forked from Checkmarx/kics
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'Checkmarx:master' into master
- Loading branch information
Showing
1,851 changed files
with
9,543 additions
and
3,803 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
12 changes: 12 additions & 0 deletions
12
assets/queries/terraform/databricks/autoscale_badly_setup/metadata.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| { | ||
| "id": "953c0cc6-5f30-44cb-a803-bf4ef2571be8", | ||
| "queryName": "Databricks Autoscale Badly Setup", | ||
| "severity": "MEDIUM", | ||
| "category": "Resource Management", | ||
| "descriptionText": "Databricks should have min and max worker setup for autoscale", | ||
| "descriptionUrl": "https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/cluster", | ||
| "descriptionID": "e6eabd3e", | ||
| "platform": "Terraform", | ||
| "cloudProvider": "common", | ||
| "experimental": "true" | ||
| } |
33 changes: 33 additions & 0 deletions
33
assets/queries/terraform/databricks/autoscale_badly_setup/query.rego
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,33 @@ | ||
| package Cx | ||
|
|
||
| import data.generic.terraform as tf_lib | ||
|
|
||
| CxPolicy[result] { | ||
| resource := input.document[i].resource.databricks_cluster[name] | ||
| not resource.autoscale.min_workers | ||
|
|
||
| result := { | ||
| "documentId": input.document[i].id, | ||
| "resourceType": "databricks_cluster", | ||
| "resourceName": tf_lib.get_resource_name(resource, name), | ||
| "searchKey": sprintf("databricks_cluster[%s].autoscale", [name]), | ||
| "issueType": "MissingAttribute", | ||
| "keyExpectedValue": sprintf("'databricks_cluster[%s].autoscale.min_workers' should not be empty", [name]), | ||
| "keyActualValue": sprintf("'databricks_cluster[%s].autoscale.min_workers' is not setup'", [name]), | ||
| } | ||
| } | ||
|
|
||
| CxPolicy[result] { | ||
| resource := input.document[i].resource.databricks_cluster[name] | ||
| not resource.autoscale.max_workers | ||
|
|
||
| result := { | ||
| "documentId": input.document[i].id, | ||
| "resourceType": "databricks_cluster", | ||
| "resourceName": tf_lib.get_resource_name(resource, name), | ||
| "searchKey": sprintf("databricks_cluster[%s].autoscale", [name]), | ||
| "issueType": "MissingAttribute", | ||
| "keyExpectedValue": sprintf("'databricks_cluster[%s].autoscale.max_workers' should not be empty", [name]), | ||
| "keyActualValue": sprintf("'databricks_cluster[%s].autoscale.max_workers' is not setup'", [name]), | ||
| } | ||
| } |
16 changes: 16 additions & 0 deletions
16
assets/queries/terraform/databricks/autoscale_badly_setup/test/negative.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,16 @@ | ||
| resource "databricks_cluster" "negative" { | ||
| cluster_name = "Shared Autoscaling" | ||
| spark_version = data.databricks_spark_version.latest.id | ||
| node_type_id = data.databricks_node_type.smallest.id | ||
| autotermination_minutes = 20 | ||
| autoscale { | ||
| min_workers = 1 | ||
| max_workers = 50 | ||
| } | ||
| aws_attributes { | ||
| availability = "SPOT_WITH_FALLBACK" | ||
| zone_id = "auto" | ||
| first_on_demand = 1 | ||
| spot_bid_price_percent = 100 | ||
| } | ||
| } |
15 changes: 15 additions & 0 deletions
15
assets/queries/terraform/databricks/autoscale_badly_setup/test/positive1.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,15 @@ | ||
| resource "databricks_cluster" "positive1" { | ||
| cluster_name = "Shared Autoscaling" | ||
| spark_version = data.databricks_spark_version.latest.id | ||
| node_type_id = data.databricks_node_type.smallest.id | ||
| autotermination_minutes = 20 | ||
| autoscale { | ||
| min_workers = 1 | ||
| } | ||
| aws_attributes { | ||
| availability = "SPOT" | ||
| zone_id = "us-east-1" | ||
| first_on_demand = 1 | ||
| spot_bid_price_percent = 100 | ||
| } | ||
| } |
15 changes: 15 additions & 0 deletions
15
assets/queries/terraform/databricks/autoscale_badly_setup/test/positive2.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,15 @@ | ||
| resource "databricks_cluster" "positive2" { | ||
| cluster_name = "Shared Autoscaling" | ||
| spark_version = data.databricks_spark_version.latest.id | ||
| node_type_id = data.databricks_node_type.smallest.id | ||
| autotermination_minutes = 20 | ||
| autoscale { | ||
| max_workers = 50 | ||
| } | ||
| aws_attributes { | ||
| availability = "SPOT" | ||
| zone_id = "us-east-1" | ||
| first_on_demand = 1 | ||
| spot_bid_price_percent = 100 | ||
| } | ||
| } |
14 changes: 14 additions & 0 deletions
14
assets/queries/terraform/databricks/autoscale_badly_setup/test/positive_expected_result.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,14 @@ | ||
| [ | ||
| { | ||
| "queryName": "Databricks Autoscale Badly Setup", | ||
| "severity": "MEDIUM", | ||
| "line": 6, | ||
| "fileName": "positive1.tf" | ||
| }, | ||
| { | ||
| "queryName": "Databricks Autoscale Badly Setup", | ||
| "severity": "MEDIUM", | ||
| "line": 6, | ||
| "fileName": "positive2.tf" | ||
| } | ||
| ] |
12 changes: 12 additions & 0 deletions
12
assets/queries/terraform/databricks/cluster_aws_attributes/metadata.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| { | ||
| "id": "b0749c53-e3ff-4d09-bbe4-dca94e2e7a38", | ||
| "queryName": "Check Databricks Cluster AWS Attribute Best Practices", | ||
| "severity": "MEDIUM", | ||
| "category": "Best Practices", | ||
| "descriptionText": "One or some Databricks Cluster AWS Attribute Best Practices are not respected", | ||
| "descriptionUrl": "https://docs.databricks.com/clusters/cluster-config-best-practices.html", | ||
| "descriptionID": "b6345aa6", | ||
| "platform": "Terraform", | ||
| "cloudProvider": "common", | ||
| "experimental": "true" | ||
| } |
63 changes: 63 additions & 0 deletions
63
assets/queries/terraform/databricks/cluster_aws_attributes/query.rego
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,63 @@ | ||
| package Cx | ||
|
|
||
| import data.generic.terraform as tf_lib | ||
|
|
||
| CxPolicy[result] { | ||
| resource := input.document[i].resource.databricks_cluster[name] | ||
| resource.aws_attributes.availability == "SPOT" | ||
|
|
||
| result := { | ||
| "documentId": input.document[i].id, | ||
| "resourceType": "databricks_cluster", | ||
| "resourceName": tf_lib.get_resource_name(resource, name), | ||
| "searchKey": sprintf("databricks_cluster[%s].aws_attributes.availability", [name]), | ||
| "issueType": "IncorrectValue", | ||
| "keyExpectedValue": sprintf("'databricks_cluster[%s].aws_attributes.availability' should not be equal to 'SPOT'", [name]), | ||
| "keyActualValue": sprintf("'databricks_cluster[%s].aws_attributes.availability' is equal to 'SPOT'", [name]), | ||
| } | ||
| } | ||
|
|
||
| CxPolicy[result] { | ||
| resource := input.document[i].resource.databricks_cluster[name] | ||
| resource.aws_attributes.first_on_demand == 0 | ||
|
|
||
| result := { | ||
| "documentId": input.document[i].id, | ||
