Merge branch 'master' into docs-add-brew-install2

Checkmarx · Oct 10, 2024 · 2727a21 · 2727a21
2 parents 8db070d + 227c276
commit 2727a21
Show file tree

Hide file tree

Showing 3,741 changed files with 13,560 additions and 7,065 deletions.
diff --git a/.github/scripts/docs-generator/docs-generator.py b/.github/scripts/docs-generator/docs-generator.py
@@ -96,7 +96,7 @@ def check_and_create_override_entry(meta_dict, template_dict):
                                   f"{platform.lower()}-queries",
                                   cloud_provider if cloud_provider != 'common' else '',
                                   q_id).replace('\\', '/')
-        meta_dict['descriptionText'] = f'<a href="{query_page}" target="_blank">Query details</a>'
+        meta_dict['descriptionText'] = f'<a href="{query_page}" onclick="newWindowOpenerSafe(event, \'{query_page}\')">Query details</a>'
         template_dict[platform][sub_platform][severity][category][q_id] = meta_dict
 #
 # template dict ex:

diff --git a/.github/scripts/docs-generator/query-page-generator/query-page-generator.py b/.github/scripts/docs-generator/query-page-generator/query-page-generator.py
@@ -181,12 +181,20 @@ def generate_md_docs(queries_database : str, output_path : str, template_file_pa
         doc_template = f.read()
 
     for key, query_data in queries_database.items():
+        cwe = query_data.get('cwe', '')
+        if cwe == '':
+            cwe = 'Ongoing'
+        else:
+            cwe_url = f'https://cwe.mitre.org/data/definitions/{cwe}.html'
+            cwe = f'<a href="{cwe_url}" onclick="newWindowOpenerSafe(event, \'{cwe_url}\')">{cwe}</a>'
+
         query_doc = doc_template
         query_doc = doc_template.replace('<QUERY_ID>', key).replace(
             '<QUERY_NAME>', query_data.get('queryName')).replace(
             '<PLATFORM>', query_data.get('platform')).replace(
             '<SEVERITY>', format_severity(query_data.get('severity'))).replace(
             '<CATEGORY>', query_data.get('category')).replace(
+            '<CWE>', cwe).replace(
             '<GITHUB_URL>', query_data.get('githubUrl')).replace(
             '<DESCRIPTION_TEXT>', query_data.get('descriptionText')).replace(
             '<DESCRIPTION_URL>', query_data.get('descriptionUrl')).replace(

diff --git a/...ub/scripts/docs-generator/query-page-generator/templates/query-page-template.md b/...ub/scripts/docs-generator/query-page-generator/templates/query-page-template.md
@@ -20,6 +20,7 @@ hide:
 -   **Platform:** <PLATFORM>
 -   **Severity:** <SEVERITY>
 -   **Category:** <CATEGORY>
+-   **CWE:** <CWE>
 -   **URL:** [Github](<GITHUB_URL>)
 
 ### Description

diff --git a/.github/scripts/queries-validator/metadata-schema.json b/.github/scripts/queries-validator/metadata-schema.json
@@ -7,6 +7,16 @@
             "minLength": 1,
             "pattern": "^[a-f0-9]{8}-[a-f0-9]{4}-4{1}[a-f0-9]{3}-[89ab]{1}[a-f0-9]{3}-[a-f0-9]{12}$"
         },
+        "description_text_pattern": {
+            "type": "string",
+            "minLength": 1,
+            "pattern": "^.{1,500}$"
+        },
+        "query_name_pattern": {
+            "type": "string",
+            "minLength": 1,
+            "pattern": "^[a-zA-Z][a-zA-Z0-9_ \\-\"',:$.()]{0,119}$"
+        },
         "description_id_pattern": {
             "type": "string",
             "minLength": 1,
@@ -22,15 +32,17 @@
         "descriptionUrl",
         "cloudProvider",
         "platform",
-        "descriptionID"
+        "descriptionID", 
+        "cwe"
     ],
     "properties": {
         "id": {
             "$ref": "#/definitions/query_id_pattern"
         },
         "queryName": {
+            "$ref": "#/definitions/query_name_pattern",
             "type": "string",
-            "minLength": 8,
+            "minLength": 1,
             "maxLength": 120
         },
         "severity": {
@@ -75,8 +87,9 @@
             ]
         },
         "descriptionText": {
+            "$ref": "#/definitions/description_text_pattern",
             "type": "string",
-            "minLength": 16,
+            "minLength": 1,
             "maxLength" : 500
         },
         "descriptionUrl": {

diff --git a/.github/scripts/queries-validator/requirements.txt b/.github/scripts/queries-validator/requirements.txt
diff --git a/.github/scripts/report/go.mod b/.github/scripts/report/go.mod
@@ -1,6 +1,6 @@
 module github.com/Checkmarx/e2e-report
 
-go 1.21
+go 1.23.1
 
 require (
 	github.com/rs/zerolog v1.31.0

diff --git a/.github/scripts/server-mock/package-lock.json b/.github/scripts/server-mock/package-lock.json
diff --git a/.github/workflows/alert-update-flags.yaml b/.github/workflows/alert-update-flags.yaml
@@ -14,7 +14,7 @@ jobs:
 
     steps:
       - name: Checkout project
-        uses: actions/checkout@v4
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
           fetch-depth: 2
       - name: Execute diff and send email

diff --git a/.github/workflows/alert-update-terraform-modules.yaml b/.github/workflows/alert-update-terraform-modules.yaml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
           fetch-depth: 0
       - name: Execute diff and send email
@@ -25,7 +25,7 @@ jobs:
             -c assets/libraries/common.json \
             -u https://registry.terraform.io/v1/modules
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v6
+        uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6
         with:
           title: "feat(queries): update terraform registry data on commons.json"
           token: ${{ secrets.KICS_BOT_PAT }}

diff --git a/.github/workflows/check-apache-license.yaml b/.github/workflows/check-apache-license.yaml
@@ -12,7 +12,7 @@ jobs:
       USERNAME: ${{ github.event.pull_request.user.login }}
     steps:
     - name: Checkout code
-      uses: actions/checkout@v4
+      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       with:
         persist-credentials: false
         sparse-checkout: |

diff --git a/.github/workflows/check-go-coverage.yaml b/.github/workflows/check-go-coverage.yaml
@@ -13,7 +13,7 @@ jobs:
       color: ${{ steps.testcov.outputs.color }}
     steps:
       - name: Checkout Source
-        uses: actions/checkout@v4
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
           fetch-depth: 0
       - name: Set up Go

diff --git a/.github/workflows/go-ci-coverage.yaml b/.github/workflows/go-ci-coverage.yaml
@@ -14,7 +14,7 @@ jobs:
       color: ${{ steps.testcov.outputs.color }}
     steps:
       - name: Checkout Source
-        uses: actions/checkout@v4
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
           fetch-depth: 0
       - name: Set up Go
@@ -33,11 +33,11 @@ jobs:
           curl -L \
             https://img.shields.io/badge/Go%20Coverage-${{ steps.testcov.outputs.coverage }}%25-${{ steps.testcov.outputs.color }}.svg > coverage.svg
           cat coverage.svg
-      - uses: actions/upload-artifact@v4
+      - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4
         with:
           name: ${{ runner.os }}-badge-latest
           path: coverage.svg
-      - uses: actions/upload-artifact@v4
+      - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4
         with:
           name: ${{ runner.os }}-coverage-latest
           path: coverage.html
@@ -47,7 +47,7 @@ jobs:
     needs: coverage
     steps:
       - name: Checkout Source
-        uses: actions/checkout@v4
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
           ref: gh-pages
       - name: Configure git commit author