run control scan form file

2026-02-14 18:09:55 +00:00 · 2021-10-20 16:18:53 +03:00
parent 836211ae2b
commit cc57a34a32
12 changed files with 79 additions and 37 deletions
--- a/cautils/customerloader.go
+++ b/cautils/customerloader.go
@@ -127,13 +127,7 @@ func (c *EmptyConfig) GetCustomerGUID() string                { return "" }
 func (c *EmptyConfig) GetK8sAPI() *k8sinterface.KubernetesApi { return nil } // TODO: return mock obj
 func (c *EmptyConfig) GetDefaultNS() string                   { return k8sinterface.GetDefaultNamespace() }
 func (c *EmptyConfig) GetBackendAPI() getter.IBackend         { return nil } // TODO: return mock obj
-func (c *EmptyConfig) GetClusterName() string {
-	clusterName := k8sinterface.GetClusterName()
-	if clusterName == "" {
-		return "unknown"
-	}
-	return k8sinterface.GetClusterName()
-}
+func (c *EmptyConfig) GetClusterName() string                 { return k8sinterface.GetClusterName() }
 func (c *EmptyConfig) GenerateURL() {
 	message := fmt.Sprintf("You can see the results in a user-friendly UI, choose your preferred compliance framework, check risk results history and trends, manage exceptions, get remediation recommendations and much more by registering here: https://%s", getter.GetArmoAPIConnector().GetFrontendURL())
 	InfoTextDisplay(os.Stdout, message+"\n")
--- a/cautils/downloadinfo.go
+++ b/cautils/downloadinfo.go
@@ -3,4 +3,5 @@ package cautils
 type DownloadInfo struct {
 	Path          string
 	FrameworkName string
+	ControlName   string
 }
--- a/cautils/getter/downloadreleasedpolicy.go
+++ b/cautils/getter/downloadreleasedpolicy.go
@@ -1,6 +1,8 @@
 package getter

 import (
+	"strings"
+
 	"github.com/armosec/opa-utils/gitregostore"
 	"github.com/armosec/opa-utils/reporthandling"
 )
@@ -21,12 +23,15 @@ func NewDownloadReleasedPolicy() *DownloadReleasedPolicy {
 }

 func (drp *DownloadReleasedPolicy) GetControl(policyName string) (*reporthandling.Control, error) {
-	control, err := drp.gs.GetOPAControlByName(policyName)
-	if err != nil {
+	var control *reporthandling.Control
+	var err error
+	if strings.HasPrefix(policyName, "C-") || strings.HasPrefix(policyName, "c-") {
 		control, err = drp.gs.GetOPAControlByID(policyName)
-		if err != nil {
-			return nil, err
-		}
+	} else {
+		control, err = drp.gs.GetOPAControlByName(policyName)
+	}
+	if err != nil {
+		return nil, err
 	}
 	return control, nil
 }
--- a/cautils/getter/getpoliciesutils.go
+++ b/cautils/getter/getpoliciesutils.go
@@ -21,6 +21,30 @@ func GetDefaultPath(name string) string {
 	return defaultfilePath
 }

+func SaveControlInFile(control *reporthandling.Control, pathStr string) error {
+	encodedData, err := json.Marshal(control)
+	if err != nil {
+		return err
+	}
+	err = os.WriteFile(pathStr, []byte(fmt.Sprintf("%v", string(encodedData))), 0644)
+	if err != nil {
+		if os.IsNotExist(err) {
+			pathDir := path.Dir(pathStr)
+			if err := os.Mkdir(pathDir, 0744); err != nil {
+				return err
+			}
+		} else {
+			return err
+
+		}
+		err = os.WriteFile(pathStr, []byte(fmt.Sprintf("%v", string(encodedData))), 0644)
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
 func SaveFrameworkInFile(framework *reporthandling.Framework, pathStr string) error {
 	encodedData, err := json.Marshal(framework)
 	if err != nil {
--- a/cautils/getter/loadpolicy.go
+++ b/cautils/getter/loadpolicy.go
@@ -35,7 +35,7 @@ func (lp *LoadPolicy) GetControl(controlName string) (*reporthandling.Control, e
 	}

 	err = json.Unmarshal(f, control)
-	if controlName != "" && !strings.EqualFold(controlName, control.Name) {
+	if controlName != "" && !strings.EqualFold(controlName, control.Name) && !strings.EqualFold(controlName, control.ControlID) {
 		return nil, fmt.Errorf("control from file not matching")
 	}
 	return control, err
--- a/cautils/scaninfo.go
+++ b/cautils/scaninfo.go
@@ -55,7 +55,6 @@ func (scanInfo *ScanInfo) setUseFrom() {
 	if scanInfo.UseDefault {
 		scanInfo.UseFrom = getter.GetDefaultPath(scanInfo.PolicyIdentifier.Name + ".json")
 	}
-
 }
 func (scanInfo *ScanInfo) setGetter() {
 	if scanInfo.UseFrom != "" {
--- a/clihandler/cmd/control.go
+++ b/clihandler/cmd/control.go
@@ -3,6 +3,7 @@ package cmd
 import (
 	"fmt"
 	"os"
+	"strings"