| "resourceType": "databricks_cluster", | ||
| "resourceName": tf_lib.get_resource_name(resource, name), | ||
| "searchKey": sprintf("databricks_cluster[%s].aws_attributes.first_on_demand", [name]), | ||
| "issueType": "IncorrectValue", | ||
| "keyExpectedValue": sprintf("'databricks_cluster[%s].aws_attributes.first_on_demand' should not be equal to '0'", [name]), | ||
| "keyActualValue": sprintf("'databricks_cluster[%s].aws_attributes.first_on_demand' is equal to '0'", [name]), | ||
| } | ||
| } | ||
|
|
||
| CxPolicy[result] { | ||
| resource := input.document[i].resource.databricks_cluster[name].aws_attributes | ||
| not resource.first_on_demand | ||
|
|
||
| result := { | ||
| "documentId": input.document[i].id, | ||
| "resourceType": "databricks_cluster", | ||
| "resourceName": tf_lib.get_resource_name(resource, name), | ||
| "searchKey": sprintf("databricks_cluster[%s].aws_attributes.first_on_demand", [name]), | ||
| "issueType": "IncorrectValue", | ||
| "keyExpectedValue": sprintf("'databricks_cluster[%s].aws_attributes.first_on_demand' should present", [name]), | ||
| "keyActualValue": sprintf("'databricks_cluster[%s].aws_attributes.first_on_demand' is not present", [name]), | ||
| } | ||
| } | ||
|
|
||
| CxPolicy[result] { | ||
| resource := input.document[i].resource.databricks_cluster[name].aws_attributes | ||
| not resource.zone_id == "auto" | ||
|
|
||
| result := { | ||
| "documentId": input.document[i].id, | ||
| "resourceType": "databricks_cluster", | ||
| "resourceName": tf_lib.get_resource_name(resource, name), | ||
| "searchKey": sprintf("databricks_cluster[%s].aws_attributes.zone_id", [name]), | ||
| "issueType": "IncorrectValue", | ||
| "keyExpectedValue": sprintf("'databricks_cluster[%s].aws_attributes.zone_id' should be egal to 'auto'", [name]), | ||
| "keyActualValue": sprintf("'databricks_cluster[%s].aws_attributes.zone_id' is not equal to 'auto'", [name]), | ||
| } | ||
| } |
16 changes: 16 additions & 0 deletions
16
assets/queries/terraform/databricks/cluster_aws_attributes/test/negative.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,16 @@ | ||
| resource "databricks_cluster" "negative" { | ||
| cluster_name = "Shared Autoscaling" | ||
| spark_version = data.databricks_spark_version.latest.id | ||
| node_type_id = data.databricks_node_type.smallest.id | ||
| autotermination_minutes = 20 | ||
| autoscale { | ||
| min_workers = 1 | ||
| max_workers = 50 | ||
| } | ||
| aws_attributes { | ||
| availability = "SPOT_WITH_FALLBACK" | ||
| zone_id = "auto" | ||
| first_on_demand = 1 | ||
| spot_bid_price_percent = 100 | ||
| } | ||
| } |
16 changes: 16 additions & 0 deletions
16
assets/queries/terraform/databricks/cluster_aws_attributes/test/positive1.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,16 @@ | ||
| resource "databricks_cluster" "positive1" { | ||
| cluster_name = "data" | ||
| spark_version = data.databricks_spark_version.latest.id | ||
| node_type_id = data.databricks_node_type.smallest.id | ||
| autotermination_minutes = 20 | ||
| autoscale { | ||
| min_workers = 1 | ||
| max_workers = 50 | ||
| } | ||
| aws_attributes { | ||
| availability = "SPOT" | ||
| zone_id = "auto" | ||
| first_on_demand = 1 | ||
| spot_bid_price_percent = 100 | ||
| } | ||
| } |
16 changes: 16 additions & 0 deletions
16
assets/queries/terraform/databricks/cluster_aws_attributes/test/positive2.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,16 @@ | ||
