chore: bump to latest defsec (#1548)

ARCHITECTURE.md

@@ -31,7 +31,7 @@ Code to support running in the CLI, including flags, output settings etc.
 
 ### Parser
 
-Can be found in [trivy-config-parsers](https://github.com/aquasecurity/trivy-config-parsers).
+Can be found in [defsec/parsers](https://github.com/aquasecurity/defsec/parsers).
 
 Takes plaintext Terraform HCL templates as input and produces logical abstractions from the `internal/pkg/block` package. Returns a slice of *modules* which in turn contain blocks which can contain other blocks, which can in turn ultimately contain attributes, as is the HCL format. Each of the abstractions for these concepts has many utility methods.
 

CONTRIBUTING.md

@@ -104,7 +104,7 @@ Fill out the `rules.Rule` struct with appropriate information. The fields are de
 | Field            | Description |
 | ---------------- | ----------- |
 | AVDID            | This is a unique ID that identifies the rule not just within DefSec, but within the [AVD](https://avd.aquasec.com/). The ID is composed of the prefix `AVD-`, three letters representing the provider in capitals e.g. `AWS`, another `-`, and then a 4-digit, zero-padded number. For example: `AVD-AWS-0086`. The easiest way to assign a new AVD ID is to run `grep -r "AVD-" . | grep AVDID | awk -F'"' '{print $2}' | sort -u` to find the highest number for your provider and increment it by one.
-| Provider         | You can set this using a constant from the `provider` package, listed [here](https://github.com/aquasecurity/defsec/blob/master/provider/provider.go#L8-L21)
+| Provider         | You can set this using a constant from the `provider` package, listed [here](https://github.com/aquasecurity/defsec/blob/master/provider/providers.go#L8-L21)
 | Service          | A string representing the service your rule relates to (lower-case), e.g. `s3`. This will generally match the package your rule is inside.
 | ShortCode        | This is a human-readable identifier for your check that uniquely describes it within the provider and service. e.g. `block-public-acls`
 | Summary          | A short paragraph that summarises what best-practice the rule is trying to enforce. e.g. *Data stored in service X should be encrypted at rest*

cmd/tfsec-checkgen/main.go

@@ -9,10 +9,10 @@ import (
 	"strings"
 
 	"github.com/AlecAivazis/survey/v2"
+	"github.com/aquasecurity/defsec/parsers/terraform/parser"
 	"github.com/aquasecurity/defsec/rules"
 	"github.com/aquasecurity/tfsec/internal/pkg/custom"
 	"github.com/aquasecurity/tfsec/internal/pkg/executor"
-	"github.com/aquasecurity/trivy-config-parsers/terraform/parser"
 	"github.com/spf13/cobra"
 )
 

cmd/tfsec-docs/webpage.go

@@ -6,7 +6,7 @@ import (
 	"strings"
 	"text/template"
 
-	"github.com/aquasecurity/defsec/provider"
+	"github.com/aquasecurity/defsec/providers"
 )
 
 const (
@@ -103,7 +103,7 @@ func formatProviderName(providerName string) string {
 	if providerName == "digitalocean" {
 		providerName = "digital ocean"
 	}
-	return provider.Provider(providerName).DisplayName()
+	return providers.Provider(providerName).DisplayName()
 }
 
 func generateWebPage(webProviderPath string, r templateObject) error {

go.mod

@@ -4,8 +4,7 @@ go 1.17
 
 require (
 	github.com/AlecAivazis/survey/v2 v2.3.2
-	github.com/aquasecurity/defsec v0.11.0
-	github.com/aquasecurity/trivy-config-parsers v0.0.2
+	github.com/aquasecurity/defsec v0.12.0
 	github.com/hashicorp/go-version v1.4.0
 	github.com/inconshreveable/go-update v0.0.0-20160112193335-8152e7eb6ccf
 	github.com/liamg/clinch v1.5.6
@@ -39,8 +38,8 @@ require (
 	github.com/inconshreveable/mousetrap v1.0.0 // indirect
 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
 	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect
-	github.com/liamg/iamgo v0.0.5 // indirect
-	github.com/liamg/jfather v0.0.5 // indirect
+	github.com/liamg/iamgo v0.0.6 // indirect
+	github.com/liamg/jfather v0.0.7 // indirect
 	github.com/lucasb-eyer/go-colorful v1.0.3 // indirect
 	github.com/mattn/go-colorable v0.1.12 // indirect
 	github.com/mattn/go-isatty v0.0.14 // indirect

