fix flake8 issue F401,F403 (bridgecrewio#2882)

* fix flake8 issue F401,F403

* adjust new changes

.flake8

@@ -2,4 +2,4 @@
 # https://github.com/PyCQA/flake8/issues/234
 [flake8]
 max-line-length = 120
-ignore = F401,F403,E123,E126,E127,E128,E129,E203,E231,E302,E303,E305,E501,E731,W291,W292,W293,W503,W504,DUO107,DUO104,DUO130,DUO109,DUO116
+ignore = E123,E126,E127,E128,E129,E203,E231,E302,E303,E305,E501,E731,W291,W292,W293,W503,W504,DUO107,DUO104,DUO130,DUO109,DUO116

checkov/arm/checks/resource/AKSLoggingEnabled.py

@@ -1,6 +1,6 @@
 from checkov.common.models.enums import CheckResult, CheckCategories
 from checkov.arm.base_resource_check import BaseResourceCheck
-from checkov.common.parsers.node import DictNode
+
 
 class AKSLoggingEnabled(BaseResourceCheck):
     def __init__(self):
@@ -27,4 +27,5 @@ def scan_resource_conf(self, conf):
 
         return CheckResult.FAILED
 
-check = AKSLoggingEnabled()
+
+check = AKSLoggingEnabled()

checkov/bicep/graph_manager.py

@@ -1,7 +1,7 @@
 from __future__ import annotations
 
 from pathlib import Path
-from typing import Type, TYPE_CHECKING, Any
+from typing import Type, TYPE_CHECKING
 
 from pycep.typing import BicepJson
 

checkov/cloudformation/checks/resource/aws/EC2Credentials.py

@@ -2,7 +2,7 @@
 
 from checkov.common.models.enums import CheckResult, CheckCategories
 from checkov.cloudformation.checks.resource.base_resource_check import BaseResourceCheck
-from checkov.common.util.secrets import string_has_secrets, AWS
+from checkov.common.util.secrets import string_has_secrets
 
 class EC2Credentials(BaseResourceCheck):
     def __init__(self):

checkov/cloudformation/checks/resource/aws/RDSMultiAZEnabled.py

@@ -1,9 +1,8 @@
 from checkov.cloudformation.checks.resource.base_resource_value_check import BaseResourceValueCheck
-from checkov.common.models.enums import CheckResult, CheckCategories
+from checkov.common.models.enums import CheckCategories
 
 
 class RDSMultiAZEnabled(BaseResourceValueCheck):
-
     def __init__(self):
         name = "Ensure that RDS instances have Multi-AZ enabled"
         id = "CKV_AWS_157"

checkov/cloudformation/checks/resource/aws/WorkspaceRootVolumeEncrypted.py

@@ -1,6 +1,5 @@
-from checkov.common.models.enums import CheckResult, CheckCategories
+from checkov.common.models.enums import CheckCategories
 from checkov.cloudformation.checks.resource.base_resource_value_check import BaseResourceValueCheck
-from checkov.common.models.consts import ANY_VALUE
 
 
 class WorkspaceRootVolumeEncrypted(BaseResourceValueCheck):

checkov/cloudformation/checks/resource/aws/WorkspaceUserVolumeEncrypted.py

@@ -1,6 +1,5 @@
-from checkov.common.models.enums import CheckResult, CheckCategories
+from checkov.common.models.enums import CheckCategories
 from checkov.cloudformation.checks.resource.base_resource_value_check import BaseResourceValueCheck
-from checkov.common.models.consts import ANY_VALUE
 
 
 class WorkspaceUserVolumeEncrypted(BaseResourceValueCheck):

checkov/cloudformation/checks/resource/base_resource_check.py

@@ -1,6 +1,6 @@
 from abc import abstractmethod
 from collections.abc import Iterable
-from typing import List, Callable, Optional, Dict, Any
+from typing import Callable, Optional, Dict, Any
 
 from checkov.cloudformation.checks.resource.registry import cfn_registry
 from checkov.common.checks.base_check import BaseCheck

