schosterbarak/s3_module_version.py

## s3_module_version.py
from packaging import version as v

from checkov.common.models.enums import CheckResult
from checkov.terraform.checks.module.base_module_check import BaseModuleCheck


class S3ModuleVersionCheck(BaseModuleCheck):
    def __init__(self):
        name = "Ensure S3 module is from version 0.47.0"
        id = "CKV_TF_MODULE_1"
        supported_resources = ['module']
        categories = []
        super().__init__(name=name, id=id, categories=categories, supported_resources=supported_resources)

    def scan_module_conf(self, conf):
        """
        Some test for module source
        :param conf: module call
        :return: <CheckResult>
        """

        version = conf.get('version', [])
        if not version:
            # latest version is used
            return CheckResult.PASSED
        else:
            if v.parse(version[0]) <= v.parse("0.3.4"):
                # misconfigured version is used
                return CheckResult.FAILED
            # good version is used
            return CheckResult.PASSED


scanner = S3ModuleVersionCheck()
	from packaging import version as v

	from checkov.common.models.enums import CheckResult
	from checkov.terraform.checks.module.base_module_check import BaseModuleCheck


	class S3ModuleVersionCheck(BaseModuleCheck):
	def __init__(self):
	name = "Ensure S3 module is from version 0.47.0"
	id = "CKV_TF_MODULE_1"
	supported_resources = ['module']
	categories = []
	super().__init__(name=name, id=id, categories=categories, supported_resources=supported_resources)

	def scan_module_conf(self, conf):
	"""
	Some test for module source
	:param conf: module call
	:return: <CheckResult>
	"""

	version = conf.get('version', [])
	if not version:
	# latest version is used
	return CheckResult.PASSED
	else:
	if v.parse(version[0]) <= v.parse("0.3.4"):
	# misconfigured version is used
	return CheckResult.FAILED
	# good version is used
	return CheckResult.PASSED


	scanner = S3ModuleVersionCheck()