From 9429ba2bf8d3ad14bc9d812ddbbc67e9bdd79434 Mon Sep 17 00:00:00 2001 From: teowa <104055472+teowa@users.noreply.github.com> Date: Wed, 24 Apr 2024 07:10:27 +0000 Subject: [PATCH] credscan support customize output dir --- commands/credential_scan.go | 22 ++++++++++++++++++---- readme.md | 3 ++- 2 files changed, 20 insertions(+), 5 deletions(-) diff --git a/commands/credential_scan.go b/commands/credential_scan.go index cb0711d..58c4379 100644 --- a/commands/credential_scan.go +++ b/commands/credential_scan.go @@ -18,6 +18,7 @@ import ( type CredentialScanCommand struct { workingDir string + outputDir string swaggerRepoPath string swaggerIndexFile string verbose bool @@ -27,6 +28,7 @@ func (c *CredentialScanCommand) flags() *flag.FlagSet { fs := defaultFlagSet("test") fs.BoolVar(&c.verbose, "v", false, "whether show terraform logs") fs.StringVar(&c.workingDir, "working-dir", "", "path to directory containing Terraform configuration files") + fs.StringVar(&c.outputDir, "output-dir", "", "path to directory to save output files, default to working-dir") fs.StringVar(&c.swaggerRepoPath, "swagger-repo", "", "path to the swagger repo specification directory") fs.StringVar(&c.swaggerIndexFile, "swagger-index-file", "", "path to the swagger index file, omit this will use the online swagger index file or locally build index") fs.Usage = func() { logrus.Error(c.Help()) } @@ -35,7 +37,7 @@ func (c *CredentialScanCommand) flags() *flag.FlagSet { func (c CredentialScanCommand) Help() string { helpText := ` -Usage: armstrong credscan [-v] [-working-dir ] [-swagger-repo ] [-swagger-index-file ] +Usage: armstrong credscan [-v] [-working-dir ] [-swagger-repo ] [-swagger-index-file ] [-output-dir ] ` + c.Synopsis() + "\n\n" + helpForFlags(c.flags()) return strings.TrimSpace(helpText) @@ -105,6 +107,16 @@ func (c CredentialScanCommand) Execute() int { } } + outputDir := wd + if c.outputDir != "" { + outputDir, err = filepath.Abs(c.outputDir) + if err != nil { + logrus.Errorf("output directory is invalid: %+v", err) + return 1 + } + + } + tfFiles, err := hcl.FindTfFiles(wd) if err != nil { logrus.Errorf("failed to find tf files for %q: %+v", wd, err) @@ -334,7 +346,7 @@ func (c CredentialScanCommand) Execute() int { } } - storeCredScanErrors(wd, credScanErrors) + storeCredScanErrors(outputDir, credScanErrors) return 0 } @@ -404,7 +416,8 @@ func storeCredScanErrors(wd string, credScanErrors []CredScanError) { credScanErrorsMarkdown += fmt.Sprintf("| %s | %d | %s | %s | %s | %s |\n", r.FileName, r.LineNumber, r.Name, r.Type, r.PropertyName, r.ErrorMessage) } - err = os.WriteFile(path.Join(reportDir, markdownFileName), []byte(credScanErrorsMarkdown), 0644) + markdownFileName = path.Join(reportDir, markdownFileName) + err = os.WriteFile(markdownFileName, []byte(credScanErrorsMarkdown), 0644) if err != nil { logrus.Errorf("failed to save markdown report to %s: %+v", markdownFileName, err) } else { @@ -417,7 +430,8 @@ func storeCredScanErrors(wd string, credScanErrors []CredScanError) { logrus.Errorf("failed to marshal json content %+v: %+v", credScanErrors, err) } - err = os.WriteFile(path.Join(reportDir, jsonFileName), jsonContent, 0644) + jsonFileName = path.Join(reportDir, jsonFileName) + err = os.WriteFile(jsonFileName, jsonContent, 0644) if err != nil { logrus.Errorf("failed to save json report to %s: %+v", jsonFileName, err) } else { diff --git a/readme.md b/readme.md index 1be8800..d6c2012 100644 --- a/readme.md +++ b/readme.md @@ -148,7 +148,8 @@ Supported options: 1. `-working-dir`: Specify the working directory containing Terraform config files, default is current directory. 2. `-swagger-repo`: Specify the swagger repo path used to match credentials, omit this will use the online swagger repo. 3. `-swagger-index-file`: Specify the path to the swagger index file, omit this will use the online swagger index file or locally build index. If the specified file is not found, the downloaded or built index will be saved in the provided file. -4. `-v`: Enable verbose mode, default is false. +4. `-output-dir`: Specify the working directory to save output files, default is working directory. +5. `-v`: Enable verbose mode, default is false. Armstrong also output different kinds of reports: 1. `errors.json`: A json report which contains scan errors.