 	"github.com/armosec/kubescape/cautils"
 	"github.com/armosec/kubescape/clihandler"
@@ -15,18 +16,19 @@ var controlCmd = &cobra.Command{
 	Use:   "control <control name>/<control id>",
 	Short: fmt.Sprintf("The control you wish to use for scan. It must be present in at least one of the folloiwng frameworks: %s", clihandler.ValidFrameworks),
 	Args: func(cmd *cobra.Command, args []string) error {
-		if len(args) < 1 {
-			return fmt.Errorf("requires  one argument")
+		if len(args) < 1 && !(cmd.Flags().Lookup("use-from").Changed) {
+			return fmt.Errorf("requires at least one argument")
 		}
-
 		return nil
 	},
 	RunE: func(cmd *cobra.Command, args []string) error {
 		flagValidationControl()
-		scanInfo.FrameworkScan = false
 		scanInfo.PolicyIdentifier = reporthandling.PolicyIdentifier{}
+		if !(cmd.Flags().Lookup("use-from").Changed) {
+			scanInfo.PolicyIdentifier.Name = strings.ToLower(args[0])
+		}
+		scanInfo.FrameworkScan = false
 		scanInfo.PolicyIdentifier.Kind = reporthandling.KindControl
-		scanInfo.PolicyIdentifier.Name = args[0]
 		scanInfo.Init()
 		cautils.SetSilentMode(scanInfo.Silent)
 		err := clihandler.CliSetup(scanInfo)
--- a/clihandler/cmd/download.go
+++ b/clihandler/cmd/download.go
@@ -2,6 +2,7 @@ package cmd

 import (
 	"fmt"
+	"strings"

 	"github.com/armosec/kubescape/cautils"
 	"github.com/armosec/kubescape/cautils/getter"
@@ -12,8 +13,8 @@ import (
 var downloadInfo cautils.DownloadInfo

 var downloadCmd = &cobra.Command{
-	Use:   fmt.Sprintf("download framework <framework-name> [flags]\nSupported frameworks: %s", clihandler.ValidFrameworks),
-	Short: "Download framework controls",
+	Use:   fmt.Sprintf("download framework/control <framework-name>/<control-name> [flags]\nSupported frameworks: %s", clihandler.ValidFrameworks),
+	Short: "Download framework/control",
 	Long:  ``,
 	Args: func(cmd *cobra.Command, args []string) error {
 		if len(args) != 2 {
@@ -22,19 +23,36 @@ var downloadCmd = &cobra.Command{
 		return nil
 	},
 	RunE: func(cmd *cobra.Command, args []string) error {
-		downloadInfo.FrameworkName = args[1]
-		g := getter.NewDownloadReleasedPolicy()
-		if downloadInfo.Path == "" {
-			downloadInfo.Path = getter.GetDefaultPath(downloadInfo.FrameworkName + ".json")
-		}
-		frameworks, err := g.GetFramework(downloadInfo.FrameworkName)
-		if err != nil {
-			return err
-		}
-		err = getter.SaveFrameworkInFile(frameworks, downloadInfo.Path)
-		if err != nil {
-			return err
+		if strings.EqualFold(args[0], "framework") {
+			downloadInfo.FrameworkName = args[1]
+			g := getter.NewDownloadReleasedPolicy()
+			if downloadInfo.Path == "" {
+				downloadInfo.Path = getter.GetDefaultPath(downloadInfo.FrameworkName + ".json")
+			}
+			frameworks, err := g.GetFramework(downloadInfo.FrameworkName)
+			if err != nil {
+				return err
+			}
+			err = getter.SaveFrameworkInFile(frameworks, downloadInfo.Path)
+			if err != nil {
+				return err
+			}
+		} else if strings.EqualFold(args[0], "control") {
+			downloadInfo.ControlName = args[1]
+			g := getter.NewDownloadReleasedPolicy()
+			if downloadInfo.Path == "" {
+				downloadInfo.Path = getter.GetDefaultPath(downloadInfo.ControlName + ".json")
+			}
+			controls, err := g.GetControl(downloadInfo.ControlName)
+			if err != nil {
+				return err
+			}
+			err = getter.SaveControlInFile(controls, downloadInfo.Path)
+			if err != nil {
+				return err
+			}
 		}
+
 		return nil
 	},
 }
--- a/clihandler/cmd/scan.go
+++ b/clihandler/cmd/scan.go
@@ -9,7 +9,7 @@ var scanInfo cautils.ScanInfo

 // scanCmd represents the scan command
 var scanCmd = &cobra.Command{
-	Use:   "scan",
+	Use:   "scan <command>",
 	Short: "Scan the current running cluster or yaml files",
 	Long:  `The action you want to perform`,
 	Run: func(cmd *cobra.Command, args []string) {
--- a/install.sh
+++ b/install.sh
@@ -53,6 +53,6 @@ echo -e "\033[0m"
 $KUBESCAPE_EXEC version
 echo

-echo -e "\033[35mUsage: $ $KUBESCAPE_EXEC scan framework nsa --exclude-namespaces kube-system,kube-public"
+echo -e "\033[35mUsage: $ $KUBESCAPE_EXEC scan framework nsa"

 echo -e "\033[0m"
--- a/nsa.json
+++ b/nsa.json
--- a/resultshandling/results.go
+++ b/resultshandling/results.go
@@ -27,7 +27,7 @@ func (resultsHandler *ResultsHandler) HandleResults(scanInfo cautils.ScanInfo) f
 	score := resultsHandler.printerObj.ActionPrint(opaSessionObj)

 	// Don't send report for control scan
-	if scanInfo.FrameworkScan {
+	if scanInfo.FrameworkScan { // TODO - use interface for ActionSendReportListenner
 		resultsHandler.reporterObj.ActionSendReportListenner(opaSessionObj)
 	}