Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit3539f39

Browse files
w0rpjhandsel
andcommitted
Add checkov linter for cloudformation
Co-Authored-By: jhandsel <64368631+jhandsel@users.noreply.github.com>
1 parent37e64b5 commit3539f39

File tree

7 files changed

+191
-0
lines changed

7 files changed

+191
-0
lines changed
Lines changed: 41 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,41 @@
1+
" Author: J. Handsel <jennpbc@posteo.net>, Thyme-87 <thyme-87@posteo.me>
2+
" Description: use checkov for providing warnings for cloudformation via ale
3+
4+
callale#Set('cloudformation_checkov_executable','checkov')
5+
callale#Set('cloudformation_checkov_options','')
6+
7+
function!ale_linters#cloudformation#checkov#GetExecutable(buffer)abort
8+
returnale#Var(a:buffer,'cloudformation_checkov_executable')
9+
endfunction
10+
11+
function!ale_linters#cloudformation#checkov#GetCommand(buffer)abort
12+
return'%e' .'-f %t -o json --quiet --framework cloudformation' .ale#Var(a:buffer,'cloudformation_checkov_options')
13+
endfunction
14+
15+
function!ale_linters#cloudformation#checkov#Handle(buffer,lines)abort
16+
letl:output= []
17+
18+
letl:results=get(get(ale#util#FuzzyJSONDecode(a:lines, {}),'results', []),'failed_checks', [])
19+
20+
forl:violationinl:results
21+
calladd(l:output, {
22+
\'filename':l:violation['file_path'],
23+
\'lnum':l:violation['file_line_range'][0],
24+
\'end_lnum':l:violation['file_line_range'][1],
25+
\'text':l:violation['check_name'] .' [' .l:violation['check_id'] .']',
26+
\'detail':l:violation['check_id'] .':' .l:violation['check_name'] ."\n" .
27+
\'For more information, see:'.l:violation['guideline'],
28+
\'type':'W',
29+
\ })
30+
endfor
31+
32+
returnl:output
33+
endfunction
34+
35+
callale#linter#Define('cloudformation', {
36+
\'name':'checkov',
37+
\'output_stream':'stdout',
38+
\'executable':function('ale_linters#cloudformation#checkov#GetExecutable'),
39+
\'command':function('ale_linters#cloudformation#checkov#GetCommand'),
40+
\'callback':'ale_linters#cloudformation#checkov#Handle',
41+
\})

‎doc/ale-cloudformation.txt‎

Lines changed: 46 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -41,5 +41,51 @@ Just put the following in `ftdetect/cloudformation.vim`: >
4141
This will get both cloudformation and yaml linters to work on any file with
4242
`.template.yaml` extension.
4343

44+
45+
===============================================================================
46+
checkov*ale-cloudformation-checkov*
47+
48+
*ale-options.cloudformation_checkov_executable*
49+
*g:ale_cloudformation_checkov_executable*
50+
*b:ale_cloudformation_checkov_executable*
51+
cloudformation_checkov_executable
52+
g:ale_cloudformation_checkov_executable
53+
Type:|String|
54+
Default:`'checkov'`
55+
56+
This variable can be changed to use a different executable for checkov.
57+
58+
*ale-options.cloudformation_checkov_options*
59+
*g:ale_cloudformation_checkov_options*
60+
*b:ale_cloudformation_checkov_options*
61+
cloudformation_checkov_options
62+
g:ale_cloudformation_checkov_options
63+
Type:|String|
64+
Default:`''`
65+
66+
This variable can be changed to set additional options for checkov.
67+
68+
69+
-------------------------------------------------------------------------------
70+
Configuration
71+
72+
To get chekov to work with cloudformation files (rather than general yaml
73+
files) we must set the buffer|filetype| to`yaml.cloudformation`. This
74+
causes ALE to lint the file with linters configured for cloudformation and
75+
YAML files.
76+
77+
One option is to put the following in`ftdetect/cloudformation.vim`:>
78+
79+
au BufRead,BufNewFile *.template.yaml set filetype=yaml.cloudformation
80+
81+
This will get both cloudformation and yaml linters to work on any file with
82+
`.template.yaml` extension.
83+
84+
Another option is to check for the presence of 'AWSTemplateFormatVersion' in
85+
the yaml file:>
86+
87+
au BufRead,BufNewFile *.yaml,*.yml if search('AWSTemplateFormatVersion', 'nw') | set filetype=yaml.cloudformation | endif
88+
<
89+
4490
===============================================================================
4591
vim:tw=78:ts=2:sts=2:sw=2:ft=help:norl:

‎doc/ale-supported-languages-and-tools.txt‎

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -121,6 +121,7 @@ Notes:
121121
*`joker`
122122
* CloudFormation
123123
*`cfn-python-lint`
124+
*`checkov`
124125
* CMake
125126
*`cmake-format`
126127
*`cmake-lint`