go.sum

@@ -79,10 +79,8 @@ github.com/apparentlymart/go-textseg v1.0.0 h1:rRmlIsPEEhUTIKQb7T++Nz/A5Q6C9IuX2
 github.com/apparentlymart/go-textseg v1.0.0/go.mod h1:z96Txxhf3xSFMPmb5X/1W05FF/Nj9VFpLOpjS5yuumk=
 github.com/apparentlymart/go-textseg/v13 v13.0.0 h1:Y+KvPE1NYz0xl601PVImeQfFyEy6iT90AvPUL1NNfNw=
 github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo=
-github.com/aquasecurity/defsec v0.11.0 h1:i7cc960N6AeJEV7dCyfZqHWASuY7iGsGOc6GRXjzorQ=
-github.com/aquasecurity/defsec v0.11.0/go.mod h1:MM+LWmcHUeHjKwRHM0fJBvUNDqK/4u3H79wGfgMx3Ls=
-github.com/aquasecurity/trivy-config-parsers v0.0.2 h1:WU9Sz7JSxUrof1qr2Q4EKA/GSPb9Ht88qlCZaKxFy9g=
-github.com/aquasecurity/trivy-config-parsers v0.0.2/go.mod h1:PEfKH2Uuim1Qa8YAMQSn84JsBzPlEbBlm3PjI/9rlNU=
+github.com/aquasecurity/defsec v0.12.0 h1:hHpfHP4rCHjE4wgt+I8hmMBraZ5vCiUPtWpYWqb1XDM=
+github.com/aquasecurity/defsec v0.12.0/go.mod h1:ePT+j44TFfUwgIZ6yx5FPHgYk2aTXAqsMf/WnE78ujg=
 github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
 github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
 github.com/armon/go-metrics v0.3.10/go.mod h1:4O98XIr/9W0sxpJ8UaYkvjk10Iff7SnFrb4QAOwNTFc=
@@ -358,11 +356,10 @@ github.com/liamg/clinch v1.5.6 h1:cgv8uUroVWW+d23Gfee3v0/bSOKy9d4vUWFlMeNoNS8=
 github.com/liamg/clinch v1.5.6/go.mod h1:IXM+nLBuZ5sOQAYYf9+G51nkaA0WY9cszxE5nPXexhE=
 github.com/liamg/gifwrap v0.0.6 h1:U6wiiwViOEPoIvivVzgeM3CsOi1vpvmcR1+l5vzyR1s=
 github.com/liamg/gifwrap v0.0.6/go.mod h1:oW1r2vIWLYyxW+U0io7YbpPSDIJ79FTlZ+hPnXFLW6E=
-github.com/liamg/iamgo v0.0.5 h1:C5I/sxmwIyef3FnPYf3iwF5IIK9zevFmjaKWiT/chGE=
-github.com/liamg/iamgo v0.0.5/go.mod h1:esUin2ui3vX8YjLco+cU5Q04UNcecnslHWNlY3TC0rs=
-github.com/liamg/jfather v0.0.2/go.mod h1:xXBGiBoiZ6tmHhfy5Jzw8sugzajwYdi6VosIpB3/cPM=
-github.com/liamg/jfather v0.0.5 h1:pH0ZGUSJD//nA8yYozSssvoYCpUkxvi+O/nOXFk0rb4=
-github.com/liamg/jfather v0.0.5/go.mod h1:xXBGiBoiZ6tmHhfy5Jzw8sugzajwYdi6VosIpB3/cPM=
+github.com/liamg/iamgo v0.0.6 h1:VUzOnf39c7QYQfXzOr9upTmIqikmipqu1AvSIoX36PQ=
+github.com/liamg/iamgo v0.0.6/go.mod h1:Kk6ZxBF/GQqG9nnaUjIi6jf+WXNpeOTyhwc6gnguaZQ=
+github.com/liamg/jfather v0.0.7 h1:Xf78zS263yfT+xr2VSo6+kyAy4ROlCacRqJG7s5jt4k=
+github.com/liamg/jfather v0.0.7/go.mod h1:xXBGiBoiZ6tmHhfy5Jzw8sugzajwYdi6VosIpB3/cPM=
 github.com/liamg/tml v0.3.0/go.mod h1:0h4EAV/zBOsqI91EWONedjRpO8O0itjGJVd+wG5eC+E=
 github.com/liamg/tml v0.6.0 h1:yOC/Q9p9Io3J11U9LdYVIwpRTnTE1GPMNFLrygkmE2Y=
 github.com/liamg/tml v0.6.0/go.mod h1:0h4EAV/zBOsqI91EWONedjRpO8O0itjGJVd+wG5eC+E=

