From 196efc6ab3cbed0aa684685155add34586c1b618 Mon Sep 17 00:00:00 2001 From: mgulter Date: Tue, 17 Dec 2024 15:48:03 +0300 Subject: [PATCH 1/2] Add custom infra import support --- client/scanners.go | 28 +++++++++++++++------------- cmd/scan.go | 24 ++++++++++++++++++++---- 2 files changed, 35 insertions(+), 17 deletions(-) diff --git a/client/scanners.go b/client/scanners.go index 781e996..e6136ae 100644 --- a/client/scanners.go +++ b/client/scanners.go @@ -18,14 +18,15 @@ import ( type ScannerType string const ( - ScannerTypeSAST ScannerType = "sast" - ScannerTypeDAST ScannerType = "dast" - ScannerTypeSCA ScannerType = "sca" - ScannerTypeCS ScannerType = "cs" - ScannerTypeIAC ScannerType = "iac" - ScannerTypeIAST ScannerType = "iast" - ScannerTypeCSPM ScannerType = "cspm" - ScannerTypeMAST ScannerType = "mast" + ScannerTypeSAST ScannerType = "sast" + ScannerTypeDAST ScannerType = "dast" + ScannerTypeSCA ScannerType = "sca" + ScannerTypeCS ScannerType = "cs" + ScannerTypeIAC ScannerType = "iac" + ScannerTypeIAST ScannerType = "iast" + ScannerTypeCSPM ScannerType = "cspm" + ScannerTypeMAST ScannerType = "mast" + ScannerTypeINFRA ScannerType = "infra" ) func (s ScannerType) String() string { @@ -36,6 +37,7 @@ func ScannerTypes() []ScannerType { return []ScannerType{ ScannerTypeSAST, ScannerTypeDAST, ScannerTypeSCA, ScannerTypeCS, ScannerTypeIAC, ScannerTypeIAST, ScannerTypeCSPM, ScannerTypeMAST, + ScannerTypeINFRA, } } @@ -199,7 +201,7 @@ func (c *Client) ListActiveScanners(input *ListActiveScannersInput) (*ScannersRe } // IsValidTool returns true if the given tool name is a valid tool -func (c *Client) IsValidTool(tool string) bool { +func (c *Client) IsValidTool(tool string) (*ScannerInfo, bool) { klog.Debugf("validating given tool name [%s]", tool) scanners, err := c.ListActiveScanners(&ListActiveScannersInput{ @@ -207,21 +209,21 @@ func (c *Client) IsValidTool(tool string) bool { }) if err != nil { klog.Debugf("failed to get active tools: %v", err) - return false + return nil, false } if scanners.Total == 0 { klog.Debugf("no tool found by given tool name. invalid or inactive tool name: %s", tool) - return false + return nil, false } var scanner = scanners.ActiveScanners[0] if scanner.Disabled { klog.Printf("the scanner [%s] is disabled on the Kondukto", tool) - return false + return nil, false } - return true + return &scanner, true } // IsRescanOnlyLabel returns true if the given label is a rescan only label diff --git a/cmd/scan.go b/cmd/scan.go index dd6f7ba..ff46f4a 100755 --- a/cmd/scan.go +++ b/cmd/scan.go @@ -6,6 +6,7 @@ Copyright © 2019 Kondukto package cmd import ( + "context" "errors" "fmt" "path/filepath" @@ -114,9 +115,16 @@ var scanCmd = &cobra.Command{ } t, _ := cmd.Flags().GetString("tool") s, _ := cmd.Flags().GetString("scan-id") - if s == "" && !c.IsValidTool(t) { + + toolInfo, isValid := c.IsValidTool(t) + if s == "" && !isValid { qwm(ExitCodeError, "unknown, disabled or inactive tool name. Run `kdt list scanners` to see the supported active scanner's list.") } + + if toolInfo != nil { + ctx := context.WithValue(cmd.Context(), "internal-scan-type", toolInfo.Type) + cmd.SetContext(ctx) + } }, } @@ -159,7 +167,9 @@ type Scan struct { } func (s *Scan) startScan() (string, error) { + scanType := s.cmd.Context().Value("internal-scan-type").