add support for checkov for linting terraform files (#4006)

* add support for checkov for terraform

* add tests for checkov handler

* add basic linter config tests for checkov

* update supported tools and languages lists

* simplify ale_linters#terraform#checkov#Handle

* ensure "-o json --quiet" is always set for checkov

* add documentation for checkov including config options

* fix tests after changing handling of default options for checkov

* add checkov to list of tools in doc/ale.txt

2 files changed, 80 insertions, 0 deletions

diff --git a/test/handler/test_checkov_handler.vader b/test/handler/test_checkov_handler.vader
new file mode 100644
index 00000000..9884113c
--- /dev/null
+++ b/test/handler/test_checkov_handler.vader
@@ -0,0 +1,66 @@
+Before:
+  runtime ale_linters/terraform/checkov.vim
+  call ale#test#SetFilename('main.tf')
+
+After:
+  call ale#linter#Reset()
+
+Execute(The JSON output of checkov should be handled correctly):
+  AssertEqual
+  \ [
+  \   {
+  \         'filename': '/main.tf',
+  \         'lnum': 22,
+  \         'end_lnum': 27,
+  \         'text': 'Enable VPC Flow Logs and Intranode Visibility [CKV_GCP_61]',
+  \         'detail': "CKV_GCP_61: Enable VPC Flow Logs and Intranode Visibility\n" .
+  \                   'For more information, see: https://docs.bridgecrew.io/docs/enable-vpc-flow-logs-and-intranode-visibility',
+  \         'type': 'W',
+  \   }
+  \ ],
+  \ ale_linters#terraform#checkov#Handle(bufnr(''), [
+  \'{',
+  \'    "check_type": "terraform",',
+  \'    "results": {',
+  \'        "failed_checks": [',
+  \'            {',
+  \'                "check_id": "CKV_GCP_61",',
+  \'                "bc_check_id": "BC_GCP_KUBERNETES_18",',
+  \'                "check_name": "Enable VPC Flow Logs and Intranode Visibility",',
+  \'                "check_result": {',
+  \'                    "result": "FAILED",',
+  \'                    "evaluated_keys": [',
+  \'                        "enable_intranode_visibility"',
+  \'                    ]',
+  \'                },',
+  \'                "file_path": "/main.tf",',
+  \'                "repo_file_path": "/main.tf",',
+  \'                "file_line_range": [',
+  \'                    22,',
+  \'                    27',
+  \'                ],',
+  \'                "resource": "google_container_cluster.cluster-name",',
+  \'                "evaluations": null,',
+  \'                "check_class": "checkov.terraform.checks.resource.gcp.GKEEnableVPCFlowLogs",',
+  \'                "entity_tags": null,',
+  \'                "resource_address": null,',
+  \'                "guideline": "https://docs.bridgecrew.io/docs/enable-vpc-flow-logs-and-intranode-visibility"',
+  \'            }',
+  \'        ]',
+  \'    }',
+  \'}'
+  \ ])
+
+Execute(Handle output for no findings correctly):
+  AssertEqual
+  \ [],
+  \ ale_linters#terraform#checkov#Handle(bufnr(''), [
+  \'{',
+  \'    "passed": 0,',
+  \'    "failed": 0,',
+  \'    "skipped": 0,',
+  \'    "parsing_errors": 0,',
+  \'    "resource_count": 0,',
+  \'    "checkov_version": "2.0.632"',
+  \'}'
+  \])
diff --git a/test/linter/test_checkov.vader b/test/linter/test_checkov.vader
new file mode 100644
index 00000000..f93d34f3
--- /dev/null
+++ b/test/linter/test_checkov.vader
@@ -0,0 +1,14 @@
+Before:
+  call ale#assert#SetUpLinterTest('terraform', 'checkov')
+
+After:
+  call ale#assert#TearDownLinterTest()
+
+Execute(The default command should be direct):
+  AssertLinter 'checkov',
+  \ ale#Escape('checkov') . ' -f %t -o json --quiet '
+
+Execute(It should be possible to override the default command):
+  let b:ale_terraform_checkov_executable = '/bin/other/checkov'
+  AssertLinter '/bin/other/checkov',
+  \ ale#Escape('/bin/other/checkov') . ' -f %t -o json --quiet '