fix: typos discovered by codespell

CHANGELOG.md

@@ -1230,7 +1230,7 @@
 - **general:** fix integration test in build - [#6227](https://github.com/bridgecrewio/checkov/pull/6227)
 - **general:** fix integration tests - [#6207](https://github.com/bridgecrewio/checkov/pull/6207)
 - **kubernetes:** Update checkov-job.yaml - [#5985](https://github.com/bridgecrewio/checkov/pull/5985)
-- **sca:** remove old test for the depracated workflow github-action - [#6232](https://github.com/bridgecrewio/checkov/pull/6232)
+- **sca:** remove old test for the deprecated workflow github-action - [#6232](https://github.com/bridgecrewio/checkov/pull/6232)
 - **terraform_plan:** Edges not created because of indexing in resource["address"] when resources in modules use count - [#6145](https://github.com/bridgecrewio/checkov/pull/6145)
 - **terraform:** CKV_AWS_23 rule description fixed for clarity - [#5993](https://github.com/bridgecrewio/checkov/pull/5993)
 - **terraform:** Fix CKV_AWS_358 to handle plan files - [#6202](https://github.com/bridgecrewio/checkov/pull/6202)
@@ -2751,7 +2751,7 @@
 
 ### Bug Fix
 
-- **kubernetes:** dont' fail if spec is missing and default value is set to the fix value. - [#5167](https://github.com/bridgecrewio/checkov/pull/5167)
+- **kubernetes:** don't fail if spec is missing and default value is set to the fix value. - [#5167](https://github.com/bridgecrewio/checkov/pull/5167)
 
 ## [2.3.276](https://github.com/bridgecrewio/checkov/compare/2.3.273...2.3.276) - 2023-06-04
 
@@ -2878,7 +2878,7 @@
 ### Feature
 
 - **general:** add SPDX output - [#5104](https://github.com/bridgecrewio/checkov/pull/5104)
-- **kubernetes:** seperate service acoount builder to improve performance - [#5093](https://github.com/bridgecrewio/checkov/pull/5093)
+- **kubernetes:** separate service account builder to improve performance - [#5093](https://github.com/bridgecrewio/checkov/pull/5093)
 - **sca:** showing line numbers in the cli output for csv - [#5096](https://github.com/bridgecrewio/checkov/pull/5096)
 - **sca:** showing line numbers in the cli output for licenses - [#5098](https://github.com/bridgecrewio/checkov/pull/5098)
 
@@ -3050,7 +3050,7 @@
 ### Feature
 
 - **terraform:** add support for private terraform registries - [#4964](https://github.com/bridgecrewio/checkov/pull/4964)
-- **terraform:** remove cross varaibles bad list comprehension - [#4948](https://github.com/bridgecrewio/checkov/pull/4948)
+- **terraform:** remove cross variables bad list comprehension - [#4948](https://github.com/bridgecrewio/checkov/pull/4948)
 
 ### Bug Fix
 
@@ -3400,7 +3400,7 @@
 - **terraform:** AWS Ensure cloudfront has a default root - [#4673](https://github.com/bridgecrewio/checkov/pull/4673)
 - **terraform:** AWS ensure secret rotation is less than 90 days - [#4672](https://github.com/bridgecrewio/checkov/pull/4672)
 - **terraform:** AWS Secrets are rotated - [#4671](https://github.com/bridgecrewio/checkov/pull/4671)
-- **terraform:** ensure DB snapshots arent public - [#4667](https://github.com/bridgecrewio/checkov/pull/4667)
+- **terraform:** ensure DB snapshots aren't public - [#4667](https://github.com/bridgecrewio/checkov/pull/4667)
 - **terraform:** ensure SSM docs are private - [#4668](https://github.com/bridgecrewio/checkov/pull/4668)
 - **terraform:** lambda permission is not public - [#4666](https://github.com/bridgecrewio/checkov/pull/4666)
 
