From edef4dd22c24e6009faeaeb42c510b4efea4a90b Mon Sep 17 00:00:00 2001 From: YiscahLevySilas1 Date: Wed, 13 Mar 2024 10:24:58 +0200 Subject: [PATCH 1/2] add func IsFixedByNetworkPolicy Signed-off-by: YiscahLevySilas1 --- reporthandling/datastructuresmethods.go | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/reporthandling/datastructuresmethods.go b/reporthandling/datastructuresmethods.go index e30ca535..b3020725 100644 --- a/reporthandling/datastructuresmethods.go +++ b/reporthandling/datastructuresmethods.go @@ -12,7 +12,10 @@ import ( "golang.org/x/exp/slices" ) -const ActionRequiredAttribute string = "actionRequired" +const ( + ActionRequiredAttribute string = "actionRequired" + ControlAttributeKeyIsFixedByNetworkPolicy string = "isFixedByNetworkPolicy" +) // ============================================================================================== // ========================== PostureReport ===================================================== @@ -443,6 +446,19 @@ func (control *Control) GetControlTypeTags() []string { return []string{} } +// returns true if control has attribute "isFixedByNetworkPolicy" and its value is true +func (control *Control) IsFixedByNetworkPolicy() bool { + if control.Attributes == nil { + return false + } + if v, exist := control.Attributes[ControlAttributeKeyIsFixedByNetworkPolicy]; exist { + if isFixedByNetworkPolicy, ok := v.(bool); ok { + return isFixedByNetworkPolicy + } + } + return false +} + func (control *Control) SupportSmartRemediation() bool { typeTags := control.GetControlTypeTags() return slices.Contains(typeTags, v1alpha1.ControlTypeTagSmartRemediation) From 3633bc37a3fdda45cd9cc2dd590a66500dc71df4 Mon Sep 17 00:00:00 2001 From: YiscahLevySilas1 Date: Wed, 13 Mar 2024 10:51:38 +0200 Subject: [PATCH 2/2] add unitest Signed-off-by: YiscahLevySilas1 --- reporthandling/datastructuresmethods_test.go | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/reporthandling/datastructuresmethods_test.go b/reporthandling/datastructuresmethods_test.go index 8c3f58ba..eb8cc476 100644 --- a/reporthandling/datastructuresmethods_test.go +++ b/reporthandling/datastructuresmethods_test.go @@ -192,3 +192,22 @@ func TestControl_GetControlTypeTags(t *testing.T) { assert.NoError(t, err, err) assert.Equal(t, []string{}, missingAttributeControl.GetControlTypeTags()) } + +func TestControl_IsFixedByNetworkPolicy(t *testing.T) { + validControlJsonNoAttributes := `{"name":"TEST","description":"","remediation":"","rulesNames":["CVE-2022-0185"],"id":"C-0079","long_description":"","test":"","controlID":"C-0079","baseScore":4,"example":""}` + var validControl Control + err := json.Unmarshal([]byte(validControlJsonNoAttributes), &validControl) + assert.NoError(t, err, err) + assert.False(t, validControl.IsFixedByNetworkPolicy()) + + validControlJson := `{"name":"TEST","attributes":{"controlTypeTags":["security","compliance"],"isFixedByNetworkPolicy":true, "attackTracks":[{"attackTrack": "network","categories": ["Eavesdropping","Spoofing"]}]},"description":"","remediation":"","rulesNames":["CVE-2022-0185"],"id":"C-0079","long_description":"","test":"","controlID":"C-0079","baseScore":4,"example":""}` + err = json.Unmarshal([]byte(validControlJson), &validControl) + assert.NoError(t, err, err) + assert.True(t, validControl.IsFixedByNetworkPolicy()) + + missingAttributeControlJson := `{"name":"TEST","attributes":{"controlTypeTags":["security","compliance"]},"description":"","remediation":"","rulesNames":["CVE-2022-0185"],"id":"C-0079","long_description":"","test":"","controlID":"C-0079","baseScore":4,"example":""}` + var missingAttributeControl Control + err = json.Unmarshal([]byte(missingAttributeControlJson), &missingAttributeControl) + assert.NoError(t, err, err) + assert.False(t, missingAttributeControl.IsFixedByNetworkPolicy()) +}