update description and validate input

inputhandler/clihandler/flaghandler.go

@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"strings"
 
+	"kube-escape/cautils"
 	"kube-escape/cautils/opapolicy"
 )
 
@@ -67,7 +68,10 @@ func (flagHandler *FlagHandler) Scan() {
 }
 func (flagHandler *FlagHandler) ScanFramework() {
 	frameworkName := strings.ToUpper(flag.Arg(2))
-
+	if cautils.StringInSlice(SupportedFrameworks(), frameworkName) == cautils.ValueNotFound {
+		fmt.Printf("framework %s not supported, supported frameworks: %v", frameworkName, SupportedFrameworks())
+		return
+	}
 	flagHandler.policyIdentifier = &opapolicy.PolicyIdentifier{
 		Kind: opapolicy.KindFramework,
 		Name: frameworkName,
@@ -80,11 +84,15 @@ func (flagHandler *FlagHandler) ScanControl() {
 	}
 }
 func (flagHandler *FlagHandler) ScanHelp() {
-	fmt.Println("Entre scope: framework or control")
+	fmt.Println("")
 }
 func (flagHandler *FlagHandler) ScanFrameworkHelp() {
-	fmt.Println("Run a framework. Run 'cacli opa framework list' for the list of available frameworks")
+	fmt.Println("Run framework nsa or mitre")
 }
 func (flagHandler *FlagHandler) ScanControlHelp() {
 	fmt.Println("not supported")
 }
+
+func SupportedFrameworks() []string {
+	return []string{"nsa", "mitre"} // TODO - get from BE
+}

inputhandler/dummy_test.go

@@ -1 +0,0 @@
-package inputhandler

install.sh

@@ -6,7 +6,7 @@ echo
  
 BASE_DIR=~/.kubescape
 KUBESCAPE_EXEC=kubescape
-RELEASE=v0.0.5
+RELEASE=v0.0.11
 DOWNLOAD_URL="https://github.com/armosec/kubescape/releases/download/$RELEASE/kubescape"
 
 mkdir -p $BASE_DIR 

opaprocessor/processorhandler.go

@@ -67,13 +67,15 @@ func (opap *OPAProcessor) ProcessRulesHandler(opaSessionObj *cautils.OPASessionO
 		controlReports := []opapolicy.ControlReport{}
 		for _, control := range framework.Controls {
 			// cautils.SimpleDisplay(os.Stdout, fmt.Sprintf("\033[2K\r%s", control.Name))
-			// fmt.Printf("\033[2K\r%s", control.Name)
 			controlReport := opapolicy.ControlReport{}
 			controlReport.Name = control.Name
 			controlReport.Description = control.Description
 			controlReport.Remediation = control.Remediation
 			ruleReports := []opapolicy.RuleReport{}
 			for _, rule := range control.Rules {
+				if ruleWithArmoOpaDependency(rule.Attributes) {
+					continue
+				}
 				k8sObjects := getKubernetesObjects(opaSessionObj.K8SResources, rule.Match)
 				ruleReport, err := opap.runOPAOnSingleRule(&rule, k8sObjects)
 				if err != nil {
@@ -86,9 +88,7 @@ func (opap *OPAProcessor) ProcessRulesHandler(opaSessionObj *cautils.OPASessionO
 					ruleReport.RuleStatus.Status = "success"
 				}
 				ruleReport.NumOfResources = len(k8sObjects)
-				// if len(ruleReport.RuleResponses) > 0 {
 				ruleReports = append(ruleReports, ruleReport)
-				// }
 			}
 			controlReport.RuleReports = ruleReports
 			controlReports = append(controlReports, controlReport)

opaprocessor/processorhandlerutils.go

@@ -3,6 +3,7 @@ package opaprocessor
 import (
 	"kube-escape/cautils"
 
+	pkgcautils "kube-escape/cautils/cautils"
 	"kube-escape/cautils/k8sinterface"
 	"kube-escape/cautils/opapolicy"
 	resources "kube-escape/cautils/opapolicy/resources"
@@ -48,3 +49,13 @@ func getRuleDependencies() (map[string]string, error) {
 	}
 	return modules, nil
 }
+
+func ruleWithArmoOpaDependency(annotations map[string]interface{}) bool {
+	if annotations == nil {
+		return false
+	}
+	if s, ok := annotations["armoOpa"]; ok { // TODO - make global
+		return pkgcautils.StringToBool(s.(string))
+	}
+	return false
+}

printer/printresults.go

@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"kube-escape/cautils"
 	"os"
+	"strings"
 
 	"kube-escape/cautils/k8sinterface"
 	"kube-escape/cautils/opapolicy"
@@ -51,14 +52,17 @@ func (printer *Printer) ActionPrint() {
 func (printer *Printer) SummerySetup(postureReport *opapolicy.PostureReport) {
 	for _, fr := range postureReport.FrameworkReports {
 		for _, cr := range fr.ControlReports {
+			if len(cr.RuleReports) == 0 {
+				continue
+			}
 			workloadsSummery := listResultSummery(cr.RuleReports)
 			mapResources := groupByNamespace(workloadsSummery)
 
 			printer.summery[cr.Name] = ControlSummery{
 				TotalResources:  cr.GetNumberOfResources(),
 				TotalFailed:     len(workloadsSummery),
-				Description:     cr.Description,
 				WorkloadSummery: mapResources,
+				Description:     strings.ReplaceAll(cr.Description, ". ", fmt.Sprintf(".\n%s%s", INDENT, INDENT)),
 			}
 		}
 	}
@@ -73,7 +77,9 @@ func (printer *Printer) PrintResults() {
 
 func (printer *Printer) printTitle(controlName string, controlSummery *ControlSummery) {
 	cautils.InfoDisplay(os.Stdout, "[control: %s] ", controlName)
-	if controlSummery.TotalFailed == 0 {
+	if controlSummery.TotalResources == 0 {
+		cautils.InfoDisplay(os.Stdout, "resources not found %v\n", emoji.ConfusedFace)
+	} else if controlSummery.TotalFailed == 0 {
 		cautils.SuccessDisplay(os.Stdout, "passed %v\n", emoji.ThumbsUp)
 	} else {
 		cautils.FailureDisplay(os.Stdout, "failed %v\n", emoji.SadButRelievedFace)
@@ -113,6 +119,9 @@ func generateHeader() []string {
 
 func percentage(big, small int) int {
 	if big == 0 {
+		if small == 0 {
+			return 100
+		}
 		return 0
 	}
 	return int(float64(float64(big-small)/float64(big)) * 100)

printer/summery.go

@@ -1,6 +1,8 @@
 package printer
 
-import "fmt"
+import (
+	"fmt"
+)
 
 type Summery map[string]ControlSummery
 
@@ -22,26 +24,6 @@ type WorkloadSummery struct {
 	Group     string
 }
 
-func (summery *Summery) SetWorkloadSummery(c string, ws map[string][]WorkloadSummery) {
-	s := (*summery)[c]
-	s.WorkloadSummery = ws
-}
-
-func (summery *Summery) SetTotalResources(c string, t int) {
-	s := (*summery)[c]
-	s.TotalResources = t
-}
-
-func (summery *Summery) SetTotalFailed(c string, t int) {
-	s := (*summery)[c]
-	s.TotalFailed = t
-}
-
-func (summery *Summery) SetDescription(c string, d string) {
-	s := (*summery)[c]
-	s.Description = d
-}
-
 func (controlSummery *ControlSummery) ToSlice() []string {
 	s := []string{}
 	s = append(s, fmt.Sprintf("%d", controlSummery.TotalFailed))