319 lines
15 KiB
Ruby
319 lines
15 KiB
Ruby
class Checkov < Formula
|
|
include Language::Python::Virtualenv
|
|
|
|
desc "Prevent cloud misconfigurations during build-time for IaC tools"
|
|
homepage "https://www.checkov.io/"
|
|
# checkov should only be updated every 15 releases on multiples of 15
|
|
url "https://files.pythonhosted.org/packages/b8/2b/9e20627f019dcf52046c103781b20368d30e01bb9c3a326f57a3bb43d9c2/checkov-2.0.510.tar.gz"
|
|
sha256 "d2e442ba8cfd765df4ce551cee0e4a6e36642060a24ddeb691600cb8c45b6a4a"
|
|
license "Apache-2.0"
|
|
|
|
bottle do
|
|
sha256 cellar: :any_skip_relocation, arm64_monterey: "d419c4c8aad110b2773cb3377be8ed58d55565124e3aa50a6b00655bcef9350f"
|
|
sha256 cellar: :any_skip_relocation, arm64_big_sur: "9f1bd1a0e105fb6923eeeeb0c81789783fa95c1ba1b8580da59a2a286cc4fb5d"
|
|
sha256 cellar: :any_skip_relocation, monterey: "b1077538b57b4c6960798f8bc24362af0ebc28045480f9be07b5049a0445fbb0"
|
|
sha256 cellar: :any_skip_relocation, big_sur: "521afd0234c67ff34aff6463fbab14014b1ff848d5eeae6125c9e229c76eb4de"
|
|
sha256 cellar: :any_skip_relocation, catalina: "cad5b640d7a71e7878701fbf30f3796c900cf1f8f593d20a23107a25dd274266"
|
|
sha256 cellar: :any_skip_relocation, x86_64_linux: "fe6073b2ca4a7ca99a98319356dcb814c82623c354d736bd7780149cf7acc982"
|
|
end
|
|
|
|
depends_on "python-tabulate"
|
|
depends_on "python@3.9"
|
|
depends_on "six"
|
|
|
|
resource "bc-python-hcl2" do
|
|
url "https://files.pythonhosted.org/packages/c7/6f/622978d9d98ea2ad9272afb76cb3f0075dcd628b1855ce0a07446c42e9d0/bc-python-hcl2-0.3.24.tar.gz"
|
|
sha256 "62c88c9133d148a478e75d5cb093aff7f25fd5bdd355433b3769489de8dd36b4"
|
|
end
|
|
|
|
resource "beautifulsoup4" do
|
|
url "https://files.pythonhosted.org/packages/a1/69/daeee6d8f22c997e522cdbeb59641c4d31ab120aba0f2c799500f7456b7e/beautifulsoup4-4.10.0.tar.gz"
|
|
sha256 "c23ad23c521d818955a4151a67d81580319d4bf548d3d49f4223ae041ff98891"
|
|
end
|
|
|
|
resource "boto3" do
|
|
url "https://files.pythonhosted.org/packages/7b/4d/3ee45c9afebcb44d0009b709e8590267669ef5bbd1310de9ccc179cb2c17/boto3-1.17.112.tar.gz"
|
|
sha256 "08b6dacbe7ebe57ae8acfb7106b2728d946ae1e0c3da270caee1deb79ccbd8af"
|
|
end
|
|
|
|
resource "botocore" do
|
|
url "https://files.pythonhosted.org/packages/4d/c8/2d47e502c12d4b436e5b865cc78552604888aee59570c12b1863bb09c11b/botocore-1.20.112.tar.gz"
|
|
sha256 "d0b9b70b6eb5b65bb7162da2aaf04b6b086b15cc7ea322ddc3ef2f5e07944dcf"
|
|
end
|
|
|
|
resource "cached-property" do
|
|
url "https://files.pythonhosted.org/packages/61/2c/d21c1c23c2895c091fa7a91a54b6872098fea913526932d21902088a7c41/cached-property-1.5.2.tar.gz"
|
|
sha256 "9fa5755838eecbb2d234c3aa390bd80fbd3ac6b6869109bfc1b499f7bd89a130"
|
|
end
|
|
|
|
resource "cachetools" do
|
|
url "https://files.pythonhosted.org/packages/d7/69/c457a860456cbf80ecc2e44ed4c201b49ec7ad124d769b71f6d0a7935dca/cachetools-4.2.4.tar.gz"
|
|
sha256 "89ea6f1b638d5a73a4f9226be57ac5e4f399d22770b92355f92dcb0f7f001693"
|
|
end
|
|
|
|
resource "certifi" do
|
|
url "https://files.pythonhosted.org/packages/6c/ae/d26450834f0acc9e3d1f74508da6df1551ceab6c2ce0766a593362d6d57f/certifi-2021.10.8.tar.gz"
|
|
sha256 "78884e7c1d4b00ce3cea67b44566851c4343c120abd683433ce934a68ea58872"
|
|
end
|
|
|
|
resource "charset-normalizer" do
|
|
url "https://files.pythonhosted.org/packages/9f/c5/334c019f92c26e59637bb42bd14a190428874b2b2de75a355da394cf16c1/charset-normalizer-2.0.7.tar.gz"
|
|
sha256 "e019de665e2bcf9c2b64e2e5aa025fa991da8720daa3c1138cadd2fd1856aed0"
|
|
end
|
|
|
|
resource "click" do
|
|
url "https://files.pythonhosted.org/packages/f4/09/ad003f1e3428017d1c3da4ccc9547591703ffea548626f47ec74509c5824/click-8.0.3.tar.gz"
|
|
sha256 "410e932b050f5eed773c4cda94de75971c89cdb3155a72a0831139a79e5ecb5b"
|
|
end
|
|
|
|
resource "click-option-group" do
|
|
url "https://files.pythonhosted.org/packages/3c/86/5de6d909d9dcc85627a178788ec3e8c3ef81cda175badb48ad0bb582628d/click-option-group-0.5.3.tar.gz"
|
|
sha256 "a6e924f3c46b657feb5b72679f7e930f8e5b224b766ab35c91ae4019b4e0615e"
|
|
end
|
|
|
|
resource "cloudsplaining" do
|
|
url "https://files.pythonhosted.org/packages/94/67/4c46cadb23ba161ee9db0aece63b58f100fcf2e2ce6912fcd7d85618d833/cloudsplaining-0.4.6.tar.gz"
|
|
sha256 "d91dc996033edf712c2695c009fe72ba0ce8f4f211613b42ff085e12612e32ac"
|
|
end
|
|
|
|
resource "colorama" do
|
|
url "https://files.pythonhosted.org/packages/1f/bb/5d3246097ab77fa083a61bd8d3d527b7ae063c7d8e8671b1cf8c4ec10cbe/colorama-0.4.4.tar.gz"
|
|
sha256 "5941b2b48a20143d2267e95b1c2a7603ce057ee39fd88e7329b0c292aa16869b"
|
|
end
|
|
|
|
resource "ConfigArgParse" do
|
|
url "https://files.pythonhosted.org/packages/16/05/385451bc8d20a3aa1d8934b32bd65847c100849ebba397dbf6c74566b237/ConfigArgParse-1.5.3.tar.gz"
|
|
sha256 "1b0b3cbf664ab59dada57123c81eff3d9737e0d11d8cf79e3d6eb10823f1739f"
|
|
end
|
|
|
|
resource "contextlib2" do
|
|
url "https://files.pythonhosted.org/packages/c7/13/37ea7805ae3057992e96ecb1cffa2fa35c2ef4498543b846f90dd2348d8f/contextlib2-21.6.0.tar.gz"
|
|
sha256 "ab1e2bfe1d01d968e1b7e8d9023bc51ef3509bba217bb730cee3827e1ee82869"
|
|
end
|
|
|
|
resource "cyclonedx-python-lib" do
|
|
url "https://files.pythonhosted.org/packages/a2/86/5bbc2a63bc2b0aa3402527c20d5381a1bdd73f365318b88d7c817504b1ac/cyclonedx-python-lib-0.10.2.tar.gz"
