diff --git a/pkg/commands/artifact/run.go b/pkg/commands/artifact/run.go index 4f8be6e1d911..da3b86c0e8b9 100644 --- a/pkg/commands/artifact/run.go +++ b/pkg/commands/artifact/run.go @@ -603,6 +603,8 @@ func initScannerConfig(opts flag.Options, cacheClient cache.Cache) (ScannerConfi HelmValueFiles: opts.HelmValueFiles, HelmFileValues: opts.HelmFileValues, HelmStringValues: opts.HelmStringValues, + HelmAPIVersions: opts.HelmAPIVersions, + HelmKubeVersion: opts.HelmKubeVersion, TerraformTFVars: opts.TerraformTFVars, CloudFormationParamVars: opts.CloudFormationParamVars, K8sVersion: opts.K8sVersion, diff --git a/pkg/dependency/parser/golang/mod/testdata/replaced-with-local-path-and-version-mismatch/go.sum b/pkg/dependency/parser/golang/mod/testdata/replaced-with-local-path-and-version-mismatch/go.sum index 3d1d7c0e3913..8a219a39d474 100644 --- a/pkg/dependency/parser/golang/mod/testdata/replaced-with-local-path-and-version-mismatch/go.sum +++ b/pkg/dependency/parser/golang/mod/testdata/replaced-with-local-path-and-version-mismatch/go.sum @@ -50,6 +50,7 @@ golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgw golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= diff --git a/pkg/flag/misconf_flags.go b/pkg/flag/misconf_flags.go index 492960b60ff9..f88a7a767e92 100644 --- a/pkg/flag/misconf_flags.go +++ b/pkg/flag/misconf_flags.go @@ -45,6 +45,16 @@ var ( ConfigName: "misconfiguration.helm.set-string", Usage: "specify Helm string values on the command line (can specify multiple or separate values with commas: key1=val1,key2=val2)", } + HelmAPIVersionsFlag = Flag[[]string]{ + Name: "helm-api-versions", + ConfigName: "misconfiguration.helm.api-versions", + Usage: "specify Helm Kubernetes api-version used for Capabilities.APIVersions (can specify multiple or separate values with commas: policy/v1/PodDisruptionBudget,apps/v1/Deployment)", + } + HelmKubeVersionFlag = Flag[string]{ + Name: "helm-kube-version", + ConfigName: "misconfiguration.helm.kube-version", + Usage: "specify Helm kubernetes version", + } TfVarsFlag = Flag[[]string]{ Name: "tf-vars", ConfigName: "misconfiguration.terraform.vars", @@ -86,6 +96,8 @@ type MisconfFlagGroup struct { HelmValueFiles *Flag[[]string] HelmFileValues *Flag[[]string] HelmStringValues *Flag[[]string] + HelmAPIVersions *Flag[[]string] + HelmKubeVersion *Flag[string] TerraformTFVars *Flag[[]string] CloudformationParamVars *Flag[[]string] TerraformExcludeDownloaded *Flag[bool] @@ -102,6 +114,8 @@ type MisconfOptions struct { HelmValueFiles []string HelmFileValues []string HelmStringValues []string + HelmAPIVersions []string + HelmKubeVersion string TerraformTFVars []string CloudFormationParamVars []string TfExcludeDownloaded bool @@ -118,6 +132,8 @@ func NewMisconfFlagGroup() *MisconfFlagGroup { HelmFileValues: HelmSetFileFlag.Clone(), HelmStringValues: HelmSetStringFlag.Clone(), HelmValueFiles: HelmValuesFileFlag.Clone(), + HelmAPIVersions: HelmAPIVersionsFlag.Clone(), + HelmKubeVersion: HelmKubeVersionFlag.Clone(), TerraformTFVars: TfVarsFlag.Clone(), CloudformationParamVars: CfParamsFlag.Clone(), TerraformExcludeDownloaded: TerraformExcludeDownloaded.Clone(), @@ -138,6 +154,8 @@ func (f *MisconfFlagGroup) Flags() []Flagger { f.HelmValueFiles, f.HelmFileValues, f.HelmStringValues, + f.HelmAPIVersions, + f.HelmKubeVersion, f.TerraformTFVars, f.TerraformExcludeDownloaded, f.CloudformationParamVars, @@ -158,6 +176,8 @@ func (f *MisconfFlagGroup) ToOptions() (MisconfOptions, error) { HelmValueFiles: f.HelmValueFiles.Value(), HelmFileValues: f.HelmFileValues.Value(), HelmStringValues: f.HelmStringValues.Value(), + HelmAPIVersions: f.HelmAPIVersions.Value(), + HelmKubeVersion: f.HelmKubeVersion.Value(), TerraformTFVars: f.TerraformTFVars.Value(), CloudFormationParamVars: f.CloudformationParamVars.Value(), TfExcludeDownloaded: f.TerraformExcludeDownloaded.Value(), diff --git a/pkg/iac/scanners/helm/options.go b/pkg/iac/scanners/helm/options.go index 009809e734e6..6ac412bf1e34 100644 --- a/pkg/iac/scanners/helm/options.go +++ b/pkg/iac/scanners/helm/options.go @@ -49,3 +49,11 @@ func ScannerWithAPIVersions(values ...string) options.ScannerOption { } } } + +func ScannerWithKubeVersion(values string) options.ScannerOption { + return func(s options.ConfigurableScanner) { + if helmScanner, ok := s.(ConfigurableHelmScanner); ok { + helmScanner.AddParserOptions(parser.OptionWithKubeVersion(values)) + } + } +} diff --git a/pkg/iac/scanners/helm/parser/option.go b/pkg/iac/scanners/helm/parser/option.go index 379cc9460979..6de98d765182 100644 --- a/pkg/iac/scanners/helm/parser/option.go +++ b/pkg/iac/scanners/helm/parser/option.go @@ -9,6 +9,7 @@ type ConfigurableHelmParser interface { SetFileValues(...string) SetStringValues(...string) SetAPIVersions(...string) + SetKubeVersion(string) } func OptionWithValuesFile(paths ...string) options.ParserOption { @@ -50,3 +51,11 @@ func OptionWithAPIVersions(values ...string) options.ParserOption { } } } + +func OptionWithKubeVersion(value string) options.ParserOption { + return func(p options.ConfigurableParser) { + if helmParser, ok := p.(ConfigurableHelmParser); ok { + helmParser.SetKubeVersion(value) + } + } +} diff --git a/pkg/iac/scanners/helm/parser/parser.go b/pkg/iac/scanners/helm/parser/parser.go index 20228258e5d3..9910682f1906 100644 --- a/pkg/iac/scanners/helm/parser/parser.go +++ b/pkg/iac/scanners/helm/parser/parser.go @@ -18,6 +18,7 @@ import ( "helm.sh/helm/v3/pkg/action" "helm.sh/helm/v3/pkg/chart" "helm.sh/helm/v3/pkg/chart/loader" + "helm.sh/helm/v3/pkg/chartutil" "helm.sh/helm/v3/pkg/release" "helm.sh/helm/v3/pkg/releaseutil" @@ -41,6 +42,7 @@ type Parser struct { fileValues []string stringValues []string apiVersions []string + kubeVersion *chartutil.KubeVersion } type ChartFile struct { @@ -76,6 +78,10 @@ func (p *Parser) SetAPIVersions(values ...string) { p.apiVersions = values } +func (p *Parser) SetKubeVersion(value string) { + p.kubeVersion, _ = chartutil.ParseKubeVersion(value) +} + func New(path string, opts ...options.ParserOption) *Parser { client := action.NewInstall(&action.Configuration{}) @@ -96,6 +102,10 @@ func New(path string, opts ...options.ParserOption) *Parser { p.helmClient.APIVersions = p.apiVersions } + if p.kubeVersion != nil { + p.helmClient.KubeVersion = p.kubeVersion + } + return p } diff --git a/pkg/misconf/scanner.go b/pkg/misconf/scanner.go index 4c353f22c26e..6a30c9b69ec4 100644 --- a/pkg/misconf/scanner.go +++ b/pkg/misconf/scanner.go @@ -59,6 +59,8 @@ type ScannerOption struct { HelmValueFiles []string HelmFileValues []string HelmStringValues []string + HelmAPIVersions []string + HelmKubeVersion string TerraformTFVars []string CloudFormationParamVars []string TfExcludeDownloaded bool @@ -332,6 +334,14 @@ func addHelmOpts(opts []options.ScannerOption, scannerOption ScannerOption) []op opts = append(opts, helm2.ScannerWithStringValues(scannerOption.HelmStringValues...)) } + if len(scannerOption.HelmAPIVersions) > 0 { + opts = append(opts, helm2.ScannerWithAPIVersions(scannerOption.HelmAPIVersions...)) + } + + if scannerOption.HelmKubeVersion != "" { + opts = append(opts, helm2.ScannerWithKubeVersion(scannerOption.HelmKubeVersion)) + } + return opts }