From d7d7265eb081105c927e53e94cbab742333a3d7c Mon Sep 17 00:00:00 2001 From: Nikita Pivkin Date: Fri, 8 Mar 2024 03:37:58 +0300 Subject: [PATCH] test(terraform): skip cached modules (#6281) --- pkg/iac/scanners/terraform/module_test.go | 2 +- pkg/iac/scanners/terraform/options.go | 2 +- .../scanners/terraform/parser/evaluator.go | 25 ++++++++++--------- .../terraform/scanner_integration_test.go | 2 ++ .../terraformplan/snapshot/scanner_test.go | 4 +++ 5 files changed, 21 insertions(+), 14 deletions(-) diff --git a/pkg/iac/scanners/terraform/module_test.go b/pkg/iac/scanners/terraform/module_test.go index a8131b40c5d0..ffed34718156 100644 --- a/pkg/iac/scanners/terraform/module_test.go +++ b/pkg/iac/scanners/terraform/module_test.go @@ -600,7 +600,7 @@ variable "group" { type = string } -resource aws_iam_group_policy mfa { +resource "aws_iam_group_policy" "mfa" { group = var.group policy = data.aws_iam_policy_document.policy.json } diff --git a/pkg/iac/scanners/terraform/options.go b/pkg/iac/scanners/terraform/options.go index c0fce8134a34..2dddb856c049 100644 --- a/pkg/iac/scanners/terraform/options.go +++ b/pkg/iac/scanners/terraform/options.go @@ -196,7 +196,7 @@ func ScannerWithDownloadsAllowed(allowed bool) options.ScannerOption { func ScannerWithSkipCachedModules(b bool) options.ScannerOption { return func(s options.ConfigurableScanner) { if tf, ok := s.(ConfigurableTerraformScanner); ok { - tf.AddParserOptions(parser.OptionWithDownloads(b)) + tf.AddParserOptions(parser.OptionWithSkipCachedModules(b)) } } } diff --git a/pkg/iac/scanners/terraform/parser/evaluator.go b/pkg/iac/scanners/terraform/parser/evaluator.go index 40391e6a1249..1fe9a72fdcac 100644 --- a/pkg/iac/scanners/terraform/parser/evaluator.go +++ b/pkg/iac/scanners/terraform/parser/evaluator.go @@ -73,18 +73,19 @@ func newEvaluator( } return &evaluator{ - filesystem: target, - parentParser: parentParser, - modulePath: modulePath, - moduleName: moduleName, - projectRootPath: projectRootPath, - ctx: ctx, - blocks: blocks, - inputVars: inputVars, - moduleMetadata: moduleMetadata, - ignores: ignores, - debug: logger, - allowDownloads: allowDownloads, + filesystem: target, + parentParser: parentParser, + modulePath: modulePath, + moduleName: moduleName, + projectRootPath: projectRootPath, + ctx: ctx, + blocks: blocks, + inputVars: inputVars, + moduleMetadata: moduleMetadata, + ignores: ignores, + debug: logger, + allowDownloads: allowDownloads, + skipCachedModules: skipCachedModules, } } diff --git a/pkg/iac/scanners/terraform/scanner_integration_test.go b/pkg/iac/scanners/terraform/scanner_integration_test.go index 892a65e036a6..47137d3bd6de 100644 --- a/pkg/iac/scanners/terraform/scanner_integration_test.go +++ b/pkg/iac/scanners/terraform/scanner_integration_test.go @@ -176,6 +176,7 @@ deny[cause] { t.Run("with skip", func(t *testing.T) { scanner := New( ScannerWithSkipDownloaded(true), + ScannerWithSkipCachedModules(true), options.ScannerWithPolicyDirs("rules"), options.ScannerWithRegoOnly(true), options.ScannerWithEmbeddedPolicies(false), @@ -229,6 +230,7 @@ deny[res] { scanner := New( ScannerWithSkipDownloaded(true), + ScannerWithSkipCachedModules(true), options.ScannerWithPolicyDirs("rules"), options.ScannerWithRegoOnly(true), options.ScannerWithEmbeddedLibraries(true), diff --git a/pkg/iac/scanners/terraformplan/snapshot/scanner_test.go b/pkg/iac/scanners/terraformplan/snapshot/scanner_test.go index 92e467db6741..474894339b17 100644 --- a/pkg/iac/scanners/terraformplan/snapshot/scanner_test.go +++ b/pkg/iac/scanners/terraformplan/snapshot/scanner_test.go @@ -11,6 +11,7 @@ import ( "github.com/aquasecurity/trivy/pkg/iac/scan" "github.com/aquasecurity/trivy/pkg/iac/scanners/options" + tfscanner "github.com/aquasecurity/trivy/pkg/iac/scanners/terraform" "github.com/samber/lo" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" @@ -23,6 +24,8 @@ func initScanner(opts ...options.ScannerOption) *Scanner { options.ScannerWithPolicyNamespaces("user"), options.ScannerWithPolicyDirs("."), options.ScannerWithRegoOnly(true), + options.ScannerWithRegoErrorLimits(0), + tfscanner.ScannerWithSkipCachedModules(true), } opts = append(opts, defaultOpts...) @@ -110,6 +113,7 @@ func Test_ScanFS(t *testing.T) { options.ScannerWithEmbeddedLibraries(false), options.ScannerWithEmbeddedPolicies(false), options.ScannerWithRegoErrorLimits(0), + tfscanner.ScannerWithSkipCachedModules(true), ) results, err := scanner.ScanFS(context.TODO(), fs, path.Join(tc.dir, "tfplan"))