checkov/common/bridgecrew/integration_features/__init__.py

@@ -1 +1 @@
-from checkov.common.bridgecrew.integration_features.features import *
+from checkov.common.bridgecrew.integration_features.features import *  # noqa

checkov/common/checks_infra/solvers/filter_solvers/__init__.py

@@ -1 +1 @@
-from checkov.common.checks_infra.solvers.filter_solvers.within_filter_solver import WithinFilterSolver
+from checkov.common.checks_infra.solvers.filter_solvers.within_filter_solver import WithinFilterSolver  # noqa

checkov/dockerfile/__init__.py

@@ -1 +1 @@
-from checkov.dockerfile.checks import *
+from checkov.dockerfile.checks import *  # noqa

checkov/dockerfile/checks/AliasIsUnique.py

@@ -1,6 +1,3 @@
-
-import collections
-
 from checkov.common.models.enums import CheckCategories, CheckResult
 from checkov.dockerfile.base_dockerfile_check import BaseDockerfileCheck
 

checkov/github/__init__.py

@@ -1 +1 @@
-from checkov.github.checks import *
+from checkov.github.checks import *  # noqa

checkov/github_actions/__init__.py

@@ -1 +1 @@
-from checkov.github_actions.checks import *
+from checkov.github_actions.checks import *  # noqa

checkov/github_actions/checks/__init__.py

@@ -1 +1 @@
-from checkov.github_actions.checks.job import *
+from checkov.github_actions.checks.job import *  # noqa

checkov/main.py

@@ -15,7 +15,7 @@
 from configargparse import Namespace
 from urllib3.exceptions import MaxRetryError
 
-import checkov.logging_init  # should be imported before the others to ensure correct logging setup
+import checkov.logging_init  # noqa  # should be imported before the others to ensure correct logging setup
 
 from checkov.arm.runner import Runner as arm_runner
 from checkov.bitbucket.runner import Runner as bitbucket_configuration_runner

checkov/sca_package/runner.py

@@ -1,12 +1,11 @@
 import logging
-import os
 from pathlib import Path
 from typing import Optional, List, Set, Union, Sequence, Dict, Any
 
 from checkov.common.bridgecrew.platform_integration import bc_integration
 from checkov.common.models.enums import CheckResult
 from checkov.common.output.report import Report, CheckType
-from checkov.common.runners.base_runner import BaseRunner, ignored_directories, strtobool
+from checkov.common.runners.base_runner import BaseRunner, ignored_directories
 from checkov.runner_filter import RunnerFilter
 from checkov.sca_package.output import create_report_record
 from checkov.sca_package.scanner import Scanner

checkov/serverless/checks/__init__.py

@@ -1,7 +1,7 @@
-from checkov.serverless.checks.complete import *
-from checkov.serverless.checks.custom import *
-from checkov.serverless.checks.function import *
-from checkov.serverless.checks.layer import *
-from checkov.serverless.checks.package import *
-from checkov.serverless.checks.provider import *
-from checkov.serverless.checks.service import *
+from checkov.serverless.checks.complete import *  # noqa
+from checkov.serverless.checks.custom import *  # noqa
+from checkov.serverless.checks.function import *  # noqa
+from checkov.serverless.checks.layer import *  # noqa
+from checkov.serverless.checks.package import *  # noqa
+from checkov.serverless.checks.provider import *  # noqa
+from checkov.serverless.checks.service import *  # noqa

checkov/serverless/checks/base_function_check.py

@@ -1,4 +1,4 @@
 # NOTE: Leaving this around for backwards compatibility. Usage of the checks/function/base_function_check.py
 #       version is preferred
 # noinspection PyUnresolvedReferences
-from checkov.serverless.checks.function.base_function_check import BaseFunctionCheck
+from checkov.serverless.checks.function.base_function_check import BaseFunctionCheck  # noqa

checkov/terraform/checks/resource/__init__.py

@@ -1,12 +1,12 @@
-from checkov.terraform.checks.resource.aws import *
-from checkov.terraform.checks.resource.gcp import *
-from checkov.terraform.checks.resource.azure import *
-from checkov.terraform.checks.resource.github import *
-from checkov.terraform.checks.resource.linode import *
-from checkov.terraform.checks.resource.oci import *
-from checkov.terraform.checks.resource.openstack import *
-from checkov.terraform.checks.resource.panos import *
-from checkov.terraform.checks.resource.digitalocean import *
-from checkov.terraform.checks.resource.alicloud import *
-from checkov.terraform.checks.resource.kubernetes import *
-from checkov.terraform.checks.resource.yandexcloud import *
+from checkov.terraform.checks.resource.aws import *  # noqa
+from checkov.terraform.checks.resource.gcp import *  # noqa
+from checkov.terraform.checks.resource.azure import *  # noqa
+from checkov.terraform.checks.resource.github import *  # noqa
+from checkov.terraform.checks.resource.linode import *  # noqa
+from checkov.terraform.checks.resource.oci import *  # noqa
+from checkov.terraform.checks.resource.openstack import *  # noqa
+from checkov.terraform.checks.resource.panos import *  # noqa
+from checkov.terraform.checks.resource.digitalocean import *  # noqa
+from checkov.terraform.checks.resource.alicloud import *  # noqa
+from checkov.terraform.checks.resource.kubernetes import *  # noqa
+from checkov.terraform.checks.resource.yandexcloud import *  # noqa

checkov/terraform/checks/resource/aws/AbsNACLUnrestrictedIngress.py

@@ -1,7 +1,5 @@
 from checkov.common.models.enums import CheckResult, CheckCategories
 from checkov.terraform.checks.resource.base_resource_check import BaseResourceCheck
-from checkov.common.util.type_forcers import force_list
-from checkov.common.util.type_forcers import force_int
 
 
 class AbsNACLUnrestrictedIngress(BaseResourceCheck):

checkov/terraform/checks/resource/aws/CloudfrontDistributionEnabled.py

@@ -1,18 +1,16 @@
-from checkov.common.models.consts import ANY_VALUE
 from checkov.common.models.enums import CheckCategories
 from checkov.terraform.checks.resource.base_resource_value_check import BaseResourceValueCheck
 
 
 class CloudfrontDistributionEnabled(BaseResourceValueCheck):
-
-    def __init__(self):
+    def __init__(self) -> None:
         name = "Ensure Cloudfront distribution is enabled"
         id = "CKV_AWS_216"
         supported_resources = ['aws_cloudfront_distribution']
         categories = [CheckCategories.GENERAL_SECURITY]
         super().__init__(name=name, id=id, categories=categories, supported_resources=supported_resources)
 
-    def get_inspected_key(self):
+    def get_inspected_key(self) -> str:
         return "enabled"
 
 

checkov/terraform/checks/resource/aws/DMSReplicationInstancePubliclyAccessible.py

@@ -1,4 +1,3 @@
-from checkov.common.models.consts import ANY_VALUE
 from checkov.common.models.enums import CheckCategories
 from checkov.terraform.checks.resource.base_resource_negative_value_check import BaseResourceNegativeValueCheck
 

checkov/terraform/checks/resource/aws/ElasticsearchNodeToNodeEncryption.py

@@ -1,6 +1,5 @@
 from checkov.common.models.enums import CheckResult, CheckCategories
 from checkov.terraform.checks.resource.base_resource_check import BaseResourceCheck
-from checkov.common.util.type_forcers import force_int
 
 
 class ElasticsearchNodeToNodeEncryption(BaseResourceCheck):

checkov/terraform/checks/resource/aws/PasswordPolicyReuse.py

@@ -1,5 +1,4 @@
 from checkov.common.models.enums import CheckResult, CheckCategories
-from checkov.terraform.checks.resource.base_resource_check import BaseResourceCheck
 from checkov.terraform.checks.resource.base_resource_value_check import BaseResourceValueCheck
 from checkov.common.util.type_forcers import force_int
 

checkov/terraform/checks/resource/aws/RedshiftClusterLogging.py

@@ -1,4 +1,4 @@
-from checkov.common.models.enums import CheckResult, CheckCategories
+from checkov.common.models.enums import CheckCategories
 from checkov.terraform.checks.resource.base_resource_value_check import BaseResourceValueCheck
 
 
@@ -13,4 +13,5 @@ def __init__(self):
     def get_inspected_key(self):
         return 'logging/[0]/enable'
 
+
 check = RedshiftClusterLogging()

checkov/terraform/checks/resource/aws/SubnetPublicIP.py

@@ -1,4 +1,4 @@
-from checkov.common.models.enums import CheckResult, CheckCategories
+from checkov.common.models.enums import CheckCategories
 from checkov.terraform.checks.resource.base_resource_negative_value_check import BaseResourceNegativeValueCheck
 
 

checkov/terraform/checks/resource/azure/AzureScaleSetPassword.py

@@ -1,4 +1,4 @@
-from checkov.common.models.enums import CheckResult, CheckCategories
+from checkov.common.models.enums import CheckCategories
 from checkov.terraform.checks.resource.base_resource_value_check import BaseResourceValueCheck
 
 

checkov/terraform/checks/resource/azure/MySQLPublicAccessDisabled.py

@@ -1,6 +1,6 @@
 from typing import Any
 
-from checkov.common.models.enums import CheckResult, CheckCategories
+from checkov.common.models.enums import CheckCategories
 from checkov.terraform.checks.resource.base_resource_value_check import BaseResourceValueCheck
 
 

checkov/terraform/checks/resource/azure/PostgreSQLServerSSLEnforcementEnabled.py

@@ -1,6 +1,5 @@
 from checkov.common.models.enums import CheckCategories
 from checkov.terraform.checks.resource.base_resource_value_check import BaseResourceValueCheck
-from checkov.common.models.consts import ANY_VALUE
 
 
 class PostgreSQLServerSSLEnforcementEnabled(BaseResourceValueCheck):

checkov/terraform/checks/resource/azure/PostgressSQLGeoBackupEnabled.py

@@ -1,4 +1,4 @@
-from checkov.common.models.enums import CheckResult, CheckCategories
+from checkov.common.models.enums import CheckCategories
 from checkov.terraform.checks.resource.base_resource_value_check import BaseResourceValueCheck
 
 

checkov/terraform/checks/resource/azure/SecretExpirationDate.py

@@ -1,4 +1,4 @@
-from checkov.common.models.enums import CheckResult, CheckCategories
+from checkov.common.models.enums import CheckCategories
 from checkov.terraform.checks.resource.base_resource_value_check import BaseResourceValueCheck
 from checkov.common.models.consts import ANY_VALUE
 

checkov/terraform/checks/resource/gcp/CloudSqlMajorVersion.py

@@ -1,6 +1,5 @@
 from checkov.terraform.checks.resource.base_resource_value_check import BaseResourceValueCheck
 from checkov.common.models.enums import CheckCategories
-from checkov.common.models.consts import ANY_VALUE
 
 
 class CloudSqlMajorVersion(BaseResourceValueCheck):

checkov/terraform/checks/resource/gcp/GoogleComputeDiskEncryption.py

@@ -1,6 +1,6 @@
 from checkov.common.models.consts import ANY_VALUE
 from checkov.terraform.checks.resource.base_resource_value_check import BaseResourceValueCheck
-from checkov.common.models.enums import CheckResult, CheckCategories
+from checkov.common.models.enums import CheckCategories
 
 
 class GoogleComputeDiskEncryption(BaseResourceValueCheck):

checkov/terraform/checks/resource/github/RepositoryEnableVulnerabilityAlerts.py

@@ -1,3 +1,5 @@
+from __future__ import annotations
+
 from typing import Any
 
 from checkov.common.models.enums import CheckCategories, CheckResult
@@ -12,7 +14,7 @@ def __init__(self) -> None:
         categories = [CheckCategories.GENERAL_SECURITY]
         super().__init__(name=name, id=id, categories=categories, supported_resources=supported_resources)
 
-    def scan_resource_conf(self, conf) -> CheckResult:
+    def scan_resource_conf(self, conf: dict[str, list[Any]]) -> CheckResult:
         # GitHub disables the alerts when archiving the repository without an option to turn them on again.
         if conf.get("archived") == [True]:
             return CheckResult.PASSED

checkov/terraform/checks/resource/kubernetes/AllowPrivilegeEscalationPSP.py

@@ -1,10 +1,9 @@
-from checkov.common.models.enums import CheckCategories, CheckResult
+from checkov.common.models.enums import CheckCategories
 from checkov.terraform.checks.resource.base_resource_negative_value_check import BaseResourceNegativeValueCheck
 from typing import Any, List
 
 
 class AllowPrivilegeEscalationPSP(BaseResourceNegativeValueCheck):
-
     def __init__(self):
         # CIS-1.3 1.7.5
         # CIS-1.5 5.2.5

checkov/terraform/checks/resource/kubernetes/CPULimits.py

@@ -1,19 +1,20 @@
+from __future__ import annotations
+
 from typing import Any
 
 from checkov.common.models.enums import CheckCategories, CheckResult
 from checkov.terraform.checks.resource.base_resource_check import BaseResourceCheck
 
 
 class CPULimits(BaseResourceCheck):
-
-    def __init__(self):
+    def __init__(self) -> None:
         name = "CPU Limits should be set"
         id = "CKV_K8S_11"
         supported_resources = ["kubernetes_pod"]
         categories = [CheckCategories.GENERAL_SECURITY]
         super().__init__(name=name, id=id, categories=categories, supported_resources=supported_resources)
 
-    def scan_resource_conf(self, conf) -> CheckResult:
+    def scan_resource_conf(self, conf: dict[str, list[Any]]) -> CheckResult:
         if "spec" not in conf:
             self.evaluated_keys = [""]
             return CheckResult.FAILED

checkov/terraform/checks/resource/kubernetes/DefaultServiceAccount.py

@@ -1,12 +1,13 @@
+from __future__ import annotations
+
 from typing import Any
 
 from checkov.common.models.enums import CheckCategories, CheckResult
 from checkov.terraform.checks.resource.base_resource_check import BaseResourceCheck
 
 
 class DefaultServiceAccount(BaseResourceCheck):
-
-    def __init__(self):
+    def __init__(self) -> None:
         # CIS-1.5 5.1.5
         name = "Ensure that default service accounts are not actively used"
         # Check automountServiceAccountToken in default service account in runtime
@@ -15,7 +16,7 @@ def __init__(self):
         categories = [CheckCategories.GENERAL_SECURITY]
         super().__init__(name=name, id=id, categories=categories, supported_resources=supported_resources)
 
-    def scan_resource_conf(self, conf) -> CheckResult:
+    def scan_resource_conf(self, conf: dict[str, list[Any]]) -> CheckResult:
         if "metadata" in conf:
             if "name" in conf["metadata"][0]:
                 metadata = conf["metadata"][0]

checkov/terraform/checks/resource/kubernetes/DockerSocketVolume.py

@@ -1,13 +1,13 @@
+from __future__ import annotations
+
 from typing import Any
 
 from checkov.common.models.enums import CheckCategories, CheckResult
 from checkov.terraform.checks.resource.base_resource_check import BaseResourceCheck
 
 
 class DockerSocketVolume(BaseResourceCheck):
-
-    def __init__(self):
-
+    def __init__(self) -> None:
         # Exposing the socket gives container information and increases risk of exploit
         # read-only is not a solution but only makes it harder to exploit.
         # Location: Pod.spec.volumes[].hostPath.path
@@ -19,7 +19,7 @@ def __init__(self):
         categories = [CheckCategories.NETWORKING]
         super().__init__(name=name, id=id, categories=categories, supported_resources=supported_resources)
 
-    def scan_resource_conf(self, conf):
+    def scan_resource_conf(self, conf: dict[str, list[Any]]):
         if "spec" not in conf:
             self.evaluated_keys = [""]
             return CheckResult.FAILED