feat(flags): ast 116512 support new cloud providers ibm cloud and oracle cloud

.github/scripts/queries-validator/metadata-schema.json

@@ -105,7 +105,9 @@
                 "azure",
                 "common",
                 "gcp",
+                "ibmcloud",
                 "nifcloud",
+                "oraclecloud",
                 "tencentcloud"
             ]
         },

README.md

@@ -218,6 +218,20 @@ Find security vulnerabilities, compliance issues, and infrastructure misconfigur
 </picture>
 </a>
 </td>
+<td>
+<a href="https://github.com/Checkmarx/kics/blob/master/docs/platforms.md#ibmcloud-for-terraform">
+<img alt="IBMCloud" src="docs/img/logo-ibmcloud.png" width="100">
+</a>
+</td>
+<td>
+<a href="https://github.com/Checkmarx/kics/blob/master/docs/platforms.md#oraclecloud-for-terraform">
+<picture>
+<source media="(prefers-color-scheme: light)" srcset="docs/img/logo-oraclecloud.png" width="180">
+<source media="(prefers-color-scheme: dark)" srcset="docs/img/logo-oraclecloud-dark.png" width="180">
+<img alt="OracleCloud" src="docs/img/logo-oraclecloud.png" width="100">
+</picture>
+</a>
+</td>
 </tr>
 </table>
 

assets/queries/terraform/ibmcloud/dummy_ibm_cloud_query/metadata.json

@@ -0,0 +1,13 @@
+{
+  "id": "00000000-0000-4000-a000-000000000001",
+  "queryName": "Dummy IBM Cloud query",
+  "severity": "MEDIUM",
+  "category": "Best Practices",
+  "descriptionText": "Dummy",
+  "descriptionUrl": "https://www.terraform.io/docs/providers/",
+  "platform": "Terraform",
+  "descriptionID": "00000000",
+  "cwe": "",
+  "cloudProvider": "ibmcloud",
+  "riskScore": "0.0"
+}

assets/queries/terraform/ibmcloud/dummy_ibm_cloud_query/query.rego

@@ -0,0 +1,51 @@
+package Cx
+
+import data.generic.common as common_lib
+import data.generic.terraform as tf_lib
+
+CxPolicy[result] {
+	resource := input.document[i].resource.github_repository[example]
+	not common_lib.valid_key(resource, "private")
+	not common_lib.valid_key(resource, "visibility")
+
+	result := {
+		"documentId": input.document[i].id,
+		"resourceType": "github_repository",
+		"resourceName": tf_lib.get_resource_name(resource, example),
+		"searchKey": sprintf("github_repository[%s]", [example]),
+		"issueType": "MissingAttribute",
+		"keyExpectedValue": "Attribute 'private' or Attribute 'visibility' should be defined and not null",
+		"keyActualValue": "Attribute 'private' and Attribute 'visibility' are undefined or null",
+	}
+}
+
+CxPolicy[result] {
+	resource := input.document[i].resource.github_repository[example]
+	resource.private == false
+	not resource.visibility
+
+	result := {
+		"documentId": input.document[i].id,
+		"resourceType": "github_repository",
+		"resourceName": tf_lib.get_resource_name(resource, example),
+		"searchKey": sprintf("github_repository[%s].private", [example]),
+		"issueType": "IncorrectValue",
+		"keyExpectedValue": "Attribute 'private' should be true",
+		"keyActualValue": "Attribute 'private' is false",
+	}
+}
+
+CxPolicy[result] {
+	resource := input.document[i].resource.github_repository[example]
+	resource.visibility == "public"
+
+	result := {
+		"documentId": input.document[i].id,
+		"resourceType": "github_repository",
+		"resourceName": tf_lib.get_resource_name(resource, example),
+		"searchKey": sprintf("github_repository[%s].visibility", [example]),
+		"issueType": "IncorrectValue",
+		"keyExpectedValue": "Attribute 'visibility' should be 'private'",
+		"keyActualValue": "Attribute 'visibility' is 'public'",
+	}
+}

assets/queries/terraform/ibmcloud/dummy_ibm_cloud_query/test/negative.tf

@@ -0,0 +1,11 @@
+resource "github_repository" "negative1" {
+  name        = "example"
+  description = "My awesome codebase"
+
+  private = true
+
+  template {
+    owner = "github"
+    repository = "terraform-module-template"
+  }
+}

