feat(cli): KICS does not execute scan as default anymore (#3030)

Signed-off-by: Felipe Avelar <[email protected]>

.github/workflows/go-ci-integration.yml

@@ -50,7 +50,7 @@ jobs:
       run: |
         docker run -v ${PWD}/assets/queries:/path \
           -e SENTRY_DSN=${{secrets.SENTRY_DSN}} \
-          kics:${{ github.sha }} --silent --ignore-on-exit "results" --log-level DEBUG --log-file --log-path "/path/info.log" -p "/path" -o "/path/results.json"
+          kics:${{ github.sha }} scan --silent --ignore-on-exit "results" --log-level DEBUG --log-file --log-path "/path/info.log" -p "/path" -o "/path/results.json"
     - name: Archive test logs
       uses: actions/upload-artifact@v2
       if: always()

docs/creating-queries.md

@@ -3,12 +3,12 @@
 The queries are written in Rego and our internal parser transforms every IaC file that supports into a universal JSON format. This way anyone can start working on a query by picking up a small sample of the vulnerability that the query should target, and convert this sample, that can be a .tf or .yaml file, to our JSON structure JSON. To convert the sample you can run the following command:
 
 ```bash
-go run ./cmd/console/main.go -p "pathToTestData" -d "pathToGenerateJson"
+go run ./cmd/console/main.go scan -p "pathToTestData" -d "pathToGenerateJson"
 ```
 
 So for example, if we wanted to transform a .tf file in ./code/test we could type:
 ```bash
-go run ./cmd/console/main.go -p  "./src/test" -d "src/test/input.json"
+go run ./cmd/console/main.go scan -p  "./src/test" -d "src/test/input.json"
 ```
 After having the .json that will be our Rego input, we can begin to write queries.
 To test and debug there are two ways:

docs/getting-started.md

@@ -66,6 +66,8 @@ So all you need is:
 
 ---
 
+**Note**: KICS does not executes scan by default anymore
+
 ## Next Steps
 - [Understand how to configure KICS](configuration-file.md) so you can have a better KICS experience.
 - [Explore KICS commands](usage/commands.md) to see what you can do with KICS.

e2e/cli_test.go

@@ -82,14 +82,12 @@ var tests = []struct {
 		name: "E2E-CLI-004",
 		args: args{
 			args: []cmdArgs{
-				[]string{"--ci", "--verbose"},
 				[]string{"scan", "--ci", "--verbose"},
 				[]string{"--ci", "scan", "--verbose"},
 			},
 			expectedOut: []string{
 				"E2E_CLI_004",
 				"E2E_CLI_004",
-				"E2E_CLI_004",
 			},
 		},
 		wantStatus: 126,

internal/console/kics.go

@@ -3,7 +3,6 @@ package console
 import (
 	"context"
 	"fmt"
-	"os"
 	"strings"
 	"time"
 
@@ -106,26 +105,9 @@ func initialize(rootCmd *cobra.Command) error {
 	}
 
 	initScanCmd(scanCmd)
-	if insertScanCmd(scanCmd) {
-		warning = append(warning, "WARNING: for future versions use 'kics scan'")
-		os.Args = append([]string{os.Args[0], "scan"}, os.Args[1:]...)
-	}
-
 	return nil
 }
 
-func insertScanCmd(scanCmd *cobra.Command) bool {
-	if len(os.Args) > 1 && os.Args[1][0] == '-' {
-		if os.Args[1][1] != '-' {
-			flag := os.Args[1][1:]
-			return scanCmd.Flags().ShorthandLookup(flag) != nil
-		}
-		flag := os.Args[1][2:]
-		return scanCmd.Flag(flag) != nil
-	}
-	return false
-}
-
 // Execute starts kics execution
 func Execute() error {
 	zerolog.SetGlobalLevel(zerolog.InfoLevel)

internal/console/kics_test.go

@@ -16,7 +16,7 @@ func TestConsole_Execute(t *testing.T) { //nolint
 	}{
 		{
 			name: "test_kics",
-			args: []string{"kics", "--path", filepath.FromSlash("../../test/fixtures/tc-sim01/positive1.tf"),
+			args: []string{"kics", "scan", "--path", filepath.FromSlash("../../test/fixtures/tc-sim01/positive1.tf"),
 				"-q", filepath.FromSlash("../../assets/queries/terraform/aws/alb_is_not_integrated_with_waf")},
 			wantErr: false,
 			remove:  "",
@@ -30,22 +30,22 @@ func TestConsole_Execute(t *testing.T) { //nolint
 		},
 		{
 			name: "test_kics_payload_flag",
-			args: []string{"kics", "-p", filepath.FromSlash("../../test/fixtures/tc-sim01/positive1.tf"), "-q",
+			args: []string{"kics", "scan", "-p", filepath.FromSlash("../../test/fixtures/tc-sim01/positive1.tf"), "-q",
 				filepath.FromSlash("../../assets/queries/terraform/aws/alb_is_not_integrated_with_waf"), "-d", "payload.json"},
 			wantErr: false,
 			remove:  "payload.json",
 		},
 		{
 			name: "test_kics_exclude_flag",
-			args: []string{"kics", "-p", filepath.FromSlash("../../test/fixtures/tc-sim01"), "-q",
+			args: []string{"kics", "scan", "-p", filepath.FromSlash("../../test/fixtures/tc-sim01"), "-q",
 				filepath.FromSlash("../../assets/queries/terraform/aws/alb_is_not_integrated_with_waf"),
 				"-e", filepath.FromSlash("../../test/fixtures/tc-sim01/positive1.tf")},
 			wantErr: false,
 			remove:  "",
 		},
 		{
 			name: "test_kics_exclude_results_flag",
-			args: []string{"kics", "-p", filepath.FromSlash("../../test/fixtures/tc-sim01/positive1.tf"), "-q",
+			args: []string{"kics", "scan", "-p", filepath.FromSlash("../../test/fixtures/tc-sim01/positive1.tf"), "-q",
 				filepath.FromSlash("../../assets/queries/terraform/aws/alb_is_not_integrated_with_waf"),
 				"-x", "c8f2b4b2a74bca2aa6d94336c144f9713524b745c1a3590e6492e98d819e352d"},
 			wantErr: false,
@@ -55,6 +55,7 @@ func TestConsole_Execute(t *testing.T) { //nolint
 			name: "test_kics_multiple_paths",
 			args: []string{
 				"kics",
+				"scan",
 				"-p",
 				fmt.Sprintf("%s,%s",
 					filepath.FromSlash("../../test/fixtures/tc-sim01/positive1.tf"),
@@ -66,7 +67,7 @@ func TestConsole_Execute(t *testing.T) { //nolint
 		},
 		{
 			name:    "test_kics_no_queries_flag",
-			args:    []string{"kics", "-p", filepath.FromSlash("../../test/fixtures/tc-sim01/positive1.tf")},
+			args:    []string{"kics", "scan", "-p", filepath.FromSlash("../../test/fixtures/tc-sim01/positive1.tf")},
 			wantErr: true,
 			remove:  "",
 		},
@@ -104,6 +105,13 @@ func TestConsole_Execute(t *testing.T) { //nolint
 			wantErr: false,
 			remove:  "",
 		},
+		{
+			name: "test_kics_fail_without_scan",
+			args: []string{"kics", "--path", filepath.FromSlash("../../test/fixtures/tc-sim01/positive1.tf"),
+				"-q", filepath.FromSlash("../../assets/queries/terraform/aws/alb_is_not_integrated_with_waf")},
+			wantErr: true,
+			remove:  "",
+		},
 	}
 
 	for _, tt := range tests {