From daacad6a24c32ee15caa15e2f43482526645db9e Mon Sep 17 00:00:00 2001
From: Nasir Rabbani <nasirrabbani95@gmail.com>
Date: Fri, 4 Jun 2021 16:31:53 +0530
Subject: [PATCH] Support for spaces in policy reference_id

---
 pkg/utils/skip_rules.go      | 27 ++++++++++++--------
 pkg/utils/skip_rules_test.go | 49 ++++++++++++++++++++++++++++++++++++
 2 files changed, 65 insertions(+), 11 deletions(-)

diff --git a/pkg/utils/skip_rules.go b/pkg/utils/skip_rules.go
index 601816fbf..783b13eec 100644
--- a/pkg/utils/skip_rules.go
+++ b/pkg/utils/skip_rules.go
@@ -18,6 +18,7 @@ package utils
 
 import (
 	"encoding/json"
+	"fmt"
 	"regexp"
 	"strings"
 
@@ -32,18 +33,24 @@ const (
 	TerrascanSkipRule = "rule"
 	// TerrascanSkipComment key used to detect comment skiupping a give rule
 	TerrascanSkipComment = "comment"
+	// SkipRulesPrefix used to identify and trim the skipping rule patterns
+	SkipRulesPrefix = "#ts:skip="
+	// RuleIDRegex used to match the reference_id string
+	RuleIDRegex = `((([ A-Za-z0-9]+[.-]{1})){2,5}([\d]+)){1}`
+	// SkipRuleCommentRegex used to detect comments in skipped rule
+	SkipRuleCommentRegex = `([ \t]+.*){0,1}`
 )
 
 var (
-	skipRulesPattern               = regexp.MustCompile(`(#ts:skip=[ \t]*(([A-Za-z0-9]+[.-]{1}){3,5}([\d]+)){1}([ \t]+.*){0,1})`)
-	skipRulesPrefix                = "#ts:skip="
+	ruleIDPattern                  = regexp.MustCompile(RuleIDRegex)
+	skipRulesPattern               = regexp.MustCompile(fmt.Sprintf("(%s%s%s)", SkipRulesPrefix, RuleIDRegex, SkipRuleCommentRegex))
 	infileInstructionNotPresentLog = "%s not present for resource: %s"
 )
 
 // GetSkipRules returns a list of rules to be skipped. The rules to be skipped
 // can be set in terraform resource config with the following pattern:
 // #ts:skip=AWS.S3Bucket.DS.High.1043
-// $ts:skip=AWS.S3Bucket.DS.High.1044 reason to skip the rule
+// #ts:skip=AWS.S3Bucket.DS.High.1044 reason to skip the rule
 // each rule and its optional comment must be in a new line
 func GetSkipRules(body string) []output.SkipRule {
 	var skipRules []output.SkipRule
@@ -53,12 +60,12 @@ func GetSkipRules(body string) []output.SkipRule {
 		return skipRules
 	}
 
-	// get all skip rule comments
+	// extract all commented skip rules
 	comments := skipRulesPattern.FindAllString(body, -1)
 
 	// extract rule ids from comments
 	for _, c := range comments {
-		c = strings.TrimPrefix(c, skipRulesPrefix)
+		c = strings.TrimPrefix(c, SkipRulesPrefix)
 		skipRule := getSkipRuleObject(c)
 		if skipRule != nil {
 			skipRules = append(skipRules, *skipRule)
@@ -71,14 +78,12 @@ func getSkipRuleObject(s string) *output.SkipRule {
 	if s == "" {
 		return nil
 	}
+
 	var skipRule output.SkipRule
-	ruleComment := strings.Fields(s)
+	comment := ruleIDPattern.Split(s, 2)[1]
+	skipRule.Rule = ruleIDPattern.FindString(strings.TrimSpace(s))
+	skipRule.Comment = strings.TrimSpace(comment)
 
-	skipRule.Rule = strings.TrimSpace(ruleComment[0])
-	if len(ruleComment) > 1 {
-		comment := strings.Join(ruleComment[1:], " ")
-		skipRule.Comment = strings.TrimSpace(comment)
-	}
 	return &skipRule
 }
 
diff --git a/pkg/utils/skip_rules_test.go b/pkg/utils/skip_rules_test.go
index eadfdb35e..07ef16b55 100644
--- a/pkg/utils/skip_rules_test.go
+++ b/pkg/utils/skip_rules_test.go
@@ -27,6 +27,9 @@ import (
 func TestGetSkipRules(t *testing.T) {
 	testRuleAWS1 := "AWS.S3Bucket.DS.High.1041"
 	testRuleAWS2 := "AWS.S3Bucket.DS.High.1042"
+	testRuleAWS3 := "AWS.S3 Bucket.DS.High.1041"
+	testRuleAWS4 := "AWS.S3 Bucket DS.High.1041"
+	testRuleAWS5 := "AWS.S3 Bucket DS .High.1041"
 	testRuleAWSwithHyphen := "AC-AWS-NS-IN-M-1172"
 	testRuleAzure := "accurics.azure.NS.147"
 	testRuleKubernetesWithHyphen := "AC-K8-DS-PO-M-0143"
@@ -132,6 +135,52 @@ func TestGetSkipRules(t *testing.T) {
 				},
 			},
 		},
+		{
+			// Rule with single space should get skipped
+			name:  "rule with space in between, aws",
+			input: "#ts:skip=AWS.S3 Bucket.DS.High.1041",
+			expected: []output.SkipRule{
+				{Rule: testRuleAWS3},
+			},
+		},
+		{
+			// Rule with two spaces should get skipped
+			name:  "rule with two spaces in between, aws",
+			input: "#ts:skip=AWS.S3 Bucket DS.High.1041",
+			expected: []output.SkipRule{
+				{Rule: testRuleAWS4},
+			},
+		},
+		{
+			// Rule with multiple spaces should get skipped
+			name:  "rule with multiple spaces in between, aws",
+			input: "#ts:skip=AWS.S3 Bucket DS .High.1041",
+			expected: []output.SkipRule{
+				{Rule: testRuleAWS5},
+			},
+		},
+		{
+			// Rule with space and comment should get skipped
+			name:  "rule with spaces in between and comment, aws",
+			input: "#ts:skip=AWS.S3 Bucket.DS.High.1041 skip rule with spaces",
+			expected: []output.SkipRule{
+				{
+					Rule:    testRuleAWS3,
+					Comment: "skip rule with spaces",
+				},
+			},
+		},
+		{
+			// Rule with multiple spaces and comment should get skipped
+			name:  "rule with multiple spaces in between, aws",
+			input: "#ts:skip=AWS.S3 Bucket DS .High.1041 skip rule with multiple spaces",
+			expected: []output.SkipRule{
+				{
+					Rule:    testRuleAWS5,
+					Comment: "skip rule with multiple spaces",
+				},
+			},
+		},
 	}
 
 	for _, tt := range table {