checkov icon indicating copy to clipboard operation
checkov copied to clipboard
verified publisher icon bridgecrewio

feat(general): add severity metadata to custom policy

Open dtrouillet opened this issue 1 year ago • 11 comments

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Description

For custom policies, we need to add information about severity. This severity can be other than Unknown in offline (airgapped environment)

I just add metadata.severity object in yaml custom policy definition.

Fixes #884

Checklist:

  • [x] I have performed a self-review of my own code
  • [x] I have commented my code, particularly in hard-to-understand areas
  • [x] I have made corresponding changes to the documentation
  • [x] I have added tests that prove my feature, policy, or fix is effective and works
  • [x] New and existing tests pass locally with my changes

dtrouillet avatar Jul 17 '24 13:07 dtrouillet

Great, this exactly what i need.

aamchi78 avatar Jul 17 '24 13:07 aamchi78

Hi @dtrouillet! Thanks a lot for contributing

the following unit-tests are failing

tests/arm/checks/resource/test_SkipJsonRegexPattern.py::TestSkipJsonRegexPattern::test_no_skip tests/arm/checks/resource/test_SkipJsonRegexPattern.py::TestSkipJsonRegexPattern::test_skip_specific_check
tests/arm/checks/resource/test_SkipJsonRegexPattern.py::TestSkipJsonRegexPattern::test_skip_specific_check_for_folder 
tests/arm/checks/resource/test_SkipJsonRegexPattern.py::TestSkipJsonRegexPattern::test_skip_specific_check_specific_file

seems that somehow even passed-checks become failed with this change. we will appreciate your awareness for it (-:

itai1357 avatar Jul 18 '24 11:07 itai1357

Hi @itai1357 ,

Theses unit tests are in failure on main branch without my pr : https://github.com/bridgecrewio/checkov/actions/runs/9988292968/job/27604459450

image

dtrouillet avatar Jul 18 '24 11:07 dtrouillet

Hi @dtrouillet. TNX you are right. my bad

itai1357 avatar Jul 18 '24 12:07 itai1357

@itai1357 , @achiar99 , can you review this PR please?

dtrouillet avatar Jul 25 '24 09:07 dtrouillet

@Saarett or @ChanochShayner can you review this pr please.

dtrouillet avatar Aug 03 '24 20:08 dtrouillet

@ChanochShayner , I just added UT and fix documentation

dtrouillet avatar Aug 05 '24 23:08 dtrouillet

@ChanochShayner I've made the modifications

dtrouillet avatar Aug 06 '24 09:08 dtrouillet

@ChanochShayner , I fixed the mypy issue and I added an UT for empty severity in custom policy

dtrouillet avatar Aug 06 '24 16:08 dtrouillet

@ChanochShayner sorry for the many mistakes, Python is clearly not my favorite language :/

dtrouillet avatar Aug 06 '24 17:08 dtrouillet

@itai1357, @omryMen , @achiar99 , can you review this PR please?

dtrouillet avatar Aug 14 '24 13:08 dtrouillet