Skip to content

Commit

Permalink
fix(query): "name is not snake case" should check only resource names (
Browse files Browse the repository at this point in the history 
…Checkmarx#4346)

Signed-off-by: Rogério Peixoto <[email protected]>
  • Loading branch information
@rogeriopeixotocx
rogeriopeixotocx authored Oct 11, 2021
1 parent 3a57982 commit 8fcedec
Show file tree
Hide file tree
Showing 4 changed files with 61 additions and 14 deletions.
29 changes: 23 additions & 6 deletions assets/queries/terraform/general/name_is_not_snake_case/query.rego
View file
Original file line number Diff line number Diff line change
@@ -1,18 +1,35 @@
package Cx

import data.generic.common as common_lib

CxPolicy[result] {
doc := input.document[i]
res_type := doc.resource[type]
res_type[name]
not is_snake_case(name)

result := {
"documentId": input.document[i].id,
"searchKey": sprintf("resource.%s.%s", [type, name]),
"issueType": "IncorrectValue",
"keyExpectedValue": "All names should be on snake case pattern",
"keyActualValue": sprintf("'%s' is not in snake case", [name]),
"searchLine": common_lib.build_search_line(["resources", type, name], []),
}
}

CxPolicy[result] {
doc := input.document[i]
[path, value] := walk(doc)
not is_object(value)
not is_snake_case(path[idx])
wrongPath := array.slice(path, 0, idx + 1)
module := doc.module[name]
not is_snake_case(name)

result := {
"documentId": input.document[i].id,
"searchKey": sprintf("%s", [concat(".", wrongPath)]),
"searchKey": sprintf("module.%s", [name]),
"issueType": "IncorrectValue",
"keyExpectedValue": "All names should be on snake case pattern",
"keyActualValue": sprintf("'%s' is not in snake case", [path[idx]]),
"keyActualValue": sprintf("'%s' is not in snake case", [name]),
"searchLine": common_lib.build_search_line(["module", name], []),
}
}

Expand Down
14 changes: 7 additions & 7 deletions assets/queries/terraform/general/name_is_not_snake_case/test/positive1.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,13 @@ variable "cluster_name" {
type = string
}

resource "aws_eks_cluster" "positiveExample" {
depends_on = [aws_cloudwatch_log_group.example]

enabled_cluster_log_types = ["api", "audit", "authenticator", "controllerManager", "scheduler"]
name = var.cluster_name
}

module "acm" {
source = "git::https://example.com/vpc.git?ref=v1.2.0"
version = "~> v2.0"
Expand All @@ -15,10 +22,3 @@ module "acm" {
aws = "aws.us_east_1" # cloudfront needs acm certificate to be from "us-east-1" region
}
}

resource "aws_eks_cluster" "positiveExample" {
depends_on = [aws_cloudwatch_log_group.example]

enabled_cluster_log_types = ["api", "audit", "authenticator", "controllerManager", "scheduler"]
name = var.cluster_name
}
24 changes: 24 additions & 0 deletions assets/queries/terraform/general/name_is_not_snake_case/test/positive2.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
variable "cluster_name" {
default = "example"
description = "cluster name"
type = string
}

resource "aws_eks_cluster" "positive2" {
depends_on = [aws_cloudwatch_log_group.example]

enabled_cluster_log_types = ["api", "audit", "authenticator", "controllerManager", "scheduler"]
name = var.cluster_name
}

module "ACMPositive2" {
source = "git::https://example.com/vpc.git?ref=v1.2.0"
version = "~> v2.0"
domain_name = var.site_domain
zone_id = data.aws_route53_zone.this.zone_id
tags = var.tags

providers = {
aws = "aws.us_east_1" # cloudfront needs acm certificate to be from "us-east-1" region
}
}
8 changes: 7 additions & 1 deletion assets/queries/terraform/general/name_is_not_snake_case/test/positive_expected_result.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,13 @@
{
"queryName": "Name Is Not Snake Case",
"severity": "INFO",
"line": 19,
"line": 7,
"filename": "positive1.tf"
},
{
"queryName": "Name Is Not Snake Case",
"severity": "INFO",
"line": 14,
"filename": "positive2.tf"
}
]

0 comments on commit 8fcedec

Please sign in to comment.