Merge pull request #257 from accurics/feature/individual-files

Adds ability to scan individual files
tenable · Jul 24, 2020 · cd6753f · cd6753f
2 parents 2e748d2 + 6dfe29d
commit cd6753f
Show file tree

Hide file tree

Showing 4 changed files with 72 additions and 37 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -14,7 +14,7 @@
         verbose: true
 # Here's an example on how to setup terrascan as a pre-commit
 #-   repo: https://github.com/cesar-rodriguez/terrascan
-#    rev: v0.1.2
+#    rev: v0.2.3
 #    hooks:
 #    -   id: terrascan
 #        pass_filenames: false

diff --git a/setup.cfg b/setup.cfg
@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 0.2.2
+current_version = 0.2.3
 commit = True
 tag = True
 

diff --git a/setup.py b/setup.py
@@ -26,14 +26,13 @@
      :alt: Updates
 
 
-A collection of security and best practice tests for static code analysis of terraform_ templates using terraform_validate_.
+A linter for security best practices testing of Terraform_ templates.
 
-.. _terraform: https://www.terraform.io
-.. _terraform_validate: https://github.com/elmundio87/terraform_validate
+.. _Terraform: https://www.terraform.io
 
 * GitHub Repo: https://github.com/cesar-rodriguez/terrascan
 * Documentation: https://terrascan.readthedocs.io.
-* Free software: GNU General Public License v3
+* Free software: Apache-2.0
 '''
 
 with open('HISTORY.rst') as history_file:
@@ -44,29 +43,29 @@
 ]
 
 setup(
-    name='terrascan',
-    version='0.2.2',
-    description="Best practices tests for terraform",
+    name='Terrascan',
+    version='0.2.3',
+    description="Security best practice static code analysis for terraform",
     long_description=readme,
-    author="Cesar Rodriguez",
-    author_email='therasec@gmail.com',
-    url='https://github.com/cesar-rodriguez/terrascan',
-    download_url='https://github.com/cesar-rodriguez/terrascan' +
-    '/archive/v0.2.2.tar.gz',
+    author="Accurics",
+    author_email='support@accurics.com',
+    url='https://github.com/accurics/terrascan',
+    download_url='https://github.com/accurics/terrascan' +
+    '/archive/v0.2.3.tar.gz',
     packages=find_packages(where='.'),
     entry_points={
         'console_scripts': [
             'terrascan = terrascan.terrascan:main'
         ]
     },
     include_package_data=True,
-    license="GNU General Public License v3",
+    license="Apache-2.0",
     zip_safe=False,
     keywords='terrascan',
     classifiers=[
-        'Development Status :: 2 - Pre-Alpha',
+        'Development Status :: 5 - Production/Stable',
         'Intended Audience :: Developers',
-        'License :: OSI Approved :: GNU General Public License v3 (GPLv3)',
+        'License :: OSI Approved :: Apache Software License',
         'Natural Language :: English',
         'Programming Language :: Python :: 3.6',
         'Programming Language :: Python :: 3.7',

diff --git a/terrascan/terrascan.py b/terrascan/terrascan.py
@@ -25,6 +25,7 @@
 import subprocess
 import json
 import time
+from shutil import copy2, rmtree
 from terrascan.embedded import terraform_validate
 import logging
 
@@ -881,30 +882,51 @@ def isRuleOverridden(self, ruleName):
         return False
 
 
+def get_version():
+    '''
+    Returns the currently installed version of Terrascan
+    '''
+    try:
+        result = subprocess.run(['pip', 'show', 'terrascan'], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+        stdout = result.stdout.decode("utf-8")
+        version = stdout.split('Version: ')[1].split('\n')[0]
+    except:
+        version = "?"
+    return version
+
+
 #################################################################################################
 # run the tests
 #################################################################################################
 def terrascan(args):
     start = time.time()
-
-    try:
-        result = subprocess.run(['pip', 'show', 'terrascan-sf'], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
-        stdout = result.stdout.decode("utf-8")
-        versionStr = "Version: "
-        startIndex = stdout.find(versionStr)
-    except:
-        startIndex = -1
-    if startIndex == -1:
-        version = "?"
-    else:
-        startIndex += len(versionStr)
-        endIndex = stdout.find("\r", startIndex)
-        version = stdout[startIndex:endIndex]
+    version = get_version()
 
     # process the arguments
-    terraformLocation = args.location[0]
-    if not os.path.isabs(terraformLocation):
-        terraformLocation = os.path.join(os.sep, os.path.abspath("."),  terraformLocation)
+    if args.version:
+        print(f'Terrascan v{version}')
+        sys.exit(0)
+
+    if args.location is None and args.files is None:
+        print('ERROR: Using one of -l or -f flags is required.')
+        sys.exit(1)
+
+    if args.location is not None and args.files is not None:
+        print("ERROR: The -l or -f flags can't be use at the same time.")
+        sys.exit(1)
+
+    if args.location is not None:
+        terraformLocation = args.location[0]
+        if not os.path.isabs(terraformLocation):
+            terraformLocation = os.path.join(os.sep, os.path.abspath("."), terraformLocation)
+
+    if args.files is not None:
+        terraformLocation = os.path.join(os.sep, os.path.abspath("."), '.terrascan')
+        if not os.path.exists(terraformLocation):
+            os.makedirs(terraformLocation)
+        for file in args.files:
+            copy2(file, terraformLocation)
+
     if args.vars:
         variablesJsonFilename = []
         for fileName in args.vars:
@@ -1011,6 +1033,9 @@ def terrascan(args):
         for rule in Rules.rules:
             print(rule)
 
+    if args.files is not None:
+        rmtree(terraformLocation)
+
     sys.exit(rc)
 
 
@@ -1022,8 +1047,13 @@ def create_parser():
         '-l',
         '--location',
         help='location of terraform templates to scan',
-        nargs=1,
-        required=True
+        nargs=1
+    )
+    parser.add_argument(
+        '-f',
+        '--files',
+        help='terraform hcl files to scan',
+        nargs='*'
     )
     parser.add_argument(
         '-v',
@@ -1053,7 +1083,13 @@ def create_parser():
         '-c',
         '--config',
         help='logging configuration:  error, warning, info, debug, or none; default is error',
-        nargs=1,    )
+        nargs=1,
+    )
+    parser.add_argument(
+        '--version',
+        help='get version of Terrascan',
+        action='store_true'
+    )
     parser.set_defaults(func=terrascan)
 
     return parser