Fixed Bug with ExtractLineFragment #2933 (#2934)

Signed-off-by: João Reigota <[email protected]>
Checkmarx · Apr 20, 2021 · c15c632 · c15c632
1 parent 2617ebd
commit c15c632
Show file tree

Hide file tree

Showing 5 changed files with 20 additions and 8 deletions.
diff --git a/...ateway_stage_without_api_gateway_usage_plan_associated/test/positive_expected_result.json b/...ateway_stage_without_api_gateway_usage_plan_associated/test/positive_expected_result.json
@@ -25,14 +25,14 @@
   },
   {
     "severity": "LOW",
-    "line": 31,
+    "line": 5,
     "fileName": "positive4.json",
     "queryName": "API Gateway Stage Without API Gateway UsagePlan Associated"
   },
   {
     "queryName": "API Gateway Stage Without API Gateway UsagePlan Associated",
     "severity": "LOW",
-    "line": 31,
+    "line": 5,
     "fileName": "positive4.json"
   },
   {

diff --git a/...eries/cloudFormation/ecs_service_admin_role_is_present/test/positive_expected_result.json b/...eries/cloudFormation/ecs_service_admin_role_is_present/test/positive_expected_result.json
@@ -8,7 +8,7 @@
   {
     "queryName": "ECS Service Admin Role Is Present",
     "severity": "HIGH",
-    "line": 178,
+    "line": 66,
     "fileName": "positive2.json"
   }
 ]
diff --git a/...ries/cloudFormation/sagemaker_enabling_internet_access/test/positive_expected_result.json b/...ries/cloudFormation/sagemaker_enabling_internet_access/test/positive_expected_result.json
@@ -8,7 +8,7 @@
   {
     "queryName": "SageMaker Enabling Internet Access",
     "severity": "MEDIUM",
-    "line": 13,
+    "line": 8,
     "fileName": "positive2.json"
   }
 ]
diff --git a/assets/queries/terraform/aws/default_vpc_exists/query.rego b/assets/queries/terraform/aws/default_vpc_exists/query.rego
@@ -18,7 +18,7 @@ CxPolicy[result] {
 
 	result := {
 		"documentId": input.document[i].id,
-		"searchKey": sprintf("aws_vpc[%s].default", [name]),
+		"searchKey": sprintf("aws_vpc[%s].default=true", [name]),
 		"issueType": "IncorrectValue",
 		"keyExpectedValue": "'aws_vpc.default' is false",
 		"keyActualValue": "'aws_vpc.default' is true",

diff --git a/pkg/detector/helper.go b/pkg/detector/helper.go
@@ -190,12 +190,24 @@ func ExtractLineFragment(line, substr string, key bool) string {
 		end++
 	}
 
-	result := line[start+1 : end]
+	return removeExtras(line, start, end)
+}
+
+func removeExtras(result string, start, end int) string {
 	// workaround for selecting yaml keys
-	if result[len(result)-1] == ':' {
+	if result[end-1] == ':' {
+		end--
+	}
+
+	if result[end-1] == '"' {
 		end--
 	}
-	return line[start+1 : end]
+
+	if result[start+1] == '"' {
+		start++
+	}
+
+	return result[start+1 : end]
 }
 
 // DetectCurrentLine uses levenshtein distance to find the most acurate line for the vulnerability