|
|
sha256 "6f79742ca1728b9016ea272bbe58a60441848e6b4f9742918b8eb67ca987df3b"
|
|
end
|
|
|
|
resource "deep_merge" do
|
|
url "https://files.pythonhosted.org/packages/a5/25/aa35c20acd8a4f515f9e4c8dee4c7731446234101a6dae0c34cf498bb342/deep_merge-0.0.4.tar.gz"
|
|
sha256 "b54415f90934c42e334114e2864cb4d4e7335b34ad396e35ad8610c96065a47e"
|
|
end
|
|
|
|
resource "detect-secrets" do
|
|
url "https://files.pythonhosted.org/packages/fc/79/c5d0c23c552934ba6305a30817652b4c17686cc20d9bd4f762480199b1fb/detect_secrets-1.1.0.tar.gz"
|
|
sha256 "68250b31bc108f665f05f0ecfb34f92423280e48e65adbb887fdf721ed909627"
|
|
end
|
|
|
|
resource "docker" do
|
|
url "https://files.pythonhosted.org/packages/ab/d2/45ea0ee13c6cffac96c32ac36db0299932447a736660537ec31ec3a6d877/docker-5.0.3.tar.gz"
|
|
sha256 "d916a26b62970e7c2f554110ed6af04c7ccff8e9f81ad17d0d40c75637e227fb"
|
|
end
|
|
|
|
resource "dockerfile-parse" do
|
|
url "https://files.pythonhosted.org/packages/d0/f6/8eb044e3837f6da0a85d9f73158104fecdab68bc86a83625b1e398963ed3/dockerfile-parse-1.2.0.tar.gz"
|
|
sha256 "07e65eec313978e877da819855870b3ae47f3fac94a40a965b9ede10484dacc5"
|
|
end
|
|
|
|
resource "dpath" do
|
|
url "https://files.pythonhosted.org/packages/88/b2/abc5803f37a2ea1045d68765acfcb4ec166bc9e08c3ba451c53af29a73f2/dpath-1.5.0.tar.gz"
|
|
sha256 "496615b4ea84236d18e0d286122de74869a60e0f87e2c7ec6787ff286c48361b"
|
|
end
|
|
|
|
resource "gitdb" do
|
|
url "https://files.pythonhosted.org/packages/fc/44/64e02ef96f20b347385f0e9c03098659cb5a1285d36c3d17c56e534d80cf/gitdb-4.0.9.tar.gz"
|
|
sha256 "bac2fd45c0a1c9cf619e63a90d62bdc63892ef92387424b855792a6cabe789aa"
|
|
end
|
|
|
|
resource "GitPython" do
|
|
url "https://files.pythonhosted.org/packages/34/cc/aaa7a0d066ac9e94fbffa5fcf0738f5742dd7095bdde950bd582fca01f5a/GitPython-3.1.24.tar.gz"
|
|
sha256 "df83fdf5e684fef7c6ee2c02fc68a5ceb7e7e759d08b694088d0cacb4eba59e5"
|
|
end
|
|
|
|
resource "idna" do
|
|
url "https://files.pythonhosted.org/packages/62/08/e3fc7c8161090f742f504f40b1bccbfc544d4a4e09eb774bf40aafce5436/idna-3.3.tar.gz"
|
|
sha256 "9d643ff0a55b762d5cdb124b8eaa99c66322e2157b69160bc32796e824360e6d"
|
|
end
|
|
|
|
resource "Jinja2" do
|
|
url "https://files.pythonhosted.org/packages/f8/86/7c0eb6e8b05385d1ce682abc0f994abd1668e148fb52603fa86e15d4c110/Jinja2-3.0.2.tar.gz"
|
|
sha256 "827a0e32839ab1600d4eb1c4c33ec5a8edfbc5cb42dafa13b81f182f97784b45"
|
|
end
|
|
|
|
resource "jmespath" do
|
|
url "https://files.pythonhosted.org/packages/3c/56/3f325b1eef9791759784aa5046a8f6a1aff8f7c898a2e34506771d3b99d8/jmespath-0.10.0.tar.gz"
|
|
sha256 "b85d0567b8666149a93172712e68920734333c0ce7e89b78b3e987f71e5ed4f9"
