType.RESOURCE]) + assert len(local_graph.vertices_by_block_type[BlockType.VARIABLE]) == len(local_graph_from_new_def.vertices_by_block_type[BlockType.VARIABLE]) def test_update_vertices_names(): graph = ArmLocalGraph(definitions={}) graph.vertices = [ - ArmBlock(name="variables(name1)", config={"name": "updatedName1"}, block_type=ArmElements.RESOURCES, path='', attributes={}, id='1'), - ArmBlock(name="name2", config={"name": "name2"}, block_type=ArmElements.RESOURCES, path='', attributes={}, id='2'), - ArmBlock(name="name3", config={}, block_type=ArmElements.RESOURCES, path='', attributes={}, id='3') + ArmBlock(name="variables(name1)", config={"name": "updatedName1"}, block_type=BlockType.RESOURCE, path='', attributes={}, id='1'), + ArmBlock(name="name2", config={"name": "name2"}, block_type=BlockType.RESOURCE, path='', attributes={}, id='2'), + ArmBlock(name="name3", config={}, block_type=BlockType.RESOURCE, path='', attributes={}, id='3') ] graph.vertices_by_name = {"variables(name1)": 0, "name2": 1, "name3": 2} diff --git a/tests/arm/test_graph_manager.py b/tests/arm/test_graph_manager.py index 947f55f1c16..11a1b16eea7 100644 --- a/tests/arm/test_graph_manager.py +++ b/tests/arm/test_graph_manager.py @@ -4,6 +4,7 @@ from checkov.arm.graph_manager import ArmGraphManager from checkov.arm.utils import get_files_definitions, ArmElements +from checkov.arm.graph_builder.graph_components.block_types import BlockType from checkov.common.graph.db_connectors.networkx.networkx_db_connector import NetworkxConnector from checkov.common.graph.db_connectors.rustworkx.rustworkx_db_connector import RustworkxConnector from checkov.common.graph.graph_builder import CustomAttributes @@ -38,7 +39,7 @@ def test_build_graph_from_definitions(graph_connector): container_idx = local_graph.vertices_by_path_and_id[(test_file, "Microsoft.ContainerInstance/containerGroups.[parameters('containerGroupName')]")] container = local_graph.vertices[container_idx] - assert container.block_type == ArmElements.RESOURCES + assert container.block_type == BlockType.RESOURCE assert container.id == "Microsoft.ContainerInstance/containerGroups.[parameters('containerGroupName')]" assert container.source == GraphSource.ARM diff --git a/tests/common/checks/test_graph_check_loading.py b/tests/common/checks/test_graph_check_loading.py index ec0ad4d633e..53cca682d62 100644 --- a/tests/common/checks/test_graph_check_loading.py +++ b/tests/common/checks/test_graph_check_loading.py @@ -38,9 +38,6 @@ def test_external_checks_and_graph_checks_load(self): runner_filter = RunnerFilter(framework=['terraform']) external_graph_checks = 0 - # make sure internal checks are loaded beforehand - runner.graph_registry.load_checks() - # with external yaml checks external graph registry checks count should be equal to the external graph checks extra_checks_dir_path = [current_dir + "/extra_checks", current_dir + "/extra_yaml_checks"] runner.run(root_folder=current_dir, external_checks_dir=extra_checks_dir_path, diff --git a/tests/dockerfile/resources/multiline_command/Dockerfile b/tests/dockerfile/resources/multiline_command/Dockerfile new file mode 100644 index 00000000000..79d5de99e1c --- /dev/null +++ b/tests/dockerfile/resources/multiline_command/Dockerfile @@ -0,0 +1,13 @@ +# syntax=docker/dockerfile:1.4 +FROM docker.io/library/ubuntu:22.04 + +RUN < None: registry.checks = self.orig_checks diff --git a/tests/terraform/parser/test_module.py b/tests/terraform/parser/test_module.py index 25a5ed1e128..dc168578bab 100644 --- a/tests/terraform/parser/test_module.py +++ b/tests/terraform/parser/test_module.py @@ -59,6 +59,24 @@ def test_module_double_slash_cleanup_string(self): self.assertEqual(1, len(module.blocks)) self.assertEqual('ingress.annotations.kubernetes\\.io/ingress\\.class', module.blocks[0].attributes['set.name']) + def test_module_with_resource_type_attribute(self): + tf = hcl2.loads(""" +resource "azurerm_security_center_subscription_pricing" "example" { + tier = "free" + resource_type = "VirtualMachines" + extension { + name = "ContainerRegistriesVulnerabilityAssessments" + } +} + """) + non_malformed_definitions = validate_malformed_definitions(tf) + definitions = { + '/mock/path/to.tf': clean_bad_definitions(non_malformed_definitions) + } + module, _ = TFParser().parse_hcl_module_from_tf_definitions(definitions, '', 'terraform') + self.assertEqual(1, len(module.blocks)) + self.assertEqual(['VirtualMachines'], module.blocks[0].attributes['_resource_type']) + def test_parse_hcl_module_serialize_definitions(self): parser = TFParser() directory = os.path.join(self.resources_dir, "parser_nested_modules")