fix(arm): Fix arm graph breadcrumbs (#6869)

* add arm breadcrumbs
bridgecrewio · Nov 24, 2024 · cc306de · cc306de
1 parent 7d6938b
commit cc306de
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 3 deletions.
diff --git a/checkov/arm/runner.py b/checkov/arm/runner.py
@@ -3,6 +3,7 @@
 import logging
 import os
 from collections.abc import Iterable
+from pathlib import Path
 from typing import TYPE_CHECKING, Any, cast
 from typing_extensions import TypeAlias  # noqa[TC002]
 
@@ -11,11 +12,12 @@
 from checkov.arm.graph_builder.local_graph import ArmLocalGraph
 from checkov.arm.graph_manager import ArmGraphManager
 from checkov.arm.registry import arm_resource_registry, arm_parameter_registry
-from checkov.arm.utils import get_scannable_file_paths, get_files_definitions, ARM_POSSIBLE_ENDINGS, ArmElements
+from checkov.arm.utils import get_scannable_file_paths, get_files_definitions, ARM_POSSIBLE_ENDINGS, ArmElements, clean_file_path
 from checkov.common.checks_infra.registry import get_graph_checks_registry
 from checkov.common.graph.graph_builder import CustomAttributes
 from checkov.common.graph.graph_builder.consts import GraphSource
 from checkov.common.output.extra_resource import ExtraResource
+from checkov.common.output.graph_record import GraphRecord
 from checkov.common.output.record import Record
 from checkov.common.output.report import Report
 from checkov.common.bridgecrew.check_type import CheckType
@@ -263,7 +265,7 @@ def add_graph_check_results(self, report: Report, runner_filter: RunnerFilter) -
         for check, check_results in graph_checks_results.items():
             for check_result in check_results:
                 entity = check_result["entity"]
-                entity_file_path: str = entity[CustomAttributes.FILE_PATH]
+                entity_file_path = entity[CustomAttributes.FILE_PATH]
                 start_line = entity[START_LINE] - 1
                 end_line = entity[END_LINE] - 1
 
@@ -272,7 +274,7 @@ def add_graph_check_results(self, report: Report, runner_filter: RunnerFilter) -
                     check=check,
                     check_result=check_result,
                     code_block=self.definitions_raw[entity_file_path][start_line:end_line],
-                    file_path=entity_file_path,
+                    file_path=self.extract_file_path_from_abs_path(clean_file_path(Path(entity_file_path))),
                     file_abs_path=os.path.abspath(entity_file_path),
                     file_line_range=[start_line - 1, end_line - 1],
                     resource_id=entity[CustomAttributes.ID],
@@ -304,5 +306,12 @@ def build_record(
             file_abs_path=file_abs_path,
             severity=check.severity,
         )
+        if self.breadcrumbs:
+            breadcrumb = self.breadcrumbs.get(record.file_path, {}).get(record.resource)
+            if breadcrumb:
+                record = GraphRecord(record, breadcrumb)
         record.set_guideline(check.guideline)
         report.add_record(record=record)
+
+    def extract_file_path_from_abs_path(self, path: Path) -> str:
+        return f"{os.path.sep}{os.path.relpath(path, self.root_folder)}"
diff --git a/checkov/arm/utils.py b/checkov/arm/utils.py
@@ -115,3 +115,9 @@ def extract_resource_name_from_reference_func(reference: str) -> str:
 
 def clean_string(input: str) -> str:
     return input.replace("'", '').replace(" ", "")
+
+
+def clean_file_path(file_path: Path) -> Path:
+    path_parts = [part for part in file_path.parts if part not in (".", "..")]
+
+    return Path(*path_parts)