Merge branch 'master' into spelling

CHANGELOG.md

@@ -1,5 +1,18 @@
 # Changelog
 
+## [v1.18.1](https://github.com/tenable/terrascan/tree/v1.18.1) (2023-04-13)
+
+[Full Changelog](https://github.com/tenable/terrascan/compare/v1.18.0...v1.18.1)
+
+**Merged pull requests:**
+
+- bugfix: provider version coming as 0.0.0 or empty [\#1553](https://github.com/tenable/terrascan/pull/1553) ([nasir-rabbani](https://github.com/nasir-rabbani))
+- Bump github.com/docker/docker from 20.10.21+incompatible to 20.10.24+incompatible [\#1552](https://github.com/tenable/terrascan/pull/1552) ([dependabot[bot]](https://github.com/apps/dependabot))
+- deprecate k8s admission log UI (Snyk test) [\#1550](https://github.com/tenable/terrascan/pull/1550) ([mandibles232](https://github.com/mandibles232))
+- added sonar-properties file to skip tests from sonar analysis [\#1544](https://github.com/tenable/terrascan/pull/1544) ([nasir-rabbani](https://github.com/nasir-rabbani))
+
+# Changelog
+
 ## [v1.18.0](https://github.com/tenable/terrascan/tree/v1.18.0) (2023-02-06)
 
 [Full Changelog](https://github.com/tenable/terrascan/compare/v1.17.1...v1.18.0)
@@ -1157,4 +1170,7 @@ Major updates to Terrascan and the underlying architecture including:
 \* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)*
 
 
+\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)*
+
+
 \* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)*

README.md

@@ -233,4 +233,3 @@ Terrascan is licensed under the [Apache 2.0 License](LICENSE).
 
 [![Forkers @tenable/terrascan](https://reporoster.com/forks/tenable/terrascan)](https://github.com/tenable/terrascan/network/members)
 
-

go.mod

@@ -117,7 +117,7 @@ require (
 	github.com/dimchansky/utfbom v1.1.1 // indirect
 	github.com/docker/cli v20.10.21+incompatible // indirect
 	github.com/docker/distribution v2.8.1+incompatible // indirect
-	github.com/docker/docker v20.10.21+incompatible // indirect
+	github.com/docker/docker v20.10.24+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.7.0 // indirect
 	github.com/docker/go-connections v0.4.0 // indirect
 	github.com/docker/go-units v0.5.0 // indirect

go.sum

@@ -482,8 +482,8 @@ github.com/docker/docker v1.4.2-0.20190924003213-a8608b5b67c7/go.mod h1:eEKB0N0r
 github.com/docker/docker v17.12.0-ce-rc1.0.20200618181300-9dc6525e6118+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker v17.12.0-ce-rc1.0.20200730172259-9f28837c1d93+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker v20.10.0-beta1.0.20201110211921-af34b94a78a1+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
-github.com/docker/docker v20.10.21+incompatible h1:UTLdBmHk3bEY+w8qeO5KttOhy6OmXWsl/FEet9Uswog=
-github.com/docker/docker v20.10.21+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker v20.10.24+incompatible h1:Ugvxm7a8+Gz6vqQYQQ2W7GYq5EUPaAiuPgIfVyI3dYE=
+github.com/docker/docker v20.10.24+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker-credential-helpers v0.6.3/go.mod h1:WRaJzqw3CTB9bk10avuGsjVBZsD05qeibJ1/TYlvc0Y=
 github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A=
 github.com/docker/docker-credential-helpers v0.7.0/go.mod h1:rETQfLdHNT3foU5kuNkFR1R1V12OJRRO5lzt2D1b5X0=

pkg/http-server/assets/webhook-scan-logs.css

@@ -31,3 +31,21 @@ ul {
   color: #43e268;
   font-weight: bold;
 }
+
+div.message {
+  position: relative;
+  padding: 10px;
+  padding-left: 35px;
+  margin: 30px 10px;
+  box-shadow:0 2px 5px rgba(0,0,0,.3);
+  background: #BBB;
+  color: #FFF;
+
+  -webkit-transition: all .5s ease;
+     -moz-transition: all .5s ease;
+      -ms-transition: all .5s ease;
+       -o-transition: all .5s ease;
+          transition: all .5s ease;
+}
+
+div.message.warning{background: #E74;}