|
|
end
|
|
|
|
resource "junit-xml-2" do
|
|
url "https://files.pythonhosted.org/packages/4d/f2/a99adf9deb57949b81ff8e113edf971da1840251794a6f4184d61faa5a65/junit-xml-2-1.9.tar.gz"
|
|
sha256 "3b8d9635c5215f754c7807104f6493e3ea3bc9481e2d33db294560da3a1b00f7"
|
|
end
|
|
|
|
resource "lark-parser" do
|
|
url "https://files.pythonhosted.org/packages/0d/a5/60580c84bbc28f3952aec8f718e7311eb679a825f9c1d424d98a5542d7c0/lark-parser-0.10.1.tar.gz"
|
|
sha256 "42f367612a1bbc4cf9d8c8eb1b209d8a9b397d55af75620c9e6f53e502235996"
|
|
end
|
|
|
|
resource "Markdown" do
|
|
url "https://files.pythonhosted.org/packages/49/02/37bd82ae255bb4dfef97a4b32d95906187b7a7a74970761fca1360c4ba22/Markdown-3.3.4.tar.gz"
|
|
sha256 "31b5b491868dcc87d6c24b7e3d19a0d730d59d3e46f4eea6430a321bed387a49"
|
|
end
|
|
|
|
resource "MarkupSafe" do
|
|
url "https://files.pythonhosted.org/packages/bf/10/ff66fea6d1788c458663a84d88787bae15d45daa16f6b3ef33322a51fc7e/MarkupSafe-2.0.1.tar.gz"
|
|
sha256 "594c67807fb16238b30c44bdf74f36c02cdf22d1c8cda91ef8a0ed8dabf5620a"
|
|
end
|
|
|
|
resource "networkx" do
|
|
url "https://files.pythonhosted.org/packages/97/ae/7497bc5e1c84af95e585e3f98585c9f06c627fac6340984c4243053e8f44/networkx-2.6.3.tar.gz"
|
|
sha256 "c0946ed31d71f1b732b5aaa6da5a0388a345019af232ce2f49c766e2d6795c51"
|
|
end
|
|
|
|
resource "packageurl-python" do
|
|
url "https://files.pythonhosted.org/packages/4b/39/e7665859ad2271aabc489f19df2afff3112e93398bf33fc1d062df41721b/packageurl-python-0.9.6.tar.gz"
|
|
sha256 "c01fbaf62ad2eb791e97158d1f30349e830bee2dd3e9503a87f6c3ffae8d1cf0"
|
|
end
|
|
|
|
resource "packaging" do
|
|
url "https://files.pythonhosted.org/packages/df/86/aef78bab3afd461faecf9955a6501c4999933a48394e90f03cd512aad844/packaging-21.0.tar.gz"
|
|
sha256 "7dc96269f53a4ccec5c0670940a4281106dd0bb343f47b7471f779df49c2fbe7"
|
|
end
|
|
|
|
resource "policy-sentry" do
|
|
url "https://files.pythonhosted.org/packages/d1/ef/033029dfe81e914525a6e339d8090ff34c7c9fb9be4e5f550bc50617c914/policy_sentry-0.11.18.tar.gz"
|
|
sha256 "fdeb53644195ee0404b0983ebd0bc1d2ea8c6b29266f8036d880285f4562560e"
|
|
end
|
|
|
|
resource "policyuniverse" do
|
|
url "https://files.pythonhosted.org/packages/47/83/81cbcfc4ab4de55191829903171a8be154c7389951e2a8827c23e9c7ac9e/policyuniverse-1.4.0.20210819.tar.gz"
|
|
sha256 "44145447d473c37ff2776667b5e1018a00c0a493c16a0a489399521b3786a8be"
|
|
end
|
|
|
|
resource "pyparsing" do
|
|
url "https://files.pythonhosted.org/packages/31/c9/b29ea153b9bffaae787ecc81873b4b51bd36cc13c37586b41891beae37eb/pyparsing-3.0.1.tar.gz"
|
|
sha256 "84196357aa3566d64ad123d7a3c67b0e597a115c4934b097580e5ce220b91531"
|
|
end
|
|
|
|
resource "python-dateutil" do
|
|
url "https://files.pythonhosted.org/packages/4c/c4/13b4776ea2d76c115c1d1b84579f3764ee6d57204f6be27119f13a61d0a9/python-dateutil-2.8.2.tar.gz"
|
|
sha256 "0123cacc1627ae19ddf3c27a5de5bd67ee4586fbdd6440d9748f8abb483d3e86"
|
|
end
|
|
|
|
resource "PyYAML" do
|
|
url "https://files.pythonhosted.org/packages/36/2b/61d51a2c4f25ef062ae3f74576b01638bebad5e045f747ff12643df63844/PyYAML-6.0.tar.gz"
|
|
sha256 "68fb519c14306fec9720a2a5b45bc9f0c8d1b9c72adf45c37baedfcd949c35a2"
|
|
end
|
|
|
|
resource "requests" do
|
|
url "https://files.pythonhosted.org/packages/e7/01/3569e0b535fb2e4a6c384bdbed00c55b9d78b5084e0fb7f4d0bf523d7670/requests-2.26.0.tar.gz"
|
|
sha256 "b8aa58f8cf793ffd8782d3d8cb19e66ef36f7aba4353eec859e74678b01b07a7"
|
|
end
|
|
|
|
resource "requirements-parser" do
|
|
url "https://files.pythonhosted.org/packages/03/80/eb6ba1dd0429089436e90e556db50884ea21da060b10f2e5668c4cac99da/requirements-parser-0.2.0.tar.gz"
|
|
sha256 "5963ee895c2d05ae9f58d3fc641082fb38021618979d6a152b6b1398bd7d4ed4"
|
|
end
|
|
|
|
resource "s3transfer" do
|
|
url "https://files.pythonhosted.org/packages/27/90/f467e516a845cf378d85f0a51913c642e31e2570eb64b352c4dc4c6cbfc7/s3transfer-0.4.2.tar.gz"
|
|
sha256 "cb022f4b16551edebbb31a377d3f09600dbada7363d8c5db7976e7f47732e1b2"
|
|
end
|
|
|
|
resource "schema" do
|
|
url "https://files.pythonhosted.org/packages/2b/91/42bc143289fd5f032ab1b01c5da32dc162ae808a585122f27ed5bf67268f/schema-0.7.4.tar.gz"
|
|
sha256 "fbb6a52eb2d9facf292f233adcc6008cffd94343c63ccac9a1cb1f3e6de1db17"
|
|
end
|
|
|
|
resource "semantic-version" do
|
|
url "https://files.pythonhosted.org/packages/d4/52/3be868c7ed1f408cb822bc92ce17ffe4e97d11c42caafce0589f05844dd0/semantic_version-2.8.5.tar.gz"
|
|
sha256 "d2cb2de0558762934679b9a104e82eca7af448c9f4974d1f3eeccff651df8a54"
|
|
end
|
|
|
|
resource "smmap" do
|
|
url "https://files.pythonhosted.org/packages/21/2d/39c6c57032f786f1965022563eec60623bb3e1409ade6ad834ff703724f3/smmap-5.0.0.tar.gz"
|
|
sha256 "c840e62059cd3be204b0c9c9f74be2c09d5648eddd4580d9314c3ecde0b30936"
|
|
end
|
|
|
|
resource "soupsieve" do
|
|
url "https://files.pythonhosted.org/packages/c8/3f/e71d92e90771ac2d69986aa0e81cf0dfda6271e8483698f4847b861dd449/soupsieve-2.2.1.tar.gz"
|
|
sha256 "052774848f448cf19c7e959adf5566904d525f33a3f8b6ba6f6f8f26ec7de0cc"
|
|
end
|
|
|
|
resource "termcolor" do
|
|
url "https://files.pythonhosted.org/packages/8a/48/a76be51647d0eb9f10e2a4511bf3ffb8cc1e6b14e9e4fab46173aa79f981/termcolor-1.1.0.tar.gz"
|
|
sha256 "1d6d69ce66211143803fbc56652b41d73b4a400a2891d7bf7a1cdf4c02de613b"
