remove elem name from check

Author: Nfsaavedra

glitch/analysis/rules.py

@@ -221,5 +221,5 @@ def check_comment(self, c: Comment, file: str) -> list[Error]:
 
 class SmellChecker(ABC):
     @abstractmethod
-    def check(self, element, file: str, code = None, elem_name: str = "", elem_value: str = "", au_type = None, parent_name = "") -> list[Error]:
+    def check(self, element, file: str) -> list[Error]:
         pass

glitch/analysis/security.py

@@ -147,7 +147,7 @@ def check_atomicunit(self, au: AtomicUnit, file: str) -> List[Error]:
                     break
 
         for checker in self.checkers:
-            errors += checker.check(au, file, self.code, au.name)
+            errors += checker.check(au, file, self.code)
 
         if self.__is_http_url(au.name):
             errors.append(Error('sec_https', au, file, repr(au)))
@@ -159,7 +159,7 @@ def check_atomicunit(self, au: AtomicUnit, file: str) -> List[Error]:
     def check_dependency(self, d: Dependency, file: str) -> List[Error]:
         return []
 
-    def __check_keyvalue(self, c: CodeElement, name: str, 
+    def __check_keyvalue(self, c: KeyValue, name: str, 
             value: str, has_variable: bool, file: str, au_type = None, parent_name: str = ""):
         errors = []
         name = name.strip().lower()
@@ -294,7 +294,7 @@ def get_module_var(c, name: str):
             value = var.value
 
         for checker in self.checkers:
-            errors += checker.check(c, file, self.code, name, value, au_type, parent_name)
+            errors += checker.check(c, file, self.code, value, au_type, parent_name)
 
         return errors
 

glitch/analysis/terraform/access_control.py

@@ -6,7 +6,7 @@
 
 
 class TerraformAccessControl(TerraformSmellChecker):
-    def check(self, element, file: str, code, elem_name: str, elem_value: str = "", au_type = None, parent_name = ""):
+    def check(self, element, file: str, code, elem_value: str = "", au_type = None, parent_name = ""):
         errors = []
         if isinstance(element, AtomicUnit):
             if (element.type == "resource.aws_api_gateway_method"):
@@ -39,7 +39,7 @@ def check(self, element, file: str, code, elem_name: str, elem_value: str = "",
             elif (element.type == "resource.google_sql_database_instance"):
                 errors += self.check_database_flags(element, file, 'sec_access_control', "cross db ownership chaining", "off")
             elif (element.type == "resource.aws_s3_bucket"):
-                expr = "\${aws_s3_bucket\." + f"{elem_name}\."
+                expr = "\${aws_s3_bucket\." + f"{element.name}\."
                 pattern = re.compile(rf"{expr}")
                 if not self.get_associated_au(code, file, "resource.aws_s3_bucket_public_access_block", "bucket", pattern, [""]):
                     errors.append(Error('sec_access_control', element, file, repr(element), 
@@ -54,7 +54,7 @@ def check(self, element, file: str, code, elem_name: str, elem_value: str = "",
 
         elif isinstance(element, Attribute) or isinstance(element, Variable):
             for item in SecurityVisitor._POLICY_KEYWORDS:
-                if item.lower() == elem_name:
+                if item.lower() == element.name:
                     for config in SecurityVisitor._POLICY_ACCESS_CONTROL:
                         expr = config['keyword'].lower() + "\s*" + config['value'].lower()
                         pattern = re.compile(rf"{expr}")
@@ -64,20 +64,20 @@ def check(self, element, file: str, code, elem_name: str, elem_value: str = "",
                             errors.append(Error('sec_access_control', element, file, repr(element)))
                             break
 
-            if (re.search(r"actions\[\d+\]", elem_name) and parent_name == "permissions" 
+            if (re.search(r"actions\[\d+\]", element.name) and parent_name == "permissions" 
                 and au_type == "resource.azurerm_role_definition" and elem_value == "*"):
                 errors.append(Error('sec_access_control', element, file, repr(element)))
-            elif (((re.search(r"members\[\d+\]", elem_name) and au_type == "resource.google_storage_bucket_iam_binding")
-                or (elem_name == "member" and au_type == "resource.google_storage_bucket_iam_member"))
+            elif (((re.search(r"members\[\d+\]", element.name) and au_type == "resource.google_storage_bucket_iam_binding")
+                or (element.name == "member" and au_type == "resource.google_storage_bucket_iam_member"))
                 and (elem_value == "allusers" or elem_value == "allauthenticatedusers")):
                 errors.append(Error('sec_access_control', element, file, repr(element)))
-            elif (elem_name == "email" and parent_name == "service_account" 
+            elif (element.name == "email" and parent_name == "service_account" 
                 and au_type == "resource.google_compute_instance"
                 and re.search(r".-compute@developer.gserviceaccount.com", elem_value)):
                 errors.append(Error('sec_access_control', element, file, repr(element)))
 