assets/queries/terraform/ibmcloud/dummy_ibm_cloud_query/test/positive.tf

@@ -0,0 +1,34 @@
+resource "github_repository" "positive1" {
+  name        = "example"
+  description = "My awesome codebase"
+
+  template {
+    owner = "github"
+    repository = "terraform-module-template"
+  }
+}
+
+resource "github_repository" "positive2" {
+  name        = "example"
+  description = "My awesome codebase"
+
+  private = false
+
+  template {
+    owner = "github"
+    repository = "terraform-module-template"
+  }
+}
+
+resource "github_repository" "positive3" {
+  name        = "example"
+  description = "My awesome codebase"
+
+  private = true
+  visibility = "public"
+
+  template {
+    owner = "github"
+    repository = "terraform-module-template"
+  }
+}

assets/queries/terraform/ibmcloud/dummy_ibm_cloud_query/test/positive_expected_result.json

@@ -0,0 +1,17 @@
+[
+  {
+    "queryName": "Dummy IBM Cloud query",
+    "severity": "MEDIUM",
+    "line": 1
+  },
+  {
+    "queryName": "Dummy IBM Cloud query",
+    "severity": "MEDIUM",
+    "line": 15
+  },
+  {
+    "queryName": "Dummy IBM Cloud query",
+    "severity": "MEDIUM",
+    "line": 28
+  }
+]

assets/queries/terraform/oraclecloud/dummy_oracle_cloud_query/metadata.json

@@ -0,0 +1,13 @@
+{
+  "id": "00000000-0000-4000-a000-000000000000",
+  "queryName": "Dummy Oracle Cloud query",
+  "severity": "MEDIUM",
+  "category": "Best Practices",
+  "descriptionText": "Dummy",
+  "descriptionUrl": "https://www.terraform.io/docs/providers/",
+  "platform": "Terraform",
+  "descriptionID": "00000001",
+  "cwe": "",
+  "cloudProvider": "oraclecloud",
+  "riskScore": "0.0"
+}

assets/queries/terraform/oraclecloud/dummy_oracle_cloud_query/query.rego

@@ -0,0 +1,51 @@
+package Cx
+
+import data.generic.common as common_lib
+import data.generic.terraform as tf_lib
+
+CxPolicy[result] {
+	resource := input.document[i].resource.github_repository[example]
+	not common_lib.valid_key(resource, "private")
+	not common_lib.valid_key(resource, "visibility")
+
+	result := {
+		"documentId": input.document[i].id,
+		"resourceType": "github_repository",
+		"resourceName": tf_lib.get_resource_name(resource, example),
+		"searchKey": sprintf("github_repository[%s]", [example]),
+		"issueType": "MissingAttribute",
+		"keyExpectedValue": "Attribute 'private' or Attribute 'visibility' should be defined and not null",
+		"keyActualValue": "Attribute 'private' and Attribute 'visibility' are undefined or null",
+	}
+}
+
+CxPolicy[result] {
+	resource := input.document[i].resource.github_repository[example]
+	resource.private == false
+	not resource.visibility
+
+	result := {
+		"documentId": input.document[i].id,
+		"resourceType": "github_repository",
+		"resourceName": tf_lib.get_resource_name(resource, example),
+		"searchKey": sprintf("github_repository[%s].private", [example]),
+		"issueType": "IncorrectValue",
+		"keyExpectedValue": "Attribute 'private' should be true",
+		"keyActualValue": "Attribute 'private' is false",
+	}
+}
+
+CxPolicy[result] {
+	resource := input.document[i].resource.github_repository[example]
+	resource.visibility == "public"
+
+	result := {
+		"documentId": input.document[i].id,
+		"resourceType": "github_repository",
+		"resourceName": tf_lib.get_resource_name(resource, example),
+		"searchKey": sprintf("github_repository[%s].visibility", [example]),
+		"issueType": "IncorrectValue",
+		"keyExpectedValue": "Attribute 'visibility' should be 'private'",
+		"keyActualValue": "Attribute 'visibility' is 'public'",
+	}
+}

