Skip to content

Commit

Permalink
Merge branch 'master' into AST-45283-ARM
Browse files Browse the repository at this point in the history
  • Loading branch information
@ArturRibeiro-CX
ArturRibeiro-CX authored Aug 16, 2024
2 parents b3c8f6f + d51ee51 commit 26e1266
Show file tree
Hide file tree
Showing 1,933 changed files with 6,234 additions and 4,482 deletions.
2 changes: 1 addition & 1 deletion .github/scripts/docs-generator/docs-generator.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,7 @@ def check_and_create_override_entry(meta_dict, template_dict):
f"{platform.lower()}-queries",
cloud_provider if cloud_provider != 'common' else '',
q_id).replace('\\', '/')
meta_dict['descriptionText'] = f'<a href="{query_page}" target="_blank">Query details</a>'
meta_dict['descriptionText'] = f'<a href="{query_page}" onclick="newWindowOpenerSafe(event, \'{query_page}\')">Query details</a>'
template_dict[platform][sub_platform][severity][category][q_id] = meta_dict
#
# template dict ex:
Expand Down
8 changes: 8 additions & 0 deletions .github/scripts/docs-generator/query-page-generator/query-page-generator.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -181,12 +181,20 @@ def generate_md_docs(queries_database : str, output_path : str, template_file_pa
doc_template = f.read()

for key, query_data in queries_database.items():
cwe = query_data.get('cwe', '')
if cwe == '':
cwe = 'Ongoing'
else:
cwe_url = f'https://cwe.mitre.org/data/definitions/{cwe}.html'
cwe = f'<a href="{cwe_url}" onclick="newWindowOpenerSafe(event, \'{cwe_url}\')">{cwe}</a>'

query_doc = doc_template
query_doc = doc_template.replace('<QUERY_ID>', key).replace(
'<QUERY_NAME>', query_data.get('queryName')).replace(
'<PLATFORM>', query_data.get('platform')).replace(
'<SEVERITY>', format_severity(query_data.get('severity'))).replace(
'<CATEGORY>', query_data.get('category')).replace(
'<CWE>', cwe).replace(
'<GITHUB_URL>', query_data.get('githubUrl')).replace(
'<DESCRIPTION_TEXT>', query_data.get('descriptionText')).replace(
'<DESCRIPTION_URL>', query_data.get('descriptionUrl')).replace(
Expand Down
1 change: 1 addition & 0 deletions ...ub/scripts/docs-generator/query-page-generator/templates/query-page-template.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ hide:
- **Platform:** <PLATFORM>
- **Severity:** <SEVERITY>
- **Category:** <CATEGORY>
- **CWE:** <CWE>
- **URL:** [Github](<GITHUB_URL>)

### Description
Expand Down
16 changes: 14 additions & 2 deletions .github/scripts/queries-validator/metadata-schema.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,16 @@
"minLength": 1,
"pattern": "^[a-f0-9]{8}-[a-f0-9]{4}-4{1}[a-f0-9]{3}-[89ab]{1}[a-f0-9]{3}-[a-f0-9]{12}$"
},
"description_text_pattern": {
"type": "string",
"minLength": 1,
"pattern": "^.{1,500}$"
},
"query_name_pattern": {
"type": "string",
"minLength": 1,
"pattern": "^[a-zA-Z][a-zA-Z0-9_ \\-\"',:$.()]{0,119}$"
},
"description_id_pattern": {
"type": "string",
"minLength": 1,
Expand All @@ -29,8 +39,9 @@
"$ref": "#/definitions/query_id_pattern"
},
"queryName": {
"$ref": "#/definitions/query_name_pattern",
"type": "string",
"minLength": 8,
"minLength": 1,
"maxLength": 120
},
"severity": {
Expand Down Expand Up @@ -75,8 +86,9 @@
]
},
"descriptionText": {
"$ref": "#/definitions/description_text_pattern",
"type": "string",
"minLength": 16,
"minLength": 1,
"maxLength" : 500
},
"descriptionUrl": {
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/alert-update-flags.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ jobs:

steps:
- name: Checkout project
uses: actions/checkout@v4
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
fetch-depth: 2
- name: Execute diff and send email
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/alert-update-terraform-modules.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ jobs:
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v4
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
fetch-depth: 0
- name: Execute diff and send email
Expand All @@ -25,7 +25,7 @@ jobs:
-c assets/libraries/common.json \
-u https://registry.terraform.io/v1/modules
- name: Create Pull Request
uses: peter-evans/create-pull-request@v6
uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6
with:
title: "feat(queries): update terraform registry data on commons.json"
token: ${{ secrets.KICS_BOT_PAT }}
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/check-apache-license.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ jobs:
USERNAME: ${{ github.event.pull_request.user.login }}
steps:
- name: Checkout code
uses: actions/checkout@v4
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
persist-credentials: false
sparse-checkout: |
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/check-go-coverage.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ jobs:
color: ${{ steps.testcov.outputs.color }}
steps:
- name: Checkout Source
uses: actions/checkout@v4
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
fetch-depth: 0
- name: Set up Go
Expand Down
8 changes: 4 additions & 4 deletions .github/workflows/go-ci-coverage.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ jobs:
color: ${{ steps.testcov.outputs.color }}
steps:
- name: Checkout Source
uses: actions/checkout@v4
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
fetch-depth: 0
- name: Set up Go
Expand All @@ -33,11 +33,11 @@ jobs:
curl -L \
https://img.shields.io/badge/Go%20Coverage-${{ steps.testcov.outputs.coverage }}%25-${{ steps.testcov.outputs.color }}.svg > coverage.svg
cat coverage.svg
- uses: actions/upload-artifact@v4
- uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4
with:
name: ${{ runner.os }}-badge-latest
path: coverage.svg
- uses: actions/upload-artifact@v4
- uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4
with:
name: ${{ runner.os }}-coverage-latest
path: coverage.html
Expand All @@ -47,7 +47,7 @@ jobs:
needs: coverage
steps:
- name: Checkout Source
uses: actions/checkout@v4
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
ref: gh-pages
- name: Configure git commit author
Expand Down
14 changes: 7 additions & 7 deletions .github/workflows/go-ci-integration.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,19 +10,19 @@ jobs:
runs-on: ubuntu-latest
steps:
- id: skip_check
uses: fkirc/skip-duplicate-actions@v5.3.0
uses: fkirc/skip-duplicate-actions@f75f66ce1886f00957d99748a42c724f4330bdcf # v5.3.1
with:
cancel_others: false
paths_ignore: '["docs/**", "**/**.md", "examples"]'
- name: Check out code into the Go module directory
uses: actions/checkout@v3
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
persist-credentials: false
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3.4.0
- name: Cache Docker layers
uses: actions/cache@v3
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.ref }}
Expand All @@ -32,7 +32,7 @@ jobs:
run: echo "GITHUB_SHA_SHORT=$(echo $GITHUB_SHA | cut -c 1-8)" >> $GITHUB_ENV
- name: Build
id: docker_build
uses: docker/build-push-action@v4.0.0
uses: docker/build-push-action@1ca370b3a9802c92e886402e0dd88098a2533b12 # v6.4.1
with:
load: true
context: ./
Expand All @@ -59,7 +59,7 @@ jobs:
-p "/path" \
-o "/path/"
- name: Archive test logs
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4
if: always()
with:
name: integration-logs-${{ github.event.pull_request.head.sha }}
Expand All @@ -68,7 +68,7 @@ jobs:
run: |
cat ${PWD}/assets/queries/results.json
- name: Archive test results
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4
with:
name: integration-results-${{ github.event.pull_request.head.sha }}
path: assets/queries/results.json
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/go-ci-metrics.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout Source
uses: actions/checkout@v4
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: actions/setup-python@v4
with:
python-version: "3.x"
Expand All @@ -26,7 +26,7 @@ jobs:
curl -L \
https://img.shields.io/badge/Queries-${{ steps.metrics.outputs.total_queries }}-blue.svg > queries.svg
cat queries.svg
- uses: actions/upload-artifact@v4
- uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4
with:
name: ${{ runner.os }}-queries-badge-latest
path: queries.svg
Expand All @@ -36,7 +36,7 @@ jobs:
needs: metrics
steps:
- name: Checkout Source
uses: actions/checkout@v4
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
ref: gh-pages
- name: Configure git commit author
Expand Down
16 changes: 8 additions & 8 deletions .github/workflows/go-ci.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,14 +9,14 @@ jobs:
name: lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version-file: go.mod
cache: false
- name: golangci-lint
uses: golangci/golangci-lint-action@v4.0.0
uses: golangci/golangci-lint-action@a4f60bb28d35aeee14e6880718e0c85ff1882e64 # v6.0.1
with:
version: v1.57.2
args: -c .golangci.yml --timeout 20m
Expand All @@ -25,7 +25,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v3
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
persist-credentials: false
fetch-depth: 0
Expand All @@ -48,15 +48,15 @@ jobs:
with:
go-version: ${{ matrix.go-version }}
- name: Check out code into the Go module directory
uses: actions/checkout@v3
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
persist-credentials: false
- name: Get cache paths
id: go-cache-paths
shell: bash
run: echo "GO_BUILD=$(go env GOCACHE)" >>$GITHUB_OUTPUT
- name: Cache dependencies
uses: actions/cache@v3
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
with:
path: ${{ steps.go-cache-paths.outputs.GO_BUILD }}
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
Expand All @@ -69,7 +69,7 @@ jobs:
go mod vendor
- name: Set Windows Page size
if: matrix.os == 'windows-latest'
uses: al-cheb/configure-pagefile-action@v1.3
uses: al-cheb/configure-pagefile-action@a3b6ebd6b634da88790d9c58d4b37a7f4a7b8708 # v1.4
with:
minimum-size: 32GB
maximum-size: 32GB
Expand All @@ -86,7 +86,7 @@ jobs:
go test -mod=vendor -tags dev -v -timeout 2100s $(go list -tags dev ./... | grep -v e2e) -count=1 -coverprofile=cover.out | tee unit-test.log
- name: Archive test logs
if: always()
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4
with:
name: unit-test-${{ runner.os }}-${{ github.event.pull_request.head.sha }}.log
path: unit-test.log
Expand All @@ -97,7 +97,7 @@ jobs:
GO111MODULE: on
steps:
- name: Checkout Source
uses: actions/checkout@v3
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Run Gosec Security Scanner
uses: securego/gosec@master
with:
Expand Down
14 changes: 7 additions & 7 deletions .github/workflows/go-e2e-debian.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,11 +15,11 @@ jobs:
runs-on: ${{ matrix.os }}
steps:
- name: Cancel Previous Runs
uses: styfle/cancel-workflow-action@0.12.1
uses: styfle/cancel-workflow-action@85880fa0301c86cca9da44039ee3bb12d3bedbfa # 0.12.1
with:
access_token: ${{ github.token }}
- name: Check out code
uses: actions/checkout@v4
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
persist-credentials: false
- name: Set up Go
Expand All @@ -42,9 +42,9 @@ jobs:
working-directory: .github/scripts/server-mock
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3.4.0
- name: Cache Docker layers
uses: actions/cache@v3
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.ref }}
Expand All @@ -57,7 +57,7 @@ jobs:
run: echo "GITHUB_SHA_SHORT=$(echo $GITHUB_SHA | cut -c 1-8)" >> $GITHUB_ENV
- name: Build
id: docker_build
uses: docker/build-push-action@v5.0.0
uses: docker/build-push-action@1ca370b3a9802c92e886402e0dd88098a2533b12 # v6.4.1
with:
load: true
context: ./
Expand Down Expand Up @@ -100,8 +100,8 @@ jobs:
DOCKER_NAME=$(echo docker/Dockerfile.debian | sed 's/\//-/')
- name: Archive test report
if: always()
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4
with:
name: e2e-tests-report-$DOCKER_NAME
name: e2e-tests-report-dockerfile-$DOCKER_NAME
path: e2e-report.html
# dummy
12 changes: 6 additions & 6 deletions .github/workflows/go-e2e.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,11 +16,11 @@ jobs:
runs-on: ${{ matrix.os }}
steps:
- name: Cancel Previous Runs
uses: styfle/cancel-workflow-action@0.12.1
uses: styfle/cancel-workflow-action@85880fa0301c86cca9da44039ee3bb12d3bedbfa # 0.12.1
with:
access_token: ${{ github.token }}
- name: Check out code
uses: actions/checkout@v4
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
persist-credentials: false
- name: Set up Go
Expand All @@ -43,9 +43,9 @@ jobs:
working-directory: .github/scripts/server-mock
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3.4.0
- name: Cache Docker layers
uses: actions/cache@v3
uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.ref }}
Expand All @@ -55,7 +55,7 @@ jobs:
run: echo "GITHUB_SHA_SHORT=$(echo $GITHUB_SHA | cut -c 1-8)" >> $GITHUB_ENV
- name: Build
id: docker_build
uses: docker/build-push-action@v5.0.0
uses: docker/build-push-action@1ca370b3a9802c92e886402e0dd88098a2533b12 # v6.4.1
with:
load: true
context: ./
Expand Down Expand Up @@ -98,7 +98,7 @@ jobs:
DOCKER_NAME=$(echo ${{ matrix.kics-docker }} | sed 's/\//-/')
- name: Archive test report
if: always()
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3
with:
name: e2e-tests-report-$DOCKER_NAME
path: e2e-report.html
Loading

0 comments on commit 26e1266

Please sign in to comment.