Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: clean up and add data category UUID to data type #141

Merged
merged 8 commits into from
Nov 21, 2022
Merged

chore: clean up and add data category UUID to data type #141

merged 8 commits into from
Nov 21, 2022

Conversation

elsapet
Copy link
Contributor

@elsapet elsapet commented Nov 18, 2022
edited
Loading

Description

  • Clean up db.Datatype
  • Add data category UUID to data type, and use this to calculate policy severity instead of category name (more robust)

Changes:

  • output no longer includes category name or any UUIDs.

Examples:

Policies

[
  {
    "result": [
      {
        "data_type": "Physical Address",
        "filename": "temp.rb",
        "line_number": 2,
        "policy_description": "Logger leaks detected",
        "policy_id": "detect_ruby_logger",
        "policy_name": "Logger leaks",
        "severity": "high"
      },
      {
        "data_type": "Unique Identifier",
        "filename": "temp.rb",
        "line_number": 2,
        "policy_description": "Logger leaks detected",
        "policy_id": "detect_ruby_logger",
        "policy_name": "Logger leaks",
        "severity": "critical"
      }
    ]
  }
]

Dataflow

{
  "data_types": [
    {
      "name": "Physical Address",
      "detectors": [
        {
          "name": "ruby",
          "locations": [
            {
              "filename": "temp.rb",
              "line_number": 2
            }
          ]
        }
      ]
    }
  ],
  "risks": [
    {
      "detector_id": "detect_ruby_logger",
      "data_types": [
        {
          "name": "Physical Address",
          "stored": false,
          "locations": [
            {
              "filename": "temp.rb",
              "line_number": 2
            }
          ]
        },
        {
          "name": "Unique Identifier",
          "stored": false,
          "locations": [
            {
              "filename": "temp.rb",
              "line_number": 2
            }
          ]
        }
      ]
    }
  ],
  "components": []
}

Checklist

  • I've added test coverage that shows my fix or feature works as expected.
  • I've updated or added documentation if required.
  • I've included usage information in the description if CLI behavior was updated or added.
  • PR title follows Conventional Commits format

@swarmia
Copy link

swarmia bot commented Nov 18, 2022

✅  Linked to AMA-3205 · Add Data Type UUID and Default Data Category UUID
➡️  Part of AMA-3203 · Policies: OPA Implementation
➡️  Part of AMA-2947 · OSS - Curio CLI

@elsapet
Copy link
Contributor Author

elsapet commented Nov 18, 2022

@cfabianski not sure if we want the category UUID in the reports - or, in the opposite direction, if we want both the category UUID and the category name to be included. Any guidance or should I ask in Delibr?

@elsapet elsapet force-pushed the AMA-3205-add-data-type-uuid-and-default-data-category-uuid branch from 5deb2e8 to b9ff2ff Compare November 18, 2022 13:26
@cfabianski
Copy link
Collaborator

@cfabianski not sure if we want the category UUID in the reports - or, in the opposite direction, if we want both the category UUID and the category name to be included. Any guidance or should I ask in Delibr?

Let's leave a note in Delibr for sure but I think the report (in JSON) shouldn't include the UUID. This is more for internal purposes. I think we simply need to do something like json:"-" will do the trick so that we can use the UUID to have a more robust reconciliation but we would not display them in the report.
Does that make sense?

cfabianski
cfabianski previously approved these changes Nov 18, 2022
View reviewed changes
Copy link
Collaborator

@cfabianski cfabianski left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Apart from my comment, that looks good to me

@elsapet elsapet force-pushed the AMA-3205-add-data-type-uuid-and-default-data-category-uuid branch 2 times, most recently from 94706aa to 2ea3a0e Compare November 18, 2022 15:39
@elsapet elsapet marked this pull request as ready for review November 18, 2022 15:57
@cfabianski
Copy link
Collaborator

Q. Why do we have 2 datatypes for this line?
Can you maybe share the content of the temp.rb to double check that?

@elsapet
Copy link
Contributor Author

elsapet commented Nov 21, 2022

@cfabianski temp.rb looks like this

logger.info(user.address)

@elsapet elsapet force-pushed the AMA-3205-add-data-type-uuid-and-default-data-category-uuid branch from c3c8744 to 8374ad0 Compare November 21, 2022 07:15
@cfabianski
Copy link
Collaborator

@cfabianski temp.rb looks like this

logger.info(user.address)

So in that case, I don't really understand this

"data_type": "Unique Identifier",

😕

@elsapet elsapet merged commit 088f307 into main Nov 21, 2022
@elsapet elsapet deleted the AMA-3205-add-data-type-uuid-and-default-data-category-uuid branch November 21, 2022 15:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cfabianski cfabianski cfabianski approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@elsapet @cfabianski