209 lines
9.2 KiB
Ruby
209 lines
9.2 KiB
Ruby
class Checkov < Formula
|
|
include Language::Python::Virtualenv
|
|
|
|
desc "Prevent cloud misconfigurations during build-time for IaC tools"
|
|
homepage "https://www.checkov.io/"
|
|
# checkov should only be updated every 15 releases on multiples of 15
|
|
url "https://files.pythonhosted.org/packages/04/01/398e75345665f9eab97c4ee5f193d2472305446f866f6ba8fdb97a8d4d78/checkov-1.0.660.tar.gz"
|
|
sha256 "d767ad29642342f238bec9f1002e5f815e4a93f96bc76994abdcdefb9841ec43"
|
|
license "Apache-2.0"
|
|
|
|
bottle do
|
|
cellar :any_skip_relocation
|
|
sha256 "12072345e17af704afd9663d9e57924f1d1d9cf878b4a0eda7f9d176cc7770aa" => :big_sur
|
|
sha256 "2f952f87256e7b227b052fce1342d0d72803b29561cd143f1ee8a4eeead1c008" => :catalina
|
|
sha256 "e59d05f5292422fed9d50bb9b05e6a76e852b9ae737fd2d6ce4a222343f3594c" => :mojave
|
|
end
|
|
|
|
depends_on "python@3.9"
|
|
|
|
resource "bc-python-hcl2" do
|
|
url "https://files.pythonhosted.org/packages/2e/dd/4f826a3aaa2f6b64f055e9294c797f6b1a9b8035ac07b6fd943684c1dd55/bc-python-hcl2-0.3.11.tar.gz"
|
|
sha256 "559848d68276103646cb3de223afca62f26ae0119a7f347eadc4a01ea9540eb0"
|
|
end
|
|
|
|
resource "boto3" do
|
|
url "https://files.pythonhosted.org/packages/ad/08/0d977abed3d7adbd7158ffc1027c63e56381877e7442b06c7a849cb4cc1f/boto3-1.12.43.tar.gz"
|
|
sha256 "1a6a3d95d20cacd677e2af5cbff7027abea35b78f1b8126388ef7fa517655cfe"
|
|
end
|
|
|
|
resource "botocore" do
|
|
url "https://files.pythonhosted.org/packages/0c/47/b88dcace59102cffe24e4b2d15f6c7b60df8ee79f82e9c2264d5c90a3c01/botocore-1.15.49.tar.gz"
|
|
sha256 "a474131ba7a7d700b91696a27e8cdcf1b473084addf92f90b269ebd8f5c3d3e0"
|
|
end
|
|
|
|
resource "certifi" do
|
|
url "https://files.pythonhosted.org/packages/e6/de/879cf857ae6f890dfa23c3d6239814c5471936b618c8fb0c8732ad5da885/certifi-2020.11.8.tar.gz"
|
|
sha256 "f05def092c44fbf25834a51509ef6e631dc19765ab8a57b4e7ab85531f0a9cf4"
|
|
end
|
|
|
|
resource "chardet" do
|
|
url "https://files.pythonhosted.org/packages/fc/bb/a5768c230f9ddb03acc9ef3f0d4a3cf93462473795d18e9535498c8f929d/chardet-3.0.4.tar.gz"
|
|
sha256 "84ab92ed1c4d4f16916e05906b6b75a6c0fb5db821cc65e70cbd64a3e2a5eaae"
|
|
end
|
|
|
|
resource "colorama" do
|
|
url "https://files.pythonhosted.org/packages/82/75/f2a4c0c94c85e2693c229142eb448840fba0f9230111faa889d1f541d12d/colorama-0.4.3.tar.gz"
|
|
sha256 "e96da0d330793e2cb9485e9ddfd918d456036c7149416295932478192f4436a1"
|
|
end
|
|
|
|
resource "deep_merge" do
|
|
url "https://files.pythonhosted.org/packages/a5/25/aa35c20acd8a4f515f9e4c8dee4c7731446234101a6dae0c34cf498bb342/deep_merge-0.0.4.tar.gz"
|
|
sha256 "b54415f90934c42e334114e2864cb4d4e7335b34ad396e35ad8610c96065a47e"
|
|
end
|
|
|
|
resource "docopt" do
|
|
url "https://files.pythonhosted.org/packages/a2/55/8f8cab2afd404cf578136ef2cc5dfb50baa1761b68c9da1fb1e4eed343c9/docopt-0.6.2.tar.gz"
|
|
sha256 "49b3a825280bd66b3aa83585ef59c4a8c82f2c8a522dbe754a8bc8d08c85c491"
|
|
end
|
|
|
|
resource "docutils" do
|
|
url "https://files.pythonhosted.org/packages/93/22/953e071b589b0b1fee420ab06a0d15e5aa0c7470eb9966d60393ce58ad61/docutils-0.15.2.tar.gz"
|
|
sha256 "a2aeea129088da402665e92e0b25b04b073c04b2dce4ab65caaa38b7ce2e1a99"
|
|
end
|
|
|
|
resource "dpath" do
|
|
url "https://files.pythonhosted.org/packages/88/b2/abc5803f37a2ea1045d68765acfcb4ec166bc9e08c3ba451c53af29a73f2/dpath-1.5.0.tar.gz"
|
|
sha256 "496615b4ea84236d18e0d286122de74869a60e0f87e2c7ec6787ff286c48361b"
|
|
end
|
|
|
|
resource "gitdb" do
|
|
url "https://files.pythonhosted.org/packages/d1/05/eaf2ac564344030d8b3ce870b116d7bb559020163e80d9aa4a3d75f3e820/gitdb-4.0.5.tar.gz"
|
|
sha256 "c9e1f2d0db7ddb9a704c2a0217be31214e91a4fe1dea1efad19ae42ba0c285c9"
|
|
end
|
|
|
|
resource "GitPython" do
|
|
url "https://files.pythonhosted.org/packages/53/ea/fc34cddaa30bfc5e283f13e754fb3e2648ccd9f7019eaa3518fb5350ae51/GitPython-3.1.7.tar.gz"
|
|
sha256 "2db287d71a284e22e5c2846042d0602465c7434d910406990d5b74df4afb0858"
|
|
end
|
|
|
|
resource "idna" do
|
|
url "https://files.pythonhosted.org/packages/ad/13/eb56951b6f7950cadb579ca166e448ba77f9d24efc03edd7e55fa57d04b7/idna-2.8.tar.gz"
|
|
sha256 "c357b3f628cf53ae2c4c05627ecc484553142ca23264e593d327bcde5e9c3407"
|
|
end
|
|
|
|
resource "jmespath" do
|
|
url "https://files.pythonhosted.org/packages/3c/56/3f325b1eef9791759784aa5046a8f6a1aff8f7c898a2e34506771d3b99d8/jmespath-0.10.0.tar.gz"
|
|
sha256 "b85d0567b8666149a93172712e68920734333c0ce7e89b78b3e987f71e5ed4f9"
|
|
end
|
|
|
|
resource "junit-xml" do
|
|
url "https://files.pythonhosted.org/packages/a6/2a/f8d5aab80bb31fcc789d0f2b34b49f08bd6121cd8798d2e37f416df2b9f8/junit-xml-1.8.tar.gz"
|
|
sha256 "602f1c480a19d64edb452bf7632f76b5f2cb92c1938c6e071dcda8ff9541dc21"
|
|
end
|
|
|
|
resource "lark-parser" do
|
|
url "https://files.pythonhosted.org/packages/34/b8/aa7d6cf2d5efdd2fcd85cf39b33584fe12a0f7086ed451176ceb7fb510eb/lark-parser-0.7.8.tar.gz"
|
|
sha256 "26215ebb157e6fb2ee74319aa4445b9f3b7e456e26be215ce19fdaaa901c20a4"
|
|
end
|
|
|
|
resource "packaging" do
|
|
url "https://files.pythonhosted.org/packages/55/fd/fc1aca9cf51ed2f2c11748fa797370027babd82f87829c7a8e6dbe720145/packaging-20.4.tar.gz"
|
|
sha256 "4357f74f47b9c12db93624a82154e9b120fa8293699949152b22065d556079f8"
|
|
end
|
|
|
|
resource "pyparsing" do
|
|
url "https://files.pythonhosted.org/packages/c1/47/dfc9c342c9842bbe0036c7f763d2d6686bcf5eb1808ba3e170afdb282210/pyparsing-2.4.7.tar.gz"
|
|
sha256 "c203ec8783bf771a155b207279b9bccb8dea02d8f0c9e5f8ead507bc3246ecc1"
|
|
end
|
|
|
|
resource "python-dateutil" do
|
|
url "https://files.pythonhosted.org/packages/be/ed/5bbc91f03fa4c839c4c7360375da77f9659af5f7086b7a7bdda65771c8e0/python-dateutil-2.8.1.tar.gz"
|
|
sha256 "73ebfe9dbf22e832286dafa60473e4cd239f8592f699aa5adaf10050e6e1823c"
|
|
end
|
|
|
|
resource "PyYAML" do
|
|
url "https://files.pythonhosted.org/packages/64/c2/b80047c7ac2478f9501676c988a5411ed5572f35d1beff9cae07d321512c/PyYAML-5.3.1.tar.gz"
|
|
sha256 "b8eac752c5e14d3eca0e6dd9199cd627518cb5ec06add0de9d32baeee6fe645d"
|
|
end
|
|
|
|
resource "requests" do
|
|
url "https://files.pythonhosted.org/packages/01/62/ddcf76d1d19885e8579acb1b1df26a852b03472c0e46d2b959a714c90608/requests-2.22.0.tar.gz"
|
|
sha256 "11e007a8a2aa0323f5a921e9e6a2d7e4e67d9877e85773fba9ba6419025cbeb4"
|
|
end
|
|
|
|
resource "s3transfer" do
|
|
url "https://files.pythonhosted.org/packages/50/de/2b688c062107942486c81a739383b1432a72717d9a85a6a1a692f003c70c/s3transfer-0.3.3.tar.gz"
|
|
sha256 "921a37e2aefc64145e7b73d50c71bb4f26f46e4c9f414dc648c6245ff92cf7db"
|
|
end
|
|
|
|
resource "semantic-version" do
|
|
url "https://files.pythonhosted.org/packages/d4/52/3be868c7ed1f408cb822bc92ce17ffe4e97d11c42caafce0589f05844dd0/semantic_version-2.8.5.tar.gz"
|
|
sha256 "d2cb2de0558762934679b9a104e82eca7af448c9f4974d1f3eeccff651df8a54"
|
|
end
|
|
|
|
resource "six" do
|
|
url "https://files.pythonhosted.org/packages/6b/34/415834bfdafca3c5f451532e8a8d9ba89a21c9743a0c59fbd0205c7f9426/six-1.15.0.tar.gz"
|
|
sha256 "30639c035cdb23534cd4aa2dd52c3bf48f06e5f4a941509c8bafd8ce11080259"
|
|
end
|
|
|
|
resource "smmap" do
|
|
url "https://files.pythonhosted.org/packages/75/fb/2f594e5364f9c986b2c89eb662fc6067292cb3df2b88ae31c939b9138bb9/smmap-3.0.4.tar.gz"
|
|
sha256 "9c98bbd1f9786d22f14b3d4126894d56befb835ec90cef151af566c7e19b5d24"
|
|
end
|
|
|
|
resource "tabulate" do
|
|
url "https://files.pythonhosted.org/packages/c4/41/523f6a05e6dc3329a5660f6a81254c6cd87e5cfb5b7482bae3391d86ec3a/tabulate-0.8.6.tar.gz"
|
|
sha256 "5470cc6687a091c7042cee89b2946d9235fe9f6d49c193a4ae2ac7bf386737c8"
|
|
end
|
|
|
|
resource "termcolor" do
|
|
url "https://files.pythonhosted.org/packages/8a/48/a76be51647d0eb9f10e2a4511bf3ffb8cc1e6b14e9e4fab46173aa79f981/termcolor-1.1.0.tar.gz"
|
|
sha256 "1d6d69ce66211143803fbc56652b41d73b4a400a2891d7bf7a1cdf4c02de613b"
|
|
end
|
|
|
|
resource "tqdm" do
|
|
url "https://files.pythonhosted.org/packages/bc/03/2bc607a15e201058cb6b19784b9c217d7ff37a686ce4a2d8a37a638f3ba5/tqdm-4.49.0.tar.gz"
|
|
sha256 "faf9c671bd3fad5ebaeee366949d969dca2b2be32c872a7092a1e1a9048d105b"
|
|
end
|
|
|
|
resource "update-checker" do
|
|
url "https://files.pythonhosted.org/packages/5c/0b/1bec4a6cc60d33ce93d11a7bcf1aeffc7ad0aa114986073411be31395c6f/update_checker-0.18.0.tar.gz"
|
|
sha256 "6a2d45bb4ac585884a6b03f9eade9161cedd9e8111545141e9aa9058932acb13"
|
|
end
|
|
|
|
resource "urllib3" do
|
|
url "https://files.pythonhosted.org/packages/81/f4/87467aeb3afc4a6056e1fe86626d259ab97e1213b1dfec14c7cb5f538bf0/urllib3-1.25.10.tar.gz"
|
|
sha256 "91056c15fa70756691db97756772bb1eb9678fa585d9184f24534b100dc60f4a"
|
|
end
|
|
|
|
def install
|
|
virtualenv_install_with_resources
|
|
end
|
|
|
|
test do
|
|
(testpath/"test.tf").write <<~EOS
|
|
resource "aws_s3_bucket" "foo-bucket" {
|
|
region = "us-east-1"
|
|
bucket = "test"
|
|
acl = "public-read"
|
|
force_destroy = true
|
|
|
|
versioning {
|
|
enabled = true
|
|
}
|
|
}
|
|
EOS
|
|
|
|
assert_match "Passed checks: 4, Failed checks: 4, Skipped checks: 0",
|
|
shell_output("#{bin}/checkov -f #{testpath}/test.tf 2>&1", 1)
|
|
|
|
(testpath/"test2.tf").write <<~EOS
|
|
resource "aws_s3_bucket" "foo-bucket" {
|
|
region = "us-east-1"
|
|
bucket = "test"
|
|
acl = "public-read"
|
|
force_destroy = true
|
|
|
|
#checkov:skip=CKV_AWS_52
|
|
#checkov:skip=CKV_AWS_20:The bucket is a public static content host
|
|
versioning {
|
|
enabled = true
|
|
}
|
|
}
|
|
EOS
|
|
assert_match "Passed checks: 4, Failed checks: 2, Skipped checks: 2",
|
|
shell_output("#{bin}/checkov -f #{testpath}/test2.tf 2>&1", 1)
|
|
end
|
|
end
|