Skip to content

Add cascade CLI Command To Visualize Cascaded Scans Hierarchy #2608

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
J12934 merged 15 commits into from
Aug 18, 2024
Merged

Add cascade CLI Command To Visualize Cascaded Scans Hierarchy #2608

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
ff13d40
feat: setup cascading command
Freedisch Jul 26, 2024
54592c8
feat: add `cascade` command to display scan tree
Freedisch Aug 1, 2024
c734372
fix register cascadingRule in schema
Freedisch Aug 2, 2024
0806db6
bug: fix scans rendering issue
Freedisch Aug 6, 2024
ab1c1ba
bug: fix tree to render cascading rules based on findings
Freedisch Aug 9, 2024
530370d
feat: add test cases
Freedisch Aug 9, 2024
9758fc4
bug: fix cascade command to target scans annotations
Freedisch Aug 15, 2024
a69ac4f
update test cases
Freedisch Aug 15, 2024
f333184
bug: fix failing test cases and update format
Freedisch Aug 15, 2024
17ea8b1
fix failing license CI
Freedisch Aug 15, 2024
d6569a6
Merge branch 'main' into cascading_rule
Freedisch Aug 15, 2024
ed2471f
Update scbctl/cmd/cascading.go
Freedisch Aug 16, 2024
5db8dd4
Update scbctl/cmd/cascading_test.go
Freedisch Aug 16, 2024
cd9639d
update test cases expected response
Freedisch Aug 16, 2024
284dbe3
remove unused testcases
Freedisch Aug 17, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
92 changes: 92 additions & 0 deletions scbctl/cmd/cascading.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,92 @@
// SPDX-FileCopyrightText: the secureCodeBox authors
//
// SPDX-License-Identifier: Apache-2.0
package cmd

import (
"fmt"

"github.com/ddddddO/gtree"
v1 "github.com/secureCodeBox/secureCodeBox/operator/apis/execution/v1"
"github.com/spf13/cobra"
"k8s.io/cli-runtime/pkg/genericclioptions"
"sigs.k8s.io/controller-runtime/pkg/client"
)

type cascadeOptions struct {
configFlags *genericclioptions.ConfigFlags
genericclioptions.IOStreams

namespace string
}

func NewCascadeCommand() *cobra.Command {
cascadeCmd := &cobra.Command{
Use: "cascade",
Short: "Visualize cascading scans",
Long: `Visualize the relationships between scans based on their cascading relationships`,
RunE: func(cmd *cobra.Command, args []string) error {
kubeclient, namespace, err := clientProvider.GetClient(kubeconfigArgs)
if err != nil {
return fmt.Errorf("error initializing kubernetes client: %w", err)
}

if namespaceFlag, err := cmd.Flags().GetString("namespace"); err == nil && namespaceFlag != "" {
namespace = namespaceFlag
}

var scans v1.ScanList
if err := kubeclient.List(cmd.Context(), &scans, client.InNamespace(namespace)); err != nil {
return fmt.Errorf("error listing Scans: %w", err)
}

root := buildTree(scans.Items)

return gtree.OutputProgrammably(cmd.OutOrStdout(), root)
},
}

return cascadeCmd
}

const (
ParentScanAnnotation = "cascading.securecodebox.io/parent-scan"
)

func buildTree(scans []v1.Scan) *gtree.Node {
root := gtree.NewRoot("Scans")

scanMap := make(map[string]*v1.Scan)
for i := range scans {
scanMap[scans[i].Name] = &scans[i]
}
for _, scan := range scans {
scanMap[scan.Name] = &scan
}

for _, scan := range scans {
if isInitialScan(&scan) {
scanNode := root.Add(scan.Name)
buildScanSubtree(scanNode, &scan, scanMap)
}
}

return root
}

func isInitialScan(scan *v1.Scan) bool {
return scan.Annotations[ParentScanAnnotation] == ""
}

func buildScanSubtree(node *gtree.Node, scan *v1.Scan, scanMap map[string]*v1.Scan) {
for _, childScan := range scanMap {
if isCascadedFrom(childScan, scan) {
childNode := node.Add(childScan.Name)
buildScanSubtree(childNode, childScan, scanMap)
}
}
}

func isCascadedFrom(childScan *v1.Scan, parentScan *v1.Scan) bool {
return childScan.Annotations[ParentScanAnnotation] == parentScan.Name
}
213 changes: 213 additions & 0 deletions scbctl/cmd/cascading_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,213 @@
// SPDX-FileCopyrightText: the secureCodeBox authors
//
// SPDX-License-Identifier: Apache-2.0
package cmd

import (
"bytes"
"testing"

