Skip to content

Commit

Permalink
🧹 Handle unimplemented vuln report
Browse files Browse the repository at this point in the history 
Signed-off-by: Christian Zunker <christian@mondoo.com>
  • Loading branch information
@czunker
czunker committed Feb 7, 2024
1 parent acf7a5d commit f9c51d0
Show file tree
Hide file tree
Showing 3 changed files with 75 additions and 3 deletions.
13 changes: 10 additions & 3 deletions policy/scan/local_scanner.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -614,10 +614,17 @@ func (s *LocalScanner) RunAssetJob(job *AssetJob) {

gqlVulnReport, err := mondooClient.GetVulnCompactReport(job.Asset.Mrn)
if err != nil {
log.Error().Err(err).Msg("could not get vulnerability report")
return
// We do not get the actual rpc code here, so we need to check the error message
// We get here a graphgql.errors which ignores grqphql extensions
rpcstatus := rpcStatus(err)
if rpcstatus.Code() == codes.Unimplemented {
log.Info().Msg(rpcstatus.Message())
} else {
log.Error().Err(rpcstatus.Err()).Msg("could not get vulnerability report")
}
} else {
job.Reporter.AddVulnReport(job.Asset, gqlVulnReport)
}
job.Reporter.AddVulnReport(job.Asset, gqlVulnReport)
}

// When the progress bar is disabled there's no feedback when an asset is done scanning. Adding this message
Expand Down
33 changes: 33 additions & 0 deletions policy/scan/rpc_status.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
package scan

import (
"regexp"
"strings"

"go.mondoo.com/ranger-rpc/codes"
"go.mondoo.com/ranger-rpc/status"
)

// rpcStatus tries to parse an error as a status.Status. If it fails, return a generic
// This can help when we get an rpc error mangled through GraphQL
func rpcStatus(err error) status.Status {
rpcCode := codes.Unknown
msg := err.Error()
wrappedRPCError := regexp.MustCompile("^rpc error: code = ([a-zA-Z]+) desc = (.+)$")
snakeCase := regexp.MustCompile("([A-Z])")
m := wrappedRPCError.FindStringSubmatch(err.Error())
if len(m) == 3 {
// convert the error code to snake case
snakeCode := snakeCase.ReplaceAllString(m[1], "_$1")
snakeCode = strings.TrimPrefix(snakeCode, "_")
snakeCode = strings.ToUpper(snakeCode)
stringCode := "\"" + snakeCode + "\""
err = rpcCode.UnmarshalJSON([]byte(stringCode))
if err != nil {
return *status.New(rpcCode, msg)
}
msg = m[2]
}

return *status.New(rpcCode, msg)
}
32 changes: 32 additions & 0 deletions policy/scan/rpc_status_test.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
package scan

import (
"testing"

"github.com/pkg/errors"
"github.com/stretchr/testify/assert"
"go.mondoo.com/ranger-rpc/codes"
)

func TestRPCStatus(t *testing.T) {
t.Run("with unknown error", func(t *testing.T) {
err := errors.New("unknown error")
s := rpcStatus(err)
assert.Equal(t, codes.Unknown, s.Code())
assert.Equal(t, "unknown error", s.Message())
})

t.Run("with wrapped RPC error", func(t *testing.T) {
err := errors.New("rpc error: code = Unimplemented desc = platform vulnerabilities for test are not supported")
s := rpcStatus(err)
assert.Equal(t, codes.Unimplemented, s.Code())
assert.Equal(t, "platform vulnerabilities for test are not supported", s.Message())
})

t.Run("with other wrapped RPC error", func(t *testing.T) {
err := errors.New("rpc error: code = NotFound desc = resource not found")
s := rpcStatus(err)
assert.Equal(t, codes.NotFound, s.Code())
assert.Equal(t, "resource not found", s.Message())
})
}

0 comments on commit f9c51d0

Please sign in to comment.