这是indexloc提供的服务,不要输入任何密码
Skip to content

fix(kubernetes): Only filter out files that contain Helm built-in variables and functions #6922

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
May 27, 2025
Merged

fix(kubernetes): Only filter out files that contain Helm built-in variables and functions #6922

merged 6 commits into from
May 27, 2025

Conversation

@eirmich
Copy link
Contributor

@eirmich eirmich commented Dec 24, 2024
edited by baz-reviewer bot
Loading

User description

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Description

Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. List any dependencies that are required for this change.

Currently Kubernetes files that contain {{ are assumed to be part of a Helm chart, which in turn excludes them from analysis. However, this is not always the case, an example as described in #5643 (comment).

This PR filters out only files that include Helm built-in variables or functions, namely .Release, .Values, if, end and with.

Fixes #5643

Checklist:

  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have added tests that prove my feature, policy, or fix is effective and works
  • New and existing tests pass locally with my changes

Generated description

Below is a concise technical summary of the changes proposed in this PR:

Modifies the Kubernetes YAML parser to improve the detection of Helm templates. Updates the load function in k8_yaml.py to use regex patterns for identifying Helm-specific variables and functions, replacing the previous simple check for '{{'. Adds a new test case in test_k8_yaml.py to verify the handling of non-Helm templates, and includes a sample YAML file for testing.

TopicDetails
Helm detection Enhances the Helm template detection logic in the Kubernetes YAML parser
Modified files (1)
  • checkov/kubernetes/parser/k8_yaml.py
Latest Contributors(2)
UserCommitDate
bo156feat-general-Add-resou...July 19, 2023
gruebelfeat-general-support-U...July 10, 2023
Test coverage Adds test cases to verify the new Helm template detection logic
Modified files (2)
  • tests/kubernetes/parser/examples/yaml/not_helm_configmap.yaml
  • tests/kubernetes/parser/test_k8_yaml.py
Latest Contributors(2)
UserCommitDate
gruebelfeat-kubernetes-suppor...April 02, 2023
matt@bridgecrew.ioExclude-raw-HELM-templ...February 22, 2022
This pull request is reviewed by Baz. Join @eirmich and the rest of your team on (Baz).

@eirmich eirmich marked this pull request as ready for review December 24, 2024 10:13
@eirmich eirmich mentioned this pull request Dec 24, 2024
Closed
@rotemavni
Copy link
Collaborator

rotemavni commented May 26, 2025

Hello @eirmich,
Apologies for the late response.
I would very much love to merge your MR.
I would appreciate it if you could add a commit, preferably by adding an empty line in the file tests/kubernetes/parser/test_k8_yaml.py:84 (to fix a lint issue) so we can trigger the test pipelines for you.
Thank you very much.

@rotemavni rotemavni changed the title fix(kubernetes): Only filter out files that contain Helm built-in variables and functions fix(kubernetes): Only filter out files that contain Helm built-in variables and functions May 27, 2025
@rotemavni rotemavni closed this May 27, 2025
@rotemavni rotemavni reopened this May 27, 2025
@rotemavni rotemavni merged commit e69165e into bridgecrewio:main May 27, 2025
48 of 49 checks passed
Saarett pushed a commit that referenced this pull request May 27, 2025
@eirmich @actions-user
fix(kubernetes): Only filter out files that contain Helm built-in var…
553ec50 
…iables and functions (#6922)

* Filter out files that contain Helm built-in variables and functions

* format
@b-abderrahmane b-abderrahmane deleted the 5643-improve-filtering-of-helm-files branch May 27, 2025 21:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@achiar99 achiar99 achiar99 approved these changes

@rotemavni rotemavni rotemavni approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Checkov Does not Output Results for Files with Specific Symbols

3 participants

@eirmich @rotemavni @achiar99