assets/queries/terraform/oraclecloud/dummy_oracle_cloud_query/test/negative.tf

@@ -0,0 +1,11 @@
+resource "github_repository" "negative1" {
+  name        = "example"
+  description = "My awesome codebase"
+
+  private = true
+
+  template {
+    owner = "github"
+    repository = "terraform-module-template"
+  }
+}

assets/queries/terraform/oraclecloud/dummy_oracle_cloud_query/test/positive.tf

@@ -0,0 +1,34 @@
+resource "github_repository" "positive1" {
+  name        = "example"
+  description = "My awesome codebase"
+
+  template {
+    owner = "github"
+    repository = "terraform-module-template"
+  }
+}
+
+resource "github_repository" "positive2" {
+  name        = "example"
+  description = "My awesome codebase"
+
+  private = false
+
+  template {
+    owner = "github"
+    repository = "terraform-module-template"
+  }
+}
+
+resource "github_repository" "positive3" {
+  name        = "example"
+  description = "My awesome codebase"
+
+  private = true
+  visibility = "public"
+
+  template {
+    owner = "github"
+    repository = "terraform-module-template"
+  }
+}

assets/queries/terraform/oraclecloud/dummy_oracle_cloud_query/test/positive_expected_result.json

@@ -0,0 +1,17 @@
+[
+  {
+    "queryName": "Dummy Oracle Cloud query",
+    "severity": "MEDIUM",
+    "line": 1
+  },
+  {
+    "queryName": "Dummy Oracle Cloud query",
+    "severity": "MEDIUM",
+    "line": 15
+  },
+  {
+    "queryName": "Dummy Oracle Cloud query",
+    "severity": "MEDIUM",
+    "line": 28
+  }
+]

docs/commands.md

@@ -38,7 +38,7 @@ Use "kics [command] --help" for more information about a command.
 | Flags                       | Description                                                                                                                                                                                                                                                                                 |
 |-----------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 |-m, --bom                           | include bill of materials (BoM) in results output                                                                                                                                                                                                                                           |
-|      --cloud-provider strings      | list of cloud providers to scan (alicloud,aws,azure,gcp,nifcloud,tencentcloud)                                                                                                                                                                                                              |
+|      --cloud-provider strings      | list of cloud providers to scan (alicloud,aws,azure,gcp,ibmcloud,nifcloud,oraclecloud,tencentcloud)                                                                                                                                                                                                              |
 |      --config string               | path to configuration file                                                                                                                                                                                                                                                                  |
 |      --old-severities              | uses old severities in query results                                                                                                                                                                                                                                                        |
 |      --disable-full-descriptions   | disable request for full descriptions and use default vulnerability descriptions                                                                                                                                                                                                            |

docs/dockerhub.md

@@ -107,7 +107,7 @@ Usage:
 
 Flags:
   -m, --bom                           include bill of materials (BoM) in results output
-      --cloud-provider strings        list of cloud providers to scan (alicloud,aws,azure,gcp,nifcloud,tencentcloud)
+      --cloud-provider strings        list of cloud providers to scan (alicloud,aws,azure,gcp,ibmcloud,nifcloud,oraclecloud,tencentcloud)
       --config string                 path to configuration file
       --old-severities                use old severities in query results (excludes critical severity)
       --disable-full-descriptions     disable request for full descriptions and use default vulnerability descriptions

docs/index.md

@@ -153,6 +153,12 @@ KICS scans and detects issues in following Infrastructure as Code solutions:
 <div class="card"  style="min-width:80;flex:0 0 25%;display:flex;align-items:center;justify-content:center;margin:8px">
         <img alt="TencentCloud" src="img/logo-tencentcloud.png" width="120">&nbsp;&nbsp;&nbsp;
 </div>
+<div class="card" style="min-width:80;flex:0 0 25%;display:flex;align-items:center;justify-content:center;margin:8px">
+        <img alt="IBMCloud" src="img/logo-ibmcloud.png" width="90">&nbsp;&nbsp;&nbsp;
+</div>
+<div class="card"  style="min-width:80;flex:0 0 25%;display:flex;align-items:center;justify-content:center;margin:8px">
+        <img alt="OracleCloud" src="img/logo-oraclecloud.png" width="120">&nbsp;&nbsp;&nbsp;
+</div>
 </div>
 
 ## Getting Started

docs/platforms.md

@@ -195,6 +195,14 @@ KICS supports scanning Databricks under Terraform file extension (`.tf`).
 