|
|
end
|
|
|
|
resource "toml" do
|
|
url "https://files.pythonhosted.org/packages/be/ba/1f744cdc819428fc6b5084ec34d9b30660f6f9daaf70eead706e3203ec3c/toml-0.10.2.tar.gz"
|
|
sha256 "b3bda1d108d5dd99f4a20d24d9c348e91c4db7ab1b749200bded2f839ccbe68f"
|
|
end
|
|
|
|
resource "tqdm" do
|
|
url "https://files.pythonhosted.org/packages/e3/c1/b3e42d5b659ca598508e2a9ef315d5eef0a970f874ef9d3b38d4578765bd/tqdm-4.62.3.tar.gz"
|
|
sha256 "d359de7217506c9851b7869f3708d8ee53ed70a1b8edbba4dbcb47442592920d"
|
|
end
|
|
|
|
resource "typing-extensions" do
|
|
url "https://files.pythonhosted.org/packages/ed/12/c5079a15cf5c01d7f4252b473b00f7e68ee711be605b9f001528f0298b98/typing_extensions-3.10.0.2.tar.gz"
|
|
sha256 "49f75d16ff11f1cd258e1b988ccff82a3ca5570217d7ad8c5f48205dd99a677e"
|
|
end
|
|
|
|
resource "update-checker" do
|
|
url "https://files.pythonhosted.org/packages/5c/0b/1bec4a6cc60d33ce93d11a7bcf1aeffc7ad0aa114986073411be31395c6f/update_checker-0.18.0.tar.gz"
|
|
sha256 "6a2d45bb4ac585884a6b03f9eade9161cedd9e8111545141e9aa9058932acb13"
|
|
end
|
|
|
|
resource "urllib3" do
|
|
url "https://files.pythonhosted.org/packages/80/be/3ee43b6c5757cabea19e75b8f46eaf05a2f5144107d7db48c7cf3a864f73/urllib3-1.26.7.tar.gz"
|
|
sha256 "4987c65554f7a2dbf30c18fd48778ef124af6fab771a377103da0585e2336ece"
|
|
end
|
|
|
|
resource "websocket-client" do
|
|
url "https://files.pythonhosted.org/packages/4e/8f/b5c45af5a1def38b07c09a616be932ad49c35ebdc5e3cbf93966d7ed9750/websocket-client-1.2.1.tar.gz"
|
|
sha256 "8dfb715d8a992f5712fff8c843adae94e22b22a99b2c5e6b0ec4a1a981cc4e0d"
|
|
end
|
|
|
|
def install
|
|
inreplace "checkov/common/output/report.py", "from junit_xml", "from junit_xml_2"
|
|
virtualenv_install_with_resources
|
|
end
|
|
|
|
test do
|
|
(testpath/"test.tf").write <<~EOS
|
|
resource "aws_s3_bucket" "foo-bucket" {
|
|
region = "us-east-1"
|
|
bucket = "test"
|
|
acl = "public-read"
|
|
force_destroy = true
|
|
|
|
versioning {
|
|
enabled = true
|
|
}
|
|
}
|
|
EOS
|
|
|
|
assert_match "Passed checks: 4, Failed checks: 5, Skipped checks: 0",
|
|
shell_output("#{bin}/checkov -f #{testpath}/test.tf 2>&1", 1)
|
|
|
|
(testpath/"test2.tf").write <<~EOS
|
|
resource "aws_s3_bucket" "foo-bucket" {
|
|
region = "us-east-1"
|
|
bucket = "test"
|
|
acl = "public-read"
|
|
force_destroy = true
|
|
|
|
#checkov:skip=CKV_AWS_52
|
|
#checkov:skip=CKV_AWS_20:The bucket is a public static content host
|
|
versioning {
|
|
enabled = true
|
|
}
|
|
}
|
|
EOS
|
|
assert_match "Passed checks: 4, Failed checks: 4, Skipped checks: 1",
|
|
shell_output("#{bin}/checkov -f #{testpath}/test2.tf 2>&1", 1)
|
|
end
|
|
end
|