11384223641

Committed 17 Oct 2024 11:42AM UTC coverage: 54.724%. First build

Build # 11384223641

Build Type

Pull #4773

github

Committed by

web-flow

Commit Message

Merge 254333563 into 1d818b17d

Pull Request Pull Request #4773: Change defaults for pull request rules

Run Details

6 of 18 new or added lines in 2 files covered. (33.33%)

14921 of 27266 relevant lines covered (54.72%)

41.4 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.0

/internal/engine/eval/vulncheck/config.go

// SPDX-FileCopyrightText: Copyright 2023 The Minder Authors
// SPDX-License-Identifier: Apache-2.0

// Package vulncheck provides the vulnerability check evaluator
package vulncheck

import (
        "fmt"
        "strings"

        "github.com/go-playground/validator/v10"
        "github.com/go-viper/mapstructure/v2"

        "github.com/mindersec/minder/internal/engine/eval/pr_actions"
        pbinternal "github.com/mindersec/minder/internal/proto"
)

type vulnDbType string

const (
        vulnDbTypeOsv vulnDbType = "osv"
        defaultAction            = pr_actions.ActionReviewPr
)

var (
        defaultEcosystemConfig = []ecosystemConfig{
                {
                        Name:       "npm",
                        DbType:     vulnDbTypeOsv,
                        DbEndpoint: "https://api.osv.dev/v1/query",
                        PackageRepository: packageRepository{
                                Url: "https://registry.npmjs.org",
                        },
                },
                {
                        Name:       "pypi",
                        DbType:     vulnDbTypeOsv,
                        DbEndpoint: "https://api.osv.dev/v1/query",
                        PackageRepository: packageRepository{
                                Url: "https://pypi.org/pypi",
                        },
                },
                {
                        Name:       "go",
                        DbType:     vulnDbTypeOsv,
                        DbEndpoint: "https://api.osv.dev/v1/query",
                        PackageRepository: packageRepository{
                                Url: "https://proxy.golang.org",
                        },
                        SumRepository: packageRepository{
                                Url: "https://sum.golang.org",
                        },
                },
        }
)

type packageRepository struct {
        Url string `json:"url" mapstructure:"url" validate:"required"`
}

type ecosystemConfig struct {
        Name string `json:"name" mapstructure:"name" validate:"required"`
        //nolint:lll
        DbType vulnDbType `json:"vulnerability_database_type" mapstructure:"vulnerability_database_type" validate:"required"`
        //nolint:lll
        DbEndpoint        string            `json:"vulnerability_database_endpoint" mapstructure:"vulnerability_database_endpoint" validate:"required"`
        PackageRepository packageRepository `json:"package_repository" mapstructure:"package_repository" validate:"required"`
        SumRepository     packageRepository `json:"sum_repository" mapstructure:"sum_repository" validate:"required"`
}

// config is the configuration for the vulncheck evaluator
type config struct {
        Action          pr_actions.Action `json:"action" mapstructure:"action" validate:"required"`
        EcosystemConfig []ecosystemConfig `json:"ecosystem_config" mapstructure:"ecosystem_config" validate:"required"`
}

func populateDefaultsIfEmpty(ruleCfg map[string]any) {
        if ruleCfg["ecosystem_config"] == nil {
                ruleCfg["ecosystem_config"] = defaultEcosystemConfig
        } else if ecoCfg, ok := ruleCfg["ecosystem_config"].([]interface{}); ok && len(ecoCfg) == 0 {
                ruleCfg["ecosystem_config"] = defaultEcosystemConfig
        }

        if ruleCfg["action"] == nil {
                ruleCfg["action"] = defaultAction
        }
}

func parseConfig(ruleCfg map[string]any) (*config, error) {
        populateDefaultsIfEmpty(ruleCfg)

        var conf config
        validate := validator.New(validator.WithRequiredStructEnabled())

        if err := mapstructure.Decode(ruleCfg, &conf); err != nil {
                return nil, fmt.Errorf("could not parse config: %w", err)
        }

        if err := validate.Struct(&conf); err != nil {
                return nil, fmt.Errorf("config failed validation: %w", err)
        }

        return &conf, nil
}

func (c *config) getEcosystemConfig(ecosystem pbinternal.DepEcosystem) *ecosystemConfig {
        sEco := ecosystem.AsString()
        if sEco == "" {
                return nil
        }
        sEco = strings.ToLower(sEco)

        for _, eco := range c.EcosystemConfig {
                if strings.ToLower(eco.Name) == sEco {
                        return &eco
                }
        }

