Skip to content

Commit

Permalink
checkov:chore - removing pborman/ansi dependency
Browse files Browse the repository at this point in the history
Signed-off-by: Ian Cardoso <ian.cardoso@zup.com.br>
  • Loading branch information
iancardosozup committed Feb 8, 2022
1 parent 87673d1 commit 60d3204
Show file tree
Hide file tree
Showing 3 changed files with 12 additions and 5 deletions.
1 change: 0 additions & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,6 @@ require (
github.com/onsi/ginkgo v1.16.5
github.com/onsi/gomega v1.18.1
github.com/opencontainers/image-spec v1.0.2
github.com/pborman/ansi v1.0.0
github.com/sirupsen/logrus v1.8.1
github.com/spf13/cobra v1.3.0
github.com/spf13/pflag v1.0.5
Expand Down
2 changes: 0 additions & 2 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -768,8 +768,6 @@ github.com/panjf2000/ants/v2 v2.4.7/go.mod h1:f6F0NZVFsGCp5A7QW/Zj/m92atWwOkY0OI
github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ=
github.com/pborman/ansi v1.0.0 h1:OqjHMhvlSuCCV5JT07yqPuJPQzQl+WXsiZ14gZsqOrQ=
github.com/pborman/ansi v1.0.0/go.mod h1:SgWzwMAx1X/Ez7i90VqF8LRiQtx52pWDiQP+x3iGnzw=
github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
github.com/pelletier/go-toml v1.8.1/go.mod h1:T2/BmBdy8dvIRq1a/8aqjN41wvWlN4lrapLU/GW4pbc=
github.com/pelletier/go-toml v1.9.4 h1:tjENF6MfZAg8e4ZmZTeWaWiT2vXtsoO6+iuOjFhECwM=
Expand Down
14 changes: 12 additions & 2 deletions internal/services/formatters/hcl/checkov/formatter.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,13 +17,13 @@ package checkov
import (
"bytes"
"encoding/json"
"regexp"

"github.com/ZupIT/horusec-devkit/pkg/entities/vulnerability"
"github.com/ZupIT/horusec-devkit/pkg/enums/languages"
"github.com/ZupIT/horusec-devkit/pkg/enums/severities"
"github.com/ZupIT/horusec-devkit/pkg/enums/tools"
"github.com/ZupIT/horusec-devkit/pkg/utils/logger"
"github.com/pborman/ansi"

"github.com/ZupIT/horusec/internal/entities/docker"
"github.com/ZupIT/horusec/internal/enums/images"
Expand Down Expand Up @@ -75,7 +75,8 @@ func (f *Formatter) getDockerConfig(projectSubPath string) *docker.AnalysisData

func (f *Formatter) parseOutput(output string) error {
var vuln *checkovVulnerability
binary, _ := ansi.Strip([]byte(output))

binary := f.removeAnsiCharacters(output)
// For some reason checkov returns an empty list when no vulnerabilities are found
// and an object if vulnerabitilies are found, this checks ignores result when we have no vulnerabilities
if bytes.Equal(binary, checkovEmptyValue) {
Expand All @@ -90,6 +91,15 @@ func (f *Formatter) parseOutput(output string) error {
return nil
}

// nolint:lll // const ansi is a regex and cannot be break into more lines
func (f *Formatter) removeAnsiCharacters(output string) []byte {
const ansi = "[\u001B\u009B][[\\]()#;?]*(?:(?:(?:[a-zA-Z\\d]*(?:;[a-zA-Z\\d]*)*)?\u0007)|(?:(?:\\d{1,4}(?:;\\d{0,4})*)?[\\dA-PRZcf-ntqry=><~]))"

re := regexp.MustCompile(ansi)
binary := []byte(re.ReplaceAllString(output, ""))
return binary
}

func (f *Formatter) newVulnerability(check *checkovCheck) *vulnerability.Vulnerability {
vuln := &vulnerability.Vulnerability{
SecurityTool: tools.Checkov,
Expand Down

0 comments on commit 60d3204

Please sign in to comment.