internal/app/tfsec/cmd/output.go

@@ -11,7 +11,7 @@ import (
 	"github.com/aquasecurity/tfsec/pkg/scanner"
 
 	"github.com/aquasecurity/defsec/formatters"
-	"github.com/aquasecurity/defsec/provider"
+	"github.com/aquasecurity/defsec/providers"
 	"github.com/aquasecurity/defsec/rules"
 	"github.com/aquasecurity/tfsec/version"
 	"github.com/liamg/tml"
@@ -49,7 +49,7 @@ func gatherLinks(result rules.Result) []string {
 	}
 
 	var docsLink []string
-	if result.Rule().Provider == provider.CustomProvider {
+	if result.Rule().Provider == providers.CustomProvider {
 		docsLink = result.Rule().Links
 	} else {
 		docsLink = []string{

internal/pkg/custom/complex_checks.go

@@ -3,7 +3,7 @@ package custom
 import (
 	"fmt"
 
-	"github.com/aquasecurity/trivy-config-parsers/terraform"
+	"github.com/aquasecurity/defsec/parsers/terraform"
 )
 
 func checkTags(block *terraform.Block, spec *MatchSpec, customCtx *customContext) bool {
@@ -18,9 +18,9 @@ func checkTags(block *terraform.Block, spec *MatchSpec, customCtx *customContext
 
 	var alias string
 	if block.HasChild("provider") {
-		aliasRef, err := block.GetAttribute("provider").SingleReference()
-		if err == nil {
-			alias = aliasRef.String()
+		aliasRef := block.GetAttribute("provider").AllReferences()
+		if len(aliasRef) > 0 {
+			alias = aliasRef[0].String()
 		}
 	}
 

internal/pkg/custom/custom_context.go

@@ -1,6 +1,6 @@
 package custom
 
-import "github.com/aquasecurity/trivy-config-parsers/terraform"
+import "github.com/aquasecurity/defsec/parsers/terraform"
 
 type customCheckVariables map[string]string
 

internal/pkg/custom/multiple_submatches_test.go

@@ -3,8 +3,8 @@ package custom
 import (
 	"testing"
 
+	"github.com/aquasecurity/defsec/providers"
 	"github.com/aquasecurity/defsec/rules"
-	"github.com/aquasecurity/tfsec/pkg/provider"
 
 	"github.com/stretchr/testify/assert"
 )
@@ -93,7 +93,7 @@ resource "aws_instance" "bastion" {
 func filterCustomResults(scanResults []rules.Result) []rules.Result {
 	var customResults []rules.Result
 	for _, result := range scanResults {
-		if result.Rule().Provider.DisplayName() == provider.CustomProvider.DisplayName() {
+		if result.Rule().Provider.DisplayName() == providers.CustomProvider.DisplayName() {
 			customResults = append(customResults, result)
 		}
 	}

internal/pkg/custom/processing.go

@@ -8,11 +8,11 @@ import (
 	"github.com/zclconf/go-cty/cty"
 	"github.com/zclconf/go-cty/cty/gocty"
 
