293 lines
14 KiB
Ruby
293 lines
14 KiB
Ruby
class Checkov < Formula
|
|
include Language::Python::Virtualenv
|
|
|
|
desc "Prevent cloud misconfigurations during build-time for IaC tools"
|
|
homepage "https://www.checkov.io/"
|
|
# checkov should only be updated every 15 releases on multiples of 15
|
|
url "https://files.pythonhosted.org/packages/04/c4/334063a233898ab1a461c5193d1f2df89913d7602e4bde946ca43e77ee9a/checkov-2.0.405.tar.gz"
|
|
sha256 "8a09a109184d1a8b177ae09f95648506bc0302b9c2f97484131b465f600557c3"
|
|
license "Apache-2.0"
|
|
|
|
bottle do
|
|
sha256 cellar: :any_skip_relocation, arm64_big_sur: "a11f7f9a5b1f6b9dce2c8db46eda921d28d48f8db057aaf67b28bdd847bf2315"
|
|
sha256 cellar: :any_skip_relocation, big_sur: "8e1a14de5dfac58c32fe458f42c4cda9000fb1bc38718ac007d75d8dbefc7918"
|
|
sha256 cellar: :any_skip_relocation, catalina: "dbc2d3cef225fc127a187be00261bde5583386cf3e3019af1f422e67a2fff61d"
|
|
sha256 cellar: :any_skip_relocation, mojave: "0fbc55beaebf559c6cd208b610b9176f187e6114088d7b6d6b4225ff3f675cee"
|
|
sha256 cellar: :any_skip_relocation, x86_64_linux: "d95fcd1a947991190ec9b34aea5c74530687b39958ae25857e346feecc04be29"
|
|
end
|
|
|
|
depends_on "python-tabulate"
|
|
depends_on "python@3.9"
|
|
depends_on "six"
|
|
|
|
resource "bc-python-hcl2" do
|
|
url "https://files.pythonhosted.org/packages/d8/3d/a845c2cba6a3c799cd9192aa32a44884ec51395dd37ba683ebd38d7e66a2/bc-python-hcl2-0.3.21.tar.gz"
|
|
sha256 "513fd5d1ce53cc44c4b687cefcb058a7b85ad959042e6b8aa612dde8ffa45faa"
|
|
end
|
|
|
|
resource "beautifulsoup4" do
|
|
url "https://files.pythonhosted.org/packages/a1/69/daeee6d8f22c997e522cdbeb59641c4d31ab120aba0f2c799500f7456b7e/beautifulsoup4-4.10.0.tar.gz"
|
|
sha256 "c23ad23c521d818955a4151a67d81580319d4bf548d3d49f4223ae041ff98891"
|
|
end
|
|
|
|
resource "boto3" do
|
|
url "https://files.pythonhosted.org/packages/7b/4d/3ee45c9afebcb44d0009b709e8590267669ef5bbd1310de9ccc179cb2c17/boto3-1.17.112.tar.gz"
|
|
sha256 "08b6dacbe7ebe57ae8acfb7106b2728d946ae1e0c3da270caee1deb79ccbd8af"
|
|
end
|
|
|
|
resource "botocore" do
|
|
url "https://files.pythonhosted.org/packages/4d/c8/2d47e502c12d4b436e5b865cc78552604888aee59570c12b1863bb09c11b/botocore-1.20.112.tar.gz"
|
|
sha256 "d0b9b70b6eb5b65bb7162da2aaf04b6b086b15cc7ea322ddc3ef2f5e07944dcf"
|
|
end
|
|
|
|
resource "cached-property" do
|
|
url "https://files.pythonhosted.org/packages/61/2c/d21c1c23c2895c091fa7a91a54b6872098fea913526932d21902088a7c41/cached-property-1.5.2.tar.gz"
|
|
sha256 "9fa5755838eecbb2d234c3aa390bd80fbd3ac6b6869109bfc1b499f7bd89a130"
|
|
end
|
|
|
|
resource "certifi" do
|
|
url "https://files.pythonhosted.org/packages/6d/78/f8db8d57f520a54f0b8a438319c342c61c22759d8f9a1cd2e2180b5e5ea9/certifi-2021.5.30.tar.gz"
|
|
sha256 "2bbf76fd432960138b3ef6dda3dde0544f27cbf8546c458e60baf371917ba9ee"
|
|
end
|
|
|
|
resource "charset-normalizer" do
