deprecate asm from config (#176)

Author: vik-nullify

examples/nullify.yaml

@@ -110,31 +110,4 @@ integrations:
     assignee:
       id: 123456:abcd1234-abcd-1234-abcd-abcde12345666
       name: John Smith
-  aws:
-    enable: true
-    primary_account_id: 123456789012
-    primary_region: ap-southeast-2
-    target_regions: [ap-southeast-2, us-east-2]
-    target_accounts: [123456789012, 123456789013]
-attack_surface:
-  enable: true
-  enable_dns_enumeration: true
-  hosts: [example.com, prod.hosting.com, 10.11.12.13, 10.0.0.*]
-  include_only:
-    - hosts: [live.prod.hosting.com]
-      transport_protocols: [tcp]
-      ports: [80, 443]
-      http:
-        methods: [GET, POST]
-        paths: [/main, /api/**/create]
-  ignore:
-    - http:
-        methods: [DELETE]
-    - hosts: [jira.example.com, "*.testing.example.com"]
-    - hosts: [100.110.120.130]
-      transport_protocols: [tcp]
-      ports: [22, 8080, 9990-9999]
-    - hosts: ["dev.*", "staging.*"]
-      http:
-        paths: [/auth]
-        methods: [POST]
+

pkg/merger/merger.go

@@ -125,10 +125,6 @@ func MergeConfigFiles(
 			}
 		}
 
-		if extraConfig.AttackSurface != nil {
-			config.AttackSurface = extraConfig.AttackSurface
-		}
-
 		if len(extraConfig.Notifications) > 0 && config.Notifications == nil {
 			config.Notifications = map[string]models.Notification{}
 		}

pkg/merger/merger_test.go

@@ -300,23 +300,6 @@ func TestMergeConfigFiles(t *testing.T) {
 				PriorityThreshold:        parser.DefaultPriorityThreshold,
 			},
 		},
-		{
-			name: "global and repo config without severity threshold",
-			globalConfig: &models.Configuration{
-				SeverityThreshold: "",
-				PriorityThreshold: "",
-			},
-			repoConfig: &models.Configuration{
-				SeverityThreshold: "",
-				PriorityThreshold: "",
-			},
-			expected: &models.Configuration{
-				EnablePullRequestReviews: models.Bool(true),
-				EnableIssueDashboards:    models.Bool(true),
-				SeverityThreshold:        parser.DefaultSeverityThreshold,
-				PriorityThreshold:        parser.DefaultPriorityThreshold,
-			},
-		},
 		{
 			name: "global and repo config without severity threshold",
 			globalConfig: &models.Configuration{
@@ -334,94 +317,6 @@ func TestMergeConfigFiles(t *testing.T) {
 				PriorityThreshold:        models.PriorityImportant,
 			},
 		},
-		{
-			name: "only global config for attack surface monitoring",
-			globalConfig: &models.Configuration{
-				AttackSurface: &models.AttackSurface{
-					Enable:               true,
-					EnableDNSEnumeration: true,
-					Hosts:                []string{"example.com", "prod.hosting.com", "10.11.12.13", "10.0.0.*"},
-					IncludeOnly: []models.AttackSurfaceScopingRule{
-						{
-							Hosts:              []string{"live.prod.hosting.com"},
-							TransportProtocols: []string{"tcp"},
-							Ports:              []string{"80", "443"},
-							HTTP: &models.HTTPAttackSurfaceScopingRuleHTTP{
-								Methods: []string{"GET", "POST"},
-								Paths:   []string{"/main", "/api/**/create"},
-							},
-						},
-					},
-					Ignore: []models.AttackSurfaceScopingRule{
-						{
-							HTTP: &models.HTTPAttackSurfaceScopingRuleHTTP{
-								Methods: []string{"DELETE"},
-							},
-						},
-						{
-							Hosts: []string{"jira.example.com", "*.testing.example.com"},
-						},
-						{
-							Hosts:              []string{"100.110.120.130"},
-							TransportProtocols: []string{"tcp"},
-							Ports:              []string{"22", "8080", "9990-9999"},
-						},
-						{
-							Hosts: []string{"dev.*", "staging.*"},
-							HTTP: &models.HTTPAttackSurfaceScopingRuleHTTP{
-								Paths:   []string{"/auth"},
-								Methods: []string{"POST"},
-							},
-						},
-					},
-				},
-			},
-			repoConfig: nil,
-			expected: &models.Configuration{
-				EnablePullRequestReviews: models.Bool(true),
-				EnableIssueDashboards:    models.Bool(true),
-				SeverityThreshold:        parser.DefaultSeverityThreshold,
-				PriorityThreshold:        parser.DefaultPriorityThreshold,
-				AttackSurface: &models.AttackSurface{
-					Enable:               true,
-					EnableDNSEnumeration: true,
-					Hosts:                []string{"example.com", "prod.hosting.com", "10.11.12.13", "10.0.0.*"},
-					IncludeOnly: []models.AttackSurfaceScopingRule{
-						{
-							Hosts:              []string{"live.prod.hosting.com"},
-							TransportProtocols: []string{"tcp"},
-							Ports:              []string{"80", "443"},
-							HTTP: &models.HTTPAttackSurfaceScopingRuleHTTP{
-								Methods: []string{"GET", "POST"},
-								Paths:   []string{"/main", "/api/**/create"},
-							},
-						},
-					},
-					Ignore: []models.AttackSurfaceScopingRule{
-						{
-							HTTP: &models.HTTPAttackSurfaceScopingRuleHTTP{
-								Methods: []string{"DELETE"},
-							},
-						},
-						{
-							Hosts: []string{"jira.example.com", "*.testing.example.com"},
-						},
-						{
-							Hosts:              []string{"100.110.120.130"},
-							TransportProtocols: []string{"tcp"},
-							Ports:              []string{"22", "8080", "9990-9999"},
-						},
-						{
-							Hosts: []string{"dev.*", "staging.*"},
-							HTTP: &models.HTTPAttackSurfaceScopingRuleHTTP{
-								Paths:   []string{"/auth"},
-								Methods: []string{"POST"},
-							},
-						},
-					},
-				},
-			},
-		},
 	} {
 		t.Run(scenario.name, func(t *testing.T) {
 			config := MergeConfigFiles(parser.NewDefaultConfig(), scenario.globalConfig, scenario.repoConfig)

pkg/models/attack_surface.go

@@ -18,10 +18,9 @@ type Configuration struct {
 	Integrations           Integrations                     `yaml:"integrations,omitempty"`
 
 	// features
-	Code          Code           `yaml:"code"`
-	Dependencies  Dependencies   `yaml:"dependencies"`
-	Secrets       Secrets        `yaml:"secrets"`
-	AttackSurface *AttackSurface `yaml:"attack_surface,omitempty"`
+	Code         Code         `yaml:"code"`
+	Dependencies Dependencies `yaml:"dependencies"`
+	Secrets      Secrets      `yaml:"secrets"`
 
 	// TODO deprecate
 	SecretsWhitelist []string `yaml:"secrets_whitelist,omitempty"`

pkg/models/models.go

@@ -154,44 +154,6 @@ func TestIntegration(t *testing.T) {
 				OnFixTransition:   "Done",
 			},
 		},
-		AttackSurface: &models.AttackSurface{
-			Enable:               true,
-			EnableDNSEnumeration: true,
-			Hosts:                []string{"example.com", "prod.hosting.com", "10.11.12.13", "10.0.0.*"},
-			IncludeOnly: []models.AttackSurfaceScopingRule{
-				{
-					Hosts:              []string{"live.prod.hosting.com"},
-					TransportProtocols: []string{"tcp"},
-					Ports:              []string{"80", "443"},
-					HTTP: &models.HTTPAttackSurfaceScopingRuleHTTP{
-						Methods: []string{"GET", "POST"},
-						Paths:   []string{"/main", "/api/**/create"},
-					},
-				},
-			},
-			Ignore: []models.AttackSurfaceScopingRule{
-				{
-					HTTP: &models.HTTPAttackSurfaceScopingRuleHTTP{
-						Methods: []string{"DELETE"},
-					},
-				},
-				{
-					Hosts: []string{"jira.example.com", "*.testing.example.com"},
-				},
-				{
-					Hosts:              []string{"100.110.120.130"},
-					TransportProtocols: []string{"tcp"},
-					Ports:              []string{"22", "8080", "9990-9999"},
-				},
-				{
-					Hosts: []string{"dev.*", "staging.*"},
-					HTTP: &models.HTTPAttackSurfaceScopingRuleHTTP{
-						Paths:   []string{"/auth"},
-						Methods: []string{"POST"},
-					},
-				},
-			},
-		},
 	}
 
 	config, err := parser.LoadFromFile("nullify.yaml")

tests/integration_test.go

@@ -102,26 +102,4 @@ integrations:
     primary_region: ap-southeast-2
     target_regions: [ap-southeast-2, us-east-2]
     target_accounts: [123456789012, 123456789013]
-attack_surface:
-  enable: true
-  enable_dns_enumeration: true
-  hosts: [example.com, prod.hosting.com, 10.11.12.13, 10.0.0.*]
-  include_only:
-    - hosts: [live.prod.hosting.com]
-      transport_protocols: [tcp]
-      ports: [80, 443]
-      http:
-        methods: [GET, POST]
-        paths: [/main, /api/**/create]
-  ignore:
-    - http:
-        methods: [DELETE]
-    - hosts: [jira.example.com, "*.testing.example.com"]
-    - hosts: [100.110.120.130]
-      transport_protocols: [tcp]
-      ports: [22, 8080, 9990-9999]
-    - hosts: ["dev.*", "staging.*"]
-      http:
-        paths: [/auth]
-        methods: [POST]