stash

core/cautils/getter/loadpolicy.go

@@ -9,6 +9,7 @@ import (
 
 	"github.com/armosec/armoapi-go/armotypes"
 	"github.com/kubescape/opa-utils/reporthandling"
+	"github.com/kubescape/opa-utils/reporthandling/attacktrack/v1alpha1"
 )
 
 // =======================================================================================================================
@@ -152,3 +153,18 @@ func (lp *LoadPolicy) filePath() string {
 	}
 	return ""
 }
+
+func (lp *LoadPolicy) GetAttackTracks() ([]v1alpha1.AttackTrack, error) {
+	attackTracks := []v1alpha1.AttackTrack{}
+
+	f, err := os.ReadFile(lp.filePath())
+
+	if err != nil {
+		return nil, err
+	}
+
+	if err := json.Unmarshal(f, &attackTracks); err != nil {
+		return nil, err
+	}
+	return attackTracks, nil
+}

core/core/download.go

@@ -11,6 +11,7 @@ import (
 	"github.com/kubescape/go-logger/helpers"
 	"github.com/kubescape/kubescape/v2/core/cautils/getter"
 	metav1 "github.com/kubescape/kubescape/v2/core/meta/datastructures/v1"
+	"github.com/kubescape/opa-utils/reporthandling/attacktrack/v1alpha1"
 )
 
 var downloadFunc = map[string]func(*metav1.DownloadInfo) error{
@@ -126,6 +127,21 @@ func downloadExceptions(downloadInfo *metav1.DownloadInfo) error {
 	return nil
 }
 
+func downloadAttackTracks(downloadInfo *metav1.DownloadInfo) error {
+	var err error
+	tenant := getTenantConfig(&downloadInfo.Credentials, "", "", getKubernetesApi())
+
+	attackTracksGetter := getAttackTracksGetter(tenant.GetAccountID(), nil)
+	attackTracks := []v1alpha1.AttackTrack{}
+	if tenant.GetAccountID() != "" {
+		attackTracks, err = attackTracksGetter.GetAttackTracks()
+		if err != nil {
+			return err
+		}
+	}
+
+}
+
 func downloadFramework(downloadInfo *metav1.DownloadInfo) error {
 
 	tenant := getTenantConfig(&downloadInfo.Credentials, "", "", getKubernetesApi())

core/core/initutils.go

@@ -247,8 +247,9 @@ func getAttackTracksGetter(accountID string, downloadReleasedPolicy *getter.Down
 	if downloadReleasedPolicy == nil {
 		downloadReleasedPolicy = getter.NewDownloadReleasedPolicy()
 	}
-	if err := downloadReleasedPolicy.SetRegoObjects(); err != nil {
-		logger.L().Warning("failed to get attack tracks from github release, this may affect the scanning results", helpers.Error(err))
+	if err := downloadReleasedPolicy.SetRegoObjects(); err != nil { // if failed to pull attack tracks, fallback to cache
+		logger.L().Warning("failed to get attack tracks from github release, loading attack tracks from cache", helpers.Error(err))
+		return getter.NewLoadPolicy([]string{getter.GetDefaultPath("attackTracks.json")})
 	}
 	return downloadReleasedPolicy
 }

core/pkg/resourcesprioritization/prioritizationhandler.go

@@ -21,7 +21,8 @@ func NewResourcesPrioritizationHandler(attackTracksGetter getter.IAttackTracksGe
 		attackTracks: make([]v1alpha1.IAttackTrack, 0),
 	}
 
-	if tracks, err := attackTracksGetter.GetAttackTracks(); err != nil {
+	tracks, err := attackTracksGetter.GetAttackTracks()
+	if err != nil {
 		return nil, err
 	} else {
 		for _, attackTrack := range tracks {
@@ -38,6 +39,12 @@ func NewResourcesPrioritizationHandler(attackTracksGetter getter.IAttackTracksGe
 		return nil, fmt.Errorf("expected to find at least one attack track")
 	}
 
+	// Store attack tracks in cache
+	cache := getter.GetDefaultPath("attackTracks.json")
+	if err := getter.SaveInFile(tracks, cache); err != nil {
+		logger.L().Warning("failed to cache file", helpers.String("file", cache), helpers.Error(err))
+	}
+
 	return handler, nil
 }