(string) var scanMode = getScanMode(s.cmd) + incremental, err := s.cmd.Flags().GetBool("incremental-scan") if err != nil { return "", err @@ -172,7 +182,7 @@ func (s *Scan) startScan() (string, error) { switch scanMode { case modeByFileImport: // scan mode to start a scan by importing a file - eventID, err := s.scanByFileImport() + eventID, err := s.scanByFileImport(scanType) if err != nil { return "", err } @@ -278,7 +288,7 @@ func (s *Scan) scanByImage() (string, error) { return eventID, nil } -func (s *Scan) scanByFileImport() (string, error) { +func (s *Scan) scanByFileImport(scanType string) (string, error) { // Parse command line flags needed for file uploads project, err := s.findORCreateProject() if err != nil { @@ -289,9 +299,15 @@ func (s *Scan) scanByFileImport() (string, error) { if err != nil { return "", fmt.Errorf("failed to parse tool flag: %w", err) } - if !s.cmd.Flag("branch").Changed { + + if !s.cmd.Flag("branch").Changed && scanType != client.ScannerTypeINFRA.String() { return "", errors.New("branch parameter is required to import scan results") } + + if !s.cmd.Flag("meta").Changed && scanType == client.ScannerTypeINFRA.String() { + return "", errors.New("meta parameter is required to import infra scan results") + } + pathToFile, err := s.cmd.Flags().GetString("file") if err != nil { return "", fmt.Errorf("failed to parse file path: %w", err) From 0e522993d01f5196f8632aec17f1449d213b30ab Mon Sep 17 00:00:00 2001 From: mgulter Date: Wed, 18 Dec 2024 15:29:41 +0300 Subject: [PATCH 2/2] Fix api import --- client/projects.go | 1 + client/scans.go | 25 +++++++++++++------------ cmd/scan.go | 10 +++++++++- 3 files changed, 23 insertions(+), 13 deletions(-) diff --git a/client/projects.go b/client/projects.go index ce6f6cd..07ced5a 100755 --- a/client/projects.go +++ b/client/projects.go @@ -162,6 +162,7 @@ type ReleaseStatus struct { CS PlaybookTypeDetail `json:"cs"` IAC PlaybookTypeDetail `json:"iac"` MAST PlaybookTypeDetail `json:"mast"` + INFRA PlaybookTypeDetail `json:"infra"` } const ReleaseStatusHistoryInprogress = "in_progress" diff --git a/client/scans.go b/client/scans.go index 6152f55..621bf85 100755 --- a/client/scans.go +++ b/client/scans.go @@ -34,18 +34,19 @@ type ( } ScanDetail struct { - ID string `json:"id"` - Name string `json:"name"` - Branch string `json:"branch"` - ScanType string `json:"scan_type"` - MetaData string `json:"meta_data"` - Tool string `json:"tool"` - ScannerType string `json:"scanner_type"` - Date *time.Time `json:"date"` - Project string `json:"project"` - Score int `json:"score"` - Summary Summary `json:"summary"` - Links struct { + ID string `json:"id"` + Name string `json:"name"` + Branch string `json:"branch"` + ScanType string `json:"scan_type"` + MetaData string `json:"meta_data"` + Tool string `json:"tool"` + ScannerType string `json:"scanner_type"` + Date *time.Time `json:"date"` + Project string `json:"project"` + Score int `json:"score"` + Summary Summary `json:"summary"` + InfraSourceProjectID string `json:"infra_source_project_id"` + Links struct { HTML string `json:"html"` } `json:"links"` } diff --git a/cmd/scan.go b/cmd/scan.go index ff46f4a..fc0fdab 100755 --- a/cmd/scan.go +++ b/cmd/scan.go @@ -1320,7 +1320,12 @@ func checkRelease(scan *client.ScanDetail, cmd *cobra.Command) error { WaitDuration: time.Second * 5, } - rs, err := c.ReleaseStatus(scan.Project, scan.Branch, releaseOpts) + var project = scan.Project + if scan.InfraSourceProjectID != "" { + project = scan.InfraSourceProjectID + } + + rs, err := c.ReleaseStatus(project, scan.Branch, releaseOpts) if err != nil { return fmt.Errorf("failed to get release status: %w", err) } @@ -1366,6 +1371,9 @@ func isScanReleaseFailed(scan *client.ScanDetail, release *client.ReleaseStatus, if release.MAST.Status == statusFail { failedScans["MAST"] = scan.ID } + if release.INFRA.Status == statusFail { + failedScans["INFRA"] = scan.ID + } if breakByScannerType { scannerType := strings.ToUpper(scan.ScannerType)