diff --git a/pkg/registry/file/applicationprofile_processor.go b/pkg/registry/file/applicationprofile_processor.go index 09f56494b..c857a3cbb 100644 --- a/pkg/registry/file/applicationprofile_processor.go +++ b/pkg/registry/file/applicationprofile_processor.go @@ -99,6 +99,6 @@ func deflateApplicationProfileContainer(container softwarecomposition.Applicatio Endpoints: endpoints, ImageTag: container.ImageTag, ImageID: container.ImageID, - PolicyByRuleId: container.PolicyByRuleId, + PolicyByRuleId: DeflateRulePolicies(container.PolicyByRuleId), } } diff --git a/pkg/registry/file/applicationprofile_processor_test.go b/pkg/registry/file/applicationprofile_processor_test.go index 3179df103..b2fb5dd91 100644 --- a/pkg/registry/file/applicationprofile_processor_test.go +++ b/pkg/registry/file/applicationprofile_processor_test.go @@ -163,3 +163,97 @@ func TestApplicationProfileProcessor_PreSave(t *testing.T) { }) } } + +func TestDeflateRulePolicies(t *testing.T) { + tests := []struct { + name string + in map[string]softwarecomposition.RulePolicy + want map[string]softwarecomposition.RulePolicy + }{ + { + name: "nil map", + in: nil, + want: nil, + }, + { + name: "empty map", + in: map[string]softwarecomposition.RulePolicy{}, + want: map[string]softwarecomposition.RulePolicy{}, + }, + { + name: "single rule with unsorted processes", + in: map[string]softwarecomposition.RulePolicy{ + "rule1": { + AllowedProcesses: []string{"cat", "bash", "ls"}, + AllowedContainer: true, + }, + }, + want: map[string]softwarecomposition.RulePolicy{ + "rule1": { + AllowedProcesses: []string{"bash", "cat", "ls"}, + AllowedContainer: true, + }, + }, + }, + { + name: "multiple rules with duplicate processes", + in: map[string]softwarecomposition.RulePolicy{ + "rule1": { + AllowedProcesses: []string{"cat", "bash", "ls", "bash"}, + AllowedContainer: true, + }, + "rule2": { + AllowedProcesses: []string{"nginx", "nginx", "python"}, + AllowedContainer: false, + }, + }, + want: map[string]softwarecomposition.RulePolicy{ + "rule1": { + AllowedProcesses: []string{"bash", "cat", "ls"}, + AllowedContainer: true, + }, + "rule2": { + AllowedProcesses: []string{"nginx", "python"}, + AllowedContainer: false, + }, + }, + }, + { + name: "rule with empty processes", + in: map[string]softwarecomposition.RulePolicy{ + "rule1": { + AllowedProcesses: []string{}, + AllowedContainer: true, + }, + }, + want: map[string]softwarecomposition.RulePolicy{ + "rule1": { + AllowedProcesses: []string{}, + AllowedContainer: true, + }, + }, + }, + { + name: "rule with nil processes", + in: map[string]softwarecomposition.RulePolicy{ + "rule1": { + AllowedProcesses: nil, + AllowedContainer: true, + }, + }, + want: map[string]softwarecomposition.RulePolicy{ + "rule1": { + AllowedProcesses: []string{}, + AllowedContainer: true, + }, + }, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + got := DeflateRulePolicies(tt.in) + assert.Equal(t, tt.want, got) + }) + } +} diff --git a/pkg/registry/file/processor.go b/pkg/registry/file/processor.go index ea5386a30..846325eb4 100644 --- a/pkg/registry/file/processor.go +++ b/pkg/registry/file/processor.go @@ -2,6 +2,7 @@ package file import ( mapset "github.com/deckarep/golang-set/v2" + "github.com/kubescape/storage/pkg/apis/softwarecomposition" "k8s.io/apimachinery/pkg/runtime" ) @@ -34,3 +35,15 @@ func DeflateStringer[T Stringer](in []T) []T { } return out } + +func DeflateRulePolicies(in map[string]softwarecomposition.RulePolicy) map[string]softwarecomposition.RulePolicy { + if in == nil { + return nil + } + + for key, item := range in { + item.AllowedProcesses = mapset.Sorted(mapset.NewThreadUnsafeSet(item.AllowedProcesses...)) + in[key] = item + } + return in +}