"github.com/ddddddO/gtree"
v1 "github.com/secureCodeBox/secureCodeBox/operator/apis/execution/v1"
"github.com/stretchr/testify/assert"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)

func TestBuildTree(t *testing.T) {
tests := []struct {
name string
scans []v1.Scan
expected string
}{
{
name: "Single scan",
scans: []v1.Scan{
{
ObjectMeta: metav1.ObjectMeta{
Name: "scan1",
},
},
},
expected: `Scans
└── scan1
`,
},
{
name: "Two unrelated scans",
scans: []v1.Scan{
{
ObjectMeta: metav1.ObjectMeta{
Name: "scan1",
},
},
{
ObjectMeta: metav1.ObjectMeta{
Name: "scan2",
},
},
},
expected: `Scans
├── scan1
└── scan2
`,
},
{
name: "One parent, one child",
scans: []v1.Scan{
{
ObjectMeta: metav1.ObjectMeta{
Name: "parent",
},
},
{
ObjectMeta: metav1.ObjectMeta{
Name: "child",
Annotations: map[string]string{
ParentScanAnnotation: "parent",
},
},
},
},
expected: `Scans
└── parent
└── child
`,
},
{
name: "Complex cascade",
scans: []v1.Scan{
{
ObjectMeta: metav1.ObjectMeta{
Name: "root",
},
},
{
ObjectMeta: metav1.ObjectMeta{
Name: "child1",
Annotations: map[string]string{
ParentScanAnnotation: "root",
},
},
},
{
ObjectMeta: metav1.ObjectMeta{
Name: "child2",
Annotations: map[string]string{
ParentScanAnnotation: "root",
},
},
},
{
ObjectMeta: metav1.ObjectMeta{
Name: "grandchild",
Annotations: map[string]string{
ParentScanAnnotation: "child1",
},
},
},
},
expected: `Scans
└── root
├── child1
│ └── grandchild
└── child2
`,
},
}

for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
root := buildTree(tt.scans)
var buf bytes.Buffer
err := gtree.OutputProgrammably(&buf, root)
assert.NoError(t, err)
result := buf.String()
assert.Equal(t, tt.expected, result)
})
}
}

func TestIsInitialScan(t *testing.T) {
tests := []struct {
name string
scan v1.Scan
expected bool
}{
{
name: "Initial scan",
scan: v1.Scan{
ObjectMeta: metav1.ObjectMeta{
Name: "initial",
},
},
expected: true,
},
{
name: "Child scan",
scan: v1.Scan{
ObjectMeta: metav1.ObjectMeta{
Name: "child",
Annotations: map[string]string{
ParentScanAnnotation: "parent",
},
},
},
expected: false,
},
}

for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result := isInitialScan(&tt.scan)
assert.Equal(t, tt.expected, result)
})
}
}

func TestIsCascadedFrom(t *testing.T) {
tests := []struct {
name string
childScan v1.Scan
parentScan v1.Scan
expected bool
}{
{
name: "Direct child",
childScan: v1.Scan{
ObjectMeta: metav1.ObjectMeta{
Name: "child",
Annotations: map[string]string{
ParentScanAnnotation: "parent",
},
},
},
parentScan: v1.Scan{
ObjectMeta: metav1.ObjectMeta{
Name: "parent",
},
},
expected: true,
},
{
name: "Unrelated scans",
childScan: v1.Scan{
ObjectMeta: metav1.ObjectMeta{
Name: "scan1",
},
},
parentScan: v1.Scan{
ObjectMeta: metav1.ObjectMeta{
Name: "scan2",
},
},
expected: false,
},
}

for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result := isCascadedFrom(&tt.childScan, &tt.parentScan)
assert.Equal(t, tt.expected, result)
})
}
}
1 change: 1 addition & 0 deletions scbctl/cmd/root.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ func NewRootCommand() *cobra.Command {

rootCmd.AddCommand(NewScanCommand())
rootCmd.AddCommand(NewTriggerCommand())
rootCmd.AddCommand(NewCascadeCommand())

return rootCmd
}
19 changes: 14 additions & 5 deletions scbctl/go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,17 +10,25 @@ toolchain go1.22.3
require (
github.com/secureCodeBox/secureCodeBox/operator v0.0.0-20240709091631-4e5c4b973bf2
github.com/spf13/cobra v1.7.0
k8s.io/api v0.30.2
k8s.io/apimachinery v0.30.2
k8s.io/cli-runtime v0.30.1
k8s.io/api v0.30.3
k8s.io/apimachinery v0.30.3
k8s.io/cli-runtime v0.30.3
sigs.k8s.io/controller-runtime v0.18.4
)

require github.com/stretchr/testify v1.8.4
require github.com/stretchr/testify v1.9.0

require (
github.com/fatih/color v1.16.0 // indirect
github.com/mattn/go-colorable v0.1.13 // indirect
github.com/mattn/go-isatty v0.0.20 // indirect
github.com/pelletier/go-toml/v2 v2.2.0 // indirect
)

require (
github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/ddddddO/gtree v1.10.10
github.com/emicklei/go-restful/v3 v3.11.0 // indirect
github.com/evanphx/json-patch v5.6.0+incompatible // indirect
github.com/evanphx/json-patch/v5 v5.9.0 // indirect
Expand Down Expand Up @@ -67,9 +75,10 @@ require (
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
k8s.io/client-go v0.30.2 // indirect
k8s.io/client-go v0.30.3 // indirect
k8s.io/klog/v2 v2.120.1 // indirect
k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect
k8s.io/kubectl v0.30.3
k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3 // indirect
Expand Down
Loading