@@ -4788,7 +4788,7 @@
 ### Breaking Change
 
 - **github:** Change github_failed_only output suffix to .md - [#3595](https://github.com/bridgecrewio/checkov/pull/3595)
-- **terraform:** adjust the check result return for dependant variables to unknown in  Python based checks - [#3743](https://github.com/bridgecrewio/checkov/pull/3743)
+- **terraform:** adjust the check result return for dependent variables to unknown in  Python based checks - [#3743](https://github.com/bridgecrewio/checkov/pull/3743)
 - **terraform:** return UNKNOWN for unrendered values in graph checks - [#3689](https://github.com/bridgecrewio/checkov/pull/3689)
 
 ### Feature
@@ -4848,7 +4848,7 @@
 
 ### Bug Fix
 
-- **general:** Custom Policies integration must run before Suppresion integration - [#3701](https://github.com/bridgecrewio/checkov/pull/3701)
+- **general:** Custom Policies integration must run before Suppression integration - [#3701](https://github.com/bridgecrewio/checkov/pull/3701)
 - **terraform:** Add or condition for TLS 1.3 policy, supporting CKV_AWS_103 - [#3700](https://github.com/bridgecrewio/checkov/pull/3700)
 - **terraform:** Fix TF AbsGoogleComputeFirewallUnrestrictedIngress check - [#3704](https://github.com/bridgecrewio/checkov/pull/3704)
 

checkov/cdk/checks/typescript/RDSEnhancedMonitorEnabled.yaml

@@ -13,7 +13,7 @@ definition:
   conditions:
     - not_pattern: |
         new $PACKAGE.aws_rds.DatabaseInstance(<ANY>, <ANY>, { <ANY>, monitoringInterval: $COUNT, <ANY> })
-    - metavariable: $COUNT # bug: should preform with not_pattern and not after BCE-33034
+    - metavariable: $COUNT # bug: should perform with not_pattern and not after BCE-33034
       comparison: $COUNT > 0
     - metavariable: $PACKAGE
       comparison: $PACKAGE == "aws-cdk-lib"

checkov/cloudformation/checks/resource/aws/LambdaEnvironmentCredentials.py

@@ -25,7 +25,7 @@ def scan_resource_conf(self, conf: dict[str, Any]) -> CheckResult:
                 if variables and isinstance(variables, dict):
                     for var_name, value in variables.items():
                         if isinstance(value, dict):
-                            # if it is a resolved instrinsic function like !Ref: xyz, then it can't be a secret
+                            # if it is a resolved intrinsic function like !Ref: xyz, then it can't be a secret
                             continue
 
                         # Skip checking if the value starts with 'handler.'

checkov/cloudformation/checks/resource/base_resource_value_check.py

@@ -59,7 +59,7 @@ def scan_resource_conf(self, conf: dict[str, Any]) -> CheckResult:
         if len(matches) > 0:
             for match in matches:
                 # CFN files are parsed differently from terraform, which causes the path search above to behave differently.
-                # The tesult is path parts with integer indexes, instead of strings like '[0]'. This logic replaces
+                # The result is path parts with integer indexes, instead of strings like '[0]'. This logic replaces
                 # those, allowing inspected_keys in checks to use the same syntax.
                 # The last value shouldn't be changed, because it could be indeed a valid number
                 for i in range(0, len(match) - 1):

checkov/cloudformation/context_parser.py

@@ -98,7 +98,7 @@ def trim_lines(code_lines: List[Tuple[int, str]]) -> List[Tuple[int, str]]:
     def find_lines(node: Any, kv: str) -> Generator[int, None, None]:
         # Hack to allow running checkov on json templates
         # CF scripts that are parsed using the yaml mechanism have a magic STARTLINE and ENDLINE property
-        # CF scripts that are parsed using the json mechnism use dicts that have a marker
+        # CF scripts that are parsed using the json mechanism use dicts that have a marker
         if hasattr(node, "start_mark") and kv == STARTLINE:
             yield node.start_mark.line + 1
 

