fix untrusted_checkout_exec line numbers (#26)

boostsecurityio · Apr 15, 2024 · 0a67b9c · 0a67b9c
1 parent eb79bca
commit 0a67b9c
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 5 deletions.
diff --git a/opa/rego/rules/untrusted_checkout_exec.rego b/opa/rego/rules/untrusted_checkout_exec.rego
@@ -37,7 +37,7 @@ build_commands[cmd] = {
 
 results contains poutine.finding(rule, pkg_purl, {
 	"path": workflow_path,
-	"line": step.line,
+	"line": step.lines.run,
 	"details": sprintf("Detected usage of `%s`", [cmd]),
 }) if {
 	[pkg_purl, workflow_path, step] := _steps_after_untrusted_checkout[_]
@@ -49,7 +49,7 @@ results contains poutine.finding(rule, pkg_purl, {
 
 results contains poutine.finding(rule, pkg_purl, {
 	"path": workflow_path,
-	"line": step.line,
+	"line": step.lines.uses,
 	"details": sprintf("Detected usage the GitHub Action `%s`", [step.action]),
 }) if {
 	[pkg_purl, workflow_path, step] := _steps_after_untrusted_checkout[_]

diff --git a/scanner/inventory_test.go b/scanner/inventory_test.go
@@ -145,7 +145,7 @@ func TestFindings(t *testing.T) {
 			Purl:   purl,
 			Meta: opa.FindingMeta{
 				Path:    ".github/workflows/valid.yml",
-				Line:    29,
+				Line:    30,
 				Details: "Detected usage of `npm`",
 			},
 		},
@@ -154,7 +154,7 @@ func TestFindings(t *testing.T) {
 			Purl:   purl,
 			Meta: opa.FindingMeta{
 				Path:    ".github/workflows/valid.yml",
-				Line:    55,
+				Line:    56,
 				Details: "Detected usage the GitHub Action `bridgecrewio/checkov-action`",
 			},
 		},
@@ -163,7 +163,7 @@ func TestFindings(t *testing.T) {
 			Purl:   purl,
 			Meta: opa.FindingMeta{
 				Path:    ".github/workflows/valid.yml",
-				Line:    59,
+				Line:    60,
 				Details: "Detected usage of `pre-commit`",
 			},
 		},