search

aws-samples / cfn-security-scan-integration

Sample code for integrating AWS CloudFormation templates security tests (using CFN-Nag and CFN-Guard) with both AWS Security Hub and AWS CodeBuild reports.
MIT No Attribution
19 stars 9 forks source link

cfn-guard CodeBuild is failing #1

Closed rajddas closed 3 years ago

rajddas commented 3 years ago

Hi Team,

The cfn-guard CodeBuild is failing on this below step :

Command : (cd /usr/local/cloudformation-guard && make )

ERROR :

warning: extern fn uses type str, which is not FFI-safe 189 | --> cfn-guard/src/lib.rs:54:29 190 | | 191 | 54 | template_file_contents: &str, 192 | | ^^^^ not FFI-safe 193 | | 194 | = note: #[warn(improper_ctypes_definitions)] on by default 195 | = help: consider using *const u8 and a length instead 196 | = note: string slices have no C equivalent 197 |   198 | warning: extern fn uses type str, which is not FFI-safe 199 | --> cfn-guard/src/lib.rs:55:26 200 | | 201 | 55 | rules_file_contents: &str, 202 | | ^^^^ not FFI-safe 203 | | 204 | = help: consider using *const u8 and a length instead 205 | = note: string slices have no C equivalent 206 |   207 | warning: extern fn uses type std::result::Result<(std::vec::Vec<std::string::String>, usize), std::string::String>, which is not FFI-safe 208 | --> cfn-guard/src/lib.rs:57:6 209 | | 210 | 57 | ) -> Result<(Vec, usize), String> { 211 | | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ not FFI-safe 212 | | 213 | = help: consider adding a #[repr(C)], #[repr(transparent)], or integer #[repr(...)] attribute to this enum 214 | = note: enum has no representation hint 215 |   216 | warning: 3 warnings emitted 217 |   218 | warning: use of deprecated item 'simple_logger::init_with_level': Please use the Builder pattern instead. 219 | --> cfn-guard/src/main.rs:78:9 220 | | 221 | 78 | simple_logger::init_with_level(log_level).unwrap(); 222 | | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 223 | | 224 | = note: #[warn(deprecated)] on by default 225 |   226 | warning: use of deprecated item 'simple_logger::init_with_level': Please use the Builder pattern instead. 227 | --> cfn-guard/src/main.rs:103:13 228 | | 229 | 103 | simple_logger::init_with_level(log_level).unwrap(); 230 | | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 231 |   232 | warning: 2 warnings emitted 233 |   234 | Finished release [optimized] target(s) in 2m 59s 235 | cp: cannot stat 'target/release/cfn-guard': No such file or directory 236 | make: *** [cfn-guard] Error 1 237 |   238 | [Container] 2020/10/05 09:33:36 Command did not exit successfully (cd /usr/local/cloudformation-guard && make ) exit status 2

rajddas commented 3 years ago

As I have been suggested in the below link, I needed to remove the clone depth to make it work.

https://github.com/aws-cloudformation/cloudformation-guard/issues/73

tzvetkov75 commented 3 years ago

Thanks @rajddas for reporting. If the make file is updated as you mention, we do not need update here, since it is pulled the latest. Can you confirm that it works for you now?

rajddas commented 3 years ago

@tzvetkov75 yep it worked for me! Given that latest makefile is there in the repo. I have a suggestion here, why don't we use the linux binary for cfn-guard in CodeBuild, it can save time installing & compiling it every time the build runs. Also if v1.0.0 is a stable build of cfn-guard then we could use the same version binary.

tzvetkov75 commented 3 years ago

Thank you @rajddas we will consider using the binary when available