checkov/cloudformation/graph_builder/local_graph.py

@@ -201,12 +201,12 @@ def _add_resource_attr_connections(self, attribute: str) -> None:
                                 self._create_edge(origin_node_index, dest_vertex_index, label=attribute)
                         else:
                             logging.debug(
-                                f"[CloudformationLocalGraph] didnt create edge for target_id {target_id}"
+                                f"[CloudformationLocalGraph] didn't create edge for target_id {target_id}"
                                 f"and vertex_path {vertex_path} as target_id is not a string"
                             )
                 else:
                     logging.debug(
-                        f"[CloudformationLocalGraph] didnt create edge for target_ids {target_ids}"
+                        f"[CloudformationLocalGraph] didn't create edge for target_ids {target_ids}"
                         f"and vertex_path {vertex_path} as target_ids is not a list"
                     )
 

checkov/cloudformation/graph_builder/variable_rendering/renderer.py

@@ -376,7 +376,7 @@ def _evaluate_if_connection(
                 condition_vertex_attributes.get(CustomAttributes.BLOCK_TYPE) == BlockType.CONDITIONS:
             evaluated_condition = self._evaluate_condition_by_name(condition_name)
 
-        # After we evaluate ConditionName, we fetch OperandIfTrue or OperandIfFalse (according ot the result)
+        # After we evaluate ConditionName, we fetch OperandIfTrue or OperandIfFalse (according to the result)
         if isinstance(evaluated_condition, bool):
             (operand_index, operand_to_eval) = (1, operand_if_true) if evaluated_condition else (2, operand_if_false)
 

checkov/cloudformation/parser/cfn_yaml.py

@@ -107,7 +107,7 @@ def __init__(self, filename: str, content_type: ContentType | None = None) -> No
     def construct_yaml_map(self, node: MappingNode) -> DictNode:
         # Check for duplicate keys on the current level, this is not desirable
         # because a dict does not support this. It overwrites it with the last
-        # occurance, which can give unexpected results
+        # occurrence, which can give unexpected results
         mapping = {}
         self.flatten_mapping(node)
         for key_node, value_node in node.value:

checkov/common/bridgecrew/integration_features/features/vulnerabilities_integration.py

@@ -77,7 +77,7 @@ def merge_sca_and_sast_reports(self, merged_reports: list[Report]) -> None:
         # Iterate over each file, get sast imports and enrich it's Cves
         for sca_file_path, current_cves in grouped_records.items():
 
-            # Determine the langauge of file
+            # Determine the language of file
             lang = self.get_sast_lang_by_file_path(sca_file_path)
 
             # Extract Sast data from Sast report filtered by the language
@@ -118,7 +118,7 @@ def group_cves_checks_by_files(self, cves_checks: List[Record]) -> Dict[str, Lis
         return grouped_records
 
     '''
-    convert SAST report structure to a sturcture grouped by package_name, for better performance in the enrich step
+    convert SAST report structure to a structure grouped by package_name, for better performance in the enrich step
     '''
 
     def create_file_by_package_map(self, filtered_entries: List[Tuple[Any, Any]]) -> Dict[str, List[str]]:

checkov/common/bridgecrew/platform_integration.py

@@ -214,7 +214,7 @@ def generate_instance_data(self) -> dict[str, Any]:
             "skip_fixes": self.skip_fixes,
             "timestamp": self.timestamp,
             "use_s3_integration": self.use_s3_integration,
-            # will be overriden with a simple lambda expression
+            # will be overridden with a simple lambda expression
             "get_auth_token": self.get_auth_token() if self.bc_api_key else ""
         }
 
@@ -584,8 +584,8 @@ def persist_repository(
                 if file_extension in SUPPORTED_FILE_EXTENSIONS or f_name in SUPPORTED_FILES:
                     files_to_persist.append(FileToPersist(f, os.path.relpath(f, root_dir)))
                 if sast_languages:
-                    for framwork in sast_languages:
-                        if file_extension in SAST_SUPPORTED_FILE_EXTENSIONS[framwork]:
+                    for framework in sast_languages:
+                        if file_extension in SAST_SUPPORTED_FILE_EXTENSIONS[framework]:
                             files_to_persist.append(FileToPersist(f, os.path.relpath(f, root_dir)))
                             break
 
