Parse checkov results

Author: ggabarrin

README.md

@@ -73,6 +73,7 @@ Currently supported tools include:
 - semgrep (https://semgrep.dev/)
 - bandit (https://bandit.readthedocs.io/en/latest/)
 - brakeman (https://brakemanscanner.org/)
+- checkov (https://www.checkov.io/)
 
 ## Extension Settings
 

src/parsers/checkov.ts

@@ -0,0 +1,43 @@
+'use strict';
+
+import * as vscode from 'vscode';
+import { ToolFinding } from '../models/toolFinding';
+
+class CheckovParser {
+  static parse(fileContent: string) {
+    const toolFindings: ToolFinding[] = [];
+
+    try {
+      const checkovCheckTypes = JSON.parse(fileContent);
+      checkovCheckTypes.map((checkovCheckType: any) => {
+        const checkovFindings = checkovCheckType.results.failed_checks;
+        checkovFindings.map((checkovFinding: any) => {
+          // uri
+          let fullPath = '';
+          if (vscode.workspace.workspaceFolders) {
+            fullPath = vscode.workspace.workspaceFolders[0].uri.fsPath + '/';
+          }
+          const uri = vscode.Uri.file(`${fullPath}${checkovFinding.file_path}`);
+
+          // range
+          const range = new vscode.Range(
+            checkovFinding.file_line_range[0] - 1,
+            0,
+            checkovFinding.file_line_range[1] - 1,
+            0,
+          );
+
+          // instantiate tool finding and add to list
+          const toolFinding = new ToolFinding(uri, range, checkovFinding.check_name);
+          toolFindings.push(toolFinding);
+        });
+      });
+    } catch {
+      /* empty */
+    }
+
+    return toolFindings;
+  }
+}
+
+export { CheckovParser };

src/webviews/importToolResultsWebview.ts

@@ -3,8 +3,9 @@
 import * as vscode from 'vscode';
 import { commentController } from '../controllers/comments';
 import { BanditParser } from '../parsers/bandit';
-import { SemgrepParser } from '../parsers/semgrep';
 import { BrakemanParser } from '../parsers/brakeman';
+import { CheckovParser } from '../parsers/checkov';
+import { SemgrepParser } from '../parsers/semgrep';
 import { ToolFinding } from '../models/toolFinding';
 import { saveNoteComment } from '../helpers';
 import { RemoteDb } from '../persistence/remote-db';
@@ -82,9 +83,10 @@ export class ImportToolResultsWebview implements vscode.WebviewViewProvider {
             <p>Select tool:</p>
             <p>
             <select id="toolSelect">
-            <option value="semgrep">semgrep</option>
             <option value="bandit">bandit</option>
             <option value="brakeman">brakeman</option>
+            <option value="checkov">checkov</option>
+            <option value="semgrep">semgrep</option>
             </select>
             </p>
             <p>Select file:</p>
@@ -110,10 +112,6 @@ function processToolFile(
 
   // parse tool findings
   switch (toolName) {
-    case 'semgrep': {
-      toolFindings = SemgrepParser.parse(fileContent);
-      break;
-    }
     case 'bandit': {
       toolFindings = BanditParser.parse(fileContent);
       break;
@@ -122,6 +120,14 @@ function processToolFile(
       toolFindings = BrakemanParser.parse(fileContent);
       break;
     }
+    case 'checkov': {
+      toolFindings = CheckovParser.parse(fileContent);
+      break;
+    }
+    case 'semgrep': {
+      toolFindings = SemgrepParser.parse(fileContent);
+      break;
+    }
   }
 
   if (!toolFindings.length) {