sort misconfs

Signed-off-by: Simar <[email protected]>
aquasecurity · Apr 6, 2023 · c5869b5 · c5869b5
1 parent 6a435df
commit c5869b5
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 26 deletions.
diff --git a/pkg/fanal/artifact/local/fs_test.go b/pkg/fanal/artifact/local/fs_test.go
@@ -445,7 +445,7 @@ func TestTerraformMisconfigurationScan(t *testing.T) {
 						Misconfigurations: []types.Misconfiguration{
 							{
 								FileType: "terraform",
-								FilePath: getAbsCleanPath("testdata/misconfig/terraform/multiple-failures/src/main.tf"),
+								FilePath: getAbsCleanPath("testdata/misconfig/terraform/multiple-failures/src/more.tf"),
 								Failures: types.MisconfResults{
 									{
 										Namespace: "user.something",
@@ -462,13 +462,19 @@ func TestTerraformMisconfigurationScan(t *testing.T) {
 											References:         []string{"https://trivy.dev/"},
 										},
 										CauseMetadata: types.CauseMetadata{
-											Resource:  "aws_s3_bucket.one",
+											Resource:  "aws_s3_bucket.three",
 											Provider:  "Generic",
 											Service:   "general",
 											StartLine: 1,
 											EndLine:   3,
 										},
 									},
+								},
+							},
+							{
+								FileType: "terraform",
+								FilePath: getAbsCleanPath("testdata/misconfig/terraform/multiple-failures/src/main.tf"),
+								Failures: types.MisconfResults{
 									{
 										Namespace: "user.something",
 										Query:     "data.user.something.deny",
@@ -484,19 +490,13 @@ func TestTerraformMisconfigurationScan(t *testing.T) {
 											References:         []string{"https://trivy.dev/"},
 										},
 										CauseMetadata: types.CauseMetadata{
-											Resource:  "aws_s3_bucket.two",
+											Resource:  "aws_s3_bucket.one",
 											Provider:  "Generic",
 											Service:   "general",
-											StartLine: 5,
-											EndLine:   7,
+											StartLine: 1,
+											EndLine:   3,
 										},
 									},
-								},
-							},
-							{
-								FileType: "terraform",
-								FilePath: getAbsCleanPath("testdata/misconfig/terraform/multiple-failures/src/more.tf"),
-								Failures: types.MisconfResults{
 									{
 										Namespace: "user.something",
 										Query:     "data.user.something.deny",
@@ -512,11 +512,11 @@ func TestTerraformMisconfigurationScan(t *testing.T) {
 											References:         []string{"https://trivy.dev/"},
 										},
 										CauseMetadata: types.CauseMetadata{
-											Resource:  "aws_s3_bucket.three",
+											Resource:  "aws_s3_bucket.two",
 											Provider:  "Generic",
 											Service:   "general",
-											StartLine: 1,
-											EndLine:   3,
+											StartLine: 5,
+											EndLine:   7,
 										},
 									},
 								},
@@ -1749,8 +1749,8 @@ func TestMixedConfigurationScan(t *testing.T) {
 						SchemaVersion: 2,
 						Misconfigurations: []types.Misconfiguration{
 							{
-								FileType: "terraform",
-								FilePath: getAbsCleanPath("testdata/misconfig/mixed/src/main.tf"),
+								FileType: "cloudformation",
+								FilePath: "main.yaml",
 								Failures: types.MisconfResults{
 									{
 										Namespace: "user.something",
@@ -1759,26 +1759,26 @@ func TestMixedConfigurationScan(t *testing.T) {
 										PolicyMetadata: types.PolicyMetadata{
 											ID:                 "TEST001",
 											AVDID:              "AVD-TEST-0001",
-											Type:               "Terraform Security Check",
+											Type:               "CloudFormation Security Check",
 											Title:              "Test policy",
 											Description:        "This is a test policy.",
 											Severity:           "LOW",
 											RecommendedActions: "Have a cup of tea.",
 											References:         []string{"https://trivy.dev/"},
 										},
 										CauseMetadata: types.CauseMetadata{
-											Resource:  "aws_s3_bucket.asd",
+											Resource:  "main.yaml:3-6",
 											Provider:  "Generic",
 											Service:   "general",
-											StartLine: 1,
-											EndLine:   3,
+											StartLine: 3,
+											EndLine:   6,
 										},
 									},
 								},
 							},
 							{
-								FileType: "cloudformation",
-								FilePath: "main.yaml",
+								FileType: "terraform",
+								FilePath: getAbsCleanPath("testdata/misconfig/mixed/src/main.tf"),
 								Failures: types.MisconfResults{
 									{
 										Namespace: "user.something",
@@ -1787,19 +1787,19 @@ func TestMixedConfigurationScan(t *testing.T) {
 										PolicyMetadata: types.PolicyMetadata{
 											ID:                 "TEST001",
 											AVDID:              "AVD-TEST-0001",
-											Type:               "CloudFormation Security Check",
+											Type:               "Terraform Security Check",
 											Title:              "Test policy",
 											Description:        "This is a test policy.",
 											Severity:           "LOW",
 											RecommendedActions: "Have a cup of tea.",
 											References:         []string{"https://trivy.dev/"},
 										},
 										CauseMetadata: types.CauseMetadata{
-											Resource:  "main.yaml:3-6",
+											Resource:  "aws_s3_bucket.asd",
 											Provider:  "Generic",
 											Service:   "general",
-											StartLine: 3,
-											EndLine:   6,
+											StartLine: 1,
+											EndLine:   3,
 										},
 									},
 								},

diff --git a/pkg/fanal/handler/misconf/misconf.go b/pkg/fanal/handler/misconf/misconf.go
@@ -3,6 +3,8 @@ package misconf
 import (
 	"context"
 	_ "embed"
+	"sort"
+	"strings"
 
 	"golang.org/x/xerrors"
 
@@ -45,6 +47,13 @@ func (h misconfPostHandler) Handle(ctx context.Context, result *analyzer.Analysi
 		return xerrors.Errorf("misconfiguration scan error: %w", err)
 	}
 
+	sort.Slice(misconfs, func(i, j int) bool {
+		if strings.Compare(misconfs[i].FilePath, misconfs[j].FilePath) > 0 {
+			return true
+		}
+		return false
+	})
+
 	blob.Misconfigurations = misconfs
 
 	return nil