-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Custom finding type classifier securityhub #4116
Custom finding type classifier securityhub #4116
Conversation
Thanks for the pull request! i didn't realize this could be customized. If you don't mind could you sign the CLA at the bottom of the README? Direct link here: https://docs.google.com/forms/d/e/1FAIpQLSfwtl1s6KmpLhCY6CjiY8nFZshDwf_wrmNYx1ahpsNFXXmHKw/viewform |
Done and signed! I noticed a check is failing. Is there anything I can do to fix this? |
re failing check its mostly a question of adding in a unit test that uses this functionality. i'm wondering if we want to just make the types free form, and only enforce top level namespace. ie let the user define category and classifier themselves. from the referenced doc page
|
True, but then the questions is about how to map the the categories / classifiers to namespaces. EDIT: this one is better types={
"type": "array",
"items": {
"oneOf": [
{
"type": "object",
"required": [
"namespace"
],
"properties": {
"namespace": {
"type": "string",
"enum": build_vocabulary()
},
"category": {
"type": "string"
}
}
},
{
"type": "object",
"required": [
"namespace",
"category"
],
"properties": {
"namespace": {
"type": "string",
"enum": build_vocabulary()
},
"category": {
"type": "string"
},
"classifier": {
"type": "string"
}
}
}
]
}
} will update later today or tomorrow :) |
Thats interesting re array of dicts, although its worthwhile noting we have backward compatibilities guarantees to adhere to as well. is there any particular value in splitting out the components (besides less horizontal scrolling ;-)? we could just do a custom validator in code to assert the namespace prefix matches up to the defined vocabulary and let the user continue to use strings. |
6026dee
to
5b644c9
Compare
5b644c9
to
af29024
Compare
thanks looks good, i think we want to move that check into the validate method on the action, and then add a test and this should be good to go. i can tackle that later this week if you don't get to it first. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm, i went ahead added in a unit test for coverage and removed the unused category/classifier static definitions
add type_classifier key for security hub which will be appended to all finding types that both have a namespace and a category already set.
Note that this is an 'all or nothing' approach for type classifiers (either all types get the classifier appended or none), but IMO this is not a bad thing.
Original issue #4115: