From 8d924a740c853941e5a345038d6030f67f3e16b0 Mon Sep 17 00:00:00 2001 From: Ian Cardoso Date: Tue, 8 Feb 2022 10:18:08 -0300 Subject: [PATCH] checkov:chore - removing pborman/ansi dependency Signed-off-by: Ian Cardoso --- go.mod | 1 - go.sum | 2 -- .../services/formatters/hcl/checkov/formatter.go | 15 +++++++++++++-- 3 files changed, 13 insertions(+), 5 deletions(-) diff --git a/go.mod b/go.mod index 521853bd3..02abcd518 100644 --- a/go.mod +++ b/go.mod @@ -18,7 +18,6 @@ require ( github.com/onsi/ginkgo v1.16.5 github.com/onsi/gomega v1.18.1 github.com/opencontainers/image-spec v1.0.2 - github.com/pborman/ansi v1.0.0 github.com/sirupsen/logrus v1.8.1 github.com/spf13/cobra v1.3.0 github.com/spf13/pflag v1.0.5 diff --git a/go.sum b/go.sum index c0919c4e5..8bd0e12c9 100644 --- a/go.sum +++ b/go.sum @@ -768,8 +768,6 @@ github.com/panjf2000/ants/v2 v2.4.7/go.mod h1:f6F0NZVFsGCp5A7QW/Zj/m92atWwOkY0OI github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ= -github.com/pborman/ansi v1.0.0 h1:OqjHMhvlSuCCV5JT07yqPuJPQzQl+WXsiZ14gZsqOrQ= -github.com/pborman/ansi v1.0.0/go.mod h1:SgWzwMAx1X/Ez7i90VqF8LRiQtx52pWDiQP+x3iGnzw= github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= github.com/pelletier/go-toml v1.8.1/go.mod h1:T2/BmBdy8dvIRq1a/8aqjN41wvWlN4lrapLU/GW4pbc= github.com/pelletier/go-toml v1.9.4 h1:tjENF6MfZAg8e4ZmZTeWaWiT2vXtsoO6+iuOjFhECwM= diff --git a/internal/services/formatters/hcl/checkov/formatter.go b/internal/services/formatters/hcl/checkov/formatter.go index ceb469172..4017ee25a 100644 --- a/internal/services/formatters/hcl/checkov/formatter.go +++ b/internal/services/formatters/hcl/checkov/formatter.go @@ -17,13 +17,13 @@ package checkov import ( "bytes" "encoding/json" + "regexp" "github.com/ZupIT/horusec-devkit/pkg/entities/vulnerability" "github.com/ZupIT/horusec-devkit/pkg/enums/languages" "github.com/ZupIT/horusec-devkit/pkg/enums/severities" "github.com/ZupIT/horusec-devkit/pkg/enums/tools" "github.com/ZupIT/horusec-devkit/pkg/utils/logger" - "github.com/pborman/ansi" "github.com/ZupIT/horusec/internal/entities/docker" "github.com/ZupIT/horusec/internal/enums/images" @@ -75,7 +75,8 @@ func (f *Formatter) getDockerConfig(projectSubPath string) *docker.AnalysisData func (f *Formatter) parseOutput(output string) error { var vuln *checkovVulnerability - binary, _ := ansi.Strip([]byte(output)) + + binary := f.removeAnsiCharacters(output) // For some reason checkov returns an empty list when no vulnerabilities are found // and an object if vulnerabitilies are found, this checks ignores result when we have no vulnerabilities if bytes.Equal(binary, checkovEmptyValue) { @@ -90,6 +91,16 @@ func (f *Formatter) parseOutput(output string) error { return nil } +// nolint:lll // const ansi is a regex and cannot be break into more lines +func (f *Formatter) removeAnsiCharacters(output string) []byte { + // ansi represents a regex that will match ansi characters ,so we can use just the ASCII characters to parse the results of checkov tool + const ansi = "[\u001B\u009B][[\\]()#;?]*(?:(?:(?:[a-zA-Z\\d]*(?:;[a-zA-Z\\d]*)*)?\u0007)|(?:(?:\\d{1,4}(?:;\\d{0,4})*)?[\\dA-PRZcf-ntqry=><~]))" + + re := regexp.MustCompile(ansi) + binary := []byte(re.ReplaceAllString(output, "")) + return binary +} + func (f *Formatter) newVulnerability(check *checkovCheck) *vulnerability.Vulnerability { vuln := &vulnerability.Vulnerability{ SecurityTool: tools.Checkov,