Merge pull request #83 from dragondrop-cloud/fix/security_scan_error_II

Make security results output more robust to varying output
dragondrop-cloud · Oct 2, 2023 · 0f08e75 · 0f08e75
2 parents 4125530 + 84d5298
commit 0f08e75
Show file tree

Hide file tree

Showing 7 changed files with 33 additions and 19 deletions.
diff --git a/README.md b/README.md
@@ -17,7 +17,7 @@
 </a>
 
 <a href="https://hub.docker.com/r/dragondropcloud/cloud-concierge" alt="Total Downloads">
-   <img src="https://img.shields.io/badge/downloads-5.3k-maroon" />
+   <img src="https://img.shields.io/badge/downloads-5.9k-maroon" />
 </a>
 
 <a href="https://cloud-concierge.slack.com/join/shared_invite/zt-1xx3sqsb6-cekIXs2whccZvbU81Xn5qg#/shared-invite/email" alt="Slack">

diff --git a/examples/environments/aws-example.env b/examples/environments/aws-example.env
@@ -1,4 +1,5 @@
 ##########################################################################################
+# REQUIRED VARIABLES
 # For details on each environment variables, see the cloud-concierge documentation at
 # https://docs.cloudconcierge.io
 ##########################################################################################
@@ -18,10 +19,6 @@ CLOUDCONCIERGE_RESOURCESWHITELIST=["aws_lb", "aws_lb_listener"]
 # Terraform State Backend Management
 CLOUDCONCIERGE_STATEBACKEND=s3
 
-#### Optional - If using TerraformCloud as the state backend, the following variables are required:
-CLOUDCONCIERGE_TERRAFORMCLOUDORGANIZATION=my-terraform-cloud-org
-CLOUDCONCIERGE_TERRAFORMCLOUDTOKEN=my-terraform-cloud-token
-
 # Version Control System Config
 CLOUDCONCIERGE_VCSTOKEN=ghp_my-personal-access-token
 CLOUDCONCIERGE_VCSUSER=UserAccountAssociatedWithPersonalAccessToken
@@ -31,6 +28,13 @@ CLOUDCONCIERGE_PULLREVIEWERS=NoReviewer
 # Obtain your org token by registering at https://app.dragondrop.cloud/
 CLOUDCONCIERGE_ORGTOKEN=cco-my-org-token
 
+####################################################################################################
+# OPTIONAL VARIABLES - Not required for all execution types
+####################################################################################################
+# If using TerraformCloud as the state backend, the following variables are required:
+CLOUDCONCIERGE_TERRAFORMCLOUDORGANIZATION=my-terraform-cloud-org
+CLOUDCONCIERGE_TERRAFORMCLOUDTOKEN=my-terraform-cloud-token
+
 # Optional - Only needed to reflect a real bucket if both running with Terraform < 1.5.0 and wanting to use
 # our GitHub Action for running the import statements programatically
 # https://github.com/dragondrop-cloud/github-action-tfstate-migration

diff --git a/examples/environments/azure-example.env b/examples/environments/azure-example.env
@@ -1,4 +1,5 @@
 ##########################################################################################
+# REQUIRED VARIABLES
 # For details on each environment variables, see the cloud-concierge documentation at
 # https://docs.cloudconcierge.io
 ##########################################################################################
@@ -18,10 +19,6 @@ CLOUDCONCIERGE_RESOURCESWHITELIST=["azurerm_storage_container"]
 # Terraform State Backend Management
 CLOUDCONCIERGE_STATEBACKEND=azurerm
 
-#### Optional - If using TerraformCloud as the state backend, the following variables are required:
-CLOUDCONCIERGE_TERRAFORMCLOUDORGANIZATION=my-terraform-cloud-org
-CLOUDCONCIERGE_TERRAFORMCLOUDTOKEN=my-terraform-cloud-token
-
 # Version Control System Config
 CLOUDCONCIERGE_VCSTOKEN=ghp_my-personal-access-token
 CLOUDCONCIERGE_VCSUSER=UserAccountAssociatedWithPersonalAccessToken
@@ -31,7 +28,14 @@ CLOUDCONCIERGE_PULLREVIEWERS=NoReviewer
 # Obtain your org token by registering at https://app.dragondrop.cloud/
 CLOUDCONCIERGE_ORGTOKEN=cco-my-org-token
 
+####################################################################################################
+# OPTIONAL VARIABLES - Not required for all execution types
+####################################################################################################
+# If using TerraformCloud as the state backend, the following variables are required:
+CLOUDCONCIERGE_TERRAFORMCLOUDORGANIZATION=my-terraform-cloud-org
+CLOUDCONCIERGE_TERRAFORMCLOUDTOKEN=my-terraform-cloud-token
+
 # Optional - Only needed to reflect a real bucket if both running with Terraform < 1.5.0 and wanting to use
 # our GitHub Action for running the import statements programatically
 # https://github.com/dragondrop-cloud/github-action-tfstate-migration
-CLOUDCONCIERGE_MIGRATIONHISTORYSTORAGE={"storageType":"","bucket":"my-container","region":"us-east"}
+CLOUDCONCIERGE_MIGRATIONHISTORYSTORAGE={"storageType":"S3", "bucket": "my-bucket", "region": "us-east-1"}
diff --git a/examples/environments/gcp-example.env b/examples/environments/gcp-example.env
@@ -1,4 +1,5 @@
 ##########################################################################################
+# REQUIRED VARIABLES
 # For details on each environment variables, see the cloud-concierge documentation at
 # https://docs.cloudconcierge.io
 ##########################################################################################
@@ -18,10 +19,6 @@ CLOUDCONCIERGE_RESOURCESWHITELIST=["google_storage_bucket"]
 # Terraform State Backend Management
 CLOUDCONCIERGE_STATEBACKEND=gcs
 
