Skip to content

Commit

Permalink
refactor(terraform): remove metrics collection (aquasecurity#6444)
Browse files Browse the repository at this point in the history
  • Loading branch information
nikpivkin authored Apr 2, 2024
1 parent 86714bf commit 245c120
Show file tree
Hide file tree
Showing 12 changed files with 126 additions and 198 deletions.
4 changes: 2 additions & 2 deletions pkg/iac/adapters/terraform/tftestutil/testutil.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,15 +5,15 @@ import (
"testing"

"github.com/aquasecurity/trivy/internal/testutil"
parser2 "github.com/aquasecurity/trivy/pkg/iac/scanners/terraform/parser"
"github.com/aquasecurity/trivy/pkg/iac/scanners/terraform/parser"
"github.com/aquasecurity/trivy/pkg/iac/terraform"
)

func CreateModulesFromSource(t *testing.T, source, ext string) terraform.Modules {
fs := testutil.CreateFS(t, map[string]string{
"source" + ext: source,
})
p := parser2.New(fs, "", parser2.OptionStopOnHCLError(true))
p := parser.New(fs, "", parser.OptionStopOnHCLError(true))
if err := p.ParseFS(context.TODO(), "."); err != nil {
t.Fatal(err)
}
Expand Down
16 changes: 8 additions & 8 deletions pkg/iac/scanners/helm/test/option_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,10 +7,10 @@ import (
"strings"
"testing"

parser2 "github.com/aquasecurity/trivy/pkg/iac/scanners/helm/parser"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"

"github.com/aquasecurity/trivy/pkg/iac/scanners/helm/parser"
"github.com/aquasecurity/trivy/pkg/iac/scanners/options"
)

Expand All @@ -37,10 +37,10 @@ func Test_helm_parser_with_options_with_values_file(t *testing.T) {
var opts []options.ParserOption

if test.valuesFile != "" {
opts = append(opts, parser2.OptionWithValuesFile(test.valuesFile))
opts = append(opts, parser.OptionWithValuesFile(test.valuesFile))
}

helmParser := parser2.New(chartName, opts...)
helmParser := parser.New(chartName, opts...)
err := helmParser.ParseFS(context.TODO(), os.DirFS(filepath.Join("testdata", chartName)), ".")
require.NoError(t, err)
manifests, err := helmParser.RenderedChartFiles()
Expand Down Expand Up @@ -87,14 +87,14 @@ func Test_helm_parser_with_options_with_set_value(t *testing.T) {
var opts []options.ParserOption

if test.valuesFile != "" {
opts = append(opts, parser2.OptionWithValuesFile(test.valuesFile))
opts = append(opts, parser.OptionWithValuesFile(test.valuesFile))
}

if test.values != "" {
opts = append(opts, parser2.OptionWithValues(test.values))
opts = append(opts, parser.OptionWithValues(test.values))
}

helmParser := parser2.New(chartName, opts...)
helmParser := parser.New(chartName, opts...)
err := helmParser.ParseFS(context.TODO(), os.DirFS(filepath.Join("testdata", chartName)), ".")
require.NoError(t, err)
manifests, err := helmParser.RenderedChartFiles()
Expand Down Expand Up @@ -140,10 +140,10 @@ func Test_helm_parser_with_options_with_api_versions(t *testing.T) {
var opts []options.ParserOption

if len(test.apiVersions) > 0 {
opts = append(opts, parser2.OptionWithAPIVersions(test.apiVersions...))
opts = append(opts, parser.OptionWithAPIVersions(test.apiVersions...))
}

helmParser := parser2.New(chartName, opts...)
helmParser := parser.New(chartName, opts...)
err := helmParser.ParseFS(context.TODO(), os.DirFS(filepath.Join("testdata", chartName)), ".")
require.NoError(t, err)
manifests, err := helmParser.RenderedChartFiles()
Expand Down
6 changes: 3 additions & 3 deletions pkg/iac/scanners/terraform/deterministic_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ import (
"github.com/aquasecurity/trivy/internal/testutil"
"github.com/aquasecurity/trivy/pkg/iac/rules"
"github.com/aquasecurity/trivy/pkg/iac/scanners/terraform/executor"
parser2 "github.com/aquasecurity/trivy/pkg/iac/scanners/terraform/parser"
"github.com/aquasecurity/trivy/pkg/iac/scanners/terraform/parser"
"github.com/stretchr/testify/require"
)

Expand Down Expand Up @@ -39,12 +39,12 @@ locals {
})

for i := 0; i < 100; i++ {
p := parser2.New(fs, "", parser2.OptionStopOnHCLError(true))
p := parser.New(fs, "", parser.OptionStopOnHCLError(true))
err := p.ParseFS(context.TODO(), ".")
require.NoError(t, err)
modules, _, err := p.EvaluateAll(context.TODO())
require.NoError(t, err)
results, _, _ := executor.New().Execute(modules)
results, _ := executor.New().Execute(modules)
require.Len(t, results.GetFailed(), 2)
}
}
45 changes: 3 additions & 42 deletions pkg/iac/scanners/terraform/executor/executor.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@ import (
"fmt"
"runtime"
"sort"
"time"

"github.com/zclconf/go-cty/cty"

Expand Down Expand Up @@ -38,22 +37,6 @@ type Executor struct {
frameworks []framework.Framework
}

type Metrics struct {
Timings struct {
Adaptation time.Duration
RunningChecks time.Duration
}
Counts struct {
Ignored int
Failed int
Passed int
Critical int
High int
Medium int
Low int
}
}

// New creates a new Executor
func New(options ...Option) *Executor {
s := &Executor{
Expand All @@ -77,14 +60,10 @@ func checkInList(id string, list []string) bool {
return false
}

func (e *Executor) Execute(modules terraform.Modules) (scan.Results, Metrics, error) {

var metrics Metrics
func (e *Executor) Execute(modules terraform.Modules) (scan.Results, error) {

e.debug.Log("Adapting modules...")
adaptationTime := time.Now()
infra := adapter.Adapt(modules)
metrics.Timings.Adaptation = time.Since(adaptationTime)
e.debug.Log("Adapted %d module(s) into defsec state data.", len(modules))

threads := runtime.NumCPU()
Expand All @@ -101,17 +80,15 @@ func (e *Executor) Execute(modules terraform.Modules) (scan.Results, Metrics, er
f(infra)
}

checksTime := time.Now()
registeredRules := rules.GetRegistered(e.frameworks...)
e.debug.Log("Initialized %d rule(s).", len(registeredRules))

pool := NewPool(threads, registeredRules, modules, infra, e.ignoreCheckErrors, e.regoScanner, e.regoOnly)
e.debug.Log("Created pool with %d worker(s) to apply rules.", threads)
results, err := pool.Run()
if err != nil {
return nil, metrics, err
return nil, err
}
metrics.Timings.RunningChecks = time.Since(checksTime)
e.debug.Log("Finished applying rules.")

if e.enableIgnores {
Expand Down Expand Up @@ -152,25 +129,9 @@ func (e *Executor) Execute(modules terraform.Modules) (scan.Results, Metrics, er

results = e.updateSeverity(results)
results = e.filterResults(results)
metrics.Counts.Ignored = len(results.GetIgnored())
metrics.Counts.Passed = len(results.GetPassed())
metrics.Counts.Failed = len(results.GetFailed())

for _, res := range results.GetFailed() {
switch res.Severity() {
case severity.Critical:
metrics.Counts.Critical++
case severity.High:
metrics.Counts.High++
case severity.Medium:
metrics.Counts.Medium++
case severity.Low:
metrics.Counts.Low++
}
}

e.sortResults(results)
return results, metrics, nil
return results, nil
}

func (e *Executor) updateSeverity(results []scan.Result) scan.Results {
Expand Down
26 changes: 17 additions & 9 deletions pkg/iac/scanners/terraform/executor/executor_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ import (
"github.com/aquasecurity/trivy/pkg/iac/providers"
"github.com/aquasecurity/trivy/pkg/iac/rules"
"github.com/aquasecurity/trivy/pkg/iac/scan"
parser2 "github.com/aquasecurity/trivy/pkg/iac/scanners/terraform/parser"
"github.com/aquasecurity/trivy/pkg/iac/scanners/terraform/parser"
"github.com/aquasecurity/trivy/pkg/iac/severity"
"github.com/aquasecurity/trivy/pkg/iac/terraform"
"github.com/stretchr/testify/assert"
Expand Down Expand Up @@ -47,12 +47,15 @@ resource "problem" "this" {
`,
})

p := parser2.New(fs, "", parser2.OptionStopOnHCLError(true))
p := parser.New(fs, "", parser.OptionStopOnHCLError(true))
err := p.ParseFS(context.TODO(), "project")
require.NoError(t, err)
modules, _, err := p.EvaluateAll(context.TODO())
require.NoError(t, err)
results, _, _ := New().Execute(modules)

results, err := New().Execute(modules)
assert.Error(t, err)

assert.Equal(t, len(results.GetFailed()), 0)
}

Expand All @@ -69,12 +72,14 @@ resource "problem" "this" {
`,
})

p := parser2.New(fs, "", parser2.OptionStopOnHCLError(true))
p := parser.New(fs, "", parser.OptionStopOnHCLError(true))
err := p.ParseFS(context.TODO(), "project")
require.NoError(t, err)

modules, _, err := p.EvaluateAll(context.TODO())
require.NoError(t, err)
_, _, err = New(OptionStopOnErrors(false)).Execute(modules)

_, err = New(OptionStopOnErrors(false)).Execute(modules)
assert.Error(t, err)
}

Expand All @@ -91,12 +96,15 @@ resource "problem" "this" {
`,
})

p := parser2.New(fs, "", parser2.OptionStopOnHCLError(true))
p := parser.New(fs, "", parser.OptionStopOnHCLError(true))
err := p.ParseFS(context.TODO(), "project")
require.NoError(t, err)
modules, _, err := p.EvaluateAll(context.TODO())
require.NoError(t, err)
results, _, _ := New().Execute(modules)

results, _ := New().Execute(modules)
require.NoError(t, err)

assert.Equal(t, len(results.GetFailed()), 0)
}

Expand All @@ -113,12 +121,12 @@ resource "problem" "this" {
`,
})

p := parser2.New(fs, "", parser2.OptionStopOnHCLError(true))
p := parser.New(fs, "", parser.OptionStopOnHCLError(true))
err := p.ParseFS(context.TODO(), "project")
require.NoError(t, err)
modules, _, err := p.EvaluateAll(context.TODO())
require.NoError(t, err)

_, _, err = New(OptionStopOnErrors(false)).Execute(modules)
_, err = New(OptionStopOnErrors(false)).Execute(modules)
assert.Error(t, err)
}
Loading

0 comments on commit 245c120

Please sign in to comment.