@@ -604,8 +604,8 @@ def persist_repository(
                     if file_extension in SUPPORTED_FILE_EXTENSIONS or file_path in SUPPORTED_FILES or is_dockerfile(file_path):
                         files_to_persist.append(FileToPersist(full_file_path, relative_file_path))
                     if sast_languages:
-                        for framwork in sast_languages:
-                            if file_extension in SAST_SUPPORTED_FILE_EXTENSIONS[framwork]:
+                        for framework in sast_languages:
+                            if file_extension in SAST_SUPPORTED_FILE_EXTENSIONS[framework]:
                                 files_to_persist.append(FileToPersist(full_file_path, relative_file_path))
                                 break
 

checkov/common/parsers/json/decoder.py

@@ -392,7 +392,7 @@ def check_duplicates(self, ordered_pairs: list[tuple[str, Any]], beg_mark: Mark,
         """
             Check for duplicate keys on the current level, this is not desirable
             because a dict does not support this. It overwrites it with the last
-            occurance, which can give unexpected results
+            occurrence, which can give unexpected results
         """
         mapping = DictNode({}, beg_mark, end_mark)
         for key, value in ordered_pairs:

checkov/common/runners/runner_registry.py

@@ -98,7 +98,7 @@ def __init__(
         self.filter_runner_framework()
         self.tool = tool
         self._check_type_to_report_map: dict[str, Report] = {}  # used for finding reports with the same check type
-        self.licensing_integration = licensing_integration  # can be maniuplated by unit tests
+        self.licensing_integration = licensing_integration  # can be manipulated by unit tests
         self.secrets_omitter_class = secrets_omitter_class
         self.check_type_to_graph: dict[str, list[tuple[LibraryGraph, Optional[str]]]] = {}
         self.check_type_to_resource_subgraph_map: dict[str, dict[str, str]] = {}

checkov/common/sca/reachability/package_alias_mapping/nodejs/utils.py

@@ -78,7 +78,7 @@ def parse_rollup_file(file_content: str, relevant_packages: Set[str]) -> Dict[st
     export_default_match = re.search(EXPORT_DEFAULT_PATTERN, file_content, re.DOTALL)
     if export_default_match:
         export_default_str = export_default_match.group(1)
-        # for having for all the keys and values doube quotes and removing spaces
+        # for having for all the keys and values double quotes and removing spaces
         export_default_str = re.sub(r'\s+', '', re.sub(r'([{\s,])(\w+):', r'\1"\2":', export_default_str)
                                     .replace("'", "\""))
 

checkov/common/secrets/consts.py

@@ -29,7 +29,7 @@ def __str__(self) -> str:
 class VerifySecretsResult(Enum):
     INSUFFICIENT_PARAMS = "INSUFFICIENT_PARAMS"
     FAILURE = "FAILURE"
-    SUCCESS = "SUCESS"
+    SUCCESS = "SUCCESS"
 
     def __str__(self) -> str:
         # needed, because of a Python 3.11 change

checkov/common/util/ext_argument_parser.py

@@ -536,7 +536,7 @@ def add_parser_args(self) -> None:
             default=[],
             help="List of <resource_type>:<variable> OR <variable> only. Each entry in the list will be used for"
                  "masking the desired attribute for resource (or for all resources, if no resource given)."
-                 "Notice: one entry can contain several variables, seperated with a comma. For example:"
+                 "Notice: one entry can contain several variables, separated with a comma. For example:"
                  "<resource_type>:<variable1>,<variable2> OR <variable1>,<variable2>"
         )
         self.add(

