codeowners enricher done

smithy-security · Oct 16, 2023 · eb9c087 · eb9c087
1 parent 0c871e0
commit eb9c087
Show file tree

Hide file tree

Showing 4 changed files with 39 additions and 60 deletions.
diff --git a/components/enrichers/codeowners/README.md b/components/enrichers/codeowners/README.md
@@ -1,5 +1,5 @@
 # CodeOwners Enricher
 
 This enricher scans the cloned source for [CODEOWNERS](https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners) files,
-For each finding, it adds the following annotation to each finding.
+For each finding, it adds the following annotation.
 "Owner-<incremental number>:<the username of the owner>"
diff --git a/components/enrichers/codeowners/kustomization.yaml b/components/enrichers/codeowners/kustomization.yaml
@@ -16,22 +16,17 @@ patches:
         workspaces:
           - name: source-code-ws
         tasks:
-          - name: enricher-depsdev
+          - name: enricher-codeowners
             taskRef:
-              name: enricher-depsdev
+              name: enricher-codeowners
             workspaces:
               - name: source-code-ws
                 workspace: source-code-ws
             params:
-              - name: enricher-depsdev-licenses-in-evidence
-                value: $(params.enricher-depsdev-licenses-in-evidence)
-              - name: enricher-depsdev-annotation
-                value: $(params.enricher-depsdev-annotation)
+              - name: enricher-codeowners-annotation
+                value: $(params.enricher-codeowners-annotation)
         params:
-          - name: enricher-depsdev-licenses-in-evidence
-            type: string
-            default: "false"
-          - name: enricher-depsdev-annotation
+          - name: enricher-codeowners-annotation
             type: string
             default: ""
     target:
@@ -41,7 +36,7 @@ patches:
       apiVersion: tekton.dev/v1beta1
       kind: Task
       metadata:
-        name: enricher-depsdev
+        name: enricher-codeowners
         labels:
           v1.dracon.ocurity.com/component: enricher
       spec:
@@ -59,7 +54,7 @@ patches:
             script: echo "$(context.task.name)" > "$(results.anchor.path)"
     target:
       kind: Task
-      name: enricher-depsdev
+      name: enricher-codeowners
   # If we have an producer-aggregator task in the pipeline (added by the
   # producer-aggregator component), make the enricher depend on the completion of
   # it.
@@ -70,7 +65,7 @@ patches:
         name: unused
       spec:
         tasks:
-          - name: enricher-depsdev
+          - name: enricher-codeowners
             params:
               - name: anchors
                 value:
@@ -92,7 +87,7 @@ patches:
             params:
               - name: anchors
                 value:
-                  - $(tasks.enricher-depsdev.results.anchor)
+                  - $(tasks.enricher-codeowners.results.anchor)
     target:
       kind: Pipeline
       annotationSelector: v1.dracon.ocurity.com/has-enricher-aggregator=true
diff --git a/components/enrichers/codeowners/main.go b/components/enrichers/codeowners/main.go
@@ -1,3 +1,8 @@
+// Package main of the codeowners enricher
+// handles enrichment of individual issues with
+// the groups/usernames listed in the github repository
+// CODEOWNERS files.
+// Owners are matched against the "target" field of the issue
 package main
 
 import (
@@ -17,12 +22,10 @@ import (
 const defaultAnnotation = "Owner"
 
 var (
-	readPath       string
-	writePath      string
-	repoBasePath   string
-	repoURL        string
-	sparseCheckout string
-	annotation     string
+	readPath     string
+	writePath    string
+	repoBasePath string
+	annotation   string
 )
 
