secureCodeBox
diff --git a/‎.github/workflows/ci.yaml‎
Lines changed: 71 additions & 70 deletions b/‎.github/workflows/ci.yaml‎
Lines changed: 71 additions & 70 deletions
diff --git a/‎Makefile‎
Lines changed: 37 additions & 0 deletions b/‎Makefile‎
Lines changed: 37 additions & 0 deletions
diff --git a/‎bin/install-npm-test-dependnecies.sh‎
Lines changed: 0 additions & 47 deletions b/‎bin/install-npm-test-dependnecies.sh‎
Lines changed: 0 additions & 47 deletions
diff --git a/‎hooks/declarative-subsequent-scans/hook.ts‎
Lines changed: 30 additions & 26 deletions b/‎hooks/declarative-subsequent-scans/hook.ts‎
Lines changed: 30 additions & 26 deletions
diff --git a/‎hooks/declarative-subsequent-scans/kubernetes-label-selector.test.js‎
Lines changed: 12 additions & 12 deletions b/‎hooks/declarative-subsequent-scans/kubernetes-label-selector.test.js‎
Lines changed: 12 additions & 12 deletions
diff --git a/‎hooks/declarative-subsequent-scans/kubernetes-label-selector.ts‎
Lines changed: 26 additions & 25 deletions b/‎hooks/declarative-subsequent-scans/kubernetes-label-selector.ts‎
Lines changed: 26 additions & 25 deletions
diff --git a/‎hooks/declarative-subsequent-scans/scan-helpers.ts‎
Lines changed: 2 additions & 2 deletions b/‎hooks/declarative-subsequent-scans/scan-helpers.ts‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎hooks/persistence-elastic/package-lock.json‎
Lines changed: 8 additions & 7 deletions b/‎hooks/persistence-elastic/package-lock.json‎
Lines changed: 8 additions & 7 deletions
diff --git a/‎hooks/persistence-elastic/package.json‎
Lines changed: 1 addition & 1 deletion b/‎hooks/persistence-elastic/package.json‎
Lines changed: 1 addition & 1 deletion
@@ -0,0 +1,37 @@
+# SPDX-FileCopyrightText: 2020 iteratec GmbH
+#
+# SPDX-License-Identifier: Apache-2.0
+
+all: help
+
+.PHONY:
+npm-ci-all: ## Runs npm ci in all node module subfolders.
+# This find construct is basedon https://stackoverflow.com/questions/4210042/how-to-exclude-a-directory-in-find-command/4210072#4210072
+	find . \( \
+		-name '.git' -o \
+		-name '.github' -o \
+		-name '.idea' -o \
+		-name '.reuse' -o \
+		-name '.vagrant' -o \
+		-name '.vscode' -o \
+		-name 'bin' -o \
+		-name 'docs' -o \
+		-name 'LICENSES' -o \
+		-name 'coverage' -o \
+		-name 'dist' -o \
+		-name 'node_modules' -o \
+		-name target \) \
+		-prune \
+		-false \
+		-o -type d \
+		-exec test -e '{}'/package.json \; \
+		-execdir npm ci \;
+
+.PHONY:
+npm-test-all: ## Runs all Jest basedtest suites.
+	npm test
+
+.PHONY:
+help: ## Display this help screen.
+	@grep -h -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | \
+		awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
@@ -57,46 +57,50 @@ export function getCascadingScans(
   findings: Array<Finding>,
   cascadingRules: Array<CascadingRule>
 ): Array<ExtendedScanSpec> {
-  const cascadingScans: Array<ExtendedScanSpec> = [];
+  let cascadingScans: Array<ExtendedScanSpec> = [];
+  const cascadingRuleChain = getScanChain(parentScan);
 
-  const cascadingRuleChain = new Set<string>();
+  for (const cascadingRule of cascadingRules) {
+    // Check if the Same CascadingRule was already applied in the Cascading Chain
+    // If it has already been used skip this rule as it could potentially lead to loops
+    if (cascadingRuleChain.includes(cascadingRule.metadata.name)) {
+      console.log(
+        `Skipping Rule "${cascadingRule.metadata.name}" as it was already applied in this chain.`
+      );
+      continue;
+    }
+
+    cascadingScans = cascadingScans.concat(getScansMatchingRule(parentScan, findings, cascadingRule))
+  }
 
