kics icon indicating copy to clipboard operation
kics copied to clipboard
verified publisher icon Checkmarx

Kics fails to scan files with "#" in the filename

Open ayala-orca opened this issue 2 years ago • 3 comments

When running the following commands

mkdir test
touch "test/my#file.tf"
docker run -t -v $PWD:/path checkmarx/kics scan -p "/path/test/my#file.tf"

Kics output is showing the following error:

Scanning with Keeping Infrastructure as Code Secure v1.7.2


Error: stat /path/test/my: no such file or directory
Usage:
  kics scan [flags]

However, when scanning the directory that contains this file the file is included in the scan as expected.

 running docker run -t -v $PWD:/path checkmarx/kics scan -p "/path/test"
image

ayala-orca avatar Jul 05 '23 14:07 ayala-orca

It looks like the issue is in go-getter https://github.com/hashicorp/go-getter/blob/c12e42f9c2a92e05cc134fcc24891b3c190826ec/get_file.go#L19

go-getter parses the path to a URL object and then uses the u.Path field. However, u.Path is missing the fragment part of the path. I will open an issue in their repo

ayala-orca avatar Jul 06 '23 10:07 ayala-orca

Hello @ayala-orca. I appreciate your initiative by opening an issue in go-getter repo.

Best regards

cx-henriqueAlvelos avatar Jul 21 '23 16:07 cx-henriqueAlvelos

Reference to go getter ticket - https://github.com/hashicorp/go-getter/issues/446

lior-orca avatar Aug 07 '23 17:08 lior-orca