pkg/http-server/templates/index.html

@@ -1,34 +1,39 @@
 <!DOCTYPE html>
 <html lang="en">
-  <head>
-    <title>K8s Admission Review Logs</title>
+<head>
+  <title>K8s Admission Review Logs</title>
     <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css" integrity="sha384-ggOyR0iXCbMQv3Xipma34MD+dH/1fQ784/j6cY/iJTQUOhcWr7x9JvoRxT2MZw1T" crossorigin="anonymous">
     <link rel="stylesheet" href="/assets/jsonTree.css">
     <link rel="stylesheet" href="/assets/webhook-scan-logs.css">
-  </head>
-  <body>
-      <table class="table table-sm" style="table-layout: fixed;" aria-describedby="logs-table">
-        <thead class="thead-light">
-        <tr>
+</head>
+<body>
+  <table class="table table-sm" style="table-layout: fixed;" aria-describedby="logs-table">
+    <thead class="thead-light">
+      <tr>
           <th scope="col" style="width: 256px" >Time</th>
-          <th scope="col" style="width: 200px">Status</th>
-          <th scope="col" style="width: 50%">Request</th>
-          <th scope="col" style="width: 50%">Reasoning</th>
-        </tr>
-        </thead>
-        <tbody>
-        {{range .}}
-        <tr>
-          <td class="review-time"><a href={{.LogURL}} class="time-object" target="_blank">{{.CreatedAt}}</a></td>
-          <td class="review-status">{{.Status}}</td>
-          <td class="review-request json-object ">{{.Request}}</td>
-          <td class="review-reasoning json-object ">{{.Reasoning}}</td>
-        </tr>
-        {{end}}
-        </tbody>
-      </table>
-      <script type="text/javascript" src="/assets/jsonTree.js"></script>
-      <script type="text/javascript" src="/assets/moment.js"></script>
-      <script type="text/javascript" src="/assets/webhook-scan-logs.js"></script>
-  </body>
+        <th scope="col" style="width: 200px">Status</th>
+        <th scope="col" style="width: 50%">Request</th>
+        <th scope="col" style="width: 50%">Reasoning</th>
+      </tr>
+    </thead>
+    <tbody>
+      {{range .}}
+      <tr>
+        <td class="review-time"><a href={{.LogURL}} class="time-object" target="_blank">{{.CreatedAt}}</a></td>
+        <td class="review-status">{{.Status}}</td>
+        <td class="review-request json-object ">{{.Request}}</td>
+        <td class="review-reasoning json-object ">{{.Reasoning}}</td>
+      </tr>
+      {{end}}
+    </tbody>
+  </table>
+  <div class="warning message">
+    <h2>Deprecation Warning</h2>
+    <p>We're sorry to inform that K8s Admission Review Logs UI is deprecated and will be deleted in the upcoming
+      release.</p>
+  </div>
+  <script type="text/javascript" src="/assets/jsonTree.js"></script>
+  <script type="text/javascript" src="/assets/moment.js"></script>
+  <script type="text/javascript" src="/assets/webhook-scan-logs.js"></script>
+</body>
 </html>

pkg/http-server/templates/show.html

@@ -7,34 +7,41 @@
   <link rel="stylesheet" href="/assets/webhook-scan-logs.css">
 </head>
 <body>
-<main class="jumbotron">
-  <table class="table table-sm" style="table-layout: fixed;" aria-describedby="logs-table">
-    <tbody>
-    <tr>
-      <th scope="col" style="width: 256px">UID</th>
-      <th scope="col">{{.UID}}</th>
-    </tr>
-    <tr>
-      <th scope="col">Status</th>
-      <th scope="col" class="review-status">{{.Status}}</th>
-    </tr>
-    <tr>
-      <th scope="col">Request</th>
-      <th class="json-object" scope="col">{{.Request}}</th>
-    </tr>
-    <tr>
-      <th scope="col">Violations Summary</th>
-      <th class="json-object" scope="col">{{.Violations}}</th>
-    </tr>
-    <tr>
-      <th scope="col">Deniable Violations</th>
-      <th class="json-object" scope="col">{{.DeniableViolations}}</th>
-    </tr>
-    </tbody>
-  </table>
-</main>
-<script type="text/javascript" src="/assets/jsonTree.js"></script>
-<script type="text/javascript" src="/assets/moment.js"></script>
-<script type="text/javascript" src="/assets/webhook-scan-logs.js"></script>
+  <main class="jumbotron">
+    <table class="table table-sm" style="table-layout: fixed;" aria-describedby="logs-table">
+      <tbody>
+        <tr>
+          <th scope="col" style="width: 256px">UID</th>
+          <th scope="col">{{.UID}}</th>
+        </tr>
+        <tr>
+          <th scope="col">Status</th>
+          <th scope="col" class="review-status">{{.Status}}</th>
+        </tr>
+        <tr>
+          <th scope="col">Request</th>
+          <th class="json-object" scope="col">{{.Request}}</th>
+        </tr>
+        <tr>
+          <th scope="col">Violations Summary</th>
+          <th class="json-object" scope="col">{{.Violations}}</th>
+        </tr>
+        <tr>
+          <th scope="col">Deniable Violations</th>
+          <th class="json-object" scope="col">{{.DeniableViolations}}</th>
+        </tr>
+      </tbody>
+    </table>
+  </main>
+  <div>
+    <div class="warning message">
+      <h2>Deprecation Warning</h2>
+      <p>We're sorry to inform that K8s Admission Review Logs UI is deprecated and will be deleted in the upcoming
+        release.</p>
+    </div>
+  </div>
+  <script type="text/javascript" src="/assets/jsonTree.js"></script>
+  <script type="text/javascript" src="/assets/moment.js"></script>
+  <script type="text/javascript" src="/assets/webhook-scan-logs.js"></script>
 </body>
 </html>

