diff --git a/examples/nullify.yaml b/examples/nullify.yaml index 8711c59..aa7039b 100644 --- a/examples/nullify.yaml +++ b/examples/nullify.yaml @@ -110,3 +110,8 @@ integrations: assignee: id: 123456:abcd1234-abcd-1234-abcd-abcde12345666 name: John Smith +attack_surface: + enable: true + enable_dns_traversal: false + domain_names: [172.36.255.7,example.com] + ignore_domain_names: [] diff --git a/pkg/merger/merger.go b/pkg/merger/merger.go index e6bdd35..5a1f55b 100644 --- a/pkg/merger/merger.go +++ b/pkg/merger/merger.go @@ -125,6 +125,10 @@ func MergeConfigFiles( } } + if extraConfig.AttackSurface != nil { + config.AttackSurface = extraConfig.AttackSurface + } + if len(extraConfig.Notifications) > 0 && config.Notifications == nil { config.Notifications = extraConfig.Notifications } diff --git a/pkg/merger/merger_test.go b/pkg/merger/merger_test.go index 3c5c54e..0517775 100644 --- a/pkg/merger/merger_test.go +++ b/pkg/merger/merger_test.go @@ -334,6 +334,30 @@ func TestMergeConfigFiles(t *testing.T) { PriorityThreshold: models.PriorityImportant, }, }, + { + name: "only global config for attack surface monitoring", + globalConfig: &models.Configuration{ + AttackSurface: &models.AttackSurface{ + Enable: true, + EnableDNSTraversal: true, + DomainNames: []string{"example.com"}, + IgnoreDomainNames: []string{"example2.com"}, + }, + }, + repoConfig: nil, + expected: &models.Configuration{ + EnablePullRequestReviews: models.Bool(true), + EnableIssueDashboards: models.Bool(true), + SeverityThreshold: parser.DefaultSeverityThreshold, + PriorityThreshold: parser.DefaultPriorityThreshold, + AttackSurface: &models.AttackSurface{ + Enable: true, + EnableDNSTraversal: true, + DomainNames: []string{"example.com"}, + IgnoreDomainNames: []string{"example2.com"}, + }, + }, + }, } { t.Run(scenario.name, func(t *testing.T) { config := MergeConfigFiles(parser.NewDefaultConfig(), scenario.globalConfig, scenario.repoConfig) diff --git a/pkg/models/attack_surface.go b/pkg/models/attack_surface.go index 74d00b6..4e3989a 100644 --- a/pkg/models/attack_surface.go +++ b/pkg/models/attack_surface.go @@ -2,8 +2,8 @@ package models type AttackSurface struct { // global only - Enable bool `yaml:"enable,omitempty"` - EnableDNSTraversal bool `yaml:"enable_dns_traversal,omitempty"` + Enable bool `yaml:"enable"` + EnableDNSTraversal bool `yaml:"enable_dns_traversal"` DomainNames []string `yaml:"domain_names,omitempty"` IgnoreDomainNames []string `yaml:"ignore_domain_names,omitempty"` } diff --git a/pkg/models/models.go b/pkg/models/models.go index c9117ba..1535768 100644 --- a/pkg/models/models.go +++ b/pkg/models/models.go @@ -18,10 +18,10 @@ type Configuration struct { Integrations Integrations `yaml:"integrations,omitempty"` // features - Code Code `yaml:"code,omitempty"` - Dependencies Dependencies `yaml:"dependencies,omitempty"` - Secrets Secrets `yaml:"secrets,omitempty"` - AttackSurface AttackSurface `yaml:"attack_surface,omitempty"` + Code Code `yaml:"code"` + Dependencies Dependencies `yaml:"dependencies"` + Secrets Secrets `yaml:"secrets"` + AttackSurface *AttackSurface `yaml:"attack_surface,omitempty"` // TODO deprecate SecretsWhitelist []string `yaml:"secrets_whitelist,omitempty"` diff --git a/tests/integration_test.go b/tests/integration_test.go index e5b1ab1..22f69e1 100644 --- a/tests/integration_test.go +++ b/tests/integration_test.go @@ -153,6 +153,12 @@ func TestIntegration(t *testing.T) { OnFixTransition: "Done", }, }, + AttackSurface: &models.AttackSurface{ + Enable: true, + EnableDNSTraversal: true, + DomainNames: []string{"172.36.255.7", "example.com"}, + IgnoreDomainNames: []string{"jira.example.com"}, + }, } config, err := parser.LoadFromFile("nullify.yaml") diff --git a/tests/nullify.yaml b/tests/nullify.yaml index 7113334..9cf401d 100644 --- a/tests/nullify.yaml +++ b/tests/nullify.yaml @@ -94,3 +94,8 @@ integrations: severity_threshold: HIGH priority_threshold: IMPORTANT on_fix_transition: Done +attack_surface: + enable: true + enable_dns_traversal: true + domain_names: [172.36.255.7,example.com] + ignore_domain_names: [jira.example.com]