-	"github.com/aquasecurity/defsec/provider"
+	"github.com/aquasecurity/defsec/parsers/terraform"
+	"github.com/aquasecurity/defsec/providers"
 	"github.com/aquasecurity/defsec/rules"
 	"github.com/aquasecurity/tfsec/internal/pkg/executor"
 	"github.com/aquasecurity/tfsec/pkg/rule"
-	"github.com/aquasecurity/trivy-config-parsers/terraform"
 )
 
 var matchFunctions = map[CheckAction]func(*terraform.Block, *MatchSpec, *customContext) bool{
@@ -240,7 +240,7 @@ func ProcessFoundChecks(checks ChecksFile) {
 						Summary:    customCheck.Description,
 						Impact:     customCheck.Impact,
 						Resolution: customCheck.Resolution,
-						Provider:   provider.CustomProvider,
+						Provider:   providers.CustomProvider,
 						Links:      customCheck.RelatedLinks,
 						Severity:   customCheck.Severity,
 					},

internal/pkg/custom/processing_test.go

@@ -11,9 +11,9 @@ import (
 
 	"github.com/aquasecurity/defsec/rules"
 
+	"github.com/aquasecurity/defsec/parsers/terraform"
+	"github.com/aquasecurity/defsec/parsers/terraform/parser"
 	"github.com/aquasecurity/tfsec/internal/pkg/executor"
-	"github.com/aquasecurity/trivy-config-parsers/terraform"
-	"github.com/aquasecurity/trivy-config-parsers/terraform/parser"
 	"github.com/stretchr/testify/assert"
 )
 

internal/pkg/executor/executor.go

@@ -13,9 +13,9 @@ import (
 	"github.com/aquasecurity/defsec/severity"
 
 	adapter "github.com/aquasecurity/defsec/adapters/terraform"
+	"github.com/aquasecurity/defsec/parsers/terraform"
 	"github.com/aquasecurity/defsec/rules"
 	"github.com/aquasecurity/tfsec/internal/pkg/legacy"
-	"github.com/aquasecurity/trivy-config-parsers/terraform"
 )
 
 // Executor scans HCL blocks by running all registered rules against them

internal/pkg/executor/pool.go

@@ -5,10 +5,10 @@ import (
 	runtimeDebug "runtime/debug"
 	"sync"
 
+	"github.com/aquasecurity/defsec/parsers/terraform"
 	"github.com/aquasecurity/defsec/rules"
 	"github.com/aquasecurity/defsec/state"
 	"github.com/aquasecurity/tfsec/pkg/rule"
-	"github.com/aquasecurity/trivy-config-parsers/terraform"
 )
 
 type Pool struct {

internal/pkg/rules/general/secrets/sensitive_in_attribute_rule.go

@@ -5,7 +5,7 @@ import (
 	"github.com/aquasecurity/defsec/rules/general/secrets"
 	"github.com/zclconf/go-cty/cty"
 
-	"github.com/aquasecurity/trivy-config-parsers/terraform"
+	"github.com/aquasecurity/defsec/parsers/terraform"
 
 	"github.com/aquasecurity/tfsec/pkg/rule"
 

internal/pkg/rules/general/secrets/sensitive_in_attribute_value_rule.go

@@ -1,12 +1,12 @@
 package secrets
 
 import (
+	"github.com/aquasecurity/defsec/parsers/terraform"
 	"github.com/aquasecurity/defsec/rules"
 	"github.com/aquasecurity/defsec/rules/general/secrets"
 	"github.com/aquasecurity/tfsec/internal/pkg/executor"
 	"github.com/aquasecurity/tfsec/internal/pkg/security"
 	"github.com/aquasecurity/tfsec/pkg/rule"
-	"github.com/aquasecurity/trivy-config-parsers/terraform"
 )
 
 func init() {

internal/pkg/rules/general/secrets/sensitive_in_local_rule.go

@@ -4,11 +4,11 @@ import (
 	"github.com/aquasecurity/defsec/rules/general/secrets"
 	"github.com/zclconf/go-cty/cty"
 
+	"github.com/aquasecurity/defsec/parsers/terraform"
 	"github.com/aquasecurity/defsec/rules"
 	"github.com/aquasecurity/tfsec/internal/pkg/executor"
 	"github.com/aquasecurity/tfsec/internal/pkg/security"
 	"github.com/aquasecurity/tfsec/pkg/rule"
-	"github.com/aquasecurity/trivy-config-parsers/terraform"
 )
 
 func init() {

internal/pkg/rules/general/secrets/sensitive_in_variable_rule.go

@@ -3,9 +3,9 @@ package secrets
 import (
 	"github.com/zclconf/go-cty/cty"
 
+	"github.com/aquasecurity/defsec/parsers/terraform"
 	"github.com/aquasecurity/defsec/rules"
 	"github.com/aquasecurity/defsec/rules/general/secrets"
-	"github.com/aquasecurity/trivy-config-parsers/terraform"
 
 	"github.com/aquasecurity/tfsec/pkg/rule"
 

internal/pkg/testutil/util.go

@@ -4,11 +4,11 @@ import (
 	"path/filepath"
 	"testing"
 
+	"github.com/aquasecurity/defsec/parsers/terraform"
+	"github.com/aquasecurity/defsec/parsers/terraform/parser"
 	"github.com/aquasecurity/defsec/rules"
 	"github.com/aquasecurity/tfsec/internal/pkg/executor"
 	"github.com/aquasecurity/tfsec/internal/pkg/testutil/filesystem"
-	"github.com/aquasecurity/trivy-config-parsers/terraform"
-	"github.com/aquasecurity/trivy-config-parsers/terraform/parser"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )

pkg/rule/check.go

@@ -6,9 +6,9 @@ import (
 	"path/filepath"
 	"strings"
 
+	"github.com/aquasecurity/defsec/parsers/terraform"
 	"github.com/aquasecurity/defsec/rules"
 	"github.com/aquasecurity/defsec/state"
-	"github.com/aquasecurity/trivy-config-parsers/terraform"
 )
 
 func (r *Rule) CheckAgainstState(s *state.State) rules.Results {

pkg/rule/check_test.go

@@ -5,10 +5,10 @@ import (
 	"path/filepath"
 	"testing"
 
+	"github.com/aquasecurity/defsec/parsers/terraform"
+	"github.com/aquasecurity/defsec/parsers/terraform/parser"
 	"github.com/aquasecurity/defsec/rules"
 	"github.com/aquasecurity/tfsec/internal/pkg/testutil/filesystem"
-	"github.com/aquasecurity/trivy-config-parsers/terraform"
-	"github.com/aquasecurity/trivy-config-parsers/terraform/parser"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )

pkg/rule/rule.go

@@ -1,8 +1,8 @@
 package rule
 
 import (
+	"github.com/aquasecurity/defsec/parsers/terraform"
 	"github.com/aquasecurity/defsec/rules"
-	"github.com/aquasecurity/trivy-config-parsers/terraform"
 )
 
 // Rule is a targeted security test which can be applied to terraform templates. It includes the types to run on e.g.

pkg/scanner/options.go

@@ -8,8 +8,8 @@ import (
 
 	"github.com/aquasecurity/defsec/rules"
 
+	"github.com/aquasecurity/defsec/parsers/terraform/parser"
 	"github.com/aquasecurity/tfsec/internal/pkg/executor"
-	"github.com/aquasecurity/trivy-config-parsers/terraform/parser"
 )
 
 type Option func(s *Scanner)

pkg/scanner/scanner.go

@@ -15,10 +15,9 @@ import (
 
 	"github.com/aquasecurity/tfsec/internal/pkg/config"
 
+	"github.com/aquasecurity/defsec/parsers/terraform/parser"
 	"github.com/aquasecurity/defsec/rules"
-
 	"github.com/aquasecurity/tfsec/internal/pkg/executor"
-	"github.com/aquasecurity/trivy-config-parsers/terraform/parser"
 )
 
 type Scanner struct {

test/attribute_test.go

@@ -3,7 +3,7 @@ package test
 import (
 	"testing"
 
-	"github.com/aquasecurity/trivy-config-parsers/terraform"
+	"github.com/aquasecurity/defsec/parsers/terraform"
 
 	"github.com/aquasecurity/tfsec/internal/pkg/testutil"