Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(terraform): add snyk linter for terraform #4583

Draft
wants to merge 3 commits into
base: master
Choose a base branch
from
Draft

feat(terraform): add snyk linter for terraform #4583

Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
1630611
feat(terraform): add snyk linter for terraform
Aug 9, 2023
2bb2b82
fix(terraform): add more context from snyk to linter messages
pbnj Aug 10, 2023
637b735
fix: empty list instead of empty dictionary
pbnj Aug 21, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
61 changes: 61 additions & 0 deletions ale_linters/terraform/snyk.vim
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
" Description: snyk for Terraform files
"
" See: https://www.terraform.io/
" https://github.com/snyk/cli

call ale#Set('terraform_snyk_options', '')
call ale#Set('terraform_snyk_executable', 'snyk')

let s:separator = has('win32') ? '\' : '/'

function! ale_linters#terraform#snyk#Handle(buffer, lines) abort
let l:output = []
let l:json = ale#util#FuzzyJSONDecode(a:lines, {})
pbnj marked this conversation as resolved.
Show resolved Hide resolved

for l:result in l:json
if l:result.ok is# v:false
for l:iac_issues in get(l:result, 'infrastructureAsCodeIssues')
if l:iac_issues.severity is# 'low' || l:iac_issues.severity is# 'medium'
let l:type = 'W'
elseif l:iac_issues.severity is# 'high' || l:iac_issues.severity is# 'critical'
let l:type = 'E'
else
let l:type = 'W'
endif

call add(l:output, {
\ 'filename': l:result.targetFilePath,
\ 'lnum': l:iac_issues.lineNumber,
\ 'text': l:iac_issues.iacDescription.issue . ale#Pad('.') . ale#Pad(l:iac_issues.iacDescription.impact) . ale#Pad('.') . ale#Pad(l:iac_issues.iacDescription.resolve),
\ 'code': l:iac_issues.publicId,
\ 'type': l:type,
\})
endfor
endif
endfor

return l:output
endfunction

" Construct command arguments to snyk with `terraform_snyk_options`.
function! ale_linters#terraform#snyk#GetCommand(buffer) abort
let l:cmd = '%e iac test'

let l:opts = ale#Var(a:buffer, 'terraform_snyk_options')

if !empty(l:opts)
let l:cmd .= ale#Pad(l:opts)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ale#Pad returns an empty string if the input is empty, so you can take the condition away and put the whole command in a return statement at the end. You can write --json into the command before the other options without ale#Pad.

endif

let l:cmd .= ale#Pad('--json')

return l:cmd
endfunction

call ale#linter#Define('terraform', {
\ 'name': 'snyk',
\ 'executable': {b -> ale#Var(b, 'terraform_snyk_executable')},
\ 'cwd': '%s:h',
\ 'command': function('ale_linters#terraform#snyk#GetCommand'),
\ 'callback': 'ale_linters#terraform#snyk#Handle',
\})
Loading