"use strict"; exports.id = 895; exports.ids = [895]; exports.modules = { /***/ 33111: /***/ ((__unused_webpack_module, exports, __webpack_require__) => { Object.defineProperty(exports, "__esModule", ({ value: true })); exports.InvalidArgumentError = exports.isIacShareResultsOptions = exports.assertIaCOptionsFlags = exports.UnsupportedEntitlementCommandError = exports.UnsupportedEntitlementFlagError = exports.FlagValueError = exports.FeatureFlagError = exports.FlagError = void 0; const errors_1 = __webpack_require__(55191); const args_1 = __webpack_require__(94765); const error_utils_1 = __webpack_require__(36401); const types_1 = __webpack_require__(94820); const keys = [ 'org', 'debug', 'insecure', 'detectionDepth', 'severityThreshold', 'rules', 'json', 'sarif', 'json-file-output', 'sarif-file-output', 'v', 'version', 'h', 'help', 'q', 'quiet', 'scan', 'report', // Tags and attributes 'tags', 'project-tags', 'project-environment', 'project-lifecycle', 'project-business-criticality', 'target-reference', 'var-file', // PolicyOptions 'ignore-policy', 'policy-path', // Report options 'remote-repo-url', 'target-name', ]; const allowed = new Set(keys); function camelcaseToDash(key) { return key.replace(/[A-Z]/g, (m) => '-' + m.toLowerCase()); } function getFlagName(key) { const dashes = key.length === 1 ? '-' : '--'; const flag = camelcaseToDash(key); return `${dashes}${flag}`; } class FlagError extends errors_1.CustomError { constructor(key) { const flag = getFlagName(key); const msg = `Unsupported flag "${flag}" provided. Run snyk iac test --help for supported flags`; super(msg); this.code = types_1.IaCErrorCodes.FlagError; this.strCode = error_utils_1.getErrorStringCode(this.code); this.userMessage = msg; } } exports.FlagError = FlagError; class FeatureFlagError extends errors_1.CustomError { constructor(key, featureFlag, hasSnykPreview) { const flag = getFlagName(key); let msg; if (hasSnykPreview) { msg = `Flag "${flag}" is only supported if feature flag '${featureFlag}' is enabled. The feature flag can be enabled via Snyk Preview if you are on the Enterprise Plan`; } else { msg = `Flag "${flag}" is only supported if feature flag "${featureFlag}" is enabled. To enable it, please contact Snyk support.`; } super(msg); this.code = types_1.IaCErrorCodes.FeatureFlagError; this.strCode = error_utils_1.getErrorStringCode(this.code); this.userMessage = msg; } } exports.FeatureFlagError = FeatureFlagError; class FlagValueError extends errors_1.CustomError { constructor(key, value) { const flag = getFlagName(key); const msg = `Unsupported value "${value}" provided to flag "${flag}".\nSupported values are: ${SUPPORTED_TF_PLAN_SCAN_MODES.join(', ')}`; super(msg); this.code = types_1.IaCErrorCodes.FlagValueError; this.strCode = error_utils_1.getErrorStringCode(this.code); this.userMessage = msg; } } exports.FlagValueError = FlagValueError; class UnsupportedEntitlementFlagError extends errors_1.CustomError { constructor(key, entitlementName) { const flag = getFlagName(key); super(`Unsupported flag: ${flag} - Missing the ${entitlementName} entitlement`); this.code = types_1.IaCErrorCodes.UnsupportedEntitlementFlagError; this.strCode = error_utils_1.getErrorStringCode(this.code); this.userMessage = `Flag "${flag}" is currently not supported for this org. To enable it, please contact snyk support.`; } } exports.UnsupportedEntitlementFlagError = UnsupportedEntitlementFlagError; class UnsupportedEntitlementCommandError extends errors_1.CustomError { constructor(key, entitlementName) { super(`Unsupported command: ${key} - Missing the ${entitlementName} entitlement`); this.code = types_1.IaCErrorCodes.UnsupportedEntitlementFlagError; this.strCode = error_utils_1.getErrorStringCode(this.code); this.userMessage = `Command "${key}" is currently not supported for this org. To enable it, please contact snyk support.`; } } exports.UnsupportedEntitlementCommandError = UnsupportedEntitlementCommandError; /** * Validates the command line flags passed to the snyk iac test * command. The current argument parsing is very permissive and * allows unknown flags to be provided without validation. * * For snyk iac we need to explicitly validate the flags to avoid * misconfigurations and typos. For example, if the --experimental * flag were to be misspelled we would end up sending the client * data to our backend rather than running it locally as intended. * @param argv command line args passed to the process */ function assertIaCOptionsFlags(argv) { // We process the process.argv so we don't get default values. const parsed = args_1.args(argv); for (const key of Object.keys(parsed.options)) { // The _ property is a special case that contains non // flag strings passed to the command line (usually files) // and `iac` is the command provided. if (key !== '_' && key !== 'iac' && !allowed.has(key)) { throw new FlagError(key); } } if (parsed.options.scan) { assertTerraformPlanModes(parsed.options.scan); } } exports.assertIaCOptionsFlags = assertIaCOptionsFlags; const SUPPORTED_TF_PLAN_SCAN_MODES = [ types_1.TerraformPlanScanMode.DeltaScan, types_1.TerraformPlanScanMode.FullScan, ]; function assertTerraformPlanModes(scanModeArgValue) { if (!SUPPORTED_TF_PLAN_SCAN_MODES.includes(scanModeArgValue)) { throw new FlagValueError('scan', scanModeArgValue); } } function isIacShareResultsOptions(options) { return options.iac && options.report; } exports.isIacShareResultsOptions = isIacShareResultsOptions; class InvalidArgumentError extends errors_1.CustomError { constructor(key) { const flag = getFlagName(key); const msg = `Invalid argument provided to flag "${flag}". Value must be a string`; super(msg); this.code = types_1.IaCErrorCodes.InvalidArgumentError; this.strCode = error_utils_1.getErrorStringCode(this.code); this.userMessage = msg; } } exports.InvalidArgumentError = InvalidArgumentError; /***/ }), /***/ 36401: /***/ ((__unused_webpack_module, exports, __webpack_require__) => { Object.defineProperty(exports, "__esModule", ({ value: true })); exports.getErrorStringCode = void 0; const types_1 = __webpack_require__(94820); function getErrorStringCode(code) { const errorName = types_1.IaCErrorCodes[code]; if (!errorName) { return 'INVALID_IAC_ERROR'; } let result = errorName.replace(/([A-Z])/g, '_$1'); if (result.charAt(0) === '_') { result = result.substring(1); } return result.toUpperCase(); } exports.getErrorStringCode = getErrorStringCode; /***/ }), /***/ 11693: /***/ ((__unused_webpack_module, exports, __webpack_require__) => { Object.defineProperty(exports, "__esModule", ({ value: true })); exports.FailedToGetIacOrgSettingsError = exports.getIacOrgSettings = void 0; const types_1 = __webpack_require__(94820); const config_1 = __webpack_require__(25425); const is_ci_1 = __webpack_require__(10090); const api_token_1 = __webpack_require__(95181); const request_1 = __webpack_require__(52050); const errors_1 = __webpack_require__(55191); const error_utils_1 = __webpack_require__(36401); function getIacOrgSettings(publicOrgId) { const payload = { method: 'get', url: config_1.default.API + '/iac-org-settings', json: true, qs: { org: publicOrgId }, headers: { 'x-is-ci': is_ci_1.isCI(), authorization: api_token_1.getAuthHeader(), }, }; return new Promise((resolve, reject) => { request_1.makeRequest(payload, (error, res) => { if (error) { return reject(error); } if (res.statusCode < 200 || res.statusCode > 299) { return reject(new FailedToGetIacOrgSettingsError()); } resolve(res.body); }); }); } exports.getIacOrgSettings = getIacOrgSettings; class FailedToGetIacOrgSettingsError extends errors_1.CustomError { constructor(message) { super(message || 'Failed to fetch IaC organization settings'); this.code = types_1.IaCErrorCodes.FailedToGetIacOrgSettingsError; this.strCode = error_utils_1.getErrorStringCode(this.code); this.userMessage = 'We failed to fetch your organization settings, including custom severity overrides for infrastructure-as-code policies. Please run the command again with the `-d` flag and contact support@snyk.io with the contents of the output.'; } } exports.FailedToGetIacOrgSettingsError = FailedToGetIacOrgSettingsError; /***/ }), /***/ 47658: /***/ ((__unused_webpack_module, exports, __webpack_require__) => { Object.defineProperty(exports, "__esModule", ({ value: true })); exports.DescribeExclusiveArgumentError = void 0; const custom_error_1 = __webpack_require__(17188); const drift_1 = __webpack_require__(26445); class DescribeExclusiveArgumentError extends custom_error_1.CustomError { constructor() { super('Please use only one of these arguments: ' + drift_1.DescribeExclusiveArgs.join(', ')); } } exports.DescribeExclusiveArgumentError = DescribeExclusiveArgumentError; /***/ }), /***/ 37541: /***/ ((__unused_webpack_module, exports, __webpack_require__) => { Object.defineProperty(exports, "__esModule", ({ value: true })); exports.DescribeRequiredArgumentError = void 0; const custom_error_1 = __webpack_require__(17188); const chalk_1 = __webpack_require__(32589); class DescribeRequiredArgumentError extends custom_error_1.CustomError { constructor() { super(chalk_1.default.red('Describe command require one of these arguments:\n' + ' --only-unmanaged: Report resources not under Terraform control\n' + ' --only-managed: Report resources from Terraform states that changed (may take a while)\n' + ' --all: Scan for managed and unmanaged resources (may take a while)')); } } exports.DescribeRequiredArgumentError = DescribeRequiredArgumentError; /***/ }), /***/ 24030: /***/ ((__unused_webpack_module, exports) => { Object.defineProperty(exports, "__esModule", ({ value: true })); exports.default = ``; /***/ }), /***/ 19679: /***/ ((__unused_webpack_module, exports) => { Object.defineProperty(exports, "__esModule", ({ value: true })); exports.default = ``; /***/ }), /***/ 26445: /***/ ((__unused_webpack_module, exports, __webpack_require__) => { Object.defineProperty(exports, "__esModule", ({ value: true })); exports.processHTMLOutput = exports.processAnalysis = exports.updateExcludeInPolicy = exports.driftignoreFromPolicy = exports.parseDriftAnalysisResults = exports.validateArgs = exports.DescribeRequiredArgs = exports.DescribeExclusiveArgs = void 0; const fs = __webpack_require__(35747); const describe_exclusive_argument_error_1 = __webpack_require__(47658); const describe_required_argument_error_1 = __webpack_require__(37541); const snyk_logo_1 = __webpack_require__(19679); const snyk_favicon_1 = __webpack_require__(24030); const output_1 = __webpack_require__(55659); const driftctl_1 = __webpack_require__(3659); exports.DescribeExclusiveArgs = [ 'all', 'only-managed', 'drift', 'only-unmanaged', ]; exports.DescribeRequiredArgs = [ 'all', 'only-managed', 'drift', 'only-unmanaged', ]; exports.validateArgs = (options) => { if (options.kind === 'describe') { return validateDescribeArgs(options); } }; const validateDescribeArgs = (options) => { // Check that there is no more than one of the exclusive arguments let count = 0; for (const describeExclusiveArg of exports.DescribeExclusiveArgs) { if (options[describeExclusiveArg]) { count++; } } if (count > 1) { throw new describe_exclusive_argument_error_1.DescribeExclusiveArgumentError(); } // Check we have one of the required arguments count = 0; for (const describeRequiredArgs of exports.DescribeRequiredArgs) { if (options[describeRequiredArgs]) { count++; } } if (count === 0) { throw new describe_required_argument_error_1.DescribeRequiredArgumentError(); } }; exports.parseDriftAnalysisResults = (input) => { return JSON.parse(input); }; function driftignoreFromPolicy(policy) { const excludeSection = 'iac-drift'; if (!policy || !policy.exclude || !(excludeSection in policy.exclude)) { return []; } return policy.exclude[excludeSection]; } exports.driftignoreFromPolicy = driftignoreFromPolicy; exports.updateExcludeInPolicy = (policy, analysis, options) => { var _a, _b, _c; const excludedResources = driftignoreFromPolicy(policy); const addResource = (res) => excludedResources.push(`${res.type}.${res.id}`); if (!options['exclude-changed'] && analysis.summary.total_changed > 0) { (_a = analysis.differences) === null || _a === void 0 ? void 0 : _a.forEach((change) => addResource(change.res)); } if (!options['exclude-missing'] && analysis.summary.total_missing > 0) { (_b = analysis.missing) === null || _b === void 0 ? void 0 : _b.forEach((res) => addResource(res)); } if (!options['exclude-unmanaged'] && analysis.summary.total_unmanaged > 0) { (_c = analysis.unmanaged) === null || _c === void 0 ? void 0 : _c.forEach((res) => addResource(res)); } if (!policy.exclude) { policy.exclude = {}; } policy.exclude['iac-drift'] = excludedResources; }; async function processAnalysis(options, describe) { if (options.html || options['html-file-output']) { // we use fmt for html output const fmtResult = await driftctl_1.runDriftCTL({ options: { ...options, kind: 'fmt' }, input: describe.stdout, }); const output = processHTMLOutput(options, fmtResult.stdout); if (options.html) { // html on stdout return output; } // should return an empty string if we use the html-file-output flag return ''; } if (options.json) { // json on stdout return describe.stdout; } const analysis = exports.parseDriftAnalysisResults(describe.stdout); return output_1.getHumanReadableAnalysis(options, analysis); } exports.processAnalysis = processAnalysis; function processHTMLOutput(options, stdout) { if (options.html) { stdout = rebrandHTMLOutput(stdout); } if (options['html-file-output']) { const data = fs.readFileSync(options['html-file-output'], { encoding: 'utf8', }); fs.writeFileSync(options['html-file-output'], rebrandHTMLOutput(data)); } return stdout; } exports.processHTMLOutput = processHTMLOutput; function rebrandHTMLOutput(data) { // Replace favicon const faviconReplaceRegex = new RegExp('()', 'g'); data = data.replace(faviconReplaceRegex, ``); // Replace HTML title const titleReplaceRegex = new RegExp('()(.*)(<\\/title>)', 'g'); data = data.replace(titleReplaceRegex, `<title>Snyk IaC drift report`); // Replace header brand logo const logoReplaceRegex = new RegExp('(