Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
fix: IaC multi-doc yaml indexing
In the IaC local execution data flow, the stage in results-formatter.ts takes a list of IacFileScanResult as input, and returns a list of FormattedResult. One key difference between these two objects is that the former list contains a distinct object per document in a multi-doc yaml file, but for the latter we are grouping these so that there is a distinct object per file. FormattedResults each contain a list of vulnerabilities, so we end up with vulnerabilities from different YAML documents (in the same file) sharing a list. Vulnerabilities with the same "resource path" (Kubernetes example: `spec.containers[web].securityContext.privileged`), but in distinct YAML documents in the same file, should be differentiated by the "cloudConfigPath" (analogous to the "path" of libraries used to address dependecies in the open-source flows), and also by the line number. Both of these distinguishing fields were actually being clobbered by their values from the first document in a file: doc ID was always 0, and the line numbers referred to identical resources in the first doc rather than subsequent docs. This needs to be resolved in order to deliver IaC CLI issue-ignore support in a sane way, and so is tangentially related to https://snyksec.atlassian.net/browse/CC-990. This will also help any tooling that infers information from line numbers, which could help us build things like editor plugins and language servers in the future.
- Loading branch information
Craig Furman
committed
Jul 27, 2021
1 parent
c5e7007
commit b4e6c18
Showing
3 changed files
with
60 additions
and
34 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters