search

bridgecrewio / checkov

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
https://www.checkov.io/
Apache License 2.0
7k stars 1.1k forks source link

kustomization.yml suffix not accepted #2346

Closed exocode closed 2 years ago

exocode commented 2 years ago

Describe the issue

Should show regular output, when providing yml suffix instead of yaml

Examples kustomziation.yml does not work kustomization.yaml works

❯ kustomize version
{Version:kustomize/v4.4.1 GitCommit:b2d65ddc98e09187a8e38adc27c30bab078c1dbf BuildDate:2021-11-11T23:27:14Z GoOs:darwin GoArch:amd64}

Exception Trace

Traceback (most recent call last):
  File "/usr/local/bin/checkov", line 9, in <module>
    sys.exit(run())
  File "/usr/local/lib/python3.9/site-packages/checkov/main.py", line 223, in run
    scan_reports = runner_registry.run(root_folder=root_folder, external_checks_dir=external_checks_dir,
  File "/usr/local/lib/python3.9/site-packages/checkov/common/runners/runner_registry.py", line 59, in run
    reports = [self.runners[0].run(root_folder, external_checks_dir=external_checks_dir, files=files,
  File "/usr/local/lib/python3.9/site-packages/checkov/kustomize/runner.py", line 226, in run
    self.kustomizeProcessedFolderAndMeta[kustomizedir] = self.parseKustomization(kustomizedir)
  File "/usr/local/lib/python3.9/site-packages/checkov/kustomize/runner.py", line 141, in parseKustomization
    with open(f"{parseKustomizationData}/kustomization.yaml", 'r') as kustomizationFile:
FileNotFoundError: [Errno 2] No such file or directory: '/Users/jan/Coding/RubymineProjects/metashop/gitops/app/backend/kustomize/overlays/staging/kustomization.yaml'
❯ LOG_LEVEL=DEBUG checkov -d ./app/backend/kustomize --framework kustomize --check CKV_K8S_43
2022-02-06 01:52:12,867 [MainThread  ] [DEBUG]  Checkov version: 2.0.793
2022-02-06 01:52:12,867 [MainThread  ] [DEBUG]  Python executable: /usr/local/opt/python@3.9/bin/python3.9
2022-02-06 01:52:12,867 [MainThread  ] [DEBUG]  Python version: 3.9.10 (main, Jan 15 2022, 11:48:00)
[Clang 13.0.0 (clang-1300.0.29.3)]
2022-02-06 01:52:12,867 [MainThread  ] [DEBUG]  Checkov executable (argv[0]): /usr/local/bin/checkov
2022-02-06 01:52:12,867 [MainThread  ] [DEBUG]  Command Line Args:   -d ./app/backend/kustomize --framework kustomize --check CKV_K8S_43
Defaults:
  --branch:          master
  --download-external-modules:False
  --external-modules-download-path:.external_modules
  --evaluate-variables:True
  --min-cve-severity:none

2022-02-06 01:52:12,868 [MainThread  ] [INFO ]  Resultant set of frameworks (removing skipped frameworks): kustomize
2022-02-06 01:52:12,868 [MainThread  ] [INFO ]  Checking necessary system dependancies for kustomize checks.
2022-02-06 01:52:13,218 [MainThread  ] [INFO ]  Found working version of kustomize dependancy kubectl: 1.22
2022-02-06 01:52:13,219 [MainThread  ] [DEBUG]  Using API key ending with 2a32083a
2022-02-06 01:52:13,219 [MainThread  ] [DEBUG]  BC_SOURCE = cli, version = 2.0.793
2022-02-06 01:52:15,116 [MainThread  ] [DEBUG]  Changing event name from creating-client-class.iot-data to creating-client-class.iot-data-plane
2022-02-06 01:52:15,117 [MainThread  ] [DEBUG]  Changing event name from before-call.apigateway to before-call.api-gateway
2022-02-06 01:52:15,118 [MainThread  ] [DEBUG]  Changing event name from request-created.machinelearning.Predict to request-created.machine-learning.Predict
2022-02-06 01:52:15,119 [MainThread  ] [DEBUG]  Changing event name from before-parameter-build.autoscaling.CreateLaunchConfiguration to before-parameter-build.auto-scaling.CreateLaunchConfiguration
2022-02-06 01:52:15,119 [MainThread  ] [DEBUG]  Changing event name from before-parameter-build.route53 to before-parameter-build.route-53
2022-02-06 01:52:15,120 [MainThread  ] [DEBUG]  Changing event name from request-created.cloudsearchdomain.Search to request-created.cloudsearch-domain.Search
2022-02-06 01:52:15,120 [MainThread  ] [DEBUG]  Changing event name from docs.*.autoscaling.CreateLaunchConfiguration.complete-section to docs.*.auto-scaling.CreateLaunchConfiguration.complete-section
2022-02-06 01:52:15,123 [MainThread  ] [DEBUG]  Changing event name from before-parameter-build.logs.CreateExportTask to before-parameter-build.cloudwatch-logs.CreateExportTask
2022-02-06 01:52:15,123 [MainThread  ] [DEBUG]  Changing event name from docs.*.logs.CreateExportTask.complete-section to docs.*.cloudwatch-logs.CreateExportTask.complete-section
2022-02-06 01:52:15,123 [MainThread  ] [DEBUG]  Changing event name from before-parameter-build.cloudsearchdomain.Search to before-parameter-build.cloudsearch-domain.Search
2022-02-06 01:52:15,123 [MainThread  ] [DEBUG]  Changing event name from docs.*.cloudsearchdomain.Search.complete-section to docs.*.cloudsearch-domain.Search.complete-section
2022-02-06 01:52:15,126 [MainThread  ] [DEBUG]  Loading JSON file: /usr/local/lib/python3.9/site-packages/botocore/data/endpoints.json
2022-02-06 01:52:15,134 [MainThread  ] [DEBUG]  Event choose-service-name: calling handler <function handle_service_name_alias at 0x104fc5310>
2022-02-06 01:52:15,155 [MainThread  ] [DEBUG]  Loading JSON file: /usr/local/lib/python3.9/site-packages/botocore/data/s3/2006-03-01/service-2.json
2022-02-06 01:52:15,165 [MainThread  ] [DEBUG]  Event creating-client-class.s3: calling handler <function add_generate_presigned_post at 0x104f71b80>
2022-02-06 01:52:15,165 [MainThread  ] [DEBUG]  Event creating-client-class.s3: calling handler <function lazy_call.<locals>._handler at 0x109112f70>
2022-02-06 01:52:15,252 [MainThread  ] [DEBUG]  Event creating-client-class.s3: calling handler <function add_generate_presigned_url at 0x104f71940>
2022-02-06 01:52:15,261 [MainThread  ] [DEBUG]  Setting s3 timeout as (60, 60)
2022-02-06 01:52:15,262 [MainThread  ] [DEBUG]  Loading JSON file: /usr/local/lib/python3.9/site-packages/botocore/data/_retry.json
2022-02-06 01:52:15,262 [MainThread  ] [DEBUG]  Registering retry handlers for service: s3
2022-02-06 01:52:16,176 [MainThread  ] [DEBUG]  Got checkov mappings from Bridgecrew BE
2022-02-06 01:52:17,551 [MainThread  ] [DEBUG]  Found 0 custom policies from the platform.
2022-02-06 01:52:19,127 [MainThread  ] [DEBUG]  Found 0 valid suppressions from the platform.
Traceback (most recent call last):
  File "/usr/local/bin/checkov", line 9, in <module>
    sys.exit(run())
  File "/usr/local/lib/python3.9/site-packages/checkov/main.py", line 223, in run
    scan_reports = runner_registry.run(root_folder=root_folder, external_checks_dir=external_checks_dir,
  File "/usr/local/lib/python3.9/site-packages/checkov/common/runners/runner_registry.py", line 59, in run
    reports = [self.runners[0].run(root_folder, external_checks_dir=external_checks_dir, files=files,
  File "/usr/local/lib/python3.9/site-packages/checkov/kustomize/runner.py", line 226, in run
    self.kustomizeProcessedFolderAndMeta[kustomizedir] = self.parseKustomization(kustomizedir)
  File "/usr/local/lib/python3.9/site-packages/checkov/kustomize/runner.py", line 141, in parseKustomization
    with open(f"{parseKustomizationData}/kustomization.yaml", 'r') as kustomizationFile:
FileNotFoundError: [Errno 2] No such file or directory: '/Users/jan/Coding/RubymineProjects/metashop/gitops/app/backend/kustomize/overlays/staging/kustomization.yaml'
nimrodkor commented 2 years ago

Hey @exocode !

We would appreciate a contribution on this if you'd like. Relevant line is https://github.com/bridgecrewio/checkov/blob/master/checkov/kustomize/runner.py#L141

schosterbarak commented 2 years ago

thanks, @exocode this should be fixed by: https://github.com/bridgecrewio/checkov/pull/2347 let me know if it didn't work on the latest release. closing the issue for now.