From 7d2095707fdeef42171e9b17d0326ad089feab47 Mon Sep 17 00:00:00 2001 From: Tim Thacker Date: Thu, 23 Jan 2025 18:17:13 +1100 Subject: [PATCH 1/2] add tests for attack surface monitoring --- examples/nullify.yaml | 5 +++++ pkg/merger/merger_test.go | 24 ++++++++++++++++++++++++ pkg/models/attack_surface.go | 4 ++-- pkg/models/models.go | 8 ++++---- tests/integration_test.go | 6 ++++++ tests/nullify.yaml | 5 +++++ 6 files changed, 46 insertions(+), 6 deletions(-) diff --git a/examples/nullify.yaml b/examples/nullify.yaml index 8711c59..aa7039b 100644 --- a/examples/nullify.yaml +++ b/examples/nullify.yaml @@ -110,3 +110,8 @@ integrations: assignee: id: 123456:abcd1234-abcd-1234-abcd-abcde12345666 name: John Smith +attack_surface: + enable: true + enable_dns_traversal: false + domain_names: [172.36.255.7,example.com] + ignore_domain_names: [] diff --git a/pkg/merger/merger_test.go b/pkg/merger/merger_test.go index 3c5c54e..f8da2bb 100644 --- a/pkg/merger/merger_test.go +++ b/pkg/merger/merger_test.go @@ -692,6 +692,30 @@ func TestMergeJira(t *testing.T) { }, }, }, + { + name: "only global config for attack surface monitoring", + globalConfig: &models.Configuration{ + AttackSurface: models.AttackSurface{ + Enable: true, + EnableDNSTraversal: true, + DomainNames: []string{"example.com"}, + IgnoreDomainNames: []string{"example2.com"}, + }, + }, + repoConfig: nil, + expected: &models.Configuration{ + EnablePullRequestReviews: models.Bool(true), + EnableIssueDashboards: models.Bool(true), + SeverityThreshold: parser.DefaultSeverityThreshold, + PriorityThreshold: parser.DefaultPriorityThreshold, + AttackSurface: models.AttackSurface{ + Enable: true, + EnableDNSTraversal: true, + DomainNames: []string{"example.com"}, + IgnoreDomainNames: []string{"example2.com"}, + }, + }, + }, } { t.Run(scenario.name, func(t *testing.T) { config := MergeConfigFiles(parser.NewDefaultConfig(), scenario.globalConfig, scenario.repoConfig) diff --git a/pkg/models/attack_surface.go b/pkg/models/attack_surface.go index 74d00b6..4e3989a 100644 --- a/pkg/models/attack_surface.go +++ b/pkg/models/attack_surface.go @@ -2,8 +2,8 @@ package models type AttackSurface struct { // global only - Enable bool `yaml:"enable,omitempty"` - EnableDNSTraversal bool `yaml:"enable_dns_traversal,omitempty"` + Enable bool `yaml:"enable"` + EnableDNSTraversal bool `yaml:"enable_dns_traversal"` DomainNames []string `yaml:"domain_names,omitempty"` IgnoreDomainNames []string `yaml:"ignore_domain_names,omitempty"` } diff --git a/pkg/models/models.go b/pkg/models/models.go index c9117ba..a59fcc5 100644 --- a/pkg/models/models.go +++ b/pkg/models/models.go @@ -18,10 +18,10 @@ type Configuration struct { Integrations Integrations `yaml:"integrations,omitempty"` // features - Code Code `yaml:"code,omitempty"` - Dependencies Dependencies `yaml:"dependencies,omitempty"` - Secrets Secrets `yaml:"secrets,omitempty"` - AttackSurface AttackSurface `yaml:"attack_surface,omitempty"` + Code Code `yaml:"code"` + Dependencies Dependencies `yaml:"dependencies"` + Secrets Secrets `yaml:"secrets"` + AttackSurface AttackSurface `yaml:"attack_surface"` // TODO deprecate SecretsWhitelist []string `yaml:"secrets_whitelist,omitempty"` diff --git a/tests/integration_test.go b/tests/integration_test.go index e5b1ab1..9853249 100644 --- a/tests/integration_test.go +++ b/tests/integration_test.go @@ -153,6 +153,12 @@ func TestIntegration(t *testing.T) { OnFixTransition: "Done", }, }, + AttackSurface: models.AttackSurface{ + Enable: true, + EnableDNSTraversal: true, + DomainNames: []string{"172.36.255.7", "example.com"}, + IgnoreDomainNames: []string{"jira.example.com"}, + }, } config, err := parser.LoadFromFile("nullify.yaml") diff --git a/tests/nullify.yaml b/tests/nullify.yaml index 7113334..9cf401d 100644 --- a/tests/nullify.yaml +++ b/tests/nullify.yaml @@ -94,3 +94,8 @@ integrations: severity_threshold: HIGH priority_threshold: IMPORTANT on_fix_transition: Done +attack_surface: + enable: true + enable_dns_traversal: true + domain_names: [172.36.255.7,example.com] + ignore_domain_names: [jira.example.com] From 69b1e8229d6ff0059893f56e27683c6c8b62bb5d Mon Sep 17 00:00:00 2001 From: Tim Thacker Date: Thu, 23 Jan 2025 22:31:36 +1100 Subject: [PATCH 2/2] fix tests --- pkg/merger/merger.go | 4 ++++ pkg/merger/merger_test.go | 48 +++++++++++++++++++-------------------- pkg/models/models.go | 8 +++---- tests/integration_test.go | 2 +- 4 files changed, 33 insertions(+), 29 deletions(-) diff --git a/pkg/merger/merger.go b/pkg/merger/merger.go index e6bdd35..5a1f55b 100644 --- a/pkg/merger/merger.go +++ b/pkg/merger/merger.go @@ -125,6 +125,10 @@ func MergeConfigFiles( } } + if extraConfig.AttackSurface != nil { + config.AttackSurface = extraConfig.AttackSurface + } + if len(extraConfig.Notifications) > 0 && config.Notifications == nil { config.Notifications = extraConfig.Notifications } diff --git a/pkg/merger/merger_test.go b/pkg/merger/merger_test.go index f8da2bb..0517775 100644 --- a/pkg/merger/merger_test.go +++ b/pkg/merger/merger_test.go @@ -334,6 +334,30 @@ func TestMergeConfigFiles(t *testing.T) { PriorityThreshold: models.PriorityImportant, }, }, + { + name: "only global config for attack surface monitoring", + globalConfig: &models.Configuration{ + AttackSurface: &models.AttackSurface{ + Enable: true, + EnableDNSTraversal: true, + DomainNames: []string{"example.com"}, + IgnoreDomainNames: []string{"example2.com"}, + }, + }, + repoConfig: nil, + expected: &models.Configuration{ + EnablePullRequestReviews: models.Bool(true), + EnableIssueDashboards: models.Bool(true), + SeverityThreshold: parser.DefaultSeverityThreshold, + PriorityThreshold: parser.DefaultPriorityThreshold, + AttackSurface: &models.AttackSurface{ + Enable: true, + EnableDNSTraversal: true, + DomainNames: []string{"example.com"}, + IgnoreDomainNames: []string{"example2.com"}, + }, + }, + }, } { t.Run(scenario.name, func(t *testing.T) { config := MergeConfigFiles(parser.NewDefaultConfig(), scenario.globalConfig, scenario.repoConfig) @@ -692,30 +716,6 @@ func TestMergeJira(t *testing.T) { }, }, }, - { - name: "only global config for attack surface monitoring", - globalConfig: &models.Configuration{ - AttackSurface: models.AttackSurface{ - Enable: true, - EnableDNSTraversal: true, - DomainNames: []string{"example.com"}, - IgnoreDomainNames: []string{"example2.com"}, - }, - }, - repoConfig: nil, - expected: &models.Configuration{ - EnablePullRequestReviews: models.Bool(true), - EnableIssueDashboards: models.Bool(true), - SeverityThreshold: parser.DefaultSeverityThreshold, - PriorityThreshold: parser.DefaultPriorityThreshold, - AttackSurface: models.AttackSurface{ - Enable: true, - EnableDNSTraversal: true, - DomainNames: []string{"example.com"}, - IgnoreDomainNames: []string{"example2.com"}, - }, - }, - }, } { t.Run(scenario.name, func(t *testing.T) { config := MergeConfigFiles(parser.NewDefaultConfig(), scenario.globalConfig, scenario.repoConfig) diff --git a/pkg/models/models.go b/pkg/models/models.go index a59fcc5..1535768 100644 --- a/pkg/models/models.go +++ b/pkg/models/models.go @@ -18,10 +18,10 @@ type Configuration struct { Integrations Integrations `yaml:"integrations,omitempty"` // features - Code Code `yaml:"code"` - Dependencies Dependencies `yaml:"dependencies"` - Secrets Secrets `yaml:"secrets"` - AttackSurface AttackSurface `yaml:"attack_surface"` + Code Code `yaml:"code"` + Dependencies Dependencies `yaml:"dependencies"` + Secrets Secrets `yaml:"secrets"` + AttackSurface *AttackSurface `yaml:"attack_surface,omitempty"` // TODO deprecate SecretsWhitelist []string `yaml:"secrets_whitelist,omitempty"` diff --git a/tests/integration_test.go b/tests/integration_test.go index 9853249..22f69e1 100644 --- a/tests/integration_test.go +++ b/tests/integration_test.go @@ -153,7 +153,7 @@ func TestIntegration(t *testing.T) { OnFixTransition: "Done", }, }, - AttackSurface: models.AttackSurface{ + AttackSurface: &models.AttackSurface{ Enable: true, EnableDNSTraversal: true, DomainNames: []string{"172.36.255.7", "example.com"},