From ecc9ac3f6df95a6e762496fd3fb4c2e7179659f0 Mon Sep 17 00:00:00 2001 From: Cesar Rodriguez Date: Thu, 23 Jul 2020 16:53:29 -0400 Subject: [PATCH 1/7] Bumps version --- setup.cfg | 2 +- setup.py | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/setup.cfg b/setup.cfg index 9f269c1f3..0eb544056 100644 --- a/setup.cfg +++ b/setup.cfg @@ -1,5 +1,5 @@ [bumpversion] -current_version = 0.2.2 +current_version = 0.2.3 commit = True tag = True diff --git a/setup.py b/setup.py index 2436d9057..140642f90 100644 --- a/setup.py +++ b/setup.py @@ -45,14 +45,14 @@ setup( name='terrascan', - version='0.2.2', + version='0.2.3', description="Best practices tests for terraform", long_description=readme, author="Cesar Rodriguez", author_email='therasec@gmail.com', url='https://github.com/cesar-rodriguez/terrascan', download_url='https://github.com/cesar-rodriguez/terrascan' + - '/archive/v0.2.2.tar.gz', + '/archive/v0.2.3.tar.gz', packages=find_packages(where='.'), entry_points={ 'console_scripts': [ From d19efa6f1899d289519ee8451cdba56645847582 Mon Sep 17 00:00:00 2001 From: Cesar Rodriguez Date: Thu, 23 Jul 2020 16:54:06 -0400 Subject: [PATCH 2/7] Bumps version --- .pre-commit-config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 43214e860..dd94e29fa 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -14,7 +14,7 @@ verbose: true # Here's an example on how to setup terrascan as a pre-commit #- repo: https://github.com/cesar-rodriguez/terrascan -# rev: v0.1.2 +# rev: v0.2.3 # hooks: # - id: terrascan # pass_filenames: false From 81040a1a9d712357050322de23bd1417020fa1f1 Mon Sep 17 00:00:00 2001 From: Cesar Rodriguez Date: Thu, 23 Jul 2020 16:58:17 -0400 Subject: [PATCH 3/7] Fixes command --- terrascan/terrascan.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terrascan/terrascan.py b/terrascan/terrascan.py index a4758fdcf..cf014d696 100644 --- a/terrascan/terrascan.py +++ b/terrascan/terrascan.py @@ -888,7 +888,7 @@ def terrascan(args): start = time.time() try: - result = subprocess.run(['pip', 'show', 'terrascan-sf'], stdout=subprocess.PIPE, stderr=subprocess.PIPE) + result = subprocess.run(['pip', 'show', 'terrascan'], stdout=subprocess.PIPE, stderr=subprocess.PIPE) stdout = result.stdout.decode("utf-8") versionStr = "Version: " startIndex = stdout.find(versionStr) From 435b01c77511b86640fe0ace75f7935ce1dc8ce8 Mon Sep 17 00:00:00 2001 From: Cesar Rodriguez Date: Thu, 23 Jul 2020 22:03:45 -0400 Subject: [PATCH 4/7] Adds support for passing individual files --- terrascan/terrascan.py | 36 +++++++++++++++++++++++++++++++----- 1 file changed, 31 insertions(+), 5 deletions(-) diff --git a/terrascan/terrascan.py b/terrascan/terrascan.py index cf014d696..853b42b37 100644 --- a/terrascan/terrascan.py +++ b/terrascan/terrascan.py @@ -25,6 +25,7 @@ import subprocess import json import time +from shutil import copy2, rmtree from terrascan.embedded import terraform_validate import logging @@ -902,9 +903,26 @@ def terrascan(args): version = stdout[startIndex:endIndex] # process the arguments - terraformLocation = args.location[0] - if not os.path.isabs(terraformLocation): - terraformLocation = os.path.join(os.sep, os.path.abspath("."), terraformLocation) + if args.location is None and args.files is None: + print('ERROR: Using one of -l or -f flags is required.') + sys.exit(1) + + if args.location is not None and args.files is not None: + print("ERROR: The -l or -f flags can't be use at the same time.") + sys.exit(1) + + if args.location is not None: + terraformLocation = args.location[0] + if not os.path.isabs(terraformLocation): + terraformLocation = os.path.join(os.sep, os.path.abspath("."), terraformLocation) + + if args.files is not None: + terraformLocation = os.path.join(os.sep, os.path.abspath("."), '.terrascan') + if not os.path.exists(terraformLocation): + os.makedirs(terraformLocation) + for file in args.files: + copy2(file, terraformLocation) + if args.vars: variablesJsonFilename = [] for fileName in args.vars: @@ -1011,6 +1029,9 @@ def terrascan(args): for rule in Rules.rules: print(rule) + if args.files is not None: + rmtree(terraformLocation) + sys.exit(rc) @@ -1022,8 +1043,13 @@ def create_parser(): '-l', '--location', help='location of terraform templates to scan', - nargs=1, - required=True + nargs=1 + ) + parser.add_argument( + '-f', + '--files', + help='terraform hcl files to scan', + nargs='*' ) parser.add_argument( '-v', From 366e7e6e435a7fe8476bd37e74fcd02555a870eb Mon Sep 17 00:00:00 2001 From: Cesar Rodriguez Date: Thu, 23 Jul 2020 22:20:23 -0400 Subject: [PATCH 5/7] fixes metadata --- setup.py | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/setup.py