diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 43214e860..dd94e29fa 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -14,7 +14,7 @@ verbose: true # Here's an example on how to setup terrascan as a pre-commit #- repo: https://github.com/cesar-rodriguez/terrascan -# rev: v0.1.2 +# rev: v0.2.3 # hooks: # - id: terrascan # pass_filenames: false diff --git a/setup.cfg b/setup.cfg index 9f269c1f3..0eb544056 100644 --- a/setup.cfg +++ b/setup.cfg @@ -1,5 +1,5 @@ [bumpversion] -current_version = 0.2.2 +current_version = 0.2.3 commit = True tag = True diff --git a/setup.py b/setup.py index 2436d9057..e5adbca98 100644 --- a/setup.py +++ b/setup.py @@ -26,14 +26,13 @@ :alt: Updates -A collection of security and best practice tests for static code analysis of terraform_ templates using terraform_validate_. +A linter for security best practices testing of Terraform_ templates. -.. _terraform: https://www.terraform.io -.. _terraform_validate: https://github.com/elmundio87/terraform_validate +.. _Terraform: https://www.terraform.io * GitHub Repo: https://github.com/cesar-rodriguez/terrascan * Documentation: https://terrascan.readthedocs.io. -* Free software: GNU General Public License v3 +* Free software: Apache-2.0 ''' with open('HISTORY.rst') as history_file: @@ -44,15 +43,15 @@ ] setup( - name='terrascan', - version='0.2.2', - description="Best practices tests for terraform", + name='Terrascan', + version='0.2.3', + description="Security best practice static code analysis for terraform", long_description=readme, - author="Cesar Rodriguez", - author_email='therasec@gmail.com', - url='https://github.com/cesar-rodriguez/terrascan', - download_url='https://github.com/cesar-rodriguez/terrascan' + - '/archive/v0.2.2.tar.gz', + author="Accurics", + author_email='support@accurics.com', + url='https://github.com/accurics/terrascan', + download_url='https://github.com/accurics/terrascan' + + '/archive/v0.2.3.tar.gz', packages=find_packages(where='.'), entry_points={ 'console_scripts': [ @@ -60,13 +59,13 @@ ] }, include_package_data=True, - license="GNU General Public License v3", + license="Apache-2.0", zip_safe=False, keywords='terrascan', classifiers=[ - 'Development Status :: 2 - Pre-Alpha', + 'Development Status :: 5 - Production/Stable', 'Intended Audience :: Developers', - 'License :: OSI Approved :: GNU General Public License v3 (GPLv3)', + 'License :: OSI Approved :: Apache Software License', 'Natural Language :: English', 'Programming Language :: Python :: 3.6', 'Programming Language :: Python :: 3.7', diff --git a/terrascan/terrascan.py b/terrascan/terrascan.py index a4758fdcf..3a88fa153 100644 --- a/terrascan/terrascan.py +++ b/terrascan/terrascan.py @@ -25,6 +25,7 @@ import subprocess import json import time +from shutil import copy2, rmtree from terrascan.embedded import terraform_validate import logging @@ -881,30 +882,51 @@ def isRuleOverridden(self, ruleName): return False +def get_version(): + ''' + Returns the currently installed version of Terrascan + ''' + try: + result = subprocess.run(['pip', 'show', 'terrascan'], stdout=subprocess.PIPE, stderr=subprocess.PIPE) + stdout = result.stdout.decode("utf-8") + version = stdout.split('Version: ')[1].split('\n')[0] + except: + version = "?" + return version + + ################################################################################################# # run the tests ################################################################################################# def terrascan(args): start = time.time() - - try: - result = subprocess.run(['pip', 'show', 'terrascan-sf'], stdout=subprocess.PIPE, stderr=subprocess.PIPE) - stdout = result.stdout.decode("utf-8") - versionStr = "Version: " - startIndex = stdout.find(versionStr) - except: - startIndex = -1 - if startIndex == -1: - version = "?" - else: - startIndex += len(versionStr) - endIndex = stdout.find("\r", startIndex) - version = stdout[startIndex:endIndex] + version = get_version() # process the arguments - terraformLocation = args.location[0] - if not os.path.isabs(terraformLocation): - terraformLocation = os.path.join(os.sep, os.path.abspath("."), terraformLocation) + if args.version: + print(f'Terrascan v{version}') + sys.exit(0) + + if args.location is None and args.files is None: + print('ERROR: Using one of -l or -f flags is required.') + sys.exit(1) + + if args.location is not None and args.files is not None: + print("ERROR: The -l or -f flags can't be use at the same time.") + sys.exit(1) + + if args.location is not None: + terraformLocation = args.location[0] + if not os.path.isabs(terraformLocation): + terraformLocation = os.path.join(os.sep, os.path.abspath("."), terraformLocation) + + if args.files is not None: + terraformLocation = os.path.join(os.sep, os.path.abspath("."), '.terrascan') + if not os.path.exists(terraformLocation): + os.makedirs(terraformLocation) + for file in args.files: + copy2(file, terraformLocation) + if args.vars: variablesJsonFilename = [] for fileName in args.vars: @@ -1011,6 +1033,9 @@ def terrascan(args): for rule in Rules.rules: print(rule) + if args.files is not None: + rmtree(terraformLocation) + sys.exit(rc) @@ -1022,8 +1047,13 @@ def create_parser(): '-l', '--location', help='location of terraform templates to scan', - nargs=1, - required=True + nargs=1 + ) + parser.add_argument( + '-f', + '--files', + help='terraform hcl files to scan', + nargs='*' ) parser.add_argument( '-v', @@ -1053,7 +1083,13 @@ def create_parser(): '-c', '--config', help='logging configuration: error, warning, info, debug, or none; default is error', - nargs=1, ) + nargs=1, + ) + parser.add_argument( + '--version', + help='get version of Terrascan', + action='store_true' + ) parser.set_defaults(func=terrascan) return parser