checkov/common/util/parser_utils.py

@@ -249,7 +249,7 @@ def split_merge_args(value: str) -> list[str] | None:
     for c in value:
         if c == "," and not inside_collection_stack:
             current_arg_buffer = current_arg_buffer.strip()
-            # Note: can get a zero-length buffer when there's a double comman. This can
+            # Note: can get a zero-length buffer when there's a double comma. This can
             #       happen with multi-line args (see parser_internals test)
             if len(current_arg_buffer) != 0:
                 to_return.append(current_arg_buffer)

checkov/common/util/runner_dependency_handler.py

@@ -25,10 +25,10 @@ def __init__(self, runner_registry: RunnerRegistry) -> None:
 
     def validate_runner_deps(self) -> None:
         """
-        Checks if each runner declares any system dependancies by calling each runner's system_deps() function.
+        Checks if each runner declares any system dependencies by calling each runner's system_deps() function.
         This function can safley not exist, but if returns true, call check_system_deps() on the same function.
-        The function would impliment it's own dependancy checks (see helm/runner.py for example).
-        Sucessful check_system_deps() should return None, otherwise self.check_type to indicate a runner has failed deps.
+        The function would implement it's own dependency checks (see helm/runner.py for example).
+        Successful check_system_deps() should return None, otherwise self.check_type to indicate a runner has failed deps.
 
         THen removes any runners with missing dependencies from runner_registry.
         """

checkov/common/util/secrets_omitter.py

@@ -46,7 +46,7 @@ def _non_secret_check(self) -> Iterator[Record]:
     @staticmethod
     def get_secret_lines(code_block: list[tuple[int, str]] | None) -> tuple[list[int], list[str]]:
         """
-        Given a code block object, returns the lines containing asteriks including the line range
+        Given a code block object, returns the lines containing asterisks including the line range
         :param code_block: list of tuples containing line number and the line itself
         :return: list of size 2, representing the range of lines containing secrets from code_block,
          and a list containing the lines from the range.

checkov/common/util/str_utils.py

@@ -12,7 +12,7 @@ def removeprefix(input_str: str, prefix: str) -> str:
 
 
 # in case of comparing paths from the BE and from the client, we have to make sure the structures are the same
-# e.g: in windows the seperator for the path is '\' while in linux/max it is '/'
+# e.g: in windows the separator for the path is '\' while in linux/max it is '/'
 def align_path(path: str) -> str:
     return path.replace('\\', '/')
 

checkov/dockerfile/checks/graph_checks/EnvNodeTlsRejectUnauthorized.yaml

@@ -1,6 +1,6 @@
 metadata:
   id: "CKV2_DOCKER_6"
-  name: "Ensure that certificate validation isn't disabled with the NODE_TLS_REJECT_UNAUTHORIZED environmnet variable"
+  name: "Ensure that certificate validation isn't disabled with the NODE_TLS_REJECT_UNAUTHORIZED environment variable"
   category: "APPLICATION_SECURITY"
 definition:
   or:

checkov/dockerfile/checks/graph_checks/EnvNpmConfigStrictSsl.yaml

@@ -1,6 +1,6 @@
 metadata:
   id: "CKV2_DOCKER_12"
-  name: "Ensure that certificate validation isn't disabled for npm via the 'NPM_CONFIG_STRICT_SSL' environmnet variable"
+  name: "Ensure that certificate validation isn't disabled for npm via the 'NPM_CONFIG_STRICT_SSL' environment variable"
   category: "APPLICATION_SECURITY"
 definition:
   or:

checkov/dockerfile/checks/graph_checks/EnvPythonHttpsVerify.yaml

@@ -1,6 +1,6 @@
 metadata:
   id: "CKV2_DOCKER_5"
-  name: "Ensure that certificate validation isn't disabled with the PYTHONHTTPSVERIFY environmnet variable"
+  name: "Ensure that certificate validation isn't disabled with the PYTHONHTTPSVERIFY environment variable"
   category: "APPLICATION_SECURITY"
 definition:
   or: