Merge branch 'dev' into feature/OPT-780

.coveragerc

@@ -0,0 +1,18 @@
+[run]
+source = .
+branch = false
+omit =
+    ./venv/*
+    */tests/*
+    *__init__.py
+    setup.py
+    run_tests.py
+
+[report]
+fail_under = 80
+
+[html]
+directory = coveragereport
+
+[xml]
+output = coveragereport/coverage.xml

.github/workflows/sonarcloud.yml

@@ -0,0 +1,69 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+# This workflow helps you trigger a SonarCloud analysis of your code and populates
+# GitHub Code Scanning alerts with the vulnerabilities found.
+# Free for open source project.
+
+name: SonarCloud analysis
+
+on:
+  pull_request:
+    branches: [feature/*]
+  workflow_dispatch:
+
+permissions:
+  pull-requests: read # allows SonarCloud to decorate PRs with analysis results
+
+jobs:
+  Analysis:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout the project from Git
+        uses: actions/checkout@v3
+        with:
+            fetch-depth: 0
+      - name: Setup Python 3.8
+        uses: actions/setup-python@v3
+        with:
+          python-version: "3.8"
+      - name: Setup Graphviz
+        uses: ts-graphviz/setup-graphviz@v1
+      - name: Install dependencies
+        run: pip install -e ".[setup,test]"
+      - name: Run test using coverage
+        run: coverage run -m pytest
+      - name: Generate coverage report
+        run: coverage xml
+      - name: Analyze with SonarCloud
+        # You can pin the exact commit or the version.
+        # uses: SonarSource/sonarcloud-github-action@commithas or tag
+        uses: SonarSource/[email protected]
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}   # Generate a token on Sonarcloud.io, add it to the secrets of this repo with the name SONAR_TOKEN (Settings > Secrets > Actions > add new repository secret)
+        with:
+          # Additional arguments for the sonarcloud scanner
+          args:
+            -Dsonar.projectKey=startleft
+            -Dsonar.organization=continuumsec
+            -Dsonar.python.version=3.8,3.9,3.10,3.11
+            -Dsonar.qualitygate.wait=true
+            -Dsonar.python.coverage.reportPaths=coveragereport/coverage.xml
+
+            # Args explanation
+            # Unique keys of your project and organization. You can find them in SonarCloud > Information (bottom-left menu)
+            # mandatory
+            # -Dsonar.projectKey=
+            # -Dsonar.organization=
+
+            # Version of supported python versions to get a more precise analysis
+            # -Dsonar.python.version=
+
+            # Flag to way for Analysis Quality Gate results, if fail the steps it will be marked as failed too.
+            # -Dsonar.qualitygate.wait=
+
+            # The path for coverage report to use in the SonarCloud analysis, it must be in XML format.
+            # -Dsonar.python.coverage.reportPaths=

.gitignore

@@ -51,6 +51,10 @@ coverage.xml
 .hypothesis/
 .pytest_cache/
 test-reports/
+/coveragereport/
+
+# SonarLint plugin
+.scannerwork
 
 # Translations
 *.mo

_sl_build/modules.py

@@ -2,33 +2,28 @@
 
 ROOT_DIR = os.path.dirname(os.path.dirname(os.path.realpath(__file__)))
 
-PROCESSORS = [
-    {'name': 'slp_base', 'type': 'processor',
-     'forbidden_dependencies': ['startleft', 'slp_cft', 'slp_tf', 'slp_visio', 'slp_mtmt']},
-    {'name': 'slp_cft', 'type': 'processor', 'provider_type': 'CLOUDFORMATION',
-     'forbidden_dependencies': ['startleft', 'slp_tf', 'slp_visio', 'slp_mtmt']},
-    {'name': 'slp_tf', 'type': 'processor', 'provider_type': 'TERRAFORM',
-     'forbidden_dependencies': ['startleft', 'slp_cft', 'slp_visio', 'slp_mtmt']},
-    {'name': 'slp_visio', 'type': 'processor', 'provider_type': 'VISIO',
-     'forbidden_dependencies': ['startleft', 'slp_cft', 'slp_tf', 'slp_mtmt']},
-    {'name': 'slp_visio', 'type': 'processor', 'provider_type': 'LUCID',
-     'forbidden_dependencies': ['startleft', 'slp_cft', 'slp_tf', 'slp_mtmt']},
-    {'name': 'slp_mtmt', 'type': 'processor', 'provider_type': 'MTMT',
-     'forbidden_dependencies': ['startleft', 'slp_cft', 'slp_tf', 'slp_visio']}
-]
-
-_general_modules_forbidden_dependencies = ['startleft'] + [processor['name'] for processor in PROCESSORS]
-GENERAL_MODULES = [
-        {'name': 'sl_util', 'type': 'general', 'forbidden_dependencies': _general_modules_forbidden_dependencies},
-        {'name': 'otm',     'type': 'general', 'forbidden_dependencies': _general_modules_forbidden_dependencies}
-]
-
+STARTLEFT_MODULE = {'name': 'startleft', 'type': 'general', 'allowed_imports': ['slp_base', 'otm', 'sl_util']}
 # TODO Startleft needs to depend on TF and CFT processors until a decision is token about the search function
-_startleft_forbidden_dependencies = [p['name'] for p in PROCESSORS if 'provider_type' in p and p['name'] not in ['slp_cft', 'slp_tf']]
-STARTLEFT_MODULE = [{'name': 'startleft', 'type': 'general', 'forbidden_dependencies': _startleft_forbidden_dependencies}]
-
-ALL_MODULES = PROCESSORS + GENERAL_MODULES + STARTLEFT_MODULE
+STARTLEFT_MODULE['allowed_imports'].extend(['slp_cft', 'slp_tf'])
 
+# TODO Dependency between otm and sl_util must be removed
+OTM_MODULE = {'name': 'otm', 'type': 'general', 'allowed_imports': ['sl_util']}
 
+SL_UTIL_MODULE = {'name': 'sl_util', 'type': 'general', 'allowed_imports': ['otm']}
 
+_slp_allowed_imports = ['slp_base', 'sl_util', 'otm']
+PROCESSORS = [
+    {'name': 'slp_base', 'type': 'processor', 'allowed_imports': _slp_allowed_imports},
+    {'name': 'slp_cft', 'type': 'processor', 'provider_type': 'CLOUDFORMATION', 'allowed_imports': _slp_allowed_imports},
+    {'name': 'slp_tf', 'type': 'processor', 'provider_type': 'TERRAFORM', 'allowed_imports': _slp_allowed_imports},
+    {'name': 'slp_tfplan', 'type': 'processor', 'provider_type': 'TFPLAN', 'allowed_imports': _slp_allowed_imports},
+    {'name': 'slp_visio', 'type': 'processor', 'provider_type': 'VISIO', 'allowed_imports': _slp_allowed_imports},
+    {'name': 'slp_visio', 'type': 'processor', 'provider_type': 'LUCID', 'allowed_imports': _slp_allowed_imports},
+    {'name': 'slp_mtmt', 'type': 'processor', 'provider_type': 'MTMT', 'allowed_imports': _slp_allowed_imports}
+]
 
+"""
+ All the StartLeft modules are defined here, along with their dependencies. Further information is available in:
+ https://iriusrisk.github.io/startleft/development/Architecture
+"""
+ALL_MODULES = [STARTLEFT_MODULE] + [OTM_MODULE] + [SL_UTIL_MODULE] + PROCESSORS

_sl_build/secure_importer.py

@@ -5,12 +5,12 @@
 
 
 def _build_dependencies_map():
-    module_dependencies = [{module['name']: module['forbidden_dependencies']} for module in ALL_MODULES]
+    module_dependencies = [{module['name']: module['allowed_imports']} for module in ALL_MODULES]
     return {name: dependencies for module in module_dependencies for name, dependencies in module.items()}
 
 
 _module_names = [module['name'] for module in ALL_MODULES]
-_forbidden_dependencies = _build_dependencies_map()
+_allowed_imports = _build_dependencies_map()
 
 
 def _get_base_module_name(full_name):
@@ -22,15 +22,11 @@ def _is_module_restricted(importing_module: str, imported_module: str):
     base_imported_module = _get_base_module_name(imported_module)
 
     if not base_importing_module or not base_imported_module or \
+            base_importing_module == base_imported_module or \
             base_importing_module not in _module_names or base_imported_module not in _module_names:
         return False
 
-    forbidden_dependencies = _forbidden_dependencies[base_importing_module]
-    for fd in forbidden_dependencies:
-        if fd == base_imported_module:
-            return True
-
-    return False
+    return base_imported_module not in _allowed_imports[base_importing_module]
 
 
 def _secure_importer(name, globals=None, locals=None, fromlist=(), level=0):

docs/development/Create-a-new-StartLeft-Processor.md

@@ -391,7 +391,7 @@ Now we can create a simple test that verifies that the conversion process is wor
 create a `test_mais_processor.py` file inside the `slp_mais/slp_mais/tests/integration` folder:
 ```python
 import os
-from sl_util.sl_util.file_utils import get_data
+from sl_util.sl_util.file_utils import get_byte_data
 from slp_base.tests.util.otm import validate_and_compare
 from slp_mais.slp_mais.mais_processor import MAISProcessor
 
@@ -405,10 +405,10 @@ class TestMAISProcessor:
 
     def test_single_component_mais_file_ok(self):
         # GIVEN a simple MAIS file with a single component
-        mais_file = get_data(f'{resources_path}/mais-sample.json')
+        mais_file = get_byte_data(f'{resources_path}/mais-sample.json')
 
         # AND a MAIS mapping file that defines a mapping for that component
-        mapping_file = get_data(f'{resources_path}/mapping-sample.yaml')
+        mapping_file = get_byte_data(f'{resources_path}/mapping-sample.yaml')
 
         # AND an expected OTM result
         expected_otm = f'{resources_path}/expected-otm.otm'
@@ -442,14 +442,13 @@ no code is needed, and you only need to perform the configuration steps below.
 
 ### Configure the module
 1. Go to the `_sl_build/modules.py` class, where you can find the modules' configuration.
-2. In the `PROCESSORS` variable, add `slp_mais` as `forbidden_dependency` for all the existent SLP modules.
-3. Create a new entry in the array with the configuration for our `slp_mais` module:
+2. Create a new entry in the array with the configuration for our `slp_mais` module:
 ```python
     {
         'name': 'slp_mais', 
         'type': 'processor', 
         'provider_type': 'MAIS',
-        'forbidden_dependencies': ['startleft', 'slp_cft', 'slp_tf', 'slp_visio', 'slp_mtmt']
+        'allowed_imports': _slp_allowed_imports
      }
 ```