diff --git a/src/lib/formatters/iac-output/text/formatters.ts b/src/lib/formatters/iac-output/text/formatters.ts index 09f351a5a7..40a1db67be 100644 --- a/src/lib/formatters/iac-output/text/formatters.ts +++ b/src/lib/formatters/iac-output/text/formatters.ts @@ -214,11 +214,5 @@ function extractResolve(vulnerability: Vulnerability): string { } function formatCloudConfigPath(vulnerability: Vulnerability): string[] { - const cloudConfigPath = vulnerability.resource.id.split('.'); - - if (vulnerability.resource.path) { - cloudConfigPath.push(...vulnerability.resource.path); - } - - return cloudConfigPath; + return vulnerability.resource.formattedPath.split('.'); } diff --git a/src/lib/iac/test/v2/json.ts b/src/lib/iac/test/v2/json.ts index 4bf063ba65..71bc746b94 100644 --- a/src/lib/iac/test/v2/json.ts +++ b/src/lib/iac/test/v2/json.ts @@ -264,7 +264,7 @@ function vulnerabilitiesToIacIssues( lineNumber: v.resource.line || -1, documentation: v.rule.documentation, // only works for rules available on snyk.io isGeneratedByCustomRule: !!v.rule.isGeneratedByCustomRule, - path: v.resource.path || [], // needs to be fixed, currently doesn't show the full path + path: v?.resource?.formattedPath.split('.') || [], compliance: [], description: v.rule.description, }; diff --git a/test/jest/unit/iac/process-results/fixtures/integrated-json-output.json b/test/jest/unit/iac/process-results/fixtures/integrated-json-output.json index 2f14229bfc..17c0e521cd 100644 --- a/test/jest/unit/iac/process-results/fixtures/integrated-json-output.json +++ b/test/jest/unit/iac/process-results/fixtures/integrated-json-output.json @@ -63,7 +63,10 @@ "lineNumber": -1, "documentation": "https://security.snyk.io/rules/cloud/SNYK-CC-00151", "isGeneratedByCustomRule": false, - "path": [], + "path": [ + "resource", + "aws_vpc[mainvpc]" + ], "compliance": [], "description": "VPC flow logging should be enabled. AWS VPC Flow Logs provide visibility into network traffic that traverses the AWS VPC.\nUsers can use the flow logs to detect anomalous traffic or insight during security workflows.\n" }, @@ -94,10 +97,11 @@ "documentation": "https://security.snyk.io/rules/cloud/SNYK-CC-TF-5", "isGeneratedByCustomRule": false, "path": [ - "ingress", - 0, - "cidr_blocks", - 0 + "input", + "resource", + "aws_default_security_group[default]", + "ingress[0]", + "cidr_blocks[0]" ], "compliance": [], "description": "Configuring all VPC default security groups to restrict all traffic encourages least privilege security\ngroup development and mindful placement of AWS resources into security groups which in turn reduces the exposure of those resources.\n" @@ -162,7 +166,10 @@ "lineNumber": 5, "documentation": "https://security.snyk.io/rules/cloud/SNYK-CC-00151", "isGeneratedByCustomRule": false, - "path": [], + "path": [ + "resource", + "aws_vpc[mainvpc]" + ], "compliance": [], "description": "VPC flow logging should be enabled. AWS VPC Flow Logs provide visibility into network traffic that traverses the AWS VPC.\nUsers can use the flow logs to detect anomalous traffic or insight during security workflows.\n" }, @@ -193,10 +200,11 @@ "documentation": "https://security.snyk.io/rules/cloud/SNYK-CC-TF-5", "isGeneratedByCustomRule": false, "path": [ - "ingress", - 0, - "cidr_blocks", - 0 + "input", + "resource", + "aws_default_security_group[default]", + "ingress[0]", + "cidr_blocks[0]" ], "compliance": [], "description": "Configuring all VPC default security groups to restrict all traffic encourages least privilege security\ngroup development and mindful placement of AWS resources into security groups which in turn reduces the exposure of those resources.\n" diff --git a/test/jest/unit/iac/process-results/fixtures/snyk-iac-test-text-output-data-with-suppressions.json b/test/jest/unit/iac/process-results/fixtures/snyk-iac-test-text-output-data-with-suppressions.json index c1a1f8e776..12646d3a11 100644 --- a/test/jest/unit/iac/process-results/fixtures/snyk-iac-test-text-output-data-with-suppressions.json +++ b/test/jest/unit/iac/process-results/fixtures/snyk-iac-test-text-output-data-with-suppressions.json @@ -8,8 +8,8 @@ "title": "VPC flow logging should be enabled", "lineNumber": -1, "cloudConfigPath": [ - "aws_vpc", - "mainvpc" + "resource", + "aws_vpc[mainvpc]" ], "issue": "VPC flow logging should be enabled", "impact": "VPC flow logging should be enabled. AWS VPC Flow Logs provide visibility into network traffic that traverses the AWS VPC.\nUsers can use the flow logs to detect anomalous traffic or insight during security workflows.\n", @@ -29,12 +29,11 @@ "title": "VPC default security group allows unrestricted ingress traffic", "lineNumber": -1, "cloudConfigPath": [ - "aws_default_security_group", - "default", - "ingress", - 0, - "cidr_blocks", - 0 + "input", + "resource", + "aws_default_security_group[default]", + "ingress[0]", + "cidr_blocks[0]" ], "issue": "VPC default security group allows unrestricted ingress traffic", "impact": "Configuring all VPC default security groups to restrict all traffic encourages least privilege security\ngroup development and mindful placement of AWS resources into security groups which in turn reduces the exposure of those resources.\n", @@ -54,8 +53,8 @@ "title": "VPC flow logging should be enabled", "lineNumber": 5, "cloudConfigPath": [ - "aws_vpc", - "mainvpc" + "resource", + "aws_vpc[mainvpc]" ], "issue": "VPC flow logging should be enabled", "impact": "VPC flow logging should be enabled. AWS VPC Flow Logs provide visibility into network traffic that traverses the AWS VPC.\nUsers can use the flow logs to detect anomalous traffic or insight during security workflows.\n", @@ -75,12 +74,11 @@ "title": "VPC default security group allows unrestricted ingress traffic", "lineNumber": 16, "cloudConfigPath": [ - "aws_default_security_group", - "default", - "ingress", - 0, - "cidr_blocks", - 0 + "input", + "resource", + "aws_default_security_group[default]", + "ingress[0]", + "cidr_blocks[0]" ], "issue": "VPC default security group allows unrestricted ingress traffic", "impact": "Configuring all VPC default security groups to restrict all traffic encourages least privilege security\ngroup development and mindful placement of AWS resources into security groups which in turn reduces the exposure of those resources.\n", diff --git a/test/jest/unit/iac/process-results/fixtures/snyk-iac-test-text-output-data.json b/test/jest/unit/iac/process-results/fixtures/snyk-iac-test-text-output-data.json index 1276c81182..c483d14d74 100644 --- a/test/jest/unit/iac/process-results/fixtures/snyk-iac-test-text-output-data.json +++ b/test/jest/unit/iac/process-results/fixtures/snyk-iac-test-text-output-data.json @@ -8,8 +8,8 @@ "title": "VPC flow logging should be enabled", "lineNumber": -1, "cloudConfigPath": [ - "aws_vpc", - "mainvpc" + "resource", + "aws_vpc[mainvpc]" ], "issue": "VPC flow logging should be enabled", "impact": "VPC flow logging should be enabled. AWS VPC Flow Logs provide visibility into network traffic that traverses the AWS VPC.\nUsers can use the flow logs to detect anomalous traffic or insight during security workflows.\n", @@ -29,12 +29,11 @@ "title": "VPC default security group allows unrestricted ingress traffic", "lineNumber": -1, "cloudConfigPath": [ - "aws_default_security_group", - "default", - "ingress", - 0, - "cidr_blocks", - 0 + "input", + "resource", + "aws_default_security_group[default]", + "ingress[0]", + "cidr_blocks[0]" ], "issue": "VPC default security group allows unrestricted ingress traffic", "impact": "Configuring all VPC default security groups to restrict all traffic encourages least privilege security\ngroup development and mindful placement of AWS resources into security groups which in turn reduces the exposure of those resources.\n", @@ -54,8 +53,8 @@ "title": "VPC flow logging should be enabled", "lineNumber": 5, "cloudConfigPath": [ - "aws_vpc", - "mainvpc" + "resource", + "aws_vpc[mainvpc]" ], "issue": "VPC flow logging should be enabled", "impact": "VPC flow logging should be enabled. AWS VPC Flow Logs provide visibility into network traffic that traverses the AWS VPC.\nUsers can use the flow logs to detect anomalous traffic or insight during security workflows.\n", @@ -75,12 +74,11 @@ "title": "VPC default security group allows unrestricted ingress traffic", "lineNumber": 16, "cloudConfigPath": [ - "aws_default_security_group", - "default", - "ingress", - 0, - "cidr_blocks", - 0 + "input", + "resource", + "aws_default_security_group[default]", + "ingress[0]", + "cidr_blocks[0]" ], "issue": "VPC default security group allows unrestricted ingress traffic", "impact": "Configuring all VPC default security groups to restrict all traffic encourages least privilege security\ngroup development and mindful placement of AWS resources into security groups which in turn reduces the exposure of those resources.\n",