add tests for attack surface monitoring

Author: tim-thacker-nullify

examples/nullify.yaml

@@ -110,3 +110,8 @@ integrations:
     assignee:
       id: 123456:abcd1234-abcd-1234-abcd-abcde12345666
       name: John Smith
+attack_surface:
+  enable: true
+  enable_dns_traversal: false
+  domain_names: [172.36.255.7,example.com]
+  ignore_domain_names: []

pkg/merger/merger_test.go

@@ -692,6 +692,30 @@ func TestMergeJira(t *testing.T) {
 				},
 			},
 		},
+		{
+			name: "only global config for attack surface monitoring",
+			globalConfig: &models.Configuration{
+				AttackSurface: models.AttackSurface{
+					Enable:             true,
+					EnableDNSTraversal: true,
+					DomainNames:        []string{"example.com"},
+					IgnoreDomainNames:  []string{"example2.com"},
+				},
+			},
+			repoConfig: nil,
+			expected: &models.Configuration{
+				EnablePullRequestReviews: models.Bool(true),
+				EnableIssueDashboards:    models.Bool(true),
+				SeverityThreshold:        parser.DefaultSeverityThreshold,
+				PriorityThreshold:        parser.DefaultPriorityThreshold,
+				AttackSurface: models.AttackSurface{
+					Enable:             true,
+					EnableDNSTraversal: true,
+					DomainNames:        []string{"example.com"},
+					IgnoreDomainNames:  []string{"example2.com"},
+				},
+			},
+		},
 	} {
 		t.Run(scenario.name, func(t *testing.T) {
 			config := MergeConfigFiles(parser.NewDefaultConfig(), scenario.globalConfig, scenario.repoConfig)

pkg/models/attack_surface.go

@@ -2,8 +2,8 @@ package models
 
 type AttackSurface struct {
 	// global only
-	Enable             bool     `yaml:"enable,omitempty"`
-	EnableDNSTraversal bool     `yaml:"enable_dns_traversal,omitempty"`
+	Enable             bool     `yaml:"enable"`
+	EnableDNSTraversal bool     `yaml:"enable_dns_traversal"`
 	DomainNames        []string `yaml:"domain_names,omitempty"`
 	IgnoreDomainNames  []string `yaml:"ignore_domain_names,omitempty"`
 }

pkg/models/models.go

@@ -18,10 +18,10 @@ type Configuration struct {
 	Integrations           Integrations                     `yaml:"integrations,omitempty"`
 
 	// features
-	Code          Code          `yaml:"code,omitempty"`
-	Dependencies  Dependencies  `yaml:"dependencies,omitempty"`
-	Secrets       Secrets       `yaml:"secrets,omitempty"`
-	AttackSurface AttackSurface `yaml:"attack_surface,omitempty"`
+	Code          Code          `yaml:"code"`
+	Dependencies  Dependencies  `yaml:"dependencies"`
+	Secrets       Secrets       `yaml:"secrets"`
+	AttackSurface AttackSurface `yaml:"attack_surface"`
 
 	// TODO deprecate
 	SecretsWhitelist []string `yaml:"secrets_whitelist,omitempty"`

tests/integration_test.go

@@ -153,6 +153,12 @@ func TestIntegration(t *testing.T) {
 				OnFixTransition:   "Done",
 			},
 		},
+		AttackSurface: models.AttackSurface{
+			Enable:             true,
+			EnableDNSTraversal: true,
+			DomainNames:        []string{"172.36.255.7", "example.com"},
+			IgnoreDomainNames:  []string{"jira.example.com"},
+		},
 	}
 
 	config, err := parser.LoadFromFile("nullify.yaml")

tests/nullify.yaml

@@ -94,3 +94,8 @@ integrations:
     severity_threshold: HIGH
     priority_threshold: IMPORTANT
     on_fix_transition: Done
+attack_surface:
+  enable: true
+  enable_dns_traversal: true
+  domain_names: [172.36.255.7,example.com]
+  ignore_domain_names: [jira.example.com]