From efb4678beaa82926b72882c0bf1135e992da1797 Mon Sep 17 00:00:00 2001
From: Owen Rumney <owen.rumney@aquasec.com>
Date: Tue, 30 Nov 2021 09:17:22 +0000
Subject: [PATCH] Update code scanning dependencies

- update cfsec
- update tfsec
---
 config/scanner/scanner.go      |  6 +++---
 config/scanner/scanner_test.go | 20 ++++++++++----------
 go.mod                         |  6 +++---
 go.sum                         | 17 ++++++-----------
 4 files changed, 22 insertions(+), 27 deletions(-)

diff --git a/config/scanner/scanner.go b/config/scanner/scanner.go
index 445d0eded..a47d5d178 100644
--- a/config/scanner/scanner.go
+++ b/config/scanner/scanner.go
@@ -135,7 +135,7 @@ func (s Scanner) scanCloudFormationByCFSec(files []types.Config) ([]types.Miscon
 			misconfResult := types.MisconfResult{
 				Message: result.Description,
 				PolicyMetadata: types.PolicyMetadata{
-					ID:                 result.AVDID,
+					ID:                 result.RuleID,
 					Type:               "Cloudformation Security Check powered by cfsec",
 					Title:              result.RuleSummary,
 					Description:        result.Impact,
@@ -150,9 +150,9 @@ func (s Scanner) scanCloudFormationByCFSec(files []types.Config) ([]types.Miscon
 				},
 			}
 
-			filePath, err := filepath.Rel(rootDir, result.Location.Filename)
+			filePath, err := filepath.Rel(rootDir, file.FilePath)
 			if err != nil {
-				return nil, xerrors.Errorf("filepath rel: %w", err)
+				return nil, xerrors.Errorf("filepath rel, root: [%s], result: [%s] %w", rootDir, result.Location.Filename, err)
 			}
 
 			misconf, ok := misConfs[filePath]
diff --git a/config/scanner/scanner_test.go b/config/scanner/scanner_test.go
index cfab2008f..d0434bfe6 100644
--- a/config/scanner/scanner_test.go
+++ b/config/scanner/scanner_test.go
@@ -137,8 +137,8 @@ func TestScanner_ScanConfig(t *testing.T) {
 						},
 						IacMetadata: types.IacMetadata{
 							Resource:  "S3Bucket",
-							StartLine: 12,
-							EndLine:   24,
+							StartLine: 18,
+							EndLine:   18,
 						},
 					},
 					{
@@ -154,8 +154,8 @@ func TestScanner_ScanConfig(t *testing.T) {
 						},
 						IacMetadata: types.IacMetadata{
 							Resource:  "S3Bucket",
-							StartLine: 12,
-							EndLine:   24,
+							StartLine: 19,
+							EndLine:   19,
 						},
 					},
 					{
@@ -171,7 +171,7 @@ func TestScanner_ScanConfig(t *testing.T) {
 						},
 						IacMetadata: types.IacMetadata{
 							Resource:  "S3Bucket",
-							StartLine: 12,
+							StartLine: 24,
 							EndLine:   24,
 						},
 					},
@@ -222,8 +222,8 @@ func TestScanner_ScanConfig(t *testing.T) {
 						},
 						IacMetadata: types.IacMetadata{
 							Resource:  "S3Bucket",
-							StartLine: 12,
-							EndLine:   24,
+							StartLine: 21,
+							EndLine:   21,
 						},
 					},
 				},
@@ -375,7 +375,7 @@ func TestScanner_ScanConfig(t *testing.T) {
 							RecommendedActions: "Add descriptions for all security groups and rules",
 							Severity:           "LOW",
 							References: []string{
-								"https://tfsec.dev/docs/aws/vpc/add-description-to-security-group#aws/vpc",
+								"https://aquasecurity.github.io/tfsec/latest/checks/aws/vpc/add-description-to-security-group",
 								"https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group",
 								"https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule",
 								"https://www.cloudconformity.com/knowledge-base/aws/EC2/security-group-rules-description.html",
@@ -397,7 +397,7 @@ func TestScanner_ScanConfig(t *testing.T) {
 							RecommendedActions: "Set a more restrictive cidr range",
 							Severity:           "CRITICAL",
 							References: []string{
-								"https://tfsec.dev/docs/aws/vpc/no-public-ingress-sgr#aws/vpc",
+								"https://aquasecurity.github.io/tfsec/latest/checks/aws/vpc/no-public-ingress-sgr",
 								"https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule#cidr_blocks",
 								"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-rules-reference.html",
 							},
@@ -418,7 +418,7 @@ func TestScanner_ScanConfig(t *testing.T) {
 							RecommendedActions: "Enable encryption on managed disks",
 							Severity:           "HIGH",
 							References: []string{
-								"https://tfsec.dev/docs/azure/compute/enable-disk-encryption#azure/compute",
+								"https://aquasecurity.github.io/tfsec/latest/checks/azure/compute/enable-disk-encryption",
 								"https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/managed_disk",
 								"https://docs.microsoft.com/en-us/azure/virtual-machines/linux/disk-encryption",
 							},
diff --git a/go.mod b/go.mod
index d6bf32c8a..c227c6d22 100644
--- a/go.mod
+++ b/go.mod
@@ -6,11 +6,11 @@ require (
 	github.com/BurntSushi/toml v0.4.1
 	github.com/GoogleCloudPlatform/docker-credential-gcr v1.5.0
 	github.com/alicebob/miniredis/v2 v2.16.0
-	github.com/aquasecurity/cfsec v0.0.12
-	github.com/aquasecurity/defsec v0.0.30
+	github.com/aquasecurity/cfsec v0.2.2
+	github.com/aquasecurity/defsec v0.0.37
 	github.com/aquasecurity/go-dep-parser v0.0.0-20211110174639-8257534ffed3
 	github.com/aquasecurity/testdocker v0.0.0-20210911155206-e1e85f5a1516
-	github.com/aquasecurity/tfsec v0.59.0
+	github.com/aquasecurity/tfsec v0.61.3
 	github.com/aws/aws-sdk-go v1.42.0
 	github.com/docker/docker v20.10.10+incompatible
 	github.com/docker/go-connections v0.4.0
diff --git a/go.sum b/go.sum
index 13f65a8f6..08bbd318a 100644
--- a/go.sum
+++ b/go.sum
@@ -190,19 +190,16 @@ github.com/apparentlymart/go-textseg v1.0.0/go.mod h1:z96Txxhf3xSFMPmb5X/1W05FF/
 github.com/apparentlymart/go-textseg/v12 v12.0.0/go.mod h1:S/4uRK2UtaQttw1GenVJEynmyUenKwP++x/+DdGV/Ec=
 github.com/apparentlymart/go-textseg/v13 v13.0.0 h1:Y+KvPE1NYz0xl601PVImeQfFyEy6iT90AvPUL1NNfNw=
 github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo=
-github.com/aquasecurity/cfsec v0.0.12 h1:6zvaJ34qKbElT5CyeMDre5WxtphPCt+XXKqz0Atj14s=
-github.com/aquasecurity/cfsec v0.0.12/go.mod h1:26CqZRuXnPWAEqN2duORHQAPfz8Fh5FjVE+AT0wu78k=
-github.com/aquasecurity/defsec v0.0.30 h1:7GSGUUH0xeWRlyLeksdYz+PLZqQu6taICzapGvdlu4c=
-github.com/aquasecurity/defsec v0.0.30/go.mod h1:E53TX/xJkcgpJyF5GPSat3Z+cZiLyvSNBdJAyfdl3fc=
-github.com/aquasecurity/go-dep-parser v0.0.0-20211013074621-eb58e8565220 h1:4ck6/2PNmzcNPUgFT3gCq6oVFB/Do/qiasRuBL9xGDI=
