-
Notifications
You must be signed in to change notification settings - Fork 118
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: add the occurrences field #1383
Conversation
022b942
to
aa18860
Compare
@simar7 I followed the logic in "occurrences": [
{
"resource": "aws_security_group_rule.ingress_with_cidr_blocks[0]",
"filename": "terraform-aws-modules/security-group/aws/main.tf",
"start_line": 191,
"end_line": 227
},
{
"resource": "module.aws-security-groups[\"db1\"]",
"filename": "sg.tf",
"start_line": 1,
"end_line": 13
}
], |
could you explain what you mean by first occurrence? |
@simar7 For example, if the metadata of the resource will refer to the following sources:
|
Are they unique misconfigurations? If so, we should report them all at once. |
@simar7 No, it refers to one misconfiguration. |
Got it. So in the table output we will still see one misconfiguration right? If so, we should include all occurrences that are related to one misconfiguration. |
625d845
to
afc8815
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
just left one comment around testing this change
func (r *Result) Occurrences() []Occurrence { | ||
var occurrences []Occurrence | ||
|
||
mod := &r.metadata | ||
|
||
for { | ||
mod = mod.Parent() | ||
if mod == nil { | ||
break | ||
} | ||
parentRange := mod.Range() | ||
occurrences = append(occurrences, Occurrence{ | ||
Resource: mod.Reference(), | ||
Filename: parentRange.GetFilename(), | ||
StartLine: parentRange.GetStartLine(), | ||
EndLine: parentRange.GetEndLine(), | ||
}) | ||
} | ||
return occurrences | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we add a test for this? We can probably add it in pkg/scanners/cloud/aws/scanner_test.go
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@simar7 How good is this place for the test? this file refers to tests of aws services. Since the method is public and converts the result to another structure, maybe it's worth adding it to pkg/scan/result_test.go
?
@simar7 Do you think this will close this issue? |
Yeah good catch. I think so, it satisfies the ask. |
f51eb51
to
49aee1f
Compare
49aee1f
to
bd06b9a
Compare
Added the
occurrences
field. Based on this field, we can display a list of occurrences in reports.See aquasecurity/trivy#4581
Example of json output: