From b7ec05e88abf86fe5725bc16a9735f3fb56ae615 Mon Sep 17 00:00:00 2001
From: David Wertenteil <dwertent@armosec.io>
Date: Thu, 28 Apr 2022 13:03:51 +0300
Subject: [PATCH] adding tests

---
 build/Dockerfile                              | 10 ++-
 .../examples/microservice/ks-deployment.yaml  | 13 +++-
 .../examples/prometheus/ks-deployment.yaml    |  6 +-
 .../handlerequests/v1/datastructuremethods.go | 76 ++++++++++++-------
 .../v1/datastructuremethods_test.go           | 45 +++++++++++
 5 files changed, 112 insertions(+), 38 deletions(-)

diff --git a/build/Dockerfile b/build/Dockerfile
index 99feb36b..565b0752 100644
--- a/build/Dockerfile
+++ b/build/Dockerfile
@@ -32,14 +32,16 @@ RUN /work/build/ubuntu-latest/kubescape download artifacts -o /work/artifacts
 FROM alpine
 
 RUN addgroup -S armo && adduser -S armo -G armo
+
+RUN mkdir /home/armo/.kubescape
+COPY --from=builder /work/artifacts/ /home/armo/.kubescape
+
+RUN chown -R armo:armo /home/armo/.kubescape
+
 USER armo
 WORKDIR /home/armo
 
 COPY --from=builder /work/httphandler/build/ubuntu-latest/kubescape /usr/bin/ksserver
 COPY --from=builder /work/build/ubuntu-latest/kubescape /usr/bin/kubescape
 
-RUN mkdir /home/armo/.kubescape 
-COPY --from=builder /work/artifacts/ /home/armo/.kubescape
-RUN chmod 777 -R /home/armo/.kubescape
-
 ENTRYPOINT ["ksserver"]
diff --git a/httphandler/examples/microservice/ks-deployment.yaml b/httphandler/examples/microservice/ks-deployment.yaml
index ae2b9429..737fc057 100644
--- a/httphandler/examples/microservice/ks-deployment.yaml
+++ b/httphandler/examples/microservice/ks-deployment.yaml
@@ -43,10 +43,10 @@ subjects:
 apiVersion: v1
 kind: Service
 metadata:
-  name: kubescape-service
+  name: kubescape
   namespace: ks-scanner
   labels:
-    app: kubescape-service
+    app: kubescape
 spec:
   type: NodePort
   ports:
@@ -89,13 +89,20 @@ spec:
             port: 8080
           initialDelaySeconds: 3
           periodSeconds: 3
-        image: quay.io/armosec/kubescape:prometheus.v2
+        image: quay.io/armosec/kubescape:latest
+        imagePullPolicy: Always
         env:
         - name: KS_DEFAULT_CONFIGMAP_NAMESPACE
           valueFrom:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
+        - name: "KS_SKIP_UPDATE_CHECK" # do not check latest version
+          value: "true"
+        - name: KS_ENABLE_HOST_SCANNER # enable host scanner -> https://hub.armo.cloud/docs/host-sensor
+          value: "true"              
+        - name: KS_DOWNLOAD_ARTIFACTS  # When set to true the artifacts will be downloaded every scan execution
+          value: "true" 
         ports:
         - containerPort: 8080
           name: http
diff --git a/httphandler/examples/prometheus/ks-deployment.yaml b/httphandler/examples/prometheus/ks-deployment.yaml
index ebd53cbc..79a27d0a 100644
--- a/httphandler/examples/prometheus/ks-deployment.yaml
+++ b/httphandler/examples/prometheus/ks-deployment.yaml
@@ -43,12 +43,12 @@ subjects:
 apiVersion: v1
 kind: Service
 metadata:
-  name: kubescape-service
+  name: kubescape
   namespace: ks-scanner
   labels:
-    app: kubescape-service
+    app: kubescape
 spec:
-  type: NodePort
+  type: ClusterIP
   ports:
     - port: 8080
       name: http
diff --git a/httphandler/handlerequests/v1/datastructuremethods.go b/httphandler/handlerequests/v1/datastructuremethods.go
index 90b3d841..83ea6e68 100644
--- a/httphandler/handlerequests/v1/datastructuremethods.go
+++ b/httphandler/handlerequests/v1/datastructuremethods.go
@@ -14,24 +14,7 @@ import (
 func ToScanInfo(scanRequest *utilsmetav1.PostScanRequest) *cautils.ScanInfo {
 	scanInfo := defaultScanInfo()
 
-	if scanRequest.TargetType != "" && len(scanRequest.TargetNames) > 0 {
-		if strings.EqualFold(string(scanRequest.TargetType), string(reporthandling.KindFramework)) {
-			scanRequest.TargetType = apisv1.KindFramework
-			scanInfo.FrameworkScan = true
-		} else if strings.EqualFold(string(scanRequest.TargetType), string(reporthandling.KindControl)) {
-			scanRequest.TargetType = apisv1.KindControl
-		} else {
-			// unknown policy kind - set scan all
-			scanInfo.FrameworkScan = true
-			scanInfo.ScanAll = true
-			scanRequest.TargetNames = []string{}
-		}
-		scanInfo.SetPolicyIdentifiers(scanRequest.TargetNames, scanRequest.TargetType)
-		scanInfo.ScanAll = false
-	} else {
-		scanInfo.FrameworkScan = true
-		scanInfo.ScanAll = true
-	}
+	setTargetInScanInfo(scanRequest, scanInfo)
 
 	if scanRequest.Account != "" {
 		scanInfo.Account = scanRequest.Account
@@ -47,20 +30,57 @@ func ToScanInfo(scanRequest *utilsmetav1.PostScanRequest) *cautils.ScanInfo {
 		scanInfo.Format = scanRequest.Format
 	}
 
-	useCachedArtifacts := cautils.NewBoolPtr(scanRequest.UseCachedArtifacts)
-	if useCachedArtifacts.Get() != nil && !*useCachedArtifacts.Get() {
-		scanInfo.UseArtifactsFrom = getter.DefaultLocalStore // Load files from cache (this will prevent kubescape fom downloading the artifacts every time)
+	// UseCachedArtifacts
+	if scanRequest.UseCachedArtifacts != nil {
+		if useCachedArtifacts := cautils.NewBoolPtr(scanRequest.UseCachedArtifacts); useCachedArtifacts.Get() != nil && !*useCachedArtifacts.Get() {
+			scanInfo.UseArtifactsFrom = getter.DefaultLocalStore // Load files from cache (this will prevent kubescape fom downloading the artifacts every time)
+		}
 	}
 
-	keepLocal := cautils.NewBoolPtr(scanRequest.KeepLocal)
-	if keepLocal.Get() != nil {
-		scanInfo.Local = *keepLocal.Get() // Load files from cache (this will prevent kubescape fom downloading the artifacts every time)
+	// KeepLocal
+	if scanRequest.KeepLocal != nil {
+		if keepLocal := cautils.NewBoolPtr(scanRequest.KeepLocal); keepLocal.Get() != nil {
+			scanInfo.Local = *keepLocal.Get() // Load files from cache (this will prevent kubescape fom downloading the artifacts every time)
+		}
 	}
-	submit := cautils.NewBoolPtr(scanRequest.Submit)
-	if submit.Get() != nil {
-		scanInfo.Submit = *submit.Get()
+
+	// submit
+	if scanRequest.Submit != nil {
+		if submit := cautils.NewBoolPtr(scanRequest.Submit); submit.Get() != nil {
+			scanInfo.Submit = *submit.Get()
+		}
+	}
+
+	// host scanner
+	if scanRequest.HostScanner != nil {
+		scanInfo.HostSensorEnabled = cautils.NewBoolPtr(scanRequest.HostScanner)
 	}
-	scanInfo.HostSensorEnabled = cautils.NewBoolPtr(scanRequest.HostScanner)
 
 	return scanInfo
 }
+
+func setTargetInScanInfo(scanRequest *utilsmetav1.PostScanRequest, scanInfo *cautils.ScanInfo) {
+	if scanRequest.TargetType != "" && len(scanRequest.TargetNames) > 0 {
+		if strings.EqualFold(string(scanRequest.TargetType), string(reporthandling.KindFramework)) {
+			scanRequest.TargetType = apisv1.KindFramework
+			scanInfo.FrameworkScan = true
+			scanInfo.ScanAll = false
+			if cautils.StringInSlice(scanRequest.TargetNames, "all") != cautils.ValueNotFound { // if scan all frameworks
+				scanRequest.TargetNames = []string{}
+				scanInfo.ScanAll = true
+			}
+		} else if strings.EqualFold(string(scanRequest.TargetType), string(reporthandling.KindControl)) {
+			scanRequest.TargetType = apisv1.KindControl
+			scanInfo.ScanAll = false
+		} else {
+			// unknown policy kind - set scan all
+			scanInfo.FrameworkScan = true
+			scanInfo.ScanAll = true
+			scanRequest.TargetNames = []string{}
+		}
+		scanInfo.SetPolicyIdentifiers(scanRequest.TargetNames, scanRequest.TargetType)
+	} else {
+		scanInfo.FrameworkScan = true
+		scanInfo.ScanAll = true
+	}
+}
diff --git a/httphandler/handlerequests/v1/datastructuremethods_test.go b/httphandler/handlerequests/v1/datastructuremethods_test.go
index 62b851db..eed4a1d7 100644
--- a/httphandler/handlerequests/v1/datastructuremethods_test.go
+++ b/httphandler/handlerequests/v1/datastructuremethods_test.go
@@ -3,6 +3,7 @@ package v1
 import (
 	"testing"
 
+	"github.com/armosec/kubescape/v2/core/cautils"
 	apisv1 "github.com/armosec/opa-utils/httpserver/apis/v1"
 	utilsmetav1 "github.com/armosec/opa-utils/httpserver/meta/v1"
 	"github.com/armosec/opa-utils/reporthandling"
@@ -59,3 +60,47 @@ func TestToScanInfo(t *testing.T) {
 		assert.True(t, s.FrameworkScan)
 	}
 }
+
+func TestSetTargetInScanInfo(t *testing.T) {
+	{
+		req := &utilsmetav1.PostScanRequest{
+			TargetType:  apisv1.KindFramework,
+			TargetNames: []string{"nsa", "mitre"},
+		}
+		scanInfo := &cautils.ScanInfo{}
+		setTargetInScanInfo(req, scanInfo)
+		assert.True(t, scanInfo.FrameworkScan)
+		assert.False(t, scanInfo.ScanAll)
+		assert.Equal(t, 2, len(scanInfo.PolicyIdentifier))
+	}
+	{
+		req := &utilsmetav1.PostScanRequest{
+			TargetType:  apisv1.KindFramework,
+			TargetNames: []string{"all"},
+		}
+		scanInfo := &cautils.ScanInfo{}
+		setTargetInScanInfo(req, scanInfo)
+		assert.True(t, scanInfo.FrameworkScan)
+		assert.True(t, scanInfo.ScanAll)
+		assert.Equal(t, 0, len(scanInfo.PolicyIdentifier))
+	}
+	{
+		req := &utilsmetav1.PostScanRequest{}
+		scanInfo := &cautils.ScanInfo{}
+		setTargetInScanInfo(req, scanInfo)
+		assert.True(t, scanInfo.FrameworkScan)
+		assert.True(t, scanInfo.ScanAll)
+		assert.Equal(t, 0, len(scanInfo.PolicyIdentifier))
+	}
+	{
+		req := &utilsmetav1.PostScanRequest{
+			TargetType:  apisv1.KindControl,
+			TargetNames: []string{"c-0001"},
+		}
+		scanInfo := &cautils.ScanInfo{}
+		setTargetInScanInfo(req, scanInfo)
+		assert.False(t, scanInfo.FrameworkScan)
+		assert.False(t, scanInfo.ScanAll)
+		assert.Equal(t, 1, len(scanInfo.PolicyIdentifier))
+	}
+}