 KICS supports scanning TencentCloud under Terraform file extension (`.tf`).
 
+### IBMCloud for Terraform
+
+KICS supports scanning IBMCloud under Terraform file extension (`.tf`).
+
+### OracleCloud for Terraform
+
+KICS supports scanning OracleCloud under Terraform file extension (`.tf`).
+
 ### Terraform variables path
 
 When using vars in a terraform file there are 2 ways of passing the file in which a variable's value is present.

e2e/fixtures/assets/scan_help

@@ -3,7 +3,7 @@ Usage:
 
 Flags:
   -m, --bom                           include bill of materials (BoM) in results output
-      --cloud-provider strings        list of cloud providers to scan (alicloud,aws,azure,gcp,nifcloud,tencentcloud)
+      --cloud-provider strings        list of cloud providers to scan (alicloud,aws,azure,gcp,ibmcloud,nifcloud,oraclecloud,tencentcloud)
       --config string                 path to configuration file
       --disable-full-descriptions     disable request for full descriptions and use default vulnerability descriptions
       --disable-secrets               disable secrets scanning

internal/constants/constants.go

@@ -84,7 +84,9 @@ var (
 		"aws":          "",
 		"azure":        "",
 		"gcp":          "",
+		"ibmcloud":     "",
 		"nifcloud":     "",
+		"oraclecloud":  "",
 		"tencentcloud": "",
 	}
 )

pkg/engine/source/filesystem.go

@@ -82,7 +82,7 @@ func ListSupportedPlatforms() []string {
 
 // ListSupportedCloudProviders returns a list of supported cloud providers
 func ListSupportedCloudProviders() []string {
-	return []string{"alicloud", "aws", "azure", "gcp", "nifcloud", "tencentcloud"}
+	return []string{"alicloud", "aws", "azure", "gcp", "ibmcloud", "nifcloud", "oraclecloud", "tencentcloud"}
 }
 
 func getLibraryInDir(platform, libraryDirPath string) string {

pkg/engine/source/filesystem_test.go

@@ -821,7 +821,7 @@ func TestSource_validateMetadata(t *testing.T) {
 
 // TestSource_ListSupportedCloudProviders tests the function ListSupportedCloudProviders.
 func TestSource_ListSupportedCloudProviders(t *testing.T) {
-	want := []string{"alicloud", "aws", "azure", "gcp", "nifcloud", "tencentcloud"}
+	want := []string{"alicloud", "aws", "azure", "gcp", "ibmcloud", "nifcloud", "oraclecloud", "tencentcloud"}
 	t.Run("test List Supported CP", func(t *testing.T) {
 		got := ListSupportedCloudProviders()
 		require.Equal(t, want, got)

test/main_test.go

@@ -41,7 +41,9 @@ var (
 		"../assets/queries/terraform/kubernetes":            {FileKind: []model.FileKind{model.KindTerraform, model.KindJSON}, Platform: "terraform"},
 		"../assets/queries/terraform/general":               {FileKind: []model.FileKind{model.KindTerraform, model.KindJSON}, Platform: "terraform"},
 		"../assets/queries/terraform/alicloud":              {FileKind: []model.FileKind{model.KindTerraform, model.KindJSON}, Platform: "terraform"},
+		"../assets/queries/terraform/ibmcloud":              {FileKind: []model.FileKind{model.KindTerraform, model.KindJSON}, Platform: "terraform"},
 		"../assets/queries/terraform/nifcloud":              {FileKind: []model.FileKind{model.KindTerraform, model.KindJSON}, Platform: "terraform"},
+		"../assets/queries/terraform/oraclecloud":           {FileKind: []model.FileKind{model.KindTerraform, model.KindJSON}, Platform: "terraform"},
 		"../assets/queries/terraform/tencentcloud":          {FileKind: []model.FileKind{model.KindTerraform, model.KindJSON}, Platform: "terraform"},
 		"../assets/queries/crossplane/aws":                  {FileKind: []model.FileKind{model.KindYAML}, Platform: "crossplane"},
 		"../assets/queries/crossplane/azure":                {FileKind: []model.FileKind{model.KindYAML}, Platform: "crossplane"},