Merge pull request #19 from CrowdStrike/sbaliyambra/PRODSEC-103176-address-tflint-vulnerability

ShahanaBaliyambra · web-flow · commit d79d64d25204 · 2025-05-07T15:33:36.000-07:00
fix oci tflint vulnerability:PRODSEC-103176
diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml
@@ -23,8 +23,26 @@ jobs:
 
       - name: Install TFLint
         run: |
-          curl -s https://raw.githubusercontent.com/terraform-linters/tflint/master/install_linux.sh | bash
-          tflint --version
+          # Get latest version number
+          TFLINT_VERSION=$(curl -s https://api.github.com/repos/terraform-linters/tflint/releases/latest | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/')
+          echo "Installing TFLint version: ${TFLINT_VERSION}"
+          
+          # Download TFLint
+          curl -s -L -o tflint.zip "https://github.com/terraform-linters/tflint/releases/download/${TFLINT_VERSION}/tflint_linux_amd64.zip"
+          
+          # Get and verify checksum
+          EXPECTED_SHA=$(curl -s -L "https://github.com/terraform-linters/tflint/releases/download/${TFLINT_VERSION}/checksums.txt" | grep "tflint_linux_amd64.zip" | awk '{print $1}')
+          
+          # Verify checksum 
+          if echo "${EXPECTED_SHA} tflint.zip" | sha256sum -c; then
+            echo "Hash verification successful - proceeding with installation"
+            unzip tflint.zip
+            sudo mv tflint /usr/local/bin/
+            tflint --version
+          else
+            echo "Hash verification failed - script not executed"
+            exit 1
+          fi
 
       - name: Setup Terraform
         uses: hashicorp/setup-terraform@v2
diff --git a/templates/Resource_Manager_Template/modules/iom/outputs.tf b/templates/Resource_Manager_Template/modules/iom/outputs.tf
@@ -4,6 +4,6 @@ output "user_ocid" {
 }
 
 output "template_version" {
-  value       = "v0.3.9"
+  value       = "v0.3.10"
   description = "The version of CrowdStrike's OCI integration supported by this template"
 }
diff --git a/templates/Resource_Manager_Template/outputs.tf b/templates/Resource_Manager_Template/outputs.tf
@@ -4,7 +4,7 @@ output "user_ocid" {
 }
 
 output "template_version" {
-  value       = "v0.3.9"
+  value       = "v0.3.10"
   description = "The version of CrowdStrike's OCI integration supported by this template."
 }
 

Original file line number	Diff line number	Diff line change
`@@ -4,6 +4,6 @@ output "user_ocid" {`
`4`	`4`	`}`
`5`	`5`
`6`	`6`	`output "template_version" {`
`7`		`- value = "v0.3.9"`
	`7`	`+ value = "v0.3.10"`
`8`	`8`	`description = "The version of CrowdStrike's OCI integration supported by this template"`
`9`	`9`	`}`
Original file line number	Diff line number	Diff line change
`@@ -4,7 +4,7 @@ output "user_ocid" {`
`4`	`4`	`}`
`5`	`5`
`6`	`6`	`output "template_version" {`
`7`		`- value = "v0.3.9"`
	`7`	`+ value = "v0.3.10"`
`8`	`8`	`description = "The version of CrowdStrike's OCI integration supported by this template."`
`9`	`9`	`}`
`10`	`10`