-github.com/aquasecurity/go-dep-parser v0.0.0-20211013074621-eb58e8565220/go.mod h1:Zc7Eo6tFl9l4XcqsWeabD7jHnXRBK/LdgZuu9GTSVLU=
+github.com/aquasecurity/cfsec v0.2.2 h1:hq6MZlg7XFZsrerCv297N4HRlnJM7K6LLd/l/xCz1no=
+github.com/aquasecurity/cfsec v0.2.2/go.mod h1:sUELRJqIPXTOZiHUx7TzyyFFzuk0W22IG6IWAoV8T6U=
+github.com/aquasecurity/defsec v0.0.37 h1:zdZndlKrW257b8VLK1UwfmXiyPuDrNA+wzBilHRk1LA=
+github.com/aquasecurity/defsec v0.0.37/go.mod h1:csaBEcJ3AKy44expnW0dCANEZcS/c1vcJjwBCbnKWBM=
 github.com/aquasecurity/go-dep-parser v0.0.0-20211110174639-8257534ffed3 h1:zYNhYU4HUqJq+Lqhwf68gvd+v0cKqM2XOmggtHYLkoU=
 github.com/aquasecurity/go-dep-parser v0.0.0-20211110174639-8257534ffed3/go.mod h1:Zc7Eo6tFl9l4XcqsWeabD7jHnXRBK/LdgZuu9GTSVLU=
 github.com/aquasecurity/testdocker v0.0.0-20210911155206-e1e85f5a1516 h1:moQmzbpLo5dxHQCyEhqzizsDSNrNhn/7uRTCZzo4A1o=
 github.com/aquasecurity/testdocker v0.0.0-20210911155206-e1e85f5a1516/go.mod h1:gTd97VdQ0rg8Mkiic3rPgNOQdprZ7feTAhiD5mGQjgM=
-github.com/aquasecurity/tfsec v0.58.14/go.mod h1:RcgH8QFJSE+p7Sf/WAF7chGTL/xULi7muiNdqIsUkOE=
-github.com/aquasecurity/tfsec v0.59.0 h1:HATgpKbiUEWnJ8PU3CJpHMJCEhVgJG9E32m7uEp44oo=
-github.com/aquasecurity/tfsec v0.59.0/go.mod h1:MR3uDlWu+fBTisFndR+NwjSGt06RBhkE++JzKRJ0Ggs=
+github.com/aquasecurity/tfsec v0.61.3 h1:jaBuFaq/0YDDqHeTR+SkD/A1XShN0+9W9/rPGlw7kmQ=
+github.com/aquasecurity/tfsec v0.61.3/go.mod h1:MR3uDlWu+fBTisFndR+NwjSGt06RBhkE++JzKRJ0Ggs=
 github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
 github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
 github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
@@ -1075,7 +1072,6 @@ github.com/openzipkin/zipkin-go v0.1.1/go.mod h1:NtoC/o8u3JlF1lSlyPNswIbeQH9bJTm
 github.com/openzipkin/zipkin-go v0.1.3/go.mod h1:NtoC/o8u3JlF1lSlyPNswIbeQH9bJTmOf0Erfk+hxe8=
 github.com/openzipkin/zipkin-go v0.1.6/go.mod h1:QgAqvLzwWbR/WpD4A3cGpPtJrZXNIiJc5AZX7/PBEpw=
 github.com/owenrumney/go-sarif v1.0.10/go.mod h1:sgJM0ZaZ28jT8t8Iq3/mUCFBW9cX09EobIBXYOhiYBc=
-github.com/owenrumney/go-sarif v1.0.11/go.mod h1:hTBFbxU7GuVRUvwMx+eStp9M/Oun4xHCS3vqpPvket8=
 github.com/owenrumney/go-sarif v1.0.12/go.mod h1:Jk5smXU9QuCqTdh4N3PehnG+azzrf0XcQ267ZwAG8Ho=
 github.com/owenrumney/squealer v0.2.28 h1:LYsqUHal+5QlANjbZ+h44SN5kIZSfHCWKUzBAS1KwB0=
 github.com/owenrumney/squealer v0.2.28/go.mod h1:wwVPzhjiUBILIdDtnzGSEcapXczIj/tONP+ZJ49IhPY=
@@ -1335,7 +1331,6 @@ github.com/zclconf/go-cty v1.2.0/go.mod h1:hOPWgoHbaTUnI5k4D2ld+GRpFJSCe6bCM7m1q
 github.com/zclconf/go-cty v1.6.1/go.mod h1:VDR4+I79ubFBGm1uJac1226K5yANQFHeauxPBoP54+o=
 github.com/zclconf/go-cty v1.8.0/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk=
 github.com/zclconf/go-cty v1.8.3/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk=
-github.com/zclconf/go-cty v1.8.4/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk=
 github.com/zclconf/go-cty v1.9.1/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk=
 github.com/zclconf/go-cty v1.10.0 h1:mp9ZXQeIcN8kAwuqorjH+Q+njbJKjLrvB2yIh4q7U+0=
 github.com/zclconf/go-cty v1.10.0/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk=