diff --git a/core/cautils/getter/loadpolicy.go b/core/cautils/getter/loadpolicy.go index c75d4d4a..66700ab6 100644 --- a/core/cautils/getter/loadpolicy.go +++ b/core/cautils/getter/loadpolicy.go @@ -9,6 +9,7 @@ import ( "github.com/armosec/armoapi-go/armotypes" "github.com/kubescape/opa-utils/reporthandling" + "github.com/kubescape/opa-utils/reporthandling/attacktrack/v1alpha1" ) // ======================================================================================================================= @@ -152,3 +153,18 @@ func (lp *LoadPolicy) filePath() string { } return "" } + +func (lp *LoadPolicy) GetAttackTracks() ([]v1alpha1.AttackTrack, error) { + attackTracks := []v1alpha1.AttackTrack{} + + f, err := os.ReadFile(lp.filePath()) + + if err != nil { + return nil, err + } + + if err := json.Unmarshal(f, &attackTracks); err != nil { + return nil, err + } + return attackTracks, nil +} diff --git a/core/core/download.go b/core/core/download.go index 9ef6869d..93954558 100644 --- a/core/core/download.go +++ b/core/core/download.go @@ -11,6 +11,7 @@ import ( "github.com/kubescape/go-logger/helpers" "github.com/kubescape/kubescape/v2/core/cautils/getter" metav1 "github.com/kubescape/kubescape/v2/core/meta/datastructures/v1" + "github.com/kubescape/opa-utils/reporthandling/attacktrack/v1alpha1" ) var downloadFunc = map[string]func(*metav1.DownloadInfo) error{ @@ -126,6 +127,21 @@ func downloadExceptions(downloadInfo *metav1.DownloadInfo) error { return nil } +func downloadAttackTracks(downloadInfo *metav1.DownloadInfo) error { + var err error + tenant := getTenantConfig(&downloadInfo.Credentials, "", "", getKubernetesApi()) + + attackTracksGetter := getAttackTracksGetter(tenant.GetAccountID(), nil) + attackTracks := []v1alpha1.AttackTrack{} + if tenant.GetAccountID() != "" { + attackTracks, err = attackTracksGetter.GetAttackTracks() + if err != nil { + return err + } + } + +} + func downloadFramework(downloadInfo *metav1.DownloadInfo) error { tenant := getTenantConfig(&downloadInfo.Credentials, "", "", getKubernetesApi()) diff --git a/core/core/initutils.go b/core/core/initutils.go index 2bd4f8af..f05956a5 100644 --- a/core/core/initutils.go +++ b/core/core/initutils.go @@ -247,8 +247,9 @@ func getAttackTracksGetter(accountID string, downloadReleasedPolicy *getter.Down if downloadReleasedPolicy == nil { downloadReleasedPolicy = getter.NewDownloadReleasedPolicy() } - if err := downloadReleasedPolicy.SetRegoObjects(); err != nil { - logger.L().Warning("failed to get attack tracks from github release, this may affect the scanning results", helpers.Error(err)) + if err := downloadReleasedPolicy.SetRegoObjects(); err != nil { // if failed to pull attack tracks, fallback to cache + logger.L().Warning("failed to get attack tracks from github release, loading attack tracks from cache", helpers.Error(err)) + return getter.NewLoadPolicy([]string{getter.GetDefaultPath("attackTracks.json")}) } return downloadReleasedPolicy } diff --git a/core/pkg/resourcesprioritization/prioritizationhandler.go b/core/pkg/resourcesprioritization/prioritizationhandler.go index 77e97b18..663257f1 100644 --- a/core/pkg/resourcesprioritization/prioritizationhandler.go +++ b/core/pkg/resourcesprioritization/prioritizationhandler.go @@ -21,7 +21,8 @@ func NewResourcesPrioritizationHandler(attackTracksGetter getter.IAttackTracksGe attackTracks: make([]v1alpha1.IAttackTrack, 0), } - if tracks, err := attackTracksGetter.GetAttackTracks(); err != nil { + tracks, err := attackTracksGetter.GetAttackTracks() + if err != nil { return nil, err } else { for _, attackTrack := range tracks { @@ -38,6 +39,12 @@ func NewResourcesPrioritizationHandler(attackTracksGetter getter.IAttackTracksGe return nil, fmt.Errorf("expected to find at least one attack track") } + // Store attack tracks in cache + cache := getter.GetDefaultPath("attackTracks.json") + if err := getter.SaveInFile(tracks, cache); err != nil { + logger.L().Warning("failed to cache file", helpers.String("file", cache), helpers.Error(err)) + } + return handler, nil }