pkg/iac-providers/terraform/commons/load-dir.go

@@ -44,8 +44,8 @@ var (
 )
 
 const (
-	terraformModuleInstallDir            = ".terraform/modules"
-	terraformInstalledModuleMetaFileName = "modules.json"
+	terraformModuleInstallDir             = ".terraform/modules"
+	terraformInstalledModulelMetaFileName = "modules.json"
 )
 
 // TerraformInstalledModuleMetaData metadata about the module downloaded and present in terraform cache.
@@ -64,7 +64,7 @@ type TerraformModuleManifest struct {
 // ModuleConfig contains the *hclConfigs.Config for every module in the
 // unified config tree along with *hclConfig.ModuleCall made by the parent
 // module. The ParentModuleCall helps in resolving references for variables
-// initialized in the parent ModuleCall
+// initilaized in the parent ModuleCall
 type ModuleConfig struct {
 	Config           *hclConfigs.Config
 	ParentModuleCall *hclConfigs.ModuleCall
@@ -158,12 +158,9 @@ func (t TerraformDirectoryLoader) loadDirRecursive(dirList []string) (output.All
 			t.addError(errMessage, dir)
 		}
 
-		// getting provider version for the root module
-		providerVersion := GetModuleProviderVersion(rootMod)
-
 		// get unified config for the current directory
 		unified, diags := t.buildUnifiedConfig(rootMod, dir)
-		// Get the downloader cache
+		// Get the downloader chache
 		remoteURLMapping := t.remoteDownloader.GetDownloaderCache()
 
 		if diags.HasErrors() {
@@ -209,12 +206,7 @@ func (t TerraformDirectoryLoader) loadDirRecursive(dirList []string) (output.All
 				}
 
 				resourceConfig.TerraformVersion = t.terraformVersion
-				resourceConfig.ProviderVersion = providerVersion
-
-				// if root module do not have provider constraints fetch the latest compatible version
-				if resourceConfig.ProviderVersion == "" {
-					resourceConfig.ProviderVersion = LatestProviderVersion(managedResource.Provider, t.terraformVersion)
-				}
+				resourceConfig.ProviderVersion = GetModuleProviderVersion(current.Config.Module, managedResource.Provider, t.terraformVersion)
 				// set module name
 				resourceConfig.ModuleName = current.Name
 
@@ -295,13 +287,10 @@ func (t TerraformDirectoryLoader) loadDirNonRecursive() (output.AllResourceConfi
 		t.addError(errMessage, t.absRootDir)
 	}
 
-	// getting provider version for the root module
-	providerVersion := GetModuleProviderVersion(rootMod)
-
 	// get unified config for the current directory
 	unified, diags := t.buildUnifiedConfig(rootMod, t.absRootDir)
 
-	// Get the downloader cache
+	// Get the downloader chache
 	remoteURLMapping := t.remoteDownloader.GetDownloaderCache()
 
 	if diags.HasErrors() {
@@ -360,12 +349,7 @@ func (t TerraformDirectoryLoader) loadDirNonRecursive() (output.AllResourceConfi
 			}
 
 			resourceConfig.TerraformVersion = t.terraformVersion
-			resourceConfig.ProviderVersion = providerVersion
-
-			// if root module do not have provider constraints fetch the latest compatible version
-			if resourceConfig.ProviderVersion == "" {
-				resourceConfig.ProviderVersion = LatestProviderVersion(managedResource.Provider, t.terraformVersion)
-			}
+			resourceConfig.ProviderVersion = GetModuleProviderVersion(current.Config.Module, managedResource.Provider, t.terraformVersion)
 
 			if isRemoteModule {
 				resourceConfig.IsRemoteModule = &isRemoteModule
@@ -561,7 +545,7 @@ func (t *TerraformDirectoryLoader) GetRemoteModuleIfPresentInTerraformSrc(req *h
 	var ok bool
 	if modules, ok = t.terraformInitModuleCache[terraformInitRegs]; !ok {
 		if utils.IsDirExists(terraformInitRegs) {
-			_, err := os.Stat(filepath.Join(terraformInitRegs, terraformInstalledModuleMetaFileName))
+			_, err := os.Stat(filepath.Join(terraformInitRegs, terraformInstalledModulelMetaFileName))
 			if err != nil {
 				if os.IsNotExist(err) {
 					zap.S().Debug("found no terraform module metadata file in dir %s", terraformInitRegs)
@@ -570,7 +554,7 @@ func (t *TerraformDirectoryLoader) GetRemoteModuleIfPresentInTerraformSrc(req *h
 				zap.S().Error("error reading terraform module metadata file", err)
 				return
 			}
-			data, err := os.ReadFile(filepath.Join(terraformInitRegs, terraformInstalledModuleMetaFileName))
+			data, err := os.ReadFile(filepath.Join(terraformInitRegs, terraformInstalledModulelMetaFileName))
 			if err == nil {
 				err := json.Unmarshal(data, &modules)
 				if err != nil {

pkg/iac-providers/terraform/commons/load-file.go

@@ -37,18 +37,16 @@ func LoadIacFile(absFilePath, terraformVersion string) (allResourcesConfig outpu
 	// load current iac file
 	hclFile, diags := parser.LoadConfigFile(absFilePath)
 	if hclFile == nil {
-		errMessage := fmt.Sprintf("error occurred while loading config file '%s'. error:\n%v\n", absFilePath, getErrorMessagesFromDiagnostics(diags))
+		errMessage := fmt.Sprintf("error occured while loading config file '%s'. error:\n%v\n", absFilePath, getErrorMessagesFromDiagnostics(diags))
 		zap.S().Debug(errMessage)
 		return allResourcesConfig, fmt.Errorf(errMessage)
 	}
 
-	if diags != nil {
+	if diags.HasErrors() {
 		errMessage := fmt.Sprintf("failed to load iac file '%s'. error:\n%v\n", absFilePath, getErrorMessagesFromDiagnostics(diags))
 		zap.S().Debug(errMessage)
 		return allResourcesConfig, fmt.Errorf(errMessage)
 	}
-	// getting provider version for the file
-	providerVersion := GetFileProviderVersion(hclFile)
 
 	// initialize normalized output
 	allResourcesConfig = make(map[string][]output.ResourceConfig)
@@ -62,21 +60,16 @@ func LoadIacFile(absFilePath, terraformVersion string) (allResourcesConfig outpu
 			return allResourcesConfig, fmt.Errorf("failed to create ResourceConfig")
 		}
 
+		resourceConfig.TerraformVersion = terraformVersion
+		managedResource.Provider = ResolveProvider(managedResource, hclFile.RequiredProviders)
+		resourceConfig.ProviderVersion = GetProviderVersion(hclFile, managedResource.Provider, terraformVersion)
 		// set module name
 		// module name for the file scan will always be root
 		resourceConfig.ModuleName = "root"
 
 		// extract file name from path
 		resourceConfig.Source = getFileName(resourceConfig.Source)
 
-		resourceConfig.TerraformVersion = terraformVersion
-		resourceConfig.ProviderVersion = providerVersion
-
-		// if root module do not have provider constraints fetch the latest compatible version
-		if resourceConfig.ProviderVersion == "" {
-			resourceConfig.ProviderVersion = LatestProviderVersion(managedResource.Provider, terraformVersion)
-		}
-
 		// append to normalized output
 		if _, present := allResourcesConfig[resourceConfig.Type]; !present {
 			allResourcesConfig[resourceConfig.Type] = []output.ResourceConfig{resourceConfig}