+  return cascadingScans;
+}
+
+function getScanChain(parentScan: Scan) {
   // Get the current Scan Chain (meaning which CascadingRules were used to start this scan and its parents) and convert it to a set, which makes it easier to query.
   if (
     parentScan.metadata.annotations &&
     parentScan.metadata.annotations["cascading.securecodebox.io/chain"]
   ) {
-    const chainElements = parentScan.metadata.annotations[
+    return parentScan.metadata.annotations[
       "cascading.securecodebox.io/chain"
     ].split(",");
-
-    for (const element of chainElements) {
-      cascadingRuleChain.add(element);
-    }
   }
+  return []
+}
 
-  for (const cascadingRule of cascadingRules) {
-    // Check if the Same CascadingRule was already applied in the Cascading Chain
-    // If it has already been used skip this rule as it could potentially lead to loops
-    if (cascadingRuleChain.has(cascadingRule.metadata.name)) {
-      console.log(
-        `Skipping Rule "${cascadingRule.metadata.name}" as it was already applied in this chain.`
-      );
-      continue;
-    }
-
-    for (const finding of findings) {
-      // Check if one (ore more) of the CascadingRule matchers apply to the finding
-      const matches = cascadingRule.spec.matches.anyOf.some(matchesRule =>
-        isMatch(finding, matchesRule) || isMatchWith(finding, matchesRule, wildcardMatcher)
-      );
+function getScansMatchingRule(parentScan: Scan, findings: Array<Finding>, cascadingRule: CascadingRule) {
+  const cascadingScans: Array<ExtendedScanSpec> = [];
+  for (const finding of findings) {
+    // Check if one (ore more) of the CascadingRule matchers apply to the finding
+    const matches = cascadingRule.spec.matches.anyOf.some(matchesRule =>
+      isMatch(finding, matchesRule) || isMatchWith(finding, matchesRule, wildcardMatcher)
+    );
 
-      if (matches) {
-        cascadingScans.push(getCascadingScan(parentScan, finding, cascadingRule))
-      }
+    if (matches) {
+      cascadingScans.push(getCascadingScan(parentScan, finding, cascadingRule))
     }
   }
-
   return cascadingScans;
 }
 
 
@@ -2,29 +2,29 @@
 //
 // SPDX-License-Identifier: Apache-2.0
 
-const { generateLabelSelectorString } = require("./kubernetes-label-selector");
+const { generateSelectorString } = require("./kubernetes-label-selector");
 
 test("should generate a empty string if passed an empty object", () => {
-  expect(generateLabelSelectorString({})).toBe("");
+  expect(generateSelectorString({})).toBe("");
 });
 
 test("should generate basic label string for key values selector", () => {
   expect(
-    generateLabelSelectorString({
+    generateSelectorString({
       matchLabels: { environment: "production" }
     })
   ).toBe("environment=production");
 
   expect(
-    generateLabelSelectorString({
+    generateSelectorString({
       matchLabels: { environment: "testing" }
     })
   ).toBe("environment=testing");
 });
 
 test("should generate basic label string for multiple key values selector", () => {
   expect(
-    generateLabelSelectorString({
+    generateSelectorString({
       matchLabels: {
         environment: "production",
         team: "search"
@@ -33,7 +33,7 @@ test("should generate basic label string for multiple key values selector", () =
   ).toBe("environment=production,team=search");
 
   expect(
-    generateLabelSelectorString({
+    generateSelectorString({
       matchLabels: {
         environment: "testing",
         team: "payment"
@@ -44,7 +44,7 @@ test("should generate basic label string for multiple key values selector", () =
 
 test("should generate label string for set based expressions", () => {
   expect(
-    generateLabelSelectorString({
+    generateSelectorString({
       matchExpressions: [
         {
           key: "environment",
@@ -56,7 +56,7 @@ test("should generate label string for set based expressions", () => {
   ).toBe("environment in (testing,development)");
 
   expect(
-    generateLabelSelectorString({
+    generateSelectorString({
       matchExpressions: [
         {
           key: "environment",
@@ -70,7 +70,7 @@ test("should generate label string for set based expressions", () => {
 
 test("should generate label string for set based expressions with multiple entries", () => {
   expect(
-    generateLabelSelectorString({
+    generateSelectorString({
       matchExpressions: [
         {
           key: "environment",
@@ -89,7 +89,7 @@ test("should generate label string for set based expressions with multiple entri
 
 test("should generate label string for set based Exists and DoesNotExist operators", () => {
   expect(
-    generateLabelSelectorString({
+    generateSelectorString({
       matchExpressions: [
         {
           key: "environment",
@@ -106,7 +106,7 @@ test("should generate label string for set based Exists and DoesNotExist operato
 
 test("should generate selectors with both expression and labelMatching", () => {
   expect(
-    generateLabelSelectorString({
+    generateSelectorString({
       matchExpressions: [
         {
           key: "environment",
@@ -138,7 +138,7 @@ test("should generate selectors with both expression and labelMatching", () => {
 
 test("should throw a exception when passed a unknown operator", () => {
   expect(() =>
-    generateLabelSelectorString({
+    generateSelectorString({
       matchExpressions: [
         {
           key: "environment",
 
@@ -23,40 +23,41 @@ export interface LabelSelector {
   matchLabels: Map<string, string>;
 }
 
-// generateLabelSelectorString transforms a kubernetes labelSelector object in to the string representation
-export function generateLabelSelectorString({
+// generateSelectorString transforms a kubernetes labelSelector object in to the string representation
+export function generateSelectorString({
   matchExpressions = [],
   matchLabels = new Map()
 }: LabelSelector): string {
-  const matchLabelsSelector = Array.from(Object.entries(matchLabels)).map(
-    ([key, values]) => `${key}=${values}`
-  );
-
-  const matchExpressionsSelector = matchExpressions.map(
-    ({ key, values, operator }) => {
-      if (
-        operator === LabelSelectorRequirementOperator.In ||
-        operator === LabelSelectorRequirementOperator.NotIn
-      ) {
-        return `${key} ${operator.toLowerCase()} (${values.join(",")})`;
-      }
-
-      if (operator === LabelSelectorRequirementOperator.Exists) {
-        return key;
-      }
-      if (operator === LabelSelectorRequirementOperator.DoesNotExist) {
-        return `!${key}`;
-      }
+  const matchLabelsSelector = Array.from(Object.entries(matchLabels)).map(generateLabelsSelectorString);
 
+  const matchExpressionsSelector = matchExpressions.map(generateExpressionsSelectorString);
+
+  return [...matchLabelsSelector, ...matchExpressionsSelector].join(",");
+}
+
+function generateLabelsSelectorString([key, values]) {
+  return `${key}=${values}`
+}
+
+function generateExpressionsSelectorString({key, values, operator}: LabelSelectorRequirement) {
+  switch (operator) {
+    case LabelSelectorRequirementOperator.In:
+    case LabelSelectorRequirementOperator.NotIn:
+      return `${key} ${operator.toLowerCase()} (${values.join(",")})`;
+
+    case LabelSelectorRequirementOperator.Exists:
+      return key;
+
+    case LabelSelectorRequirementOperator.DoesNotExist:
+      return `!${key}`;
+
+    default:
       const supportedOperators = Object.values(
         LabelSelectorRequirementOperator
       ).join(", ");
 
       throw new Error(
         `Unknown LabelSelector Operator "${operator}". Supported are (${supportedOperators}). If this is an official label selector operator in kubernetes please open up a issue in the secureCodeBox Repo.`
       );
-    }
-  );
-
-  return [...matchLabelsSelector, ...matchExpressionsSelector].join(",");
+  }
 }
@@ -5,7 +5,7 @@
 import * as k8s from "@kubernetes/client-node";
 
 import {
-  generateLabelSelectorString,
+  generateSelectorString,
   LabelSelector
 } from "./kubernetes-label-selector";
 
@@ -178,7 +178,7 @@ export async function getCascadingRulesForScan(scan: Scan) {
   }
 
   try {
-    const labelSelector = generateLabelSelectorString(scan.spec.cascades);
+    const labelSelector = generateSelectorString(scan.spec.cascades);
 
     console.log(
       `Fetching CascadingScans using LabelSelector: "${labelSelector}"`
 
@@ -41,7 +41,7 @@
     "@elastic/elasticsearch": "^7.12.0",
     "lodash.chunk": "^4.2.0",
     "lodash.flatmap": "^4.5.0",
-    "luxon": "^1.26.0"
+    "luxon": "^1.27.0"
   },
   "devDependencies": {
     "jest": "^27.0.3"