| resource "databricks_cluster" "positive2" { | ||
| cluster_name = "data" | ||
| spark_version = data.databricks_spark_version.latest.id | ||
| node_type_id = data.databricks_node_type.smallest.id | ||
| autotermination_minutes = 20 | ||
| autoscale { | ||
| min_workers = 1 | ||
| max_workers = 50 | ||
| } | ||
| aws_attributes { | ||
| availability = "SPOT_WITH_FALLBACK" | ||
| zone_id = "auto" | ||
| first_on_demand = 0 | ||
| spot_bid_price_percent = 100 | ||
| } | ||
| } |
15 changes: 15 additions & 0 deletions
15
assets/queries/terraform/databricks/cluster_aws_attributes/test/positive3.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,15 @@ | ||
| resource "databricks_cluster" "positive3" { | ||
| cluster_name = "data" | ||
| spark_version = data.databricks_spark_version.latest.id | ||
| node_type_id = data.databricks_node_type.smallest.id | ||
| autotermination_minutes = 20 | ||
| autoscale { | ||
| min_workers = 1 | ||
| max_workers = 50 | ||
| } | ||
| aws_attributes { | ||
| availability = "SPOT_WITH_FALLBACK" | ||
| zone_id = "auto" | ||
| spot_bid_price_percent = 100 | ||
| } | ||
| } |
16 changes: 16 additions & 0 deletions
16
assets/queries/terraform/databricks/cluster_aws_attributes/test/positive4.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,16 @@ | ||
| resource "databricks_cluster" "positive4" { | ||
| cluster_name = "data" | ||
| spark_version = data.databricks_spark_version.latest.id | ||
| node_type_id = data.databricks_node_type.smallest.id | ||
| autotermination_minutes = 20 | ||
| autoscale { | ||
| min_workers = 1 | ||
| max_workers = 50 | ||
| } | ||
| aws_attributes { | ||
| availability = "SPOT_WITH_FALLBACK" | ||
| zone_id = "us-west-2a" | ||
| first_on_demand = 1 | ||
| spot_bid_price_percent = 100 | ||
| } | ||
| } |
26 changes: 26 additions & 0 deletions
26
...ts/queries/terraform/databricks/cluster_aws_attributes/test/positive_expected_result.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,26 @@ | ||
| [ | ||
| { | ||
| "queryName": "Check Databricks Cluster AWS Attribute Best Practices", | ||
| "severity": "MEDIUM", | ||
| "line": 11, | ||
| "fileName": "positive1.tf" | ||
| }, | ||
| { | ||
| "queryName": "Check Databricks Cluster AWS Attribute Best Practices", | ||
| "severity": "MEDIUM", | ||
| "line": 13, | ||
| "fileName": "positive2.tf" | ||
| }, | ||
| { | ||
| "queryName": "Check Databricks Cluster AWS Attribute Best Practices", | ||
| "severity": "MEDIUM", | ||
| "line": 10, | ||
| "fileName": "positive3.tf" | ||
| }, | ||
| { | ||
| "queryName": "Check Databricks Cluster AWS Attribute Best Practices", | ||
| "severity": "MEDIUM", | ||
| "line": 12, | ||
| "fileName": "positive4.tf" | ||
| } | ||
| ] |
12 changes: 12 additions & 0 deletions
12
assets/queries/terraform/databricks/cluster_azure_attributes/metadata.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| { | ||
| "id": "38028698-e663-4ef7-aa92-773fef0ca86f", | ||
| "queryName": "Check Databricks Cluster Azure Attribute Best Practices", | ||
| "severity": "MEDIUM", | ||
| "category": "Best Practices", | ||
| "descriptionText": "One or some Databricks Cluster Azure Attribute Best Practices are not respected", | ||
| "descriptionUrl": "https://docs.databricks.com/clusters/cluster-config-best-practices.html", | ||
| "descriptionID": "bb2e4c81", | ||
| "platform": "Terraform", | ||
| "cloudProvider": "common", | ||
| "experimental": "true" | ||
| } |
Oops, something went wrong.