        return nil
}

1	// SPDX-FileCopyrightText: Copyright 2023 The Minder Authors
2	// SPDX-License-Identifier: Apache-2.0
3
4	// Package vulncheck provides the vulnerability check evaluator
5	package vulncheck
6
7	import (
8	"fmt"
9	"strings"
10
11	"github.com/go-playground/validator/v10"
12	"github.com/go-viper/mapstructure/v2"
13
14	"github.com/mindersec/minder/internal/engine/eval/pr_actions"
15	pbinternal "github.com/mindersec/minder/internal/proto"
16	)
17
18	type vulnDbType string
19
20	const (
21	vulnDbTypeOsv vulnDbType = "osv"
22	defaultAction = pr_actions.ActionReviewPr
23	)
24
25	var (
26	defaultEcosystemConfig = []ecosystemConfig{
27	{
28	Name: "npm",
29	DbType: vulnDbTypeOsv,
30	DbEndpoint: "https://api.osv.dev/v1/query",
31	PackageRepository: packageRepository{
32	Url: "https://registry.npmjs.org",
33	},
34	},
35	{
36	Name: "pypi",
37	DbType: vulnDbTypeOsv,
38	DbEndpoint: "https://api.osv.dev/v1/query",
39	PackageRepository: packageRepository{
40	Url: "https://pypi.org/pypi",
41	},
42	},
43	{
44	Name: "go",
45	DbType: vulnDbTypeOsv,
46	DbEndpoint: "https://api.osv.dev/v1/query",
47	PackageRepository: packageRepository{
48	Url: "https://proxy.golang.org",
49	},
50	SumRepository: packageRepository{
51	Url: "https://sum.golang.org",
52	},
53	},
54	}
55	)
56
57	type packageRepository struct {
58	Url string `json:"url" mapstructure:"url" validate:"required"`
59	}
60
61	type ecosystemConfig struct {
62	Name string `json:"name" mapstructure:"name" validate:"required"`
63	//nolint:lll
64	DbType vulnDbType `json:"vulnerability_database_type" mapstructure:"vulnerability_database_type" validate:"required"`
65	//nolint:lll
66	DbEndpoint string `json:"vulnerability_database_endpoint" mapstructure:"vulnerability_database_endpoint" validate:"required"`
67	PackageRepository packageRepository `json:"package_repository" mapstructure:"package_repository" validate:"required"`
68	SumRepository packageRepository `json:"sum_repository" mapstructure:"sum_repository" validate:"required"`
69	}
70
71	// config is the configuration for the vulncheck evaluator
72	type config struct {
73	Action pr_actions.Action `json:"action" mapstructure:"action" validate:"required"`
74	EcosystemConfig []ecosystemConfig `json:"ecosystem_config" mapstructure:"ecosystem_config" validate:"required"`
75	}
76
NEW 77	func populateDefaultsIfEmpty(ruleCfg map[string]any) {	×
NEW 78	if ruleCfg["ecosystem_config"] == nil {	×
NEW 79	ruleCfg["ecosystem_config"] = defaultEcosystemConfig	×
NEW 80	} else if ecoCfg, ok := ruleCfg["ecosystem_config"].([]interface{}); ok && len(ecoCfg) == 0 {	×
NEW 81	ruleCfg["ecosystem_config"] = defaultEcosystemConfig	×
NEW 82	}	×
83
NEW 84	if ruleCfg["action"] == nil {	×
NEW 85	ruleCfg["action"] = defaultAction	×
86	}	×
87	}
88
89	func parseConfig(ruleCfg map[string]any) (*config, error) {	×
NEW 90	populateDefaultsIfEmpty(ruleCfg)	×
91		×
92	var conf config	×
93	validate := validator.New(validator.WithRequiredStructEnabled())	×
94		×
95	if err := mapstructure.Decode(ruleCfg, &conf); err != nil {	×
96	return nil, fmt.Errorf("could not parse config: %w", err)	×
97	}	×
98
99	if err := validate.Struct(&conf); err != nil {	×
100	return nil, fmt.Errorf("config failed validation: %w", err)	×
101	}	×
102
103	return &conf, nil	×
104	}
105
106	func (c config) getEcosystemConfig(ecosystem pbinternal.DepEcosystem) ecosystemConfig {	×
107	sEco := ecosystem.AsString()	×
108	if sEco == "" {	×
109	return nil	×
110	}	×
111	sEco = strings.ToLower(sEco)	×
112		×
113	for _, eco := range c.EcosystemConfig {	×
114	if strings.ToLower(eco.Name) == sEco {	×
115	return &eco	×
116	}	×
117	}
118
119	return nil	×
120	}

mindersec / minder / 11384223641

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous