handle errors more elegantly (#25)

* Use defsec formatters and results structs

* Update to defsec v0.0.31

* here you go

* Add invalid content error (#24)

* Add more defence against failure

* Add the docs

* Update the docs

* fix commented out meta override

Co-authored-by: Liam Galvin <[email protected]>

.github/workflows/mkdocs_latest.yml

@@ -0,0 +1,43 @@
+name: Deploy the latest documentation
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        description: Version to be deployed
+        required: true
+  push:
+    tags:
+      - "v*"
+jobs:
+  deploy:
+    name: Deploy the latest documentation
+    runs-on: ubuntu-18.04
+    steps:
+      - name: Checkout main
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+          persist-credentials: true
+      - uses: actions/setup-python@v2
+        with:
+          python-version: 3.x
+      - name: Install dependencies
+        run: |
+          pip install git+https://${GH_TOKEN}@github.com/squidfunk/mkdocs-material-insiders.git
+          pip install mike
+          pip install mkdocs-macros-plugin
+          pip install mkdocs-include-markdown-plugin
+        env:
+          GH_TOKEN: ${{ secrets.MKDOCS_AQUA_BOT }}
+      - name: Configure the git user
+        run: |
+          git config user.name "owenrumney"
+          git config user.email "[email protected]"
+      - name: Deploy the latest documents from new tag push
+        if: ${{ github.event.inputs.version == '' }}
+        run: |
+          VERSION=$(echo ${{ github.ref }} | sed -e "s#refs/tags/##g")
+          mike deploy --push --update-aliases $VERSION latest
+      - name: Deploy the latest documents from manual trigger
+        if: ${{ github.event.inputs.version != '' }}
+        run: mike deploy --push --update-aliases ${{ github.event.inputs.version }} latest

Makefile

@@ -1,5 +1,8 @@
 SHELL=/usr/bin/bash
 
+MKDOCS_IMAGE := aquasec/mkdocs-material:tracee
+MKDOCS_PORT := 8000
+
 .PHONY: test
 test:
 	which gotestsum || (pushd /tmp && go install gotest.tools/gotestsum@latest && popd)
@@ -53,5 +56,11 @@ tagger:
 	 git push origin "$${TAG}"
 
 .PHONY: publish-docs
-publish-docs:
-	./scripts/publish-docs.sh
+publish-docs: generate-docs
+	@python3 ./scripts/build_checks_nav.py
+
+# Runs MkDocs dev server to preview the docs page before it is published.
+.PHONY: mkdocs-serve
+mkdocs-serve:
+	docker build -t $(MKDOCS_IMAGE) -f docs/Dockerfile docs
+	docker  run --name mkdocs-serve --rm -v $(PWD):/docs -p $(MKDOCS_PORT):8000 $(MKDOCS_IMAGE)

cmd/cfsec-docs/main.go

@@ -19,7 +19,7 @@ var (
 )
 
 func init() {
-	defaultWebDocsPath := fmt.Sprintf("%s/checkdocs", projectRoot)
+	defaultWebDocsPath := fmt.Sprintf("%s/docs/checks", projectRoot)
 	rootCmd.Flags().StringVar(&webPath, "web-path", defaultWebDocsPath, "The path to generate web into, defaults to ./checkdocs")
 }
 
@@ -49,9 +49,5 @@ func getSortedChecks() []rules.Rule {
 		return checks[i].ID() < checks[j].ID()
 	})
 
-	if err := generateNavIndexFile(checks); err != nil {
-		panic(err)
-	}
-
 	return checks
 }

cmd/cfsec-docs/webpage.go

@@ -81,7 +81,6 @@ func newEntry(check rules.Rule) docEntry {
 		links = append(links, link)
 	}
 
-
 	return docEntry{
 		Summary:     check.Base.Rule().Summary,
 		ID:          check.ID(),
@@ -98,7 +97,7 @@ func newEntry(check rules.Rule) docEntry {
 
 func generateWebPages(fileContents []rules.Rule) error {
 	for _, check := range fileContents {
-		webProviderPath := fmt.Sprintf("%s/docs/%s", webPath, strings.ToLower(check.Base.Rule().Service))
+		webProviderPath := fmt.Sprintf("docs/checks/%s", strings.ToLower(check.Base.Rule().Service))
 		entry := newEntry(check)
 		if err := generateWebPage(webProviderPath, entry); err != nil {
 			return err

cmd/cfsec/main.go

@@ -9,10 +9,10 @@ import (
 	"strings"
 
 	"github.com/aquasecurity/cfsec/internal/app/cfsec/debug"
-	"github.com/aquasecurity/cfsec/internal/app/cfsec/formatters"
 	_ "github.com/aquasecurity/cfsec/internal/app/cfsec/loader"
 	"github.com/aquasecurity/cfsec/internal/app/cfsec/parser"
 	"github.com/aquasecurity/cfsec/internal/app/cfsec/scanner"
+	"github.com/aquasecurity/defsec/formatters"
 	"github.com/aquasecurity/defsec/rules"
 	"github.com/liamg/tml"
 	"github.com/spf13/cobra"
@@ -78,10 +78,17 @@ var rootCmd = &cobra.Command{
 				contexts, err = p.ParseFiles(dir)
 			}
 			if err != nil {
-				return err
+				switch err.(type) {
+				case *parser.ErrParsingErrors:
+					_, _ = fmt.Fprintf(os.Stderr, "There were issues with parsing some files. %v\n", err)
+				default:
+					_, _ = fmt.Fprintf(os.Stderr, "An unrecoverable error occurred during parsing. %v", err)
+					os.Exit(1)
+				}
 			}
 		} else {
-			panic(fmt.Errorf("couldn't find the filepath when stating"))
+			_, _ = fmt.Fprintf(os.Stderr, "Coudd not find %s", dir)
+			os.Exit(1)
 		}
 
 		if err != nil {
@@ -98,7 +105,7 @@ var rootCmd = &cobra.Command{
 
 		if includePassed {
 			sort.Slice(results, func(i, j int) bool {
-				return results[i].Status == rules.StatusPassed && results[j].Status != rules.StatusPassed
+				return results[i].Status() == rules.StatusPassed && results[j].Status() != rules.StatusPassed
 			})
 		}
 

docs/Dockerfile

@@ -0,0 +1,4 @@
+FROM squidfunk/mkdocs-material:7.3.6
+
+COPY requirements.txt /requirements.txt
+RUN pip install -r /requirements.txt

docs/checks/api-gateway/enable-access-logging.md

@@ -0,0 +1,72 @@
+---
+title: API Gateway stages for V1 and V2 should have access logging enabled
+shortcode: enable-access-logging
+summary: API Gateway stages for V1 and V2 should have access logging enabled 
+permalink: /docs/api-gateway/enable-access-logging/
+---
+
+### Explanation
+
+API Gateway stages should have access log settings block configured to track all access to a particular stage. This should be applied to both v1 and v2 gateway stages.
+
+### Possible Impact
+Logging provides vital information about access and usage
+
+### Suggested Resolution
+Enable logging for API Gateway stages
+
+
+### Insecure Example
+
+The following example will fail the AVD-AWS-0001 check.
+
+```yaml
+---
+AWSTemplateFormatVersion: 2010-09-09
+Description: Bad Example of ApiGateway
+Resources:
+  BadApi:
+    Type: AWS::ApiGatewayV2::Api
+  BadApiStage:
+    Type: AWS::ApiGatewayV2::Stage
+    Properties:
+      AccessLogSettings:
+        Format: json
+      ApiId: !Ref BadApi
+      StageName: BadApiStage
+
+```
+
+
+
+### Secure Example
+
+The following example will pass the AVD-AWS-0001 check.
+
+```yaml
+---
+AWSTemplateFormatVersion: 2010-09-09
+Description: Good Example of ApiGateway
+Resources:
+  GoodApi:
+    Type: AWS::ApiGatewayV2::Api
+  GoodApiStage:
+    Type: AWS::ApiGatewayV2::Stage
+    Properties:
+      AccessLogSettings:
+        DestinationArn: gateway-logging
+        Format: json
+      ApiId: !Ref GoodApi
+      StageName: GoodApiStage
+
+```
+
+
+
+
+### Related Links
+
+
+- [https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-logging.html](https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-logging.html)
+
+