Checkmarx · pereiramarco011 · Feb 21, 2024 · Feb 14, 2024 · Feb 14, 2024 · Feb 15, 2024
@@ -1,6 +1,7 @@
 package analyzer
 
 import (
+	"fmt"
 	"os"
 	"path/filepath"
 	"regexp"
@@ -65,6 +66,7 @@ var (
 	cicdOnRegex                                     = regexp.MustCompile(`\s*on:\s*`)
 	cicdJobsRegex                                   = regexp.MustCompile(`\s*jobs:\s*`)
 	cicdStepsRegex                                  = regexp.MustCompile(`\s*steps:\s*`)
+	queryRegexPathsAnsible                          = regexp.MustCompile(fmt.Sprintf(`^.*?%s(?:group|host)_vars%s.*$`, regexp.QuoteMeta(string(os.PathSeparator)), regexp.QuoteMeta(string(os.PathSeparator)))) //nolint:lll
 )
 
 var (
@@ -105,7 +107,7 @@ var (
 		"hosts", "tasks", "become", "with_items", "with_dict",
 		"when", "become_pass", "become_exe", "become_flags"}
 	playBooks               = "playbooks"
-	ansibleHost             = "all"
+	ansibleHost             = []string{"all", "ungrouped"}
 	listKeywordsAnsibleHots = []string{"hosts", "children"}
 )
 
@@ -552,9 +554,17 @@ func checkYamlPlatform(content []byte, path string) string {
 	if checkForAnsibleHost(yamlContent) {
 		return ansible
 	}
+	// add for yaml files contained at paths (group_vars, host_vars) related with ansible
+	if checkForAnsibleByPaths(path) {
+		return ansible
+	}
 	return ""
 }
 
+func checkForAnsibleByPaths(path string) bool {
+	return queryRegexPathsAnsible.MatchString(path)
+}
+
 func checkForAnsible(yamlContent model.Document) bool {
 	isAnsible := false
 	if play := yamlContent[playBooks]; play != nil {
@@ -576,11 +586,13 @@ func checkForAnsible(yamlContent model.Document) bool {
 
 func checkForAnsibleHost(yamlContent model.Document) bool {
 	isAnsible := false
-	if hosts := yamlContent[ansibleHost]; hosts != nil {
-		if listHosts, ok := hosts.(map[string]interface{}); ok {
-			for _, value := range listKeywordsAnsibleHots {
-				if host := listHosts[value]; host != nil {
-					isAnsible = true
+	for _, ansibleDefault := range ansibleHost {
+		if hosts := yamlContent[ansibleDefault]; hosts != nil {
+			if listHosts, ok := hosts.(map[string]interface{}); ok {
+				for _, value := range listKeywordsAnsibleHots {
+					if host := listHosts[value]; host != nil {
+						isAnsible = true
+					}
 				}
 			}
 		}

@@ -414,6 +414,19 @@ func TestAnalyzer_Analyze(t *testing.T) {
 			excludeGitIgnore:     false,
 			MaxFileSize:          3,
 		},
+		{
+			name:                 "analyze_ansible_by_path",
+			paths:                []string{filepath.FromSlash("../../test/fixtures/ansible_project_path")},
+			wantTypes:            []string{"ansible"},
+			wantExclude:          []string{},
+			typesFromFlag:        []string{""},
+			excludeTypesFromFlag: []string{""},
+			wantLOC:              54,
+			wantErr:              false,
+			gitIgnoreFileName:    "",
+			excludeGitIgnore:     false,
+			MaxFileSize:          -1,
+		},
 	}
 
 	for _, tt := range tests {

@@ -0,0 +1,3 @@
+---
+# group_vars/db_servers.yml
+db_port: 3306
@@ -0,0 +1,3 @@
+---
+# group_vars/web_servers.yml
+apache_port: 80
@@ -0,0 +1,13 @@
+---
+# playbook.yml
+- name: Configure web servers
+  hosts: web_servers
+  roles:
+    - common
+    - web
+
+- name: Configure database servers
+  hosts: db_servers
+  roles:
+    - common
+    - db
@@ -0,0 +1,7 @@
+---
+# roles/common/tasks/main.yml
+- name: Update packages
+  package:
+    name: "*"
+    state: latest
+  become: yes
@@ -0,0 +1,14 @@
+---
+# roles/db/tasks/main.yml
+- name: Ensure MySQL is installed
+  package:
+    name: mysql-server
+    state: present
+  become: yes
+
+- name: Ensure MySQL is running
+  service:
+    name: mysql
+    state: started
+    enabled: yes
+  become: yes
@@ -0,0 +1,14 @@
+---
+# roles/web/tasks/main.yml
+- name: Ensure Apache is installed
+  package:
+    name: apache2
+    state: present
+  become: yes
+
+- name: Ensure Apache is running
+  service:
+    name: apache2
+    state: started
+    enabled: yes
+  become: yes