From ce20d4f931f8ce849758f23fa41c871b681dbcba Mon Sep 17 00:00:00 2001 From: Nfsaavedra Date: Fri, 15 Mar 2024 16:53:35 +0000 Subject: [PATCH] remove code attribute --- glitch/analysis/rules.py | 3 +++ glitch/analysis/security.py | 6 ++++-- glitch/analysis/terraform/access_control.py | 4 ++-- glitch/analysis/terraform/attached_resource.py | 4 ++-- glitch/analysis/terraform/authentication.py | 4 ++-- glitch/analysis/terraform/dns_policy.py | 2 +- .../analysis/terraform/firewall_misconfig.py | 2 +- glitch/analysis/terraform/http_without_tls.py | 4 ++-- glitch/analysis/terraform/integrity_policy.py | 2 +- glitch/analysis/terraform/key_management.py | 4 ++-- glitch/analysis/terraform/logging.py | 18 +++++++++--------- .../analysis/terraform/missing_encryption.py | 4 ++-- glitch/analysis/terraform/naming.py | 2 +- glitch/analysis/terraform/network_policy.py | 2 +- .../terraform/permission_iam_policies.py | 4 ++-- glitch/analysis/terraform/public_ip.py | 2 +- glitch/analysis/terraform/replication.py | 4 ++-- .../analysis/terraform/sensitive_iam_action.py | 2 +- glitch/analysis/terraform/smell_checker.py | 14 ++++++++------ glitch/analysis/terraform/ssl_tls_policy.py | 2 +- glitch/analysis/terraform/threats_detection.py | 2 +- glitch/analysis/terraform/versioning.py | 2 +- .../terraform/weak_password_key_policy.py | 2 +- 23 files changed, 51 insertions(+), 44 deletions(-) diff --git a/glitch/analysis/rules.py b/glitch/analysis/rules.py index 5a0ba41..1fc0971 100644 --- a/glitch/analysis/rules.py +++ b/glitch/analysis/rules.py @@ -220,6 +220,9 @@ def check_comment(self, c: Comment, file: str) -> list[Error]: Error.agglomerate_errors() class SmellChecker(ABC): + def __init__(self) -> None: + self.code = None + @abstractmethod def check(self, element, file: str) -> list[Error]: pass diff --git a/glitch/analysis/security.py b/glitch/analysis/security.py index b171724..8cc4197 100644 --- a/glitch/analysis/security.py +++ b/glitch/analysis/security.py @@ -147,7 +147,8 @@ def check_atomicunit(self, au: AtomicUnit, file: str) -> List[Error]: break for checker in self.checkers: - errors += checker.check(au, file, self.code) + checker.code = self.code + errors += checker.check(au, file) if self.__is_http_url(au.name): errors.append(Error('sec_https', au, file, repr(au))) @@ -294,7 +295,8 @@ def get_module_var(c, name: str): c.value = var.value for checker in self.checkers: - errors += checker.check(c, file, self.code, au_type, parent_name) + checker.code = self.code + errors += checker.check(c, file, au_type, parent_name) return errors diff --git a/glitch/analysis/terraform/access_control.py b/glitch/analysis/terraform/access_control.py index d7d2da2..8200ce6 100644 --- a/glitch/analysis/terraform/access_control.py +++ b/glitch/analysis/terraform/access_control.py @@ -6,7 +6,7 @@ class TerraformAccessControl(TerraformSmellChecker): - def check(self, element, file: str, code, au_type = None, parent_name = ""): + def check(self, element, file: str, au_type = None, parent_name = ""): errors = [] if isinstance(element, AtomicUnit): if (element.type == "resource.aws_api_gateway_method"): @@ -41,7 +41,7 @@ def check(self, element, file: str, code, au_type = None, parent_name = ""): elif (element.type == "resource.aws_s3_bucket"): expr = "\${aws_s3_bucket\." + f"{element.name}\." pattern = re.compile(rf"{expr}") - if not self.get_associated_au(code, file, "resource.aws_s3_bucket_public_access_block", "bucket", pattern, [""]): + if self.get_associated_au(file, "resource.aws_s3_bucket_public_access_block", "bucket", pattern, [""]) is None: errors.append(Error('sec_access_control', element, file, repr(element), f"Suggestion: check for a required resource 'aws_s3_bucket_public_access_block' " + f"associated to an 'aws_s3_bucket' resource.")) diff --git a/glitch/analysis/terraform/attached_resource.py b/glitch/analysis/terraform/attached_resource.py index 67ea636..59357ac 100644 --- a/glitch/analysis/terraform/attached_resource.py +++ b/glitch/analysis/terraform/attached_resource.py @@ -5,7 +5,7 @@ class TerraformAttachedResource(TerraformSmellChecker): - def check(self, element, file: str, code, au_type = None, parent_name = ""): + def check(self, element, file: str, au_type = None, parent_name = ""): errors = [] if isinstance(element, AtomicUnit): def check_attached_resource(attributes, resource_types): @@ -15,7 +15,7 @@ def check_attached_resource(attributes, resource_types): if (f"{a.value}".lower().startswith("${" + f"{resource_type}.") or f"{a.value}".lower().startswith(f"{resource_type}.")): resource_name = a.value.lower().split(".")[1] - if self.get_au(code, file, resource_name, f"resource.{resource_type}"): + if self.get_au(file, resource_name, f"resource.{resource_type}"): return True elif a.value == None: attached = check_attached_resource(a.keyvalues, resource_types) diff --git a/glitch/analysis/terraform/authentication.py b/glitch/analysis/terraform/authentication.py index fd70a8c..5c1cc1f 100644 --- a/glitch/analysis/terraform/authentication.py +++ b/glitch/analysis/terraform/authentication.py @@ -6,7 +6,7 @@ class TerraformAuthentication(TerraformSmellChecker): - def check(self, element, file: str, code, au_type = None, parent_name = ""): + def check(self, element, file: str, au_type = None, parent_name = ""): errors = [] if isinstance(element, AtomicUnit): if (element.type == "resource.google_sql_database_instance"): @@ -14,7 +14,7 @@ def check(self, element, file: str, code, au_type = None, parent_name = ""): elif (element.type == "resource.aws_iam_group"): expr = "\${aws_iam_group\." + f"{element.name}\." pattern = re.compile(rf"{expr}") - if not self.get_associated_au(code, file, "resource.aws_iam_group_policy", "group", pattern, [""]): + if not self.get_associated_au(file, "resource.aws_iam_group_policy", "group", pattern, [""]): errors.append(Error('sec_authentication', element, file, repr(element), f"Suggestion: check for a required resource 'aws_iam_group_policy' associated to an " + f"'aws_iam_group' resource.")) diff --git a/glitch/analysis/terraform/dns_policy.py b/glitch/analysis/terraform/dns_policy.py index 7e1fb39..acd67d2 100644 --- a/glitch/analysis/terraform/dns_policy.py +++ b/glitch/analysis/terraform/dns_policy.py @@ -5,7 +5,7 @@ class TerraformDnsWithoutDnssec(TerraformSmellChecker): - def check(self, element, file: str, code, au_type = None, parent_name = ""): + def check(self, element, file: str, au_type = None, parent_name = ""): errors = [] if isinstance(element, AtomicUnit): for config in SecurityVisitor._DNSSEC_CONFIGS: diff --git a/glitch/analysis/terraform/firewall_misconfig.py b/glitch/analysis/terraform/firewall_misconfig.py index fdc57d2..136357f 100644 --- a/glitch/analysis/terraform/firewall_misconfig.py +++ b/glitch/analysis/terraform/firewall_misconfig.py @@ -5,7 +5,7 @@ class TerraformFirewallMisconfig(TerraformSmellChecker): - def check(self, element, file: str, code, au_type = None, parent_name = ""): + def check(self, element, file: str, au_type = None, parent_name = ""): errors = [] if isinstance(element, AtomicUnit): for config in SecurityVisitor._FIREWALL_CONFIGS: diff --git a/glitch/analysis/terraform/http_without_tls.py b/glitch/analysis/terraform/http_without_tls.py index 7a1de35..f61490d 100644 --- a/glitch/analysis/terraform/http_without_tls.py +++ b/glitch/analysis/terraform/http_without_tls.py @@ -5,7 +5,7 @@ class TerraformHttpWithoutTls(TerraformSmellChecker): - def check(self, element, file: str, code, au_type = None, parent_name = ""): + def check(self, element, file: str, au_type = None, parent_name = ""): errors = [] if isinstance(element, AtomicUnit): if (element.type == "data.http"): @@ -25,7 +25,7 @@ def check(self, element, file: str, code, au_type = None, parent_name = ""): type = "resource" resource_type = r.split(".")[0] resource_name = r.split(".")[1] - if self.get_au(code, file, resource_name, type + "." + resource_type): + if self.get_au(file, resource_name, type + "." + resource_type): errors.append(Error('sec_https', url, file, repr(url))) for config in SecurityVisitor._HTTPS_CONFIGS: diff --git a/glitch/analysis/terraform/integrity_policy.py b/glitch/analysis/terraform/integrity_policy.py index 73d9b19..346723b 100644 --- a/glitch/analysis/terraform/integrity_policy.py +++ b/glitch/analysis/terraform/integrity_policy.py @@ -5,7 +5,7 @@ class TerraformIntegrityPolicy(TerraformSmellChecker): - def check(self, element, file: str, code, au_type = None, parent_name = ""): + def check(self, element, file: str, au_type = None, parent_name = ""): errors = [] if isinstance(element, AtomicUnit): for policy in SecurityVisitor._INTEGRITY_POLICY: diff --git a/glitch/analysis/terraform/key_management.py b/glitch/analysis/terraform/key_management.py index bf081bd..af65c00 100644 --- a/glitch/analysis/terraform/key_management.py +++ b/glitch/analysis/terraform/key_management.py @@ -6,13 +6,13 @@ class TerraformKeyManagement(TerraformSmellChecker): - def check(self, element, file: str, code, au_type = None, parent_name = ""): + def check(self, element, file: str, au_type = None, parent_name = ""): errors = [] if isinstance(element, AtomicUnit): if (element.type == "resource.azurerm_storage_account"): expr = "\${azurerm_storage_account\." + f"{element.name}\." pattern = re.compile(rf"{expr}") - if not self.get_associated_au(code, file, "resource.azurerm_storage_account_customer_managed_key", "storage_account_id", + if not self.get_associated_au(file, "resource.azurerm_storage_account_customer_managed_key", "storage_account_id", pattern, [""]): errors.append(Error('sec_key_management', element, file, repr(element), f"Suggestion: check for a required resource 'azurerm_storage_account_customer_managed_key' " + diff --git a/glitch/analysis/terraform/logging.py b/glitch/analysis/terraform/logging.py index 27ac36f..473cf18 100644 --- a/glitch/analysis/terraform/logging.py +++ b/glitch/analysis/terraform/logging.py @@ -53,7 +53,7 @@ def __check_log_attribute( return errors - def check_azurerm_storage_container(self, element, code, file: str): + def check_azurerm_storage_container(self, element, file: str): errors = [] container_access_type = self.check_required_attribute( @@ -71,7 +71,7 @@ def check_azurerm_storage_container(self, element, code, file: str): return errors name = storage_account_name.value.lower().split('.')[1] - storage_account_au = self.get_au(code, file, name, "resource.azurerm_storage_account") + storage_account_au = self.get_au(file, name, "resource.azurerm_storage_account") if storage_account_au is None: errors.append(Error('sec_logging', element, file, repr(element), f"Suggestion: 'azurerm_storage_container' resource has to be associated to an " + @@ -81,7 +81,7 @@ def check_azurerm_storage_container(self, element, code, file: str): expr = "\${azurerm_storage_account\." + f"{name}\." pattern = re.compile(rf"{expr}") - assoc_au = self.get_associated_au(code, file, "resource.azurerm_log_analytics_storage_insights", + assoc_au = self.get_associated_au(file, "resource.azurerm_log_analytics_storage_insights", "storage_account_id", pattern, [""]) if assoc_au is None: errors.append(Error('sec_logging', storage_account_au, file, repr(storage_account_au), @@ -108,7 +108,7 @@ def check_azurerm_storage_container(self, element, code, file: str): return errors - def check(self, element, file: str, code, au_type = None, parent_name = ""): + def check(self, element, file: str, au_type = None, parent_name = ""): errors = [] if isinstance(element, AtomicUnit): if (element.type == "resource.aws_eks_cluster"): @@ -161,7 +161,7 @@ def check(self, element, file: str, code, au_type = None, parent_name = ""): elif (element.type == "resource.azurerm_mssql_server"): expr = "\${azurerm_mssql_server\." + f"{element.name}\." pattern = re.compile(rf"{expr}") - assoc_au = self.get_associated_au(code, file, "resource.azurerm_mssql_server_extended_auditing_policy", + assoc_au = self.get_associated_au(file, "resource.azurerm_mssql_server_extended_auditing_policy", "server_id", pattern, [""]) if not assoc_au: errors.append(Error('sec_logging', element, file, repr(element), @@ -170,7 +170,7 @@ def check(self, element, file: str, code, au_type = None, parent_name = ""): elif (element.type == "resource.azurerm_mssql_database"): expr = "\${azurerm_mssql_database\." + f"{element.name}\." pattern = re.compile(rf"{expr}") - assoc_au = self.get_associated_au(code, file, "resource.azurerm_mssql_database_extended_auditing_policy", + assoc_au = self.get_associated_au(file, "resource.azurerm_mssql_database_extended_auditing_policy", "database_id", pattern, [""]) if not assoc_au: errors.append(Error('sec_logging', element, file, repr(element), @@ -197,7 +197,7 @@ def check(self, element, file: str, code, au_type = None, parent_name = ""): required_flag = False errors += self.check_database_flags(element, file, 'sec_logging', flag['flag_name'], flag['value'], required_flag) elif (element.type == "resource.azurerm_storage_container"): - errors += self.check_azurerm_storage_container(element, code, file) + errors += self.check_azurerm_storage_container(element, file) elif (element.type == "resource.aws_ecs_cluster"): name = self.check_required_attribute(element.attributes, ["setting"], "name", "containerinsights") if name is not None: @@ -214,7 +214,7 @@ def check(self, element, file: str, code, au_type = None, parent_name = ""): elif (element.type == "resource.aws_vpc"): expr = "\${aws_vpc\." + f"{element.name}\." pattern = re.compile(rf"{expr}") - assoc_au = self.get_associated_au(code, file, "resource.aws_flow_log", + assoc_au = self.get_associated_au(file, "resource.aws_flow_log", "vpc_id", pattern, [""]) if not assoc_au: errors.append(Error('sec_logging', element, file, repr(element), @@ -231,7 +231,7 @@ def check(self, element, file: str, code, au_type = None, parent_name = ""): if (element.name == "cloud_watch_logs_group_arn" and au_type == "resource.aws_cloudtrail"): if re.match(r"^\${aws_cloudwatch_log_group\..", element.value): aws_cloudwatch_log_group_name = element.value.split('.')[1] - if not self.get_au(code, file, aws_cloudwatch_log_group_name, "resource.aws_cloudwatch_log_group"): + if not self.get_au(file, aws_cloudwatch_log_group_name, "resource.aws_cloudwatch_log_group"): errors.append(Error('sec_logging', element, file, repr(element), f"Suggestion: check for a required resource 'aws_cloudwatch_log_group' " + f"with name '{aws_cloudwatch_log_group_name}'.")) diff --git a/glitch/analysis/terraform/missing_encryption.py b/glitch/analysis/terraform/missing_encryption.py index 65c64f6..15b9bb1 100644 --- a/glitch/analysis/terraform/missing_encryption.py +++ b/glitch/analysis/terraform/missing_encryption.py @@ -6,13 +6,13 @@ class TerraformMissingEncryption(TerraformSmellChecker): - def check(self, element, file: str, code, au_type = None, parent_name = ""): + def check(self, element, file: str, au_type = None, parent_name = ""): errors = [] if isinstance(element, AtomicUnit): if (element.type == "resource.aws_s3_bucket"): expr = "\${aws_s3_bucket\." + f"{element.name}\." pattern = re.compile(rf"{expr}") - r = self.get_associated_au(code, file, "resource.aws_s3_bucket_server_side_encryption_configuration", + r = self.get_associated_au(file, "resource.aws_s3_bucket_server_side_encryption_configuration", "bucket", pattern, [""]) if not r: errors.append(Error('sec_missing_encryption', element, file, repr(element), diff --git a/glitch/analysis/terraform/naming.py b/glitch/analysis/terraform/naming.py index 3752640..e48297f 100644 --- a/glitch/analysis/terraform/naming.py +++ b/glitch/analysis/terraform/naming.py @@ -6,7 +6,7 @@ class TerraformNaming(TerraformSmellChecker): - def check(self, element, file: str, code, au_type = None, parent_name = ""): + def check(self, element, file: str, au_type = None, parent_name = ""): errors = [] if isinstance(element, AtomicUnit): if (element.type == "resource.aws_security_group"): diff --git a/glitch/analysis/terraform/network_policy.py b/glitch/analysis/terraform/network_policy.py index a0b50c2..0d0b0ed 100644 --- a/glitch/analysis/terraform/network_policy.py +++ b/glitch/analysis/terraform/network_policy.py @@ -6,7 +6,7 @@ class TerraformNetworkSecurityRules(TerraformSmellChecker): - def check(self, element, file: str, code, au_type = None, parent_name = ""): + def check(self, element, file: str, au_type = None, parent_name = ""): errors = [] if isinstance(element, AtomicUnit): if (element.type == "resource.azurerm_network_security_rule"): diff --git a/glitch/analysis/terraform/permission_iam_policies.py b/glitch/analysis/terraform/permission_iam_policies.py index 13fa4f6..3402efc 100644 --- a/glitch/analysis/terraform/permission_iam_policies.py +++ b/glitch/analysis/terraform/permission_iam_policies.py @@ -6,13 +6,13 @@ class TerraformPermissionIAMPolicies(TerraformSmellChecker): - def check(self, element, file: str, code, au_type = None, parent_name = ""): + def check(self, element, file: str, au_type = None, parent_name = ""): errors = [] if isinstance(element, AtomicUnit): if (element.type == "resource.aws_iam_user"): expr = "\${aws_iam_user\." + f"{element.name}\." pattern = re.compile(rf"{expr}") - assoc_au = self.get_associated_au(code, file, "resource.aws_iam_user_policy", "user", pattern, [""]) + assoc_au = self.get_associated_au(file, "resource.aws_iam_user_policy", "user", pattern, [""]) if assoc_au is not None: a = self.check_required_attribute(assoc_au.attributes, [""], "user", None, pattern) errors.append(Error('sec_permission_iam_policies', a, file, repr(a))) diff --git a/glitch/analysis/terraform/public_ip.py b/glitch/analysis/terraform/public_ip.py index 9bd0552..1e64554 100644 --- a/glitch/analysis/terraform/public_ip.py +++ b/glitch/analysis/terraform/public_ip.py @@ -5,7 +5,7 @@ class TerraformPublicIp(TerraformSmellChecker): - def check(self, element, file: str, code, au_type = None, parent_name = ""): + def check(self, element, file: str, au_type = None, parent_name = ""): errors = [] if isinstance(element, AtomicUnit): for config in SecurityVisitor._PUBLIC_IP_CONFIGS: diff --git a/glitch/analysis/terraform/replication.py b/glitch/analysis/terraform/replication.py index 0647715..8570c4b 100644 --- a/glitch/analysis/terraform/replication.py +++ b/glitch/analysis/terraform/replication.py @@ -6,13 +6,13 @@ class TerraformReplication(TerraformSmellChecker): - def check(self, element, file: str, code, au_type = None, parent_name = ""): + def check(self, element, file: str, au_type = None, parent_name = ""): errors = [] if isinstance(element, AtomicUnit): if (element.type == "resource.aws_s3_bucket"): expr = "\${aws_s3_bucket\." + f"{element.name}\." pattern = re.compile(rf"{expr}") - if not self.get_associated_au(code, file, "resource.aws_s3_bucket_replication_configuration", + if not self.get_associated_au(file, "resource.aws_s3_bucket_replication_configuration", "bucket", pattern, [""]): errors.append(Error('sec_replication', element, file, repr(element), f"Suggestion: check for a required resource 'aws_s3_bucket_replication_configuration' " + diff --git a/glitch/analysis/terraform/sensitive_iam_action.py b/glitch/analysis/terraform/sensitive_iam_action.py index d3b0919..cad8741 100644 --- a/glitch/analysis/terraform/sensitive_iam_action.py +++ b/glitch/analysis/terraform/sensitive_iam_action.py @@ -5,7 +5,7 @@ class TerraformSensitiveIAMAction(TerraformSmellChecker): - def check(self, element, file: str, code, au_type = None, parent_name = ""): + def check(self, element, file: str, au_type = None, parent_name = ""): errors = [] def convert_string_to_dict(input_string): diff --git a/glitch/analysis/terraform/smell_checker.py b/glitch/analysis/terraform/smell_checker.py index 95e803e..06ac0a4 100644 --- a/glitch/analysis/terraform/smell_checker.py +++ b/glitch/analysis/terraform/smell_checker.py @@ -5,15 +5,16 @@ from glitch.analysis.rules import Error, SmellChecker class TerraformSmellChecker(SmellChecker): - def get_au(self, c, file: str, name: str, type: str): + def get_au(self, file: str, name: str, type: str, c = None): + c = self.code if c is None else c if isinstance(c, Project): module_name = os.path.basename(os.path.dirname(file)) for m in c.modules: if m.name == module_name: - return self.get_au(m, file, name, type) + return self.get_au(file, name, type, c = m) elif isinstance(c, Module): for ub in c.blocks: - au = self.get_au(ub, file, name, type) + au = self.get_au(file, name, type, c = ub) if au is not None: return au elif isinstance(c, UnitBlock): @@ -22,15 +23,16 @@ def get_au(self, c, file: str, name: str, type: str): return au return None - def get_associated_au(self, code, file: str, type: str, attribute_name: str , pattern, attribute_parents: list): + def get_associated_au(self, file: str, type: str, attribute_name: str, pattern, attribute_parents: list, code = None): + code = self.code if code is None else code if isinstance(code, Project): module_name = os.path.basename(os.path.dirname(file)) for m in code.modules: if m.name == module_name: - return self.get_associated_au(m, file, type, attribute_name, pattern, attribute_parents) + return self.get_associated_au(file, type, attribute_name, pattern, attribute_parents, code = m) elif isinstance(code, Module): for ub in code.blocks: - au = self.get_associated_au(ub, file, type, attribute_name, pattern, attribute_parents) + au = self.get_associated_au(file, type, attribute_name, pattern, attribute_parents, code = ub) if au is not None: return au elif isinstance(code, UnitBlock): diff --git a/glitch/analysis/terraform/ssl_tls_policy.py b/glitch/analysis/terraform/ssl_tls_policy.py index e42d56a..b3052a8 100644 --- a/glitch/analysis/terraform/ssl_tls_policy.py +++ b/glitch/analysis/terraform/ssl_tls_policy.py @@ -5,7 +5,7 @@ class TerraformSslTlsPolicy(TerraformSmellChecker): - def check(self, element, file: str, code, au_type = None, parent_name = ""): + def check(self, element, file: str, au_type = None, parent_name = ""): errors = [] if isinstance(element, AtomicUnit): if (element.type in ["resource.aws_alb_listener", "resource.aws_lb_listener"]): diff --git a/glitch/analysis/terraform/threats_detection.py b/glitch/analysis/terraform/threats_detection.py index 29226cf..f0aa26b 100644 --- a/glitch/analysis/terraform/threats_detection.py +++ b/glitch/analysis/terraform/threats_detection.py @@ -5,7 +5,7 @@ class TerraformThreatsDetection(TerraformSmellChecker): - def check(self, element, file: str, code, au_type = None, parent_name = ""): + def check(self, element, file: str, au_type = None, parent_name = ""): errors = [] if isinstance(element, AtomicUnit): for config in SecurityVisitor._MISSING_THREATS_DETECTION_ALERTS: diff --git a/glitch/analysis/terraform/versioning.py b/glitch/analysis/terraform/versioning.py index 673baa9..3bf5d51 100644 --- a/glitch/analysis/terraform/versioning.py +++ b/glitch/analysis/terraform/versioning.py @@ -5,7 +5,7 @@ class TerraformVersioning(TerraformSmellChecker): - def check(self, element, file: str, code, au_type = None, parent_name = ""): + def check(self, element, file: str, au_type = None, parent_name = ""): errors = [] if isinstance(element, AtomicUnit): for config in SecurityVisitor._VERSIONING: diff --git a/glitch/analysis/terraform/weak_password_key_policy.py b/glitch/analysis/terraform/weak_password_key_policy.py index 0d19252..6340278 100644 --- a/glitch/analysis/terraform/weak_password_key_policy.py +++ b/glitch/analysis/terraform/weak_password_key_policy.py @@ -5,7 +5,7 @@ class TerraformWeakPasswordKeyPolicy(TerraformSmellChecker): - def check(self, element, file: str, code, au_type = None, parent_name = ""): + def check(self, element, file: str, au_type = None, parent_name = ""): errors = [] if isinstance(element, AtomicUnit): for policy in SecurityVisitor._PASSWORD_KEY_POLICY: