fix(arm): Fix arm resource naming on integration with Prisma (#6870)

* fix file paths
bridgecrewio · Nov 25, 2024 · 24b17b1 · 24b17b1
1 parent f00824c
commit 24b17b1
Show file tree

Hide file tree

Showing 4 changed files with 8 additions and 22 deletions.
diff --git a/checkov/arm/graph_manager.py b/checkov/arm/graph_manager.py
@@ -1,6 +1,5 @@
 from __future__ import annotations
 
-import os
 from typing import TYPE_CHECKING, Any
 
 from checkov.arm.graph_builder.local_graph import ArmLocalGraph
@@ -26,8 +25,7 @@ def build_graph_from_source_directory(
         excluded_paths: list[str] | None = None,
     ) -> tuple[ArmLocalGraph, dict[str, dict[str, Any]]]:
         file_paths = get_scannable_file_paths(root_folder=source_dir, excluded_paths=excluded_paths)
-        filepath_fn = lambda f: f"/{os.path.relpath(f, os.path.commonprefix((source_dir, f)))}"
-        definitions, _, _ = get_files_definitions(files=file_paths, filepath_fn=filepath_fn)
+        definitions, _, _ = get_files_definitions(files=file_paths)
 
         local_graph = self.build_graph_from_definitions(definitions=definitions)
 

diff --git a/checkov/arm/runner.py b/checkov/arm/runner.py
@@ -79,7 +79,6 @@ def run(
         report = Report(self.check_type)
         if not self.context or not self.definitions:
             files_list: "Iterable[str]" = []
-            filepath_fn = None
             if external_checks_dir:
                 for directory in external_checks_dir:
                     arm_resource_registry.load_external_checks(directory)
@@ -91,12 +90,11 @@ def run(
                 files_list = files.copy()
 
             if root_folder:
-                filepath_fn = lambda f: f"/{os.path.relpath(f, os.path.commonprefix((root_folder, f)))}"
                 self.root_folder = root_folder
 
                 files_list = get_scannable_file_paths(root_folder=root_folder, excluded_paths=runner_filter.excluded_paths)
 
-            self.definitions, self.definitions_raw, parsing_errors = get_files_definitions(files_list, filepath_fn)
+            self.definitions, self.definitions_raw, parsing_errors = get_files_definitions(files_list)
             self.context = build_definitions_context(definitions=self.definitions, definitions_raw=self.definitions_raw)
             report.add_parsing_errors(parsing_errors)
 
@@ -130,16 +128,8 @@ def add_python_check_results(self, report: Report, runner_filter: RunnerFilter,
 
         for arm_file in self.definitions.keys():
             self.pbar.set_additional_data({"Current File Scanned": os.path.relpath(arm_file, root_folder)})
-            # There are a few cases here. If -f was used, there could be a leading / because it's an absolute path,
-            # or there will be no leading slash; root_folder will always be none.
-            # If -d is used, root_folder will be the value given, and -f will start with a / (hardcoded above).
-            # The goal here is simply to get a valid path to the file (which arm_file does not always give).
-            if arm_file[0] == "/":
-                path_to_convert = (root_folder + arm_file) if root_folder else arm_file
-            else:
-                path_to_convert = (os.path.join(root_folder, arm_file)) if root_folder else arm_file
-
-            file_abs_path = os.path.abspath(path_to_convert)
+
+            file_abs_path = os.path.abspath(arm_file)
 
             if isinstance(self.definitions[arm_file], dict):
                 arm_context_parser = ContextParser(arm_file, self.definitions[arm_file], self.definitions_raw[arm_file])

diff --git a/checkov/arm/utils.py b/checkov/arm/utils.py
@@ -55,8 +55,7 @@ def create_definitions(
 
     if root_folder:
         file_paths = get_scannable_file_paths(root_folder, runner_filter.excluded_paths)
-        filepath_fn = lambda f: f"/{os.path.relpath(f, os.path.commonprefix((root_folder, f)))}"
-        definitions, definitions_raw, parsing_errors = get_files_definitions(files=file_paths, filepath_fn=filepath_fn)
+        definitions, definitions_raw, parsing_errors = get_files_definitions(files=file_paths)
 
     if parsing_errors:
         logging.warning(f"[arm] found errors while parsing definitions: {parsing_errors}")

diff --git a/tests/arm/runner/test_runner.py b/tests/arm/runner/test_runner.py
@@ -66,7 +66,7 @@ def test_record_relative_path_with_relative_dir(self):
         self.assertGreater(len(all_checks), 0)  # ensure that the assertions below are going to do something
         for record in all_checks:
             # no need to join with a '/' because the CFN runner adds it to the start of the file path
-            self.assertEqual(record.repo_file_path, f'/{dir_rel_path}{record.file_path}')
+            self.assertEqual(record.repo_file_path, f'/{record.file_path}')
 
     def test_record_relative_path_with_abs_dir(self):
 
@@ -88,11 +88,10 @@ def test_record_relative_path_with_abs_dir(self):
         all_checks = report.failed_checks + report.passed_checks
         self.assertGreater(len(all_checks), 0)  # ensure that the assertions below are going to do something
         for record in all_checks:
-            # no need to join with a '/' because the CFN runner adds it to the start of the file path
-            self.assertEqual(record.repo_file_path, f'/{dir_rel_path}{record.file_path}')
+            file_name = record.file_path.split('/')[-1]
+            self.assertEqual(record.repo_file_path, f'/{dir_rel_path}/{file_name}')
 
     def test_record_relative_path_with_relative_file(self):
-
         # test whether the record's repo_file_path is correct, relative to the CWD (with a / at the start).
 
         # this is just constructing the scan dir as normal