github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/pkg/scanners/terraform/options.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/pkg/scanners/terraform/options.go (about)

     1  package terraform
     2  
     3  import (
     4  	"strings"
     5  
     6  	"github.com/khulnasoft-lab/defsec/pkg/scan"
     7  	"github.com/khulnasoft-lab/defsec/pkg/scanners/options"
     8  	"github.com/khulnasoft-lab/defsec/pkg/scanners/terraform/executor"
     9  	"github.com/khulnasoft-lab/defsec/pkg/scanners/terraform/parser"
    10  	"github.com/khulnasoft-lab/defsec/pkg/severity"
    11  	"github.com/khulnasoft-lab/defsec/pkg/state"
    12  )
    13  
    14  type ConfigurableTerraformScanner interface {
    15  	options.ConfigurableScanner
    16  	SetForceAllDirs(bool)
    17  	AddExecutorOptions(options ...executor.Option)
    18  	AddParserOptions(options ...options.ParserOption)
    19  	SetEmbeddedLibrariesEnabled(enabled bool)
    20  }
    21  
    22  func ScannerWithTFVarsPaths(paths ...string) options.ScannerOption {
    23  	return func(s options.ConfigurableScanner) {
    24  		if tf, ok := s.(ConfigurableTerraformScanner); ok {
    25  			tf.AddParserOptions(parser.OptionWithTFVarsPaths(paths...))
    26  		}
    27  	}
    28  }
    29  
    30  func ScannerWithAlternativeIDProvider(f func(string) []string) options.ScannerOption {
    31  	return func(s options.ConfigurableScanner) {
    32  		if tf, ok := s.(ConfigurableTerraformScanner); ok {
    33  			tf.AddExecutorOptions(executor.OptionWithAlternativeIDProvider(f))
    34  		}
    35  	}
    36  }
    37  
    38  func ScannerWithSeverityOverrides(overrides map[string]string) options.ScannerOption {
    39  	return func(s options.ConfigurableScanner) {
    40  		if tf, ok := s.(ConfigurableTerraformScanner); ok {
    41  			tf.AddExecutorOptions(executor.OptionWithSeverityOverrides(overrides))
    42  		}
    43  	}
    44  }
    45  
    46  func ScannerWithNoIgnores() options.ScannerOption {
    47  	return func(s options.ConfigurableScanner) {
    48  		if tf, ok := s.(ConfigurableTerraformScanner); ok {
    49  			tf.AddExecutorOptions(executor.OptionNoIgnores())
    50  		}
    51  	}
    52  }
    53  
    54  func ScannerWithExcludedRules(ruleIDs []string) options.ScannerOption {
    55  	return func(s options.ConfigurableScanner) {
    56  		if tf, ok := s.(ConfigurableTerraformScanner); ok {
    57  			tf.AddExecutorOptions(executor.OptionExcludeRules(ruleIDs))
    58  		}
    59  	}
    60  }
    61  
    62  func ScannerWithExcludeIgnores(ruleIDs []string) options.ScannerOption {
    63  	return func(s options.ConfigurableScanner) {
    64  		if tf, ok := s.(ConfigurableTerraformScanner); ok {
    65  			tf.AddExecutorOptions(executor.OptionExcludeIgnores(ruleIDs))
    66  		}
    67  	}
    68  }
    69  
    70  func ScannerWithIncludedRules(ruleIDs []string) options.ScannerOption {
    71  	return func(s options.ConfigurableScanner) {
    72  		if tf, ok := s.(ConfigurableTerraformScanner); ok {
    73  			tf.AddExecutorOptions(executor.OptionIncludeRules(ruleIDs))
    74  		}
    75  	}
    76  }
    77  
    78  func ScannerWithStopOnRuleErrors(stop bool) options.ScannerOption {
    79  	return func(s options.ConfigurableScanner) {
    80  		if tf, ok := s.(ConfigurableTerraformScanner); ok {
    81  			tf.AddExecutorOptions(executor.OptionStopOnErrors(stop))
    82  		}
    83  	}
    84  }
    85  
    86  func ScannerWithWorkspaceName(name string) options.ScannerOption {
    87  	return func(s options.ConfigurableScanner) {
    88  		if tf, ok := s.(ConfigurableTerraformScanner); ok {
    89  			tf.AddParserOptions(parser.OptionWithWorkspaceName(name))
    90  			tf.AddExecutorOptions(executor.OptionWithWorkspaceName(name))
    91  		}
    92  	}
    93  }
    94  
