Skip to content

Commit

Permalink
fix: push breach json directly to insights
Browse files Browse the repository at this point in the history
  • Loading branch information
yusufhm committed Feb 14, 2024
1 parent 205145d commit aee8cf0
Show file tree
Hide file tree
Showing 4 changed files with 32 additions and 172 deletions.
57 changes: 2 additions & 55 deletions pkg/lagoon/lagoon.go
Original file line number Diff line number Diff line change
Expand Up @@ -126,32 +126,17 @@ func ProcessResultList(w *bufio.Writer, list result.ResultList) error {
return nil
}

for iR, r := range list.Results {
for _, r := range list.Results {
if len(r.Breaches) == 0 {
continue
}

// let's marshal the breaches, they can be attached to the problem in the data field
_, err := json.Marshal(r.Breaches)
breachMapJson, err := json.Marshal(r.Breaches)
if err != nil {
log.WithError(err).Fatal("Unable to marshal breach information")
}

breachMap := map[string]string{}
for iB, b := range r.Breaches {
breachName := fmt.Sprintf("[%d] %s", iR+iB+1, BreachFactName(b))
value := BreachFactValue(b)
if len(value) > FactMaxValueLength {
value = value[:FactMaxValueLength-12] + "...TRUNCATED"
}
breachMap[breachName] = value
}

breachMapJson, err := json.Marshal(breachMap)
if err != nil {
log.WithError(err).Fatal("Unable to write problems to Insights Remote")
}

problems = append(problems, Problem{
Identifier: r.Name,
Version: "1",
Expand Down Expand Up @@ -221,44 +206,6 @@ func DeleteProblems() error {
return Client.Mutate(context.Background(), &m, variables)
}

func BreachFactName(b result.Breach) string {
var name string
if result.BreachGetKeyLabel(b) != "" {
name = fmt.Sprintf("%s: %s", result.BreachGetKeyLabel(b),
result.BreachGetKey(b))
} else if result.BreachGetKey(b) != "" {
name = result.BreachGetKey(b)
} else if result.BreachGetValueLabel(b) != "" {
name = result.BreachGetValueLabel(b)
} else {
name = b.GetCheckName() + " - " +
string(b.GetCheckType())
}
return name
}

func BreachFactValue(b result.Breach) string {
value := result.BreachGetValue(b)
if value == "" {
value = strings.Join(result.BreachGetValues(b), ", ")
}

label := result.BreachGetValueLabel(b)
if label == "" || BreachFactName(b) == label {
return value
} else {
value = fmt.Sprintf("%s: %s", label, value)
}

expected := result.BreachGetExpectedValue(b)
if expected == "" {
return value
} else {
value = fmt.Sprintf("expected: %s, %s", expected, value)
}
return value
}

// SeverityTranslation will convert a ShipShape severity rating to a Lagoon rating
func SeverityTranslation(ssSeverity config.Severity) ProblemSeverityRating {
// Currently supported severity levels in Lagoon
Expand Down
89 changes: 1 addition & 88 deletions pkg/lagoon/lagoon_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,6 @@ import (

"github.com/salsadigitalauorg/shipshape/pkg/internal"
"github.com/salsadigitalauorg/shipshape/pkg/lagoon"
"github.com/salsadigitalauorg/shipshape/pkg/result"

"github.com/hasura/go-graphql-client"
"github.com/sirupsen/logrus"
Expand Down Expand Up @@ -190,94 +189,8 @@ func Test_ProblemsToInsightsRemote(t *testing.T) {
var problems []lagoon.Problem
err := json.Unmarshal([]byte(bodyString), &problems)
assert.NoError(t, err)
assert.Equalf(t, tt.args.problems, problems, fmt.Sprintf("Unmarshalled Body not Equal"))
assert.Equalf(t, tt.args.problems, problems, "Unmarshalled Body not Equal")
}
})
}
}