‎doc/ale.txt‎

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3419,6 +3419,7 @@ documented in additional help files.
34193419
joker.................................|ale-clojure-joker|
34203420
cloudformation..........................|ale-cloudformation-options|
34213421
cfn-python-lint.......................|ale-cloudformation-cfn-python-lint|
3422+
checkov...............................|ale-cloudformation-checkov|
34223423
cmake...................................|ale-cmake-options|
34233424
cmakelint.............................|ale-cmake-cmakelint|
34243425
cmake-lint............................|ale-cmake-cmake-lint|

‎supported-tools.md‎

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -131,6 +131,7 @@ formatting.
131131
*[joker](https://github.com/candid82/joker)
132132
* CloudFormation
133133
*[cfn-python-lint](https://github.com/awslabs/cfn-python-lint)
134+
*[checkov](https://github.com/bridgecrewio/checkov)
134135
* CMake
135136
*[cmake-format](https://github.com/cheshirekow/cmake_format)
136137
*[cmake-lint](https://github.com/cheshirekow/cmake_format)
Lines changed: 86 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,86 @@
1+
Before:
2+
runtime ale_linters/cloudformation/checkov.vim
3+
call ale#test#SetFilename('sample.template.yaml')
4+
5+
After:
6+
call ale#linter#Reset()
7+
8+
Execute(Handle output for no findings correctly):
9+
AssertEqual
10+
\ [],
11+
\ ale_linters#cloudformation#checkov#Handle(bufnr(''), [
12+
\'{',
13+
\' "passed": 0,',
14+
\' "failed": 0,',
15+
\' "skipped": 0,',
16+
\' "parsing_errors": 0,',
17+
\' "resource_count": 0,',
18+
\' "checkov_version": "3.2.415"',
19+
\'}'
20+
\])
21+
22+
Execute(Handle output for all tests passed):
23+
AssertEqual
24+
\ [],
25+
\ ale_linters#cloudformation#checkov#Handle(bufnr(''), [
26+
\'{',
27+
\' "check_type": "cloudformation",',
28+
\' "results": {',
29+
\' "failed_checks": []',
30+
\' },',
31+
\' "summary": {',
32+
\' "passed": 18,',
33+
\' "failed": 0,',
34+
\' "skipped": 0,',
35+
\' "parsing_errors": 0,',
36+
\' "resource_count": 3,',
37+
\' "checkov_version": "3.2.415"',
38+
\' }',
39+
\'}'
40+
\])
41+
42+
Execute(The JSON output of checkov should be handled correctly):
43+
AssertEqual
44+
\ [
45+
\ {
46+
\ 'filename': '/sample.template.yaml',
47+
\ 'lnum': 57,
48+
\ 'end_lnum': 79,
49+
\ 'text': 'Ensure that AWS Lambda function is configured for a Dead Letter Queue(DLQ) [CKV_AWS_116]',
50+
\ 'detail': "CKV_AWS_116: Ensure that AWS Lambda function is configured for a Dead Letter Queue(DLQ)\n" .
51+
\ 'For more information, see: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-aws-lambda-function-is-configured-for-a-dead-letter-queue-dlq',
52+
\ 'type': 'W',
53+
\ }
54+
\ ],
55+
\ ale_linters#cloudformation#checkov#Handle(bufnr(''), [
56+
\'{',
57+
\' "check_type": "cloudformation",',
58+
\' "results": {',
59+
\' "failed_checks": [',
60+
\' {',
61+
\' "check_id": "CKV_AWS_116",',
62+
\' "bc_check_id": "BC_AWS_GENERAL_64",',
63+
\' "check_name": "Ensure that AWS Lambda function is configured for a Dead Letter Queue(DLQ)",',
64+
\' "check_result": {',
65+
\' "result": "FAILED",',
66+
\' "evaluated_keys": [',
67+
\' "Properties/DeadLetterQueue/TargetArn"',
68+
\' ]',
69+
\' },',
70+
\' "file_path": "/sample.template.yaml",',
71+
\' "repo_file_path": "/sample.template.yaml",',
72+
\' "file_line_range": [',
73+
\' 57,',
74+
\' 79',
75+
\' ],',
76+
\' "resource": "AWS::Serverless::Function.FunctionName",',
77+
\' "evaluations": {},',
78+
\' "check_class": "checkov.cloudformation.checks.resource.aws.LambdaDLQConfigured",',
79+
\' "entity_tags": null,',
80+
\' "resource_address": null,',
81+
\' "guideline": "https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-aws-lambda-function-is-configured-for-a-dead-letter-queue-dlq"',
82+
\' }',
83+
\' ]',
84+
\' }',
85+
\'}'
86+
\ ])
Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
Before:
2+
call ale#assert#SetUpLinterTest('cloudformation', 'checkov')
3+
4+
After:
5+
call ale#assert#TearDownLinterTest()
6+
7+
Execute(The default command should be direct):
8+
AssertLinter 'checkov',
9+
\ ale#Escape('checkov') . ' -f %t -o json --quiet --framework cloudformation '
10+
11+
Execute(It should be possible to override the default command):
12+
let b:ale_cloudformation_checkov_executable = '/bin/other/checkov'
13+
AssertLinter '/bin/other/checkov',
14+
\ ale#Escape('/bin/other/checkov') . ' -f %t -o json --quiet --framework cloudformation '
15+

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp