From f1a66a3a9a1d52431d6fed10dcc4df512cbf0e86 Mon Sep 17 00:00:00 2001 From: Adrian Grucza Date: Thu, 22 Aug 2024 14:30:56 +1000 Subject: [PATCH] Fix ignored --external-modules-download-path flag --- checkov/common/runners/runner_registry.py | 6 ++++-- .../test_runner_registry_plan_enrichment.py | 7 +++++++ 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/checkov/common/runners/runner_registry.py b/checkov/common/runners/runner_registry.py index 5cb7c1995f0..b0b80d00bd6 100644 --- a/checkov/common/runners/runner_registry.py +++ b/checkov/common/runners/runner_registry.py @@ -43,7 +43,7 @@ from checkov.common.typing import _ExitCodeThresholds, _BaseRunner, _ScaExitCodeThresholds, LibraryGraph from checkov.common.util import data_structures_utils from checkov.common.util.banner import default_tool as tool_name -from checkov.common.util.consts import S3_UPLOAD_DETAILS_MESSAGE +from checkov.common.util.consts import DEFAULT_EXTERNAL_MODULES_DIR, S3_UPLOAD_DETAILS_MESSAGE from checkov.common.util.data_structures_utils import pickle_deepcopy from checkov.common.util.json_utils import CustomJSONEncoder from checkov.common.util.secrets_omitter import SecretsOmitter @@ -276,6 +276,7 @@ def _handle_report(self, scan_report: Report, repo_root_for_plan_enrichment: lis enriched_resources = RunnerRegistry.get_enriched_resources( repo_roots=repo_root_for_plan_enrichment, download_external_modules=self.runner_filter.download_external_modules, + external_modules_download_path=self.runner_filter.external_modules_download_path, ) scan_report = Report("terraform_plan").enrich_plan_report(scan_report, enriched_resources) scan_report = Report("terraform_plan").handle_skipped_checks(scan_report, enriched_resources) @@ -729,7 +730,7 @@ def enrich_report_with_guidelines(scan_report: Report) -> None: @staticmethod def get_enriched_resources( - repo_roots: list[str | Path], download_external_modules: bool + repo_roots: list[str | Path], download_external_modules: bool, external_modules_download_path: str = DEFAULT_EXTERNAL_MODULES_DIR ) -> dict[str, dict[str, Any]]: from checkov.terraform.modules.module_objects import TFDefinitionKey @@ -741,6 +742,7 @@ def get_enriched_resources( directory=repo_root, # assume plan file is in the repo-root out_parsing_errors=parsing_errors, download_external_modules=download_external_modules, + external_modules_download_path=external_modules_download_path, ) repo_definitions[repo_root] = {'tf_definitions': tf_definitions, 'parsing_errors': parsing_errors} diff --git a/tests/common/runner_registry/test_runner_registry_plan_enrichment.py b/tests/common/runner_registry/test_runner_registry_plan_enrichment.py index 61f5695d025..849031655b6 100644 --- a/tests/common/runner_registry/test_runner_registry_plan_enrichment.py +++ b/tests/common/runner_registry/test_runner_registry_plan_enrichment.py @@ -10,6 +10,7 @@ from checkov.terraform.module_loading.content import ModuleContent from checkov.terraform.module_loading.registry import module_loader_registry from checkov.terraform.plan_runner import Runner as tf_plan_runner +from checkov.terraform.tf_parser import TFParser class TestRunnerRegistryEnrichment(unittest.TestCase): @@ -166,6 +167,7 @@ def test_enrichment_of_plan_report_with_external_modules(mocker: MockerFixture): checks=allowed_checks, framework=["terraform_plan"], download_external_modules=True, + external_modules_download_path="example/path", ) runner_registry = RunnerRegistry(banner, runner_filter, tf_plan_runner()) @@ -180,6 +182,7 @@ def _load_tf_modules(*args, **kwargs): ) } + parse_directory_spy = mocker.spy(TFParser, "parse_directory") mocker.patch("checkov.terraform.tf_parser.load_tf_modules", side_effect=_load_tf_modules) # when @@ -199,6 +202,10 @@ def _load_tf_modules(*args, **kwargs): assert {c.check_id for c in report.passed_checks} == {"CKV_AWS_66"} assert {c.check_id for c in report.skipped_checks} == {"CKV_AWS_158"} + parse_directory_spy.assert_called() + call_args = parse_directory_spy.call_args + assert call_args.kwargs["external_modules_download_path"] == "example/path" + if __name__ == "__main__": unittest.main()