|
|
url "https://files.pythonhosted.org/packages/e7/4e/2af0238001648ded297fb54ceb425ca26faa15b341b4fac5371d3938666e/charset-normalizer-2.0.4.tar.gz"
|
|
sha256 "f23667ebe1084be45f6ae0538e4a5a865206544097e4e8bbcacf42cd02a348f3"
|
|
end
|
|
|
|
resource "click" do
|
|
url "https://files.pythonhosted.org/packages/21/83/308a74ca1104fe1e3197d31693a7a2db67c2d4e668f20f43a2fca491f9f7/click-8.0.1.tar.gz"
|
|
sha256 "8c04c11192119b1ef78ea049e0a6f0463e4c48ef00a30160c704337586f3ad7a"
|
|
end
|
|
|
|
resource "click-option-group" do
|
|
url "https://files.pythonhosted.org/packages/3c/86/5de6d909d9dcc85627a178788ec3e8c3ef81cda175badb48ad0bb582628d/click-option-group-0.5.3.tar.gz"
|
|
sha256 "a6e924f3c46b657feb5b72679f7e930f8e5b224b766ab35c91ae4019b4e0615e"
|
|
end
|
|
|
|
resource "cloudsplaining" do
|
|
url "https://files.pythonhosted.org/packages/8d/fd/01df34dd3d6d23d48862398efcad03164c5275b746eab0d03ef1396c1959/cloudsplaining-0.4.5.tar.gz"
|
|
sha256 "45c3e825ca1770902d58b79774729a7d11581e7d041272d3ed45d88fb1b69a42"
|
|
end
|
|
|
|
resource "colorama" do
|
|
url "https://files.pythonhosted.org/packages/1f/bb/5d3246097ab77fa083a61bd8d3d527b7ae063c7d8e8671b1cf8c4ec10cbe/colorama-0.4.4.tar.gz"
|
|
sha256 "5941b2b48a20143d2267e95b1c2a7603ce057ee39fd88e7329b0c292aa16869b"
|
|
end
|
|
|
|
resource "ConfigArgParse" do
|
|
url "https://files.pythonhosted.org/packages/42/1c/3e40ae017361f30b01b391b1ee263ec93e4c2666221c69ebba297ff33be6/ConfigArgParse-1.5.2.tar.gz"
|
|
sha256 "c39540eb4843883d526beeed912dc80c92481b0c13c9787c91e614a624de3666"
|
|
end
|
|
|
|
resource "contextlib2" do
|
|
url "https://files.pythonhosted.org/packages/c7/13/37ea7805ae3057992e96ecb1cffa2fa35c2ef4498543b846f90dd2348d8f/contextlib2-21.6.0.tar.gz"
|
|
sha256 "ab1e2bfe1d01d968e1b7e8d9023bc51ef3509bba217bb730cee3827e1ee82869"
|
|
end
|
|
|
|
resource "deep_merge" do
|
|
url "https://files.pythonhosted.org/packages/a5/25/aa35c20acd8a4f515f9e4c8dee4c7731446234101a6dae0c34cf498bb342/deep_merge-0.0.4.tar.gz"
|
|
sha256 "b54415f90934c42e334114e2864cb4d4e7335b34ad396e35ad8610c96065a47e"
|
|
end
|
|
|
|
resource "detect-secrets" do
|
|
url "https://files.pythonhosted.org/packages/fc/79/c5d0c23c552934ba6305a30817652b4c17686cc20d9bd4f762480199b1fb/detect_secrets-1.1.0.tar.gz"
|
|
sha256 "68250b31bc108f665f05f0ecfb34f92423280e48e65adbb887fdf721ed909627"
|
|
end
|
|
|
|
resource "docker" do
|
|
url "https://files.pythonhosted.org/packages/b9/e4/b902199a501528bae3de060bb3b2e96e3362ec0311dd3e7e38e5e2d66080/docker-5.0.2.tar.gz"
|
|
sha256 "21ec4998e90dff7a7aaaa098ca8d839c7de412b89e6f6c30908372d58fecf663"
|
|
end
|
|
|
|
resource "dockerfile-parse" do
|
|
url "https://files.pythonhosted.org/packages/d0/f6/8eb044e3837f6da0a85d9f73158104fecdab68bc86a83625b1e398963ed3/dockerfile-parse-1.2.0.tar.gz"
|
|
sha256 "07e65eec313978e877da819855870b3ae47f3fac94a40a965b9ede10484dacc5"
|
|
end
|
|
|
|
resource "dpath" do
|
|
url "https://files.pythonhosted.org/packages/88/b2/abc5803f37a2ea1045d68765acfcb4ec166bc9e08c3ba451c53af29a73f2/dpath-1.5.0.tar.gz"
|
|
sha256 "496615b4ea84236d18e0d286122de74869a60e0f87e2c7ec6787ff286c48361b"
|
|
end
|
|
|
|
resource "gitdb" do
|
|
url "https://files.pythonhosted.org/packages/34/fe/9265459642ab6e29afe734479f94385870e8702e7f892270ed6e52dd15bf/gitdb-4.0.7.tar.gz"
|
|
sha256 "96bf5c08b157a666fec41129e6d327235284cca4c81e92109260f353ba138005"
|
|
end
|
|
|
|
resource "GitPython" do
|
|
url "https://files.pythonhosted.org/packages/ed/6a/c45c610dab3259d7059f028e34e1e708d5fe2bda886dc1f1564083339316/GitPython-3.1.20.tar.gz"
|
|
sha256 "df0e072a200703a65387b0cfdf0466e3bab729c0458cf6b7349d0e9877636519"
|
|
end
|
|
|
|
resource "idna" do
|
|
url "https://files.pythonhosted.org/packages/cb/38/4c4d00ddfa48abe616d7e572e02a04273603db446975ab46bbcd36552005/idna-3.2.tar.gz"
|
|
sha256 "467fbad99067910785144ce333826c71fb0e63a425657295239737f7ecd125f3"
|
|
end
|
|
|
|
resource "Jinja2" do
|
|
url "https://files.pythonhosted.org/packages/39/11/8076571afd97303dfeb6e466f27187ca4970918d4b36d5326725514d3ed3/Jinja2-3.0.1.tar.gz"
|
|
sha256 "703f484b47a6af502e743c9122595cc812b0271f661722403114f71a79d0f5a4"
|
|
end
|
|
|
|
resource "jmespath" do
|
|
url "https://files.pythonhosted.org/packages/3c/56/3f325b1eef9791759784aa5046a8f6a1aff8f7c898a2e34506771d3b99d8/jmespath-0.10.0.tar.gz"
|
|
sha256 "b85d0567b8666149a93172712e68920734333c0ce7e89b78b3e987f71e5ed4f9"
|
|
end
|
|
|
|
resource "junit-xml-2" do
|
|
url "https://files.pythonhosted.org/packages/4d/f2/a99adf9deb57949b81ff8e113edf971da1840251794a6f4184d61faa5a65/junit-xml-2-1.9.tar.gz"
|
|
sha256 "3b8d9635c5215f754c7807104f6493e3ea3bc9481e2d33db294560da3a1b00f7"
|
|
end
|
|
|
|
resource "lark-parser" do
|
|
url "https://files.pythonhosted.org/packages/0d/a5/60580c84bbc28f3952aec8f718e7311eb679a825f9c1d424d98a5542d7c0/lark-parser-0.10.1.tar.gz"
|
|
sha256 "42f367612a1bbc4cf9d8c8eb1b209d8a9b397d55af75620c9e6f53e502235996"
|
|
end
|
|
|
|
resource "Markdown" do
|
|
url "https://files.pythonhosted.org/packages/49/02/37bd82ae255bb4dfef97a4b32d95906187b7a7a74970761fca1360c4ba22/Markdown-3.3.4.tar.gz"
|
|
sha256 "31b5b491868dcc87d6c24b7e3d19a0d730d59d3e46f4eea6430a321bed387a49"
|
|
end
|
|
|
|
resource "MarkupSafe" do
|
|
url "https://files.pythonhosted.org/packages/bf/10/ff66fea6d1788c458663a84d88787bae15d45daa16f6b3ef33322a51fc7e/MarkupSafe-2.0.1.tar.gz"
|
|
sha256 "594c67807fb16238b30c44bdf74f36c02cdf22d1c8cda91ef8a0ed8dabf5620a"
|
|
end
|
|
|
|
resource "networkx" do
|
|
url "https://files.pythonhosted.org/packages/97/ae/7497bc5e1c84af95e585e3f98585c9f06c627fac6340984c4243053e8f44/networkx-2.6.3.tar.gz"
|
|
sha256 "c0946ed31d71f1b732b5aaa6da5a0388a345019af232ce2f49c766e2d6795c51"
|
|
end
|
|
|
|
resource "packaging" do
|
|
url "https://files.pythonhosted.org/packages/df/86/aef78bab3afd461faecf9955a6501c4999933a48394e90f03cd512aad844/packaging-21.0.tar.gz"
|
|
sha256 "7dc96269f53a4ccec5c0670940a4281106dd0bb343f47b7471f779df49c2fbe7"
|
|
end
|
|
|
|
resource "policy-sentry" do
|
|
url "https://files.pythonhosted.org/packages/3e/8e/e0503e50b071efa2703e14f2fd70cb43662c11914b1dd3663bbd670f0513/policy_sentry-0.11.16.tar.gz"
|
|
sha256 "8b88cb58a390ae7e0e06db13b3bbb5ece0d32d7d7c38a92259eb9c4722198fb5"
|
|
end
|
|
|
|
resource "policyuniverse" do
|
|
url "https://files.pythonhosted.org/packages/47/83/81cbcfc4ab4de55191829903171a8be154c7389951e2a8827c23e9c7ac9e/policyuniverse-1.4.0.20210819.tar.gz"
|
|
sha256 "44145447d473c37ff2776667b5e1018a00c0a493c16a0a489399521b3786a8be"
|
|
end
|
|
|
|
resource "pyparsing" do
|
|
url "https://files.pythonhosted.org/packages/c1/47/dfc9c342c9842bbe0036c7f763d2d6686bcf5eb1808ba3e170afdb282210/pyparsing-2.4.7.tar.gz"
|
|
sha256 "c203ec8783bf771a155b207279b9bccb8dea02d8f0c9e5f8ead507bc3246ecc1"
|
|
end
|
|
|
|
resource "python-dateutil" do
|
|
url "https://files.pythonhosted.org/packages/4c/c4/13b4776ea2d76c115c1d1b84579f3764ee6d57204f6be27119f13a61d0a9/python-dateutil-2.8.2.tar.gz"
|
|
sha256 "0123cacc1627ae19ddf3c27a5de5bd67ee4586fbdd6440d9748f8abb483d3e86"
|
|
end
|
|
|
|
resource "PyYAML" do
|
|
url "https://files.pythonhosted.org/packages/a0/a4/d63f2d7597e1a4b55aa3b4d6c5b029991d3b824b5bd331af8d4ab1ed687d/PyYAML-5.4.1.tar.gz"
|
|
sha256 "607774cbba28732bfa802b54baa7484215f530991055bb562efbed5b2f20a45e"
|
|
end
|
|
|
|
resource "requests" do
|
|
url "https://files.pythonhosted.org/packages/e7/01/3569e0b535fb2e4a6c384bdbed00c55b9d78b5084e0fb7f4d0bf523d7670/requests-2.26.0.tar.gz"
|
|
sha256 "b8aa58f8cf793ffd8782d3d8cb19e66ef36f7aba4353eec859e74678b01b07a7"
|
|
end
|
|
|
|
resource "s3transfer" do
|
|
url "https://files.pythonhosted.org/packages/27/90/f467e516a845cf378d85f0a51913c642e31e2570eb64b352c4dc4c6cbfc7/s3transfer-0.4.2.tar.gz"
|
|
sha256 "cb022f4b16551edebbb31a377d3f09600dbada7363d8c5db7976e7f47732e1b2"
|
|
end
|
|
|
|
resource "schema" do
|
|
url "https://files.pythonhosted.org/packages/2b/91/42bc143289fd5f032ab1b01c5da32dc162ae808a585122f27ed5bf67268f/schema-0.7.4.tar.gz"
|
|
sha256 "fbb6a52eb2d9facf292f233adcc6008cffd94343c63ccac9a1cb1f3e6de1db17"
|
|
end
|
|
|
|
resource "semantic-version" do
|
|
url "https://files.pythonhosted.org/packages/d4/52/3be868c7ed1f408cb822bc92ce17ffe4e97d11c42caafce0589f05844dd0/semantic_version-2.8.5.tar.gz"
|
|
sha256 "d2cb2de0558762934679b9a104e82eca7af448c9f4974d1f3eeccff651df8a54"
|
|
end
|
|
|
|
resource "smmap" do
|
|
url "https://files.pythonhosted.org/packages/dd/d4/2b4f196171674109f0fbb3951b8beab06cd0453c1b247ec0c4556d06648d/smmap-4.0.0.tar.gz"
|
|
sha256 "7e65386bd122d45405ddf795637b7f7d2b532e7e401d46bbe3fb49b9986d5182"
|
|
end
|
|
|
|
resource "soupsieve" do
|
|
url "https://files.pythonhosted.org/packages/c8/3f/e71d92e90771ac2d69986aa0e81cf0dfda6271e8483698f4847b861dd449/soupsieve-2.2.1.tar.gz"
|
|
sha256 "052774848f448cf19c7e959adf5566904d525f33a3f8b6ba6f6f8f26ec7de0cc"
|
|
end
|
|
|
|
resource "termcolor" do
|
|
url "https://files.pythonhosted.org/packages/8a/48/a76be51647d0eb9f10e2a4511bf3ffb8cc1e6b14e9e4fab46173aa79f981/termcolor-1.1.0.tar.gz"
|
|
sha256 "1d6d69ce66211143803fbc56652b41d73b4a400a2891d7bf7a1cdf4c02de613b"
|
|
end
|
|
|
|
resource "tqdm" do
|
|
url "https://files.pythonhosted.org/packages/37/e5/1b54ef934d731576d0145bc8ae22da5b410f96922cec52b91cc29d3ff1b6/tqdm-4.62.2.tar.gz"
|
|
sha256 "a4d6d112e507ef98513ac119ead1159d286deab17dffedd96921412c2d236ff5"
|
|
end
|
|
|
|
resource "typing-extensions" do
|
|
url "https://files.pythonhosted.org/packages/ed/12/c5079a15cf5c01d7f4252b473b00f7e68ee711be605b9f001528f0298b98/typing_extensions-3.10.0.2.tar.gz"
|
|
sha256 "49f75d16ff11f1cd258e1b988ccff82a3ca5570217d7ad8c5f48205dd99a677e"
|
|
end
|
|
|
|
resource "update-checker" do
|
|
url "https://files.pythonhosted.org/packages/5c/0b/1bec4a6cc60d33ce93d11a7bcf1aeffc7ad0aa114986073411be31395c6f/update_checker-0.18.0.tar.gz"
|
|
sha256 "6a2d45bb4ac585884a6b03f9eade9161cedd9e8111545141e9aa9058932acb13"
|
|
end
|
|
|
|
resource "urllib3" do
|
|
url "https://files.pythonhosted.org/packages/4f/5a/597ef5911cb8919efe4d86206aa8b2658616d676a7088f0825ca08bd7cb8/urllib3-1.26.6.tar.gz"
|
|
sha256 "f57b4c16c62fa2760b7e3d97c35b255512fb6b59a259730f36ba32ce9f8e342f"
|
|
end
|
|
|
|
resource "websocket-client" do
|
|
url "https://files.pythonhosted.org/packages/4e/8f/b5c45af5a1def38b07c09a616be932ad49c35ebdc5e3cbf93966d7ed9750/websocket-client-1.2.1.tar.gz"
|
|
sha256 "8dfb715d8a992f5712fff8c843adae94e22b22a99b2c5e6b0ec4a1a981cc4e0d"
|
|
end
|
|
|
|
def install
|
|
inreplace "checkov/common/output/report.py", "from junit_xml", "from junit_xml_2"
|
|
virtualenv_install_with_resources
|
|
end
|
|
|
|
test do
|
|
(testpath/"test.tf").write <<~EOS
|
|
resource "aws_s3_bucket" "foo-bucket" {
|
|
region = "us-east-1"
|
|
bucket = "test"
|
|
acl = "public-read"
|
|
force_destroy = true
|
|
|
|
versioning {
|
|
enabled = true
|
|
}
|
|
}
|
|
EOS
|
|
|
|
assert_match "Passed checks: 4, Failed checks: 5, Skipped checks: 0",
|
|
shell_output("#{bin}/checkov -f #{testpath}/test.tf 2>&1", 1)
|
|
|
|
(testpath/"test2.tf").write <<~EOS
|
|
resource "aws_s3_bucket" "foo-bucket" {
|
|
region = "us-east-1"
|
|
bucket = "test"
|
|
acl = "public-read"
|
|
force_destroy = true
|
|
|
|
#checkov:skip=CKV_AWS_52
|
|
#checkov:skip=CKV_AWS_20:The bucket is a public static content host
|
|
versioning {
|
|
enabled = true
|
|
}
|
|
}
|
|
EOS
|
|
assert_match "Passed checks: 4, Failed checks: 4, Skipped checks: 1",
|
|
shell_output("#{bin}/checkov -f #{testpath}/test2.tf 2>&1", 1)
|
|
end
|
|
end
|