b/setup.py index 140642f90..e5adbca98 100644 --- a/setup.py +++ b/setup.py @@ -26,14 +26,13 @@ :alt: Updates -A collection of security and best practice tests for static code analysis of terraform_ templates using terraform_validate_. +A linter for security best practices testing of Terraform_ templates. -.. _terraform: https://www.terraform.io -.. _terraform_validate: https://github.com/elmundio87/terraform_validate +.. _Terraform: https://www.terraform.io * GitHub Repo: https://github.com/cesar-rodriguez/terrascan * Documentation: https://terrascan.readthedocs.io. -* Free software: GNU General Public License v3 +* Free software: Apache-2.0 ''' with open('HISTORY.rst') as history_file: @@ -44,14 +43,14 @@ ] setup( - name='terrascan', + name='Terrascan', version='0.2.3', - description="Best practices tests for terraform", + description="Security best practice static code analysis for terraform", long_description=readme, - author="Cesar Rodriguez", - author_email='therasec@gmail.com', - url='https://github.com/cesar-rodriguez/terrascan', - download_url='https://github.com/cesar-rodriguez/terrascan' + + author="Accurics", + author_email='support@accurics.com', + url='https://github.com/accurics/terrascan', + download_url='https://github.com/accurics/terrascan' + '/archive/v0.2.3.tar.gz', packages=find_packages(where='.'), entry_points={ @@ -60,13 +59,13 @@ ] }, include_package_data=True, - license="GNU General Public License v3", + license="Apache-2.0", zip_safe=False, keywords='terrascan', classifiers=[ - 'Development Status :: 2 - Pre-Alpha', + 'Development Status :: 5 - Production/Stable', 'Intended Audience :: Developers', - 'License :: OSI Approved :: GNU General Public License v3 (GPLv3)', + 'License :: OSI Approved :: Apache Software License', 'Natural Language :: English', 'Programming Language :: Python :: 3.6', 'Programming Language :: Python :: 3.7', From 66f9a3015e496359c5ddb87e2ac88494cb5e5477 Mon Sep 17 00:00:00 2001 From: Cesar Rodriguez Date: Thu, 23 Jul 2020 22:30:46 -0400 Subject: [PATCH 6/7] adds version command --- terrascan/terrascan.py | 40 +++++++++++++++++++++++++--------------- 1 file changed, 25 insertions(+), 15 deletions(-) diff --git a/terrascan/terrascan.py b/terrascan/terrascan.py index 853b42b37..b5db2a023 100644 --- a/terrascan/terrascan.py +++ b/terrascan/terrascan.py @@ -882,27 +882,31 @@ def isRuleOverridden(self, ruleName): return False -################################################################################################# -# run the tests -################################################################################################# -def terrascan(args): - start = time.time() - +def get_version(): + ''' + Returns the currently installed version of Terrascan + ''' try: result = subprocess.run(['pip', 'show', 'terrascan'], stdout=subprocess.PIPE, stderr=subprocess.PIPE) stdout = result.stdout.decode("utf-8") - versionStr = "Version: " - startIndex = stdout.find(versionStr) + version = stdout.split('Version: ')[1].split('\n')[0] except: - startIndex = -1 - if startIndex == -1: version = "?" - else: - startIndex += len(versionStr) - endIndex = stdout.find("\r", startIndex) - version = stdout[startIndex:endIndex] + return version + + +################################################################################################# +# run the tests +################################################################################################# +def terrascan(args): + start = time.time() + version = get_version() # process the arguments + if args.version is not None: + print(f'Terrascan v{version}') + sys.exit(0) + if args.location is None and args.files is None: print('ERROR: Using one of -l or -f flags is required.') sys.exit(1) @@ -1079,7 +1083,13 @@ def create_parser(): '-c', '--config', help='logging configuration: error, warning, info, debug, or none; default is error', - nargs=1, ) + nargs=1, + ) + parser.add_argument( + '--version', + help='get version of Terrascan', + action='store_true' + ) parser.set_defaults(func=terrascan) return parser From 6dfe29dee8280a69531a7a862dd3e9a8e235178f Mon Sep 17 00:00:00 2001 From: Cesar Rodriguez Date: Thu, 23 Jul 2020 23:00:47 -0400 Subject: [PATCH 7/7] Fixes version flag logic --- terrascan/terrascan.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terrascan/terrascan.py b/terrascan/terrascan.py index b5db2a023..3a88fa153 100644 --- a/terrascan/terrascan.py +++ b/terrascan/terrascan.py @@ -903,7 +903,7 @@ def terrascan(args): version = get_version() # process the arguments - if args.version is not None: + if args.version: print(f'Terrascan v{version}') sys.exit(0)