    95  func ScannerWithSingleThread(single bool) options.ScannerOption {
    96  	return func(s options.ConfigurableScanner) {
    97  		if tf, ok := s.(ConfigurableTerraformScanner); ok {
    98  			tf.AddExecutorOptions(executor.OptionWithSingleThread(single))
    99  		}
   100  	}
   101  }
   102  
   103  func ScannerWithAllDirectories(all bool) options.ScannerOption {
   104  	return func(s options.ConfigurableScanner) {
   105  		if tf, ok := s.(ConfigurableTerraformScanner); ok {
   106  			tf.SetForceAllDirs(all)
   107  		}
   108  	}
   109  }
   110  
   111  func ScannerWithStopOnHCLError(stop bool) options.ScannerOption {
   112  	return func(s options.ConfigurableScanner) {
   113  		if tf, ok := s.(ConfigurableTerraformScanner); ok {
   114  			tf.AddParserOptions(parser.OptionStopOnHCLError(stop))
   115  		}
   116  	}
   117  }
   118  
   119  func ScannerWithSkipDownloaded(skip bool) options.ScannerOption {
   120  	return func(s options.ConfigurableScanner) {
   121  		if !skip {
   122  			return
   123  		}
   124  		if tf, ok := s.(ConfigurableTerraformScanner); ok {
   125  			tf.AddExecutorOptions(executor.OptionWithResultsFilter(func(results scan.Results) scan.Results {
   126  				for i, result := range results {
   127  					prefix := result.Range().GetSourcePrefix()
   128  					switch {
   129  					case prefix == "":
   130  					case strings.HasPrefix(prefix, "."):
   131  					default:
   132  						results[i].OverrideStatus(scan.StatusIgnored)
   133  					}
   134  				}
   135  				return results
   136  			}))
   137  		}
   138  	}
   139  }
   140  
   141  func ScannerWithResultsFilter(f func(scan.Results) scan.Results) options.ScannerOption {
   142  	return func(s options.ConfigurableScanner) {
   143  		if tf, ok := s.(ConfigurableTerraformScanner); ok {
   144  			tf.AddExecutorOptions(executor.OptionWithResultsFilter(f))
   145  		}
   146  	}
   147  }
   148  
   149  func ScannerWithMinimumSeverity(minimum severity.Severity) options.ScannerOption {
   150  	min := severityAsOrdinal(minimum)
   151  	return func(s options.ConfigurableScanner) {
   152  		if tf, ok := s.(ConfigurableTerraformScanner); ok {
   153  			tf.AddExecutorOptions(executor.OptionWithResultsFilter(func(results scan.Results) scan.Results {
   154  				for i, result := range results {
   155  					if severityAsOrdinal(result.Severity()) < min {
   156  						results[i].OverrideStatus(scan.StatusIgnored)
   157  					}
   158  				}
   159  				return results
   160  			}))
   161  		}
   162  	}
   163  }
   164  
   165  func severityAsOrdinal(sev severity.Severity) int {
   166  	switch sev {
   167  	case severity.Critical:
   168  		return 4
   169  	case severity.High:
   170  		return 3
   171  	case severity.Medium:
   172  		return 2
   173  	case severity.Low:
   174  		return 1
   175  	default:
   176  		return 0
   177  	}
   178  }
   179  
   180  func ScannerWithStateFunc(f ...func(*state.State)) options.ScannerOption {
   181  	return func(s options.ConfigurableScanner) {
   182  		if tf, ok := s.(ConfigurableTerraformScanner); ok {
   183  			tf.AddExecutorOptions(executor.OptionWithStateFunc(f...))
   184  		}
   185  	}
   186  }
   187  
   188  func ScannerWithDownloadsAllowed(allowed bool) options.ScannerOption {
   189  	return func(s options.ConfigurableScanner) {
   190  		if tf, ok := s.(ConfigurableTerraformScanner); ok {
   191  			tf.AddParserOptions(parser.OptionWithDownloads(allowed))
   192  		}
   193  	}
   194  }
   195  
   196  func ScannerWithEmbeddedLibraries(embedded bool) options.ScannerOption {
   197  	return func(s options.ConfigurableScanner) {
   198  		if tf, ok := s.(ConfigurableTerraformScanner); ok {
   199  			tf.SetEmbeddedLibrariesEnabled(embedded)
   200  		}
   201  	}
   202  }