SUB-4890 - [KYOS] As a User I want to be able to accept the risk of C… (

#26) * SUB-4890 - [KYOS] As a User I want to be able to accept the risk of CVE/Resource for all Cluster, Namespace, Workload, Container Signed-off-by: rinao12 <[email protected]> * fixed test Signed-off-by: rinao12 <[email protected]> --------- Signed-off-by: rinao12 <[email protected]> Co-authored-by: rinao12 <[email protected]>
kubescape · Jul 8, 2024 · 5b062de · 5b062de
1 parent f2fc733
commit 5b062de
Show file tree

Hide file tree

Showing 3 changed files with 42 additions and 21 deletions.
diff --git a/pkg/client/v1/vulnerabilities.go b/pkg/client/v1/vulnerabilities.go
@@ -3,18 +3,17 @@ package v1
 import (
 	"encoding/json"
 	"fmt"
-	"io"
-	"net/http"
-	"net/url"
-
 	"github.com/armosec/armoapi-go/armotypes"
 	"github.com/armosec/armoapi-go/identifiers"
 	httputils "github.com/armosec/utils-go/httputils"
 	v1 "github.com/kubescape/backend/pkg/server/v1"
 	"github.com/kubescape/backend/pkg/utils"
+	"io"
+	"net/http"
+	"net/url"
 )
 
-func getCVEExceptionsURL(backendURL, customerGUID string, designators *identifiers.PortalDesignator) (*url.URL, error) {
+func constructCVEExceptionsURL(backendURL, customerGUID string, queryParams *url.Values) (*url.URL, error) {
 	scheme, host, err := utils.ParseHost(backendURL)
 	if err != nil {
 		return nil, err
@@ -24,32 +23,33 @@ func getCVEExceptionsURL(backendURL, customerGUID string, designators *identifie
 		Scheme: scheme,
 		Path:   v1.ApiServerVulnerabilitiesExceptionsPathOld,
 	}
-	qValues := expURL.Query()
+	queryParams.Add(v1.QueryParamCustomerGUID, customerGUID)
+	expURL.RawQuery = queryParams.Encode()
+	return expURL, nil
+}
+
+func getCVEExceptionsURL(backendURL, customerGUID string, designators *identifiers.PortalDesignator) (*url.URL, error) {
+	qValues := url.Values{}
 	for k, v := range designators.Attributes {
 		qValues.Add(k, v)
 	}
-	qValues.Add(v1.QueryParamCustomerGUID, customerGUID)
-
-	expURL.RawQuery = qValues.Encode()
-	return expURL, nil
+	return constructCVEExceptionsURL(backendURL, customerGUID, &qValues)
 }
 
-func getCVEExceptionByDEsignator(backendURL, customerGUID string, designators *identifiers.PortalDesignator, headers map[string]string) ([]armotypes.VulnerabilityExceptionPolicy, error) {
+func getCVEExceptionsURLByRawQuery(backendURL, customerGUID string, rawQuery *url.Values) (*url.URL, error) {
+	return constructCVEExceptionsURL(backendURL, customerGUID, rawQuery)
+}
 
+func fetchCVEExceptions(url *url.URL, headers map[string]string) ([]armotypes.VulnerabilityExceptionPolicy, error) {
 	var vulnerabilityExceptionPolicy []armotypes.VulnerabilityExceptionPolicy
 
-	url, err := getCVEExceptionsURL(backendURL, customerGUID, designators)
-	if err != nil {
-		return nil, err
-	}
-
 	resp, err := httputils.HttpGet(http.DefaultClient, url.String(), headers)
 	if err != nil {
 		return nil, err
 	}
 
 	if resp.StatusCode < 200 || resp.StatusCode >= 300 {
-		return nil, fmt.Errorf("getCVEExceptionByDEsignator: resp.StatusCode %d", resp.StatusCode)
+		return nil, fmt.Errorf("fetchCVEExceptions: resp.StatusCode %d", resp.StatusCode)
 	}
 
 	bodyBytes, err := io.ReadAll(resp.Body)
@@ -65,12 +65,20 @@ func getCVEExceptionByDEsignator(backendURL, customerGUID string, designators *i
 	return vulnerabilityExceptionPolicy, nil
 }
 
-func GetCVEExceptionByDesignator(baseURL, customerGUID string, designators *identifiers.PortalDesignator, headers map[string]string) ([]armotypes.VulnerabilityExceptionPolicy, error) {
-	vulnerabilityExceptionPolicyList, err := getCVEExceptionByDEsignator(baseURL, customerGUID, designators, headers)
+func GetCVEExceptionByDesignator(backendURL, customerGUID string, designators *identifiers.PortalDesignator, headers map[string]string) ([]armotypes.VulnerabilityExceptionPolicy, error) {
+	url, err := getCVEExceptionsURL(backendURL, customerGUID, designators)
+	if err != nil {
+		return nil, err
+	}
+	return fetchCVEExceptions(url, headers)
+}
+
+func GetCVEExceptionByRawQuery(backendURL, customerGUID string, rawQuery *url.Values, headers map[string]string) ([]armotypes.VulnerabilityExceptionPolicy, error) {
+	url, err := getCVEExceptionsURLByRawQuery(backendURL, customerGUID, rawQuery)
 	if err != nil {
 		return nil, err
 	}
-	return vulnerabilityExceptionPolicyList, nil
+	return fetchCVEExceptions(url, headers)
 }
 
 func GetVulnerabilitiesReportURL(eventReceiverUrl, customerGUID string) (*url.URL, error) {

diff --git a/pkg/client/v1/vulnerabilities_test.go b/pkg/client/v1/vulnerabilities_test.go
@@ -1,12 +1,25 @@
 package v1
 
 import (
+	url2 "net/url"
 	"testing"
 
 	"github.com/armosec/armoapi-go/identifiers"
 	"github.com/stretchr/testify/assert"
 )
 
+func Test_getCVEExceptionsURLByRawQuery(t *testing.T) {
+	url, err := getCVEExceptionsURLByRawQuery("http://localhost:8080", "abc", &url2.Values{
+		"scope.namespace": []string{"kube-system", "*/*"},
+		"scope.cluster":   []string{"c1", "c2"},
+		"scope.name":      []string{"n1", "*/*"},
+		"scope.kind":      []string{"deployment"},
+		"scope.other":     []string{""},
+	})
+	assert.NoError(t, err)
+	assert.Equal(t, "http://localhost:8080/api/v1/armoVulnerabilityExceptions?customerGUID=abc&scope.cluster=c1&scope.cluster=c2&scope.kind=deployment&scope.name=n1&scope.name=%2A%2F%2A&scope.namespace=kube-system&scope.namespace=%2A%2F%2A&scope.other=", url.String())
+}
+
 func Test_getCVEExceptionsURL(t *testing.T) {
 	url, err := getCVEExceptionsURL("http://localhost:8080", "abc", &identifiers.PortalDesignator{
 		Attributes: map[string]string{

diff --git a/pkg/versioncheck/versioncheck_test.go b/pkg/versioncheck/versioncheck_test.go
@@ -87,7 +87,7 @@ func TestVersionCheckHandler_getLatestVersion(t *testing.T) {
 			},
 			want: &VersionCheckResponse{
 				Client:       "kubescape",
-				ClientUpdate: "v3.0.0",
+				ClientUpdate: "v3.0.9",
 			},
 			wantErr: false,
 		},