CHANGELOG.md

 # Changelog
 
+## [2.80.1](https://gitlab.dockstudios.co.uk/pub/terrareg/compare/v2.80.0...v2.80.1) (2023-09-27)
+
+
+### Bug Fixes
+
+* Handle tfsec issues found in root of repo, where path contains the base path ([fbad20b](https://gitlab.dockstudios.co.uk/pub/terrareg/commit/fbad20b2ca239c20433f01b6af54b8e13be3e480))
+* Update tfsec to 1.28.4 as it was outputting erroneous RDS IAM checks for empty terraform ([161c4f9](https://gitlab.dockstudios.co.uk/pub/terrareg/commit/161c4f9ba960a8529d3d026cb54fc0dd8d784b61))
+
 # [2.80.0](https://gitlab.dockstudios.co.uk/pub/terrareg/compare/v2.79.0...v2.80.0) (2023-09-27)
 
 

Dockerfile

@@ -22,7 +22,7 @@ RUN bash -c 'if [ "$(uname -m)" == "aarch64" ]; \
     else \
       arch=amd64; \
     fi; \
-    wget https://github.com/aquasecurity/tfsec/releases/download/v1.26.0/tfsec-linux-${arch} -O /usr/local/bin/tfsec && \
+    wget https://github.com/aquasecurity/tfsec/releases/download/v1.28.4/tfsec-linux-${arch} -O /usr/local/bin/tfsec && \
     chmod +x /usr/local/bin/tfsec'
 
 # Download infracost
@@ -32,7 +32,7 @@ RUN bash -c 'if [ "$(uname -m)" == "aarch64" ]; \
     else \
       arch=amd64; \
     fi; \
-    wget https://github.com/infracost/infracost/releases/download/v0.10.10/infracost-linux-${arch}.tar.gz -O /tmp/infracost.tar.gz && \
+    wget https://github.com/infracost/infracost/releases/download/v0.10.22/infracost-linux-${arch}.tar.gz -O /tmp/infracost.tar.gz && \
     tar -zxvf /tmp/infracost.tar.gz infracost-linux-${arch} && \
     mv infracost-linux-${arch} /usr/local/bin/infracost && \
     chmod +x /usr/local/bin/infracost && \

Dockerfile.tests

@@ -25,7 +25,7 @@ RUN bash -c 'if [ "$(uname -m)" == "aarch64" ]; \
     else \
       arch=amd64; \
     fi; \
-    wget https://github.com/aquasecurity/tfsec/releases/download/v1.26.0/tfsec-linux-${arch} -O /usr/local/bin/tfsec && \
+    wget https://github.com/aquasecurity/tfsec/releases/download/v1.28.4/tfsec-linux-${arch} -O /usr/local/bin/tfsec && \
     chmod +x /usr/local/bin/tfsec'
 
 # Download infracost
@@ -35,7 +35,7 @@ RUN bash -c 'if [ "$(uname -m)" == "aarch64" ]; \
     else \
       arch=amd64; \
     fi; \
-    wget https://github.com/infracost/infracost/releases/download/v0.10.10/infracost-linux-${arch}.tar.gz -O /tmp/infracost.tar.gz && \
+    wget https://github.com/infracost/infracost/releases/download/v0.10.22/infracost-linux-${arch}.tar.gz -O /tmp/infracost.tar.gz && \
     tar -zxvf /tmp/infracost.tar.gz infracost-linux-${arch} && \
     mv infracost-linux-${arch} /usr/local/bin/infracost && \
     chmod +x /usr/local/bin/infracost && \
@@ -44,19 +44,6 @@ RUN bash -c 'if [ "$(uname -m)" == "aarch64" ]; \
 # Download tfswitch
 RUN bash -c 'curl -L https://raw.githubusercontent.com/warrensbox/terraform-switcher/release/install.sh | bash'
 
-# Download terraform-graph-beautifier
-RUN bash -c 'if [ "$(uname -m)" == "aarch64" ]; \
-    then \
-      arch=arm64; \
-    else \
-      arch=amd64; \
-    fi; \
-    wget https://github.com/pcasteran/terraform-graph-beautifier/releases/download/v0.3.1/terraform-graph-beautifier_0.3.1_linux_${arch}.tar.gz -O /tmp/terraform-graph-beautifier.tar.gz && \
-    tar -zxvf /tmp/terraform-graph-beautifier.tar.gz terraform-graph-beautifier && \
-    mv terraform-graph-beautifier /usr/local/bin/terraform-graph-beautifier && \
-    chmod +x /usr/local/bin/terraform-graph-beautifier && \
-    rm /tmp/terraform-graph-beautifier.tar.gz'
-
 WORKDIR /app
 COPY requirements.txt .
 RUN pip install --proxy=$http_proxy -r requirements.txt

requirements.txt

-alembic==1.9.0
+alembic==1.10.4
 aniso8601==9.0.1
 cffi==1.15.1
 click==8.1.3
-cryptography==38.0.4
+cryptography==40.0.2
 Flask==2.2.2
 Flask-RESTful==0.3.9
-greenlet==2.0.1
-importlib-metadata==5.1.0
-importlib-resources==5.10.1
+greenlet==2.0.2
+importlib-metadata==6.6.0
+importlib-resources==5.12.0
 itsdangerous==2.1.2
 Jinja2==3.1.2
 Mako==1.2.4
-Markdown==3.4.1
-markdown2==2.4.6
-MarkupSafe==2.1.1
+Markdown==3.4.3
+markdown2==2.4.8
+MarkupSafe==2.1.2
 pycparser==2.21
-pyOpenSSL==22.1.0
+pyOpenSSL==23.1.1
 python-magic==0.4.27
-pytz==2022.6
+pytz==2023.3
 six==1.16.0
 SQLAlchemy==1.4.45
 Werkzeug==2.2.2
-zipp==3.11.0
-alembic==1.9.0
-mysql-connector-python==8.0.29
-beautifulsoup4==4.11.1
-bleach==5.0.1
+zipp==3.15.0
+mysql-connector-python==8.0.33
+beautifulsoup4==4.12.2
+bleach==6.0.0
 webencodings==0.5.1
 oauthlib==3.2.2
-requests==2.28.1
-PyJWT==2.6.0
-python3-saml==1.14.0
+requests==2.30.0
+PyJWT==2.7.0
+python3-saml==1.15.0
 mdx-truly-sane-lists==1.3
 pygraphviz==1.10
-networkx==2.8.8
+networkx==3.1
 pydot==1.4.2
-sentry-sdk==1.14.0
+sentry-sdk==1.22.2
 urllib3==1.26.14
-blinker==1.5
+blinker==1.6.2
 semantic-version==2.10.0
 waitress==2.1.2
 pyop==3.4.0

terrareg/module_extractor.py

@@ -160,7 +160,10 @@ class ModuleExtractor:
         # Strip the extraction directory from all paths in results
         if tfsec_results['results']:
             for result in tfsec_results['results']:
-                result['location']['filename'] = result['location']['filename'].replace(self._extract_directory.name + '/', '')
+                result['location']['filename'] = result['location']['filename'].replace(self._extract_directory.name, '')
+                # Replace leading slash if it exists in filename
+                if result['location']['filename'].startswith('/'):
+                    result['location']['filename'] = result['location']['filename'][1:]
 
         return tfsec_results