             for config in SecurityVisitor._ACCESS_CONTROL_CONFIGS:
-                if (elem_name == config['attribute'] and au_type in config['au_type']
+                if (element.name == config['attribute'] and au_type in config['au_type']
                     and parent_name in config['parents'] and not element.has_variable 
                     and elem_value.lower() not in config['values']
                     and config['values'] != [""]):

glitch/analysis/terraform/attached_resource.py

@@ -5,7 +5,7 @@
 
 
 class TerraformAttachedResource(TerraformSmellChecker):
-    def check(self, element, file: str, code, elem_name: str, elem_value: str = "", au_type = None, parent_name = ""):
+    def check(self, element, file: str, code, elem_value: str = "", au_type = None, parent_name = ""):
         errors = []
         if isinstance(element, AtomicUnit):
             def check_attached_resource(attributes, resource_types):

glitch/analysis/terraform/authentication.py

@@ -6,13 +6,13 @@
 
 
 class TerraformAuthentication(TerraformSmellChecker):
-    def check(self, element, file: str, code, elem_name: str, elem_value: str = "", au_type = None, parent_name = ""):
+    def check(self, element, file: str, code, elem_value: str = "", au_type = None, parent_name = ""):
         errors = []
         if isinstance(element, AtomicUnit):
             if (element.type == "resource.google_sql_database_instance"):
                 errors += self.check_database_flags(element, file, 'sec_authentication', "contained database authentication", "off")
             elif (element.type == "resource.aws_iam_group"):
-                expr = "\${aws_iam_group\." + f"{elem_name}\."
+                expr = "\${aws_iam_group\." + f"{element.name}\."
                 pattern = re.compile(rf"{expr}")
                 if not self.get_associated_au(code, file, "resource.aws_iam_group_policy", "group", pattern, [""]):
                     errors.append(Error('sec_authentication', element, file, repr(element), 
@@ -27,7 +27,7 @@ def check(self, element, file: str, code, elem_name: str, elem_value: str = "",
 
         elif isinstance(element, Attribute) or isinstance(element, Variable):
             for item in SecurityVisitor._POLICY_KEYWORDS:
-                if item.lower() == elem_name:        
+                if item.lower() == element.name:        
                     for config in SecurityVisitor._POLICY_AUTHENTICATION:
                         if au_type in config['au_type']:
                             expr = config['keyword'].lower() + "\s*" + config['value'].lower()
@@ -36,7 +36,7 @@ def check(self, element, file: str, code, elem_name: str, elem_value: str = "",
                                 errors.append(Error('sec_authentication', element, file, repr(element)))
 
             for config in SecurityVisitor._AUTHENTICATION:
-                if (elem_name == config['attribute'] and au_type in config['au_type']
+                if (element.name == config['attribute'] and au_type in config['au_type']
                     and parent_name in config['parents'] and not element.has_variable 
                     and elem_value.lower() not in config['values']
                     and config['values'] != [""]):

glitch/analysis/terraform/dns_policy.py

@@ -5,7 +5,7 @@
 
 
 class TerraformDnsWithoutDnssec(TerraformSmellChecker):
-    def check(self, element, file: str, code, elem_name: str, elem_value: str = "", au_type = None, parent_name = ""):
+    def check(self, element, file: str, code, elem_value: str = "", au_type = None, parent_name = ""):
         errors = []
         if isinstance(element, AtomicUnit):
             for config in SecurityVisitor._DNSSEC_CONFIGS:
@@ -16,7 +16,7 @@ def check(self, element, file: str, code, elem_name: str, elem_value: str = "",
 
         elif isinstance(element, Attribute) or isinstance(element, Variable):
             for config in SecurityVisitor._DNSSEC_CONFIGS:
-                if (elem_name == config['attribute'] and au_type in config['au_type']
+                if (element.name == config['attribute'] and au_type in config['au_type']
                     and parent_name in config['parents'] and not element.has_variable 
                     and elem_value.lower() not in config['values']
                     and config['values'] != [""]):

glitch/analysis/terraform/firewall_misconfig.py

@@ -5,7 +5,7 @@
 
 
 class TerraformFirewallMisconfig(TerraformSmellChecker):
-    def check(self, element, file: str, code, elem_name: str, elem_value: str = "", au_type = None, parent_name = ""):
+    def check(self, element, file: str, code, elem_value: str = "", au_type = None, parent_name = ""):
         errors = []
         if isinstance(element, AtomicUnit):
             for config in SecurityVisitor._FIREWALL_CONFIGS:
@@ -16,7 +16,7 @@ def check(self, element, file: str, code, elem_name: str, elem_value: str = "",
 
         elif isinstance(element, Attribute) or isinstance(element, Variable):
             for config in SecurityVisitor._FIREWALL_CONFIGS:
-                if (elem_name == config['attribute'] and au_type in config['au_type']
+                if (element.name == config['attribute'] and au_type in config['au_type']
                     and parent_name in config['parents'] and config['values'] != [""]):
                     if ("any_not_empty" in config['values'] and elem_value.lower() == ""):
                         return [Error('sec_firewall_misconfig', element, file, repr(element))]

glitch/analysis/terraform/http_without_tls.py

@@ -5,7 +5,7 @@
 
 
 class TerraformHttpWithoutTls(TerraformSmellChecker):
-    def check(self, element, file: str, code, elem_name: str, elem_value: str = "", au_type = None, parent_name = ""):
+    def check(self, element, file: str, code, elem_value: str = "", au_type = None, parent_name = ""):
         errors = []
         if isinstance(element, AtomicUnit):
             if (element.type == "data.http"):
@@ -36,7 +36,7 @@ def check(self, element, file: str, code, elem_name: str, elem_value: str = "",
 
         elif isinstance(element, Attribute) or isinstance(element, Variable):
             for config in SecurityVisitor._HTTPS_CONFIGS:
-                if (elem_name == config["attribute"] and au_type in config["au_type"] 
+                if (element.name == config["attribute"] and au_type in config["au_type"] 
                     and parent_name in config["parents"] and not element.has_variable 
                     and elem_value.lower() not in config["values"]):
                     return [Error('sec_https', element, file, repr(element))]

glitch/analysis/terraform/integrity_policy.py

@@ -5,7 +5,7 @@
 
 
 class TerraformIntegrityPolicy(TerraformSmellChecker):
-    def check(self, element, file: str, code, elem_name: str, elem_value: str = "", au_type = None, parent_name = ""):
+    def check(self, element, file: str, code, elem_value: str = "", au_type = None, parent_name = ""):
         errors = []
         if isinstance(element, AtomicUnit):
             for policy in SecurityVisitor._INTEGRITY_POLICY:
@@ -15,7 +15,7 @@ def check(self, element, file: str, code, elem_name: str, elem_value: str = "",
                         f"Suggestion: check for a required attribute with name '{policy['msg']}'."))
         elif isinstance(element, Attribute) or isinstance(element, Variable):
             for policy in SecurityVisitor._INTEGRITY_POLICY:
-                if (elem_name == policy['attribute'] and au_type in policy['au_type'] 
+                if (element.name == policy['attribute'] and au_type in policy['au_type'] 
                     and parent_name in policy['parents'] and not element.has_variable 
                     and elem_value.lower() not in policy['values']):
                     return[Error('sec_integrity_policy', element, file, repr(element))]

glitch/analysis/terraform/key_management.py

@@ -6,11 +6,11 @@
 
 
 class TerraformKeyManagement(TerraformSmellChecker):
-    def check(self, element, file: str, code, elem_name: str, elem_value: str = "", au_type = None, parent_name = ""):
+    def check(self, element, file: str, code, elem_value: str = "", au_type = None, parent_name = ""):
         errors = []
         if isinstance(element, AtomicUnit):
             if (element.type == "resource.azurerm_storage_account"):
-                expr = "\${azurerm_storage_account\." + f"{elem_name}\."
+                expr = "\${azurerm_storage_account\." + f"{element.name}\."
                 pattern = re.compile(rf"{expr}")
                 if not self.get_associated_au(code, file, "resource.azurerm_storage_account_customer_managed_key", "storage_account_id",
                     pattern, [""]):
@@ -25,7 +25,7 @@ def check(self, element, file: str, code, elem_name: str, elem_value: str = "",
 
         elif isinstance(element, Attribute) or isinstance(element, Variable):
             for config in SecurityVisitor._KEY_MANAGEMENT:
-                if (elem_name == config['attribute'] and au_type in config['au_type']
+                if (element.name == config['attribute'] and au_type in config['au_type']
                     and parent_name in config['parents'] and config['values'] != [""]):
                     if ("any_not_empty" in config['values'] and elem_value.lower() == ""):
                         errors.append(Error('sec_key_management', element, file, repr(element)))
@@ -35,15 +35,15 @@ def check(self, element, file: str, code, elem_name: str, elem_value: str = "",
                         errors.append(Error('sec_key_management', element, file, repr(element)))
                         break
 
-            if (elem_name == "rotation_period" and au_type == "resource.google_kms_crypto_key"):
+            if (element.name == "rotation_period" and au_type == "resource.google_kms_crypto_key"):
                 expr1 = r'\d+\.\d{0,9}s'
                 expr2 = r'\d+s'
                 if (re.search(expr1, elem_value) or re.search(expr2, elem_value)):
                     if (int(elem_value.split("s")[0]) > 7776000):
                         errors.append(Error('sec_key_management', element, file, repr(element)))
                 else:
                     errors.append(Error('sec_key_management', element, file, repr(element)))
-            elif (elem_name == "kms_master_key_id" and ((au_type == "resource.aws_sqs_queue"
+            elif (element.name == "kms_master_key_id" and ((au_type == "resource.aws_sqs_queue"
                 and elem_value == "alias/aws/sqs") or  (au_type == "resource.aws_sns_queue"
                 and elem_value == "alias/aws/sns"))):
                 errors.append(Error('sec_key_management', element, file, repr(element)))