 func lookupEnvOrString(key string, defaultVal string) string {
@@ -35,45 +38,32 @@ func lookupEnvOrString(key string, defaultVal string) string {
 func enrichIssue(i *v1.Issue) (*v1.EnrichedIssue, error) {
 	enrichedIssue := v1.EnrichedIssue{}
 	annotations := map[string]string{}
+	targets := []string{}
 	if i.GetCycloneDXSBOM() != "" {
-		annotationsAdded := 0
 		// shortcut, if there is a CycloneDX BOM then there is no target.
-		// we get the url from the repoURL parameter and add the sparse checkout directories to it.
-		targets := []string{}
-		if sparseCheckout != "" {
-			targets = strings.Split(sparseCheckout, ",")
-		} else {
-			targets = []string{"."}
-		}
-		for _, target := range targets {
-			path := filepath.Join(repoBasePath, target)
-			c, err := owners.FromFile()
-			if err != nil {
-				log.Println("could not instantiate owners for path", path, "err", err)
-				continue
-			}
-			owners := c.Owners(".")
-			for _, owner := range owners {
-				annotations[fmt.Sprintf("Owner-%d", annotationsAdded)] = owner
-				annotationsAdded++
-			}
-		}
+		// we get the url from the repoURL parameter
+		targets = []string{"."}
 	} else {
 		target := strings.Split(i.GetTarget(), ":")
-		annotationsAdded := 0
 		if len(target) > 1 {
-			c, err := owners.FromFile(filepath.Join(repoBasePath, target[0]))
-			path := filepath.Join(repoBasePath, target[0])
-			if err != nil {
-				log.Println("could not instantiate owners for path", path, "err", err)
-			}
-			owners := c.Owners(".")
-			for _, owner := range owners {
-				annotations[fmt.Sprintf("Owner-%d", annotationsAdded)] = owner
-				annotationsAdded++
-			}
+			targets = append(targets, target[0])
+		} else {
+			targets = append(targets, i.GetTarget())
 		}
 	}
+	for _, target := range targets {
+		path := filepath.Join(repoBasePath, target)
+		c, err := owners.FromFile(repoBasePath)
+		if err != nil {
+			log.Println("could not instantiate owners for path", path, "err", err)
+			continue
+		}
+		owners := c.Owners(path)
+		for _, owner := range owners {
+			annotations[fmt.Sprintf("Owner-%d", len(annotations))] = owner
+		}
+	}
+
 	enrichedIssue = v1.EnrichedIssue{
 		RawIssue:    i,
 		Annotations: annotations,
@@ -107,7 +97,7 @@ func run() {
 				log.Fatal(err)
 			}
 		} else {
-			log.Println("no enriched issues were created")
+			log.Println("no enriched issues were created for", r.GetToolName())
 		}
 		if len(r.GetIssues()) > 0 {
 			scanStartTime := r.GetScanInfo().GetScanStartTime().AsTime()
@@ -130,8 +120,6 @@ func main() {
 	flag.StringVar(&writePath, "write_path", lookupEnvOrString("WRITE_PATH", ""), "where to put enriched results")
 	flag.StringVar(&annotation, "annotation", lookupEnvOrString("ANNOTATION", defaultAnnotation), "what is the annotation this enricher will add to the issues, by default `Enriched Licenses`")
 	flag.StringVar(&repoBasePath, "repoBasePath", lookupEnvOrString("REPO_BASE_PATH", ""), `the base path of the repository, this is most likely an internally set variable`)
-	flag.StringVar(&repoURL, "repoURL", lookupEnvOrString("REPOSITORY_URL", ""), `the base path of the repository, this is most likely an internally set variable`)
-	flag.StringVar(&sparseCheckout, "sparseCheckout", lookupEnvOrString("REPO_SPARSE_CHECKOUT", ""), `the sparse checkout directories settings passed to this repository`)
 	flag.Parse()
 	run()
 }
diff --git a/components/enrichers/codeowners/task.yaml b/components/enrichers/codeowners/task.yaml
@@ -24,11 +24,7 @@ spec:
       value: $(workspaces.source-code-ws.path)/.dracon/producers
     - name: WRITE_PATH
       value: "$(workspaces.source-code-ws.path)/.dracon/enrichers/codeowners"
-    - name: ORIGINAL_REPOSITORY_URL
-      value: "$(params.repository_url)"
     - name: REPO_BASE_PATH
       value: "$(workspaces.source-code-ws.path)/"
-    - name: REPO_SPARSE_CHECKOUT
-      value: "$(params.sparseCheckoutDirectories)/"
     - name: ANNOTATION
       value: "$(params.enricher-codeowners-annotation)"