Skip to content

Commit

Permalink
fix(iac): Fix Issue Path in human readable and json output [IAC-2935] (
Browse files Browse the repository at this point in the history
  • Loading branch information
andreeaneata authored Apr 15, 2024
1 parent b55fbc8 commit 5fc3d59
Show file tree
Hide file tree
Showing 5 changed files with 48 additions and 50 deletions.
8 changes: 1 addition & 7 deletions src/lib/formatters/iac-output/text/formatters.ts
Original file line number Diff line number Diff line change
Expand Up @@ -214,11 +214,5 @@ function extractResolve(vulnerability: Vulnerability): string {
}

function formatCloudConfigPath(vulnerability: Vulnerability): string[] {
const cloudConfigPath = vulnerability.resource.id.split('.');

if (vulnerability.resource.path) {
cloudConfigPath.push(...vulnerability.resource.path);
}

return cloudConfigPath;
return vulnerability.resource.formattedPath.split('.');
}
2 changes: 1 addition & 1 deletion src/lib/iac/test/v2/json.ts
Original file line number Diff line number Diff line change
Expand Up @@ -264,7 +264,7 @@ function vulnerabilitiesToIacIssues(
lineNumber: v.resource.line || -1,
documentation: v.rule.documentation, // only works for rules available on snyk.io
isGeneratedByCustomRule: !!v.rule.isGeneratedByCustomRule,
path: v.resource.path || [], // needs to be fixed, currently doesn't show the full path
path: v?.resource?.formattedPath.split('.') || [],
compliance: [],
description: v.rule.description,
};
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,10 @@
"lineNumber": -1,
"documentation": "https://security.snyk.io/rules/cloud/SNYK-CC-00151",
"isGeneratedByCustomRule": false,
"path": [],
"path": [
"resource",
"aws_vpc[mainvpc]"
],
"compliance": [],
"description": "VPC flow logging should be enabled. AWS VPC Flow Logs provide visibility into network traffic that traverses the AWS VPC.\nUsers can use the flow logs to detect anomalous traffic or insight during security workflows.\n"
},
Expand Down Expand Up @@ -94,10 +97,11 @@
"documentation": "https://security.snyk.io/rules/cloud/SNYK-CC-TF-5",
"isGeneratedByCustomRule": false,
"path": [
"ingress",
0,
"cidr_blocks",
0
"input",
"resource",
"aws_default_security_group[default]",
"ingress[0]",
"cidr_blocks[0]"
],
"compliance": [],
"description": "Configuring all VPC default security groups to restrict all traffic encourages least privilege security\ngroup development and mindful placement of AWS resources into security groups which in turn reduces the exposure of those resources.\n"
Expand Down Expand Up @@ -162,7 +166,10 @@
"lineNumber": 5,
"documentation": "https://security.snyk.io/rules/cloud/SNYK-CC-00151",
"isGeneratedByCustomRule": false,
"path": [],
"path": [
"resource",
"aws_vpc[mainvpc]"
],
"compliance": [],
"description": "VPC flow logging should be enabled. AWS VPC Flow Logs provide visibility into network traffic that traverses the AWS VPC.\nUsers can use the flow logs to detect anomalous traffic or insight during security workflows.\n"
},
Expand Down Expand Up @@ -193,10 +200,11 @@
"documentation": "https://security.snyk.io/rules/cloud/SNYK-CC-TF-5",
"isGeneratedByCustomRule": false,
"path": [
"ingress",
0,
"cidr_blocks",
0
"input",
"resource",
"aws_default_security_group[default]",
"ingress[0]",
"cidr_blocks[0]"
],
"compliance": [],
"description": "Configuring all VPC default security groups to restrict all traffic encourages least privilege security\ngroup development and mindful placement of AWS resources into security groups which in turn reduces the exposure of those resources.\n"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,8 @@
"title": "VPC flow logging should be enabled",
"lineNumber": -1,
"cloudConfigPath": [
"aws_vpc",
"mainvpc"
"resource",
"aws_vpc[mainvpc]"
],
"issue": "VPC flow logging should be enabled",
"impact": "VPC flow logging should be enabled. AWS VPC Flow Logs provide visibility into network traffic that traverses the AWS VPC.\nUsers can use the flow logs to detect anomalous traffic or insight during security workflows.\n",
Expand All @@ -29,12 +29,11 @@
"title": "VPC default security group allows unrestricted ingress traffic",
"lineNumber": -1,
"cloudConfigPath": [
"aws_default_security_group",
"default",
"ingress",
0,
"cidr_blocks",
0
"input",
"resource",
"aws_default_security_group[default]",
"ingress[0]",
"cidr_blocks[0]"
],
"issue": "VPC default security group allows unrestricted ingress traffic",
"impact": "Configuring all VPC default security groups to restrict all traffic encourages least privilege security\ngroup development and mindful placement of AWS resources into security groups which in turn reduces the exposure of those resources.\n",
Expand All @@ -54,8 +53,8 @@
"title": "VPC flow logging should be enabled",
"lineNumber": 5,
"cloudConfigPath": [
"aws_vpc",
"mainvpc"
"resource",
"aws_vpc[mainvpc]"
],
"issue": "VPC flow logging should be enabled",
"impact": "VPC flow logging should be enabled. AWS VPC Flow Logs provide visibility into network traffic that traverses the AWS VPC.\nUsers can use the flow logs to detect anomalous traffic or insight during security workflows.\n",
Expand All @@ -75,12 +74,11 @@
"title": "VPC default security group allows unrestricted ingress traffic",
"lineNumber": 16,
"cloudConfigPath": [
"aws_default_security_group",
"default",
"ingress",
0,
"cidr_blocks",
0
"input",
"resource",
"aws_default_security_group[default]",
"ingress[0]",
"cidr_blocks[0]"
],
"issue": "VPC default security group allows unrestricted ingress traffic",
"impact": "Configuring all VPC default security groups to restrict all traffic encourages least privilege security\ngroup development and mindful placement of AWS resources into security groups which in turn reduces the exposure of those resources.\n",
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,8 @@
"title": "VPC flow logging should be enabled",
"lineNumber": -1,
"cloudConfigPath": [
"aws_vpc",
"mainvpc"
"resource",
"aws_vpc[mainvpc]"
],
"issue": "VPC flow logging should be enabled",
"impact": "VPC flow logging should be enabled. AWS VPC Flow Logs provide visibility into network traffic that traverses the AWS VPC.\nUsers can use the flow logs to detect anomalous traffic or insight during security workflows.\n",
Expand All @@ -29,12 +29,11 @@
"title": "VPC default security group allows unrestricted ingress traffic",
"lineNumber": -1,
"cloudConfigPath": [
"aws_default_security_group",
"default",
"ingress",
0,
"cidr_blocks",
0
"input",
"resource",
"aws_default_security_group[default]",
"ingress[0]",
"cidr_blocks[0]"
],
"issue": "VPC default security group allows unrestricted ingress traffic",
"impact": "Configuring all VPC default security groups to restrict all traffic encourages least privilege security\ngroup development and mindful placement of AWS resources into security groups which in turn reduces the exposure of those resources.\n",
Expand All @@ -54,8 +53,8 @@
"title": "VPC flow logging should be enabled",
"lineNumber": 5,
"cloudConfigPath": [
"aws_vpc",
"mainvpc"
"resource",
"aws_vpc[mainvpc]"
],
"issue": "VPC flow logging should be enabled",
"impact": "VPC flow logging should be enabled. AWS VPC Flow Logs provide visibility into network traffic that traverses the AWS VPC.\nUsers can use the flow logs to detect anomalous traffic or insight during security workflows.\n",
Expand All @@ -75,12 +74,11 @@
"title": "VPC default security group allows unrestricted ingress traffic",
"lineNumber": 16,
"cloudConfigPath": [
"aws_default_security_group",
"default",
"ingress",
0,
"cidr_blocks",
0
"input",
"resource",
"aws_default_security_group[default]",
"ingress[0]",
"cidr_blocks[0]"
],
"issue": "VPC default security group allows unrestricted ingress traffic",
"impact": "Configuring all VPC default security groups to restrict all traffic encourages least privilege security\ngroup development and mindful placement of AWS resources into security groups which in turn reduces the exposure of those resources.\n",
Expand Down

0 comments on commit 5fc3d59

Please sign in to comment.