In [19]:
import pandas as pd
from kalm_benchmark.evaluation.evaluation import load_benchmark, Col

In [20]:
df_bench = load_benchmark(with_categories=True)

In [21]:
def get_base_check_id(check_id: str) -> str:
    if check_id.count('-') == 1:
        # no variant present -> check_id is base_check_id
        return check_id
    base_id, variant = check_id.rsplit("-", maxsplit=1)
    return base_id

In [22]:
def get_pretty_name(r: pd.Series):
    name = r[Col.Name].replace(f"{r[Col.CheckId].lower()}-", "")
    return name.replace("-", " ").title()

In [23]:
PRETTY_NAME = "pretty_name"
df_bench[PRETTY_NAME] = df_bench.apply(get_pretty_name, axis=1)

In [24]:
BASE_CHECK_ID = "base_check_id"
df_bench[BASE_CHECK_ID] = df_bench.check_id.map(get_base_check_id)

In [25]:
df_bench.head()

Unnamed: 0,check_id,name,expected,description,path_to_check,category,pretty_name,base_check_id
0,RES-007-0,res-007-0-no-limitrange-object-for-namespace,alert,,LimitRange.metadata.namespace|.metadata.namespace,Reliability,No Limitrange Object For Namespace,RES-007
1,RES