Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

bug(sarif): we need to handle schema for URI's for misconfig #7897

Closed
DmitriyLewen opened this issue Nov 11, 2024 Discussed in #7893 · 6 comments · Fixed by #7898
Closed

bug(sarif): we need to handle schema for URI's for misconfig #7897

DmitriyLewen opened this issue Nov 11, 2024 Discussed in #7893 · 6 comments · Fixed by #7898
Assignees
Labels
kind/bug Categorizes issue or PR as related to a bug.
Milestone

Comments

@DmitriyLewen
Copy link
Contributor

DmitriyLewen commented Nov 11, 2024

Description

We already clear URI with git::https:/ schema:

return strings.ReplaceAll(strings.ReplaceAll(s, "\\", "/"), "git::https:/", "")

We need to add logic for [email protected] schema.

Discussed in #7893

@DmitriyLewen DmitriyLewen added the kind/bug Categorizes issue or PR as related to a bug. label Nov 11, 2024
@DmitriyLewen DmitriyLewen changed the title bug(sarif): we need to handle protocol for misconfig URI bug(sarif): we need to handle protocol for misconfig URI's Nov 11, 2024
@DmitriyLewen DmitriyLewen changed the title bug(sarif): we need to handle protocol for misconfig URI's bug(sarif): we need to handle schema for misconfig URI's Nov 11, 2024
@DmitriyLewen DmitriyLewen changed the title bug(sarif): we need to handle schema for misconfig URI's bug(sarif): we need to handle schema for URI's for misconfig Nov 11, 2024
@DmitriyLewen DmitriyLewen self-assigned this Nov 11, 2024
@nikpivkin
Copy link
Contributor

I think we also need to properly handle other types of sources that we support

@nikpivkin
Copy link
Contributor

I also noticed that the URI after cleaning may be valid but not correct. For example ‘git::https://example.com/vpc.git?ref=v1.2.0’ will become example.com/vpc?ref=v1.2.0, but nothing will be found at that link.

@DmitriyLewen
Copy link
Contributor Author

I think we also need to properly handle other types of sources that we support

Do you have a list of possible types for misconfigs?

For example ‘git::https://example.com/vpc.git?ref=v1.2.0’ will become example.com/vpc?ref=v1.2.0, but nothing will be found at that link.

Hm... This is weird. hen what link should we show here?

@nikpivkin
Copy link
Contributor

nikpivkin commented Nov 13, 2024

Do you have a list of possible types for misconfigs?

https://developer.hashicorp.com/terraform/language/modules/sources#module-sources

Hm... This is weird. hen what link should we show here?

Here's an example for an existing module:
[email protected]:terraform-aws-modules/terraform-aws-s3-bucket.git?ref=v4.2.0/main.tf -> github.com/terraform-aws-modules/terraform-aws-s3-bucket/tree/v4.2.0/main.tf

But I think it's worth studying the specification better.

upd: GitHub only works with local URIs.

@DmitriyLewen
Copy link
Contributor Author

https://developer.hashicorp.com/terraform/language/modules/sources#module-sources

I will take a look

upd: GitHub only works with local URIs.

So we can skip other URIs (e.g. github, bitbacket, etc.), right?

@DmitriyLewen
Copy link
Contributor Author

@nikpivkin I updated #7898 for GitHub links and other types.

@knqyf263 knqyf263 added this to the v0.58.0 milestone Nov 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/bug Categorizes issue or PR as related to a bug.
Projects
Status: No status
Development

Successfully merging a pull request may close this issue.

3 participants