-#### Optional - If using TerraformCloud as the state backend, the following variables are required:
-CLOUDCONCIERGE_TERRAFORMCLOUDORGANIZATION=my-terraform-cloud-org
-CLOUDCONCIERGE_TERRAFORMCLOUDTOKEN=my-terraform-cloud-token
-
 # Version Control System Config
 CLOUDCONCIERGE_VCSTOKEN=ghp_my-personal-access-token
 CLOUDCONCIERGE_VCSUSER=UserAccountAssociatedWithPersonalAccessToken
@@ -31,7 +28,14 @@ CLOUDCONCIERGE_PULLREVIEWERS=NoReviewer
 # Obtain your org token by registering at https://app.dragondrop.cloud/
 CLOUDCONCIERGE_ORGTOKEN=cco-my-org-token
 
+####################################################################################################
+# OPTIONAL VARIABLES - Not required for all execution types
+####################################################################################################
+# If using TerraformCloud as the state backend, the following variables are required:
+CLOUDCONCIERGE_TERRAFORMCLOUDORGANIZATION=my-terraform-cloud-org
+CLOUDCONCIERGE_TERRAFORMCLOUDTOKEN=my-terraform-cloud-token
+
 # Optional - Only needed to reflect a real bucket if both running with Terraform < 1.5.0 and wanting to use
 # our GitHub Action for running the import statements programatically
 # https://github.com/dragondrop-cloud/github-action-tfstate-migration
-CLOUDCONCIERGE_MIGRATIONHISTORYSTORAGE={"storageType":"Google Storage Bucket","bucket":"my-bucket","region":"us-east4"}
+CLOUDCONCIERGE_MIGRATIONHISTORYSTORAGE={"storageType":"S3", "bucket": "my-bucket", "region": "us-east-1"}
diff --git a/main/internal/implementations/identify_cloud_actors/aws_log_querier.go b/main/internal/implementations/identify_cloud_actors/aws_log_querier.go
@@ -195,15 +195,13 @@ func (alc *AWSLogQuerier) cloudTrailEventHistorySearch(_ context.Context, resour
 	if err != nil {
 		return terraformValueObjects.ResourceActions{}, fmt.Errorf("[alc.cloudTrailClient.LookupEvents]%v", err)
 	}
-	log.Debugf("[aws_log_querier][cloudTrailEventHistorySearch] result: %v", result)
 
 	return alc.ExtractDataFromResourceResult(result.Events, resourceType, isNewToTerraform)
 }
 
 // ExtractDataFromResourceResult parses the log response from the provider API
 // and extracts needed data (namely who made the most recent relevant change to the resource).
 func (alc *AWSLogQuerier) ExtractDataFromResourceResult(resourceResult []*cloudtrail.Event, resourceType string, isNewToTerraform bool) (terraformValueObjects.ResourceActions, error) {
-	log.Debugf("[aws_log_querier][ExtractDataFromResourceResult] resourceResult: %v", resourceResult)
 	resourceActions := terraformValueObjects.ResourceActions{}
 
 	if len(resourceResult) == 0 {

diff --git a/main/internal/implementations/markdowncreation/security_risks.go b/main/internal/implementations/markdowncreation/security_risks.go
@@ -54,7 +54,11 @@ func (m *MarkdownCreator) setSecurityRiskData(report *doc.MarkDownDoc) {
 			report.Write(fmt.Sprintf("|%s", risk.RuleDescription))
 			report.Write(fmt.Sprintf("|%s", risk.Severity))
 			report.Write(fmt.Sprintf("|%s", risk.Resolution))
-			report.Write(fmt.Sprintf("|[Rule](%s), [Tf Doc](%s)|", risk.Links[0], risk.Links[1])).Writeln()
+			if len(risk.Links) == 1 {
+				report.Write(fmt.Sprintf("|[Rule](%s)|", risk.Links[0])).Writeln()
+			} else {
+				report.Write(fmt.Sprintf("|[Rule](%s), [Tf Doc](%s)|", risk.Links[0], risk.Links[1])).Writeln()
+			}
 		}
 
 		report.Writeln()

diff --git a/main/version_checker.go b/main/version_checker.go
@@ -11,7 +11,7 @@ import (
 	log "github.com/sirupsen/logrus"
 )
 
-const currentVersion = "v0.1.6"
+const currentVersion = "v0.1.7"
 const footer = "###########################################################################################################################################################"
 
 // VersionChecker is a struct that contains the http client used to make http requests to GitHub and validate the latest version of cloud-concierge.