nikpivkin
commented
6 days ago I think we also need to properly handle other types of sources that we support
Closed DmitriyLewen closed 5 days ago
nikpivkin
commented
6 days ago I think we also need to properly handle other types of sources that we support
nikpivkin
commented
6 days ago I also noticed that the URI after cleaning may be valid but not correct. For example ‘git::https://example.com/vpc.git?ref=v1.2.0’ will become example.com/vpc?ref=v1.2.0, but nothing will be found at that link.
DmitriyLewen
commented
6 days ago I think we also need to properly handle other types of sources that we support
Do you have a list of possible types for misconfigs?
For example ‘git::https://example.com/vpc.git?ref=v1.2.0’ will become example.com/vpc?ref=v1.2.0, but nothing will be found at that link.
Hm... This is weird. hen what link should we show here?
nikpivkin
commented
6 days ago Do you have a list of possible types for misconfigs?
https://developer.hashicorp.com/terraform/language/modules/sources#module-sources
Hm... This is weird. hen what link should we show here?
Here's an example for an existing module:
git@github.com:terraform-aws-modules/terraform-aws-s3-bucket.git?ref=v4.2.0/main.tf -> github.com/terraform-aws-modules/terraform-aws-s3-bucket/tree/v4.2.0/main.tf
But I think it's worth studying the specification better.
upd: GitHub only works with local URIs.
DmitriyLewen
commented
6 days ago https://developer.hashicorp.com/terraform/language/modules/sources#module-sources
I will take a look
upd: GitHub only works with local URIs.
So we can skip other URIs (e.g. github, bitbacket, etc.), right?
DmitriyLewen
commented
5 days ago @nikpivkin I updated #7898 for GitHub links and other types.
Description
We already clear URI with
git::https:/schema: https://github.com/aquasecurity/trivy/blob/015bb885ac414b91201fa9791eead395d878149c/pkg/report/sarif.go#L350We need to add logic for
git@githib.comschema.Discussed in https://github.com/aquasecurity/trivy/discussions/7893