func TestBreachFactNameAndValue(t *testing.T) {
tests := []struct {
name string
breach result.Breach
expectedName string
expectedValue string
}{
{
name: "value breach - no label",
breach: &result.ValueBreach{
CheckName: "illegal file",
CheckType: "file",
Value: "/an/illegal/file",
},
expectedName: "illegal file - file",
expectedValue: "/an/illegal/file",
},
{
name: "value breach - label",
breach: &result.ValueBreach{
CheckName: "illegal file",
CheckType: "file",
ValueLabel: "the illegal file exists",
Value: "/an/illegal/file",
},
expectedName: "the illegal file exists",
expectedValue: "/an/illegal/file",
},
{
name: "key-value breach - with value label",
breach: &result.KeyValueBreach{
CheckName: "illegal file",
CheckType: "file",
Key: "illegal file found",
ValueLabel: "the illegal file exists",
Value: "/an/illegal/file",
},
expectedName: "illegal file found",
expectedValue: "the illegal file exists: /an/illegal/file",
},
{
name: "key-value breach - with value and key labels",
breach: &result.KeyValueBreach{
CheckName: "illegal file",
CheckType: "file",
KeyLabel: "illegal file found in",
Key: "/path/to/dir",
ValueLabel: "illegal file",
Value: "/an/illegal/file",
},
expectedName: "illegal file found in: /path/to/dir",
expectedValue: "illegal file: /an/illegal/file",
},
{
name: "value breach - with value and key labels and expected value",
breach: &result.KeyValueBreach{
CheckName: "update module status",
CheckType: "module-status",
KeyLabel: "disallowed module found",
ValueLabel: "actual",
Value: "enabled",
ExpectedValue: "disabled",
},
expectedName: "disallowed module found: ",
expectedValue: "expected: disabled, actual: enabled",
},
{
name: "key-values breach - no label",
breach: &result.KeyValuesBreach{
CheckName: "illegal files",
CheckType: "file",
Values: []string{"/an/illegal/file", "/another/illegal/file"},
},
expectedName: "illegal files - file",
expectedValue: "/an/illegal/file, /another/illegal/file",
},
}

for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
assert.Equal(t, tt.expectedName, lagoon.BreachFactName(tt.breach))
assert.Equal(t, tt.expectedValue, lagoon.BreachFactValue(tt.breach))
})
}
}
54 changes: 27 additions & 27 deletions pkg/result/breach.go
Original file line number Diff line number Diff line change
Expand Up @@ -35,14 +35,14 @@ const (
//
// "file foo.ext not found": file is the ValueLabel, foo.ext is the Value
type ValueBreach struct {
BreachType
CheckType string
CheckName string
Severity string
ValueLabel string
Value string
ExpectedValue string
Remediation
BreachType `json:"breach-type"`
CheckType string `json:"check-type"`
CheckName string `json:"check-name"`
Severity string `json:"severity"`
ValueLabel string `json:"value-label,omitempty"`
Value string `json:"value"`
ExpectedValue string `json:"expected-value,omitempty"`
Remediation `json:"remediation,omitempty"`
}

func (b ValueBreach) String() string {
Expand All @@ -61,16 +61,16 @@ func (b ValueBreach) String() string {
// - app could be the ValueLabel
// - wordpress is the Value
type KeyValueBreach struct {
BreachType
CheckType string
CheckName string
Severity string
KeyLabel string
Key string
ValueLabel string
Value string
ExpectedValue string
Remediation
BreachType `json:"breach-type"`
CheckType string `json:"check-type"`
CheckName string `json:"check-name"`
Severity string `json:"severity"`
KeyLabel string `json:"key-label,omitempty"`
Key string `json:"key,omitempty"`
ValueLabel string `json:"value-label,omitempty"`
Value string `json:"value"`
ExpectedValue string `json:"expected-value,omitempty"`
Remediation `json:"remediation,omitempty"`
}

func (b KeyValueBreach) String() string {
Expand All @@ -89,15 +89,15 @@ func (b KeyValueBreach) String() string {
// - permissions could be the ValueLabel
// - [administer site configuration, import configuration] are the Values
type KeyValuesBreach struct {
BreachType
CheckType string
CheckName string
Severity string
KeyLabel string
Key string
ValueLabel string
Values []string
Remediation
BreachType `json:"breach-type"`
CheckType string `json:"check-type"`
CheckName string `json:"check-name"`
Severity string `json:"severity"`
KeyLabel string `json:"key-label,omitempty"`
Key string `json:"key,omitempty"`
ValueLabel string `json:"value-label,omitempty"`
Values []string `json:"values"`
Remediation `json:"remediation,omitempty"`
}

func (b KeyValuesBreach) String() string {
Expand Down
4 changes: 2 additions & 2 deletions pkg/result/remediation.go
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,6 @@ const (
)

type Remediation struct {
Status RemediationStatus
Messages []string
Status RemediationStatus `json:",omitempty"`
Messages []string `json:",omitempty"`
}

0 comments on commit aee8cf0

Please sign in to comment.