From 7296d89fc8f40eadcaded33a60adb3637c6fdb61 Mon Sep 17 00:00:00 2001
From: anzoman <aluzarwork@gmail.com>
Date: Fri, 22 Apr 2022 14:01:15 +0200
Subject: [PATCH] Use Steampunk Scanner to check Ansible

---
 .../checks/steampunk_scanner.py               | 37 +++++++++++++++++++
 src/iac_scan_runner/scan_runner.py            |  3 ++
 src/iac_scan_runner/vars.py                   |  1 +
 3 files changed, 41 insertions(+)
 create mode 100644 src/iac_scan_runner/checks/steampunk_scanner.py

diff --git a/src/iac_scan_runner/checks/steampunk_scanner.py b/src/iac_scan_runner/checks/steampunk_scanner.py
new file mode 100644
index 0000000..20d6a86
--- /dev/null
+++ b/src/iac_scan_runner/checks/steampunk_scanner.py
@@ -0,0 +1,37 @@
+import os
+from typing import Optional
+
+import iac_scan_runner.vars as env
+from iac_scan_runner.check import Check
+from iac_scan_runner.check_output import CheckOutput
+from iac_scan_runner.check_target_entity_type import CheckTargetEntityType
+from iac_scan_runner.utils import run_command
+from pydantic import SecretStr
+
+
+class SteampunkScannerCheck(Check):
+    def __init__(self):
+        super().__init__("steampunk-scanner", "A quality scanner for Ansible tasks, playbooks, roles and collections",
+                         CheckTargetEntityType.all)
+        self.enabled = False
+        self.configured = False
+        self._username_password = None
+
+    def configure(self, config_filename: Optional[str], secret: Optional[SecretStr]) -> CheckOutput:
+        if secret:
+            try:
+                if ":" not in secret.get_secret_value():
+                    raise Exception(
+                        f'The secret for {self.name} check should contain ":" to separate username and password.'
+                    )
+
+                os.environ['SCANNER_USERNAME'], os.environ[
+                    'SCANNER_PASSWORD'] = secret.get_secret_value().strip().split(':', 1)
+                return CheckOutput(f'Check: {self.name} has been configured successfully.', 0)
+            except Exception as e:
+                raise Exception(f'Error when configuring {self.name}. Check your username:password secret.')
+        else:
+            raise Exception(f'Check: {self.name} requires you to pass username:password string as secret.')
+
+    def run(self, directory: str) -> CheckOutput:
+        return run_command(f'{env.STEAMPUNK_SCANNER_CHECK_PATH} scan .', directory)
diff --git a/src/iac_scan_runner/scan_runner.py b/src/iac_scan_runner/scan_runner.py
index d0e31e9..def2b0e 100644
--- a/src/iac_scan_runner/scan_runner.py
+++ b/src/iac_scan_runner/scan_runner.py
@@ -21,6 +21,7 @@
 from iac_scan_runner.checks.shellcheck import ShellCheck
 from iac_scan_runner.checks.snyk import SnykCheck
 from iac_scan_runner.checks.sonar_scanner import SonarScannerCheck
+from iac_scan_runner.checks.steampunk_scanner import SteampunkScannerCheck
 from iac_scan_runner.checks.stylelint import StyleLintCheck
 from iac_scan_runner.checks.terrascan import TerrascanCheck
 from iac_scan_runner.checks.tflint import TFLintCheck
@@ -42,6 +43,7 @@ def init_checks(self):
         """Initiate predefined check objects"""
         opera_tosca_parser = OperaToscaParserCheck()
         ansible_lint = AnsibleLintCheck()
+        steampunk_scanner = SteampunkScannerCheck()
         tflint = TFLintCheck()
         tfsec = TfsecCheck()
         terrascan = TerrascanCheck()
@@ -67,6 +69,7 @@ def init_checks(self):
         self.iac_checks = {
             opera_tosca_parser.name: opera_tosca_parser,
             ansible_lint.name: ansible_lint,
+            steampunk_scanner.name: steampunk_scanner,
             tflint.name: tflint,
             tfsec.name: tfsec,
             terrascan.name: terrascan,
diff --git a/src/iac_scan_runner/vars.py b/src/iac_scan_runner/vars.py
index c364f4d..fa2a78c 100644
--- a/src/iac_scan_runner/vars.py
+++ b/src/iac_scan_runner/vars.py
@@ -31,3 +31,4 @@
 CHECKSTYLE_CHECK_PATH = os.getenv("CHECKSTYLE_CHECK_PATH", f'{TOOLS_DIR}/checkstyle.jar')
 SONAR_SCANNER_CHECK_PATH = os.getenv("SONAR_SCANNER_CHECK_PATH", f'{TOOLS_DIR}/sonar-scanner/bin/sonar-scanner')
 SNYK_CHECK_PATH = os.getenv("SNYK_CHECK_PATH", f'{NODE_MODULES_DIR}/.bin/snyk')
+STEAMPUNK_SCANNER_CHECK_PATH = os.getenv("STEAMPUNK_SCANNER_CHECK_PATH", f'{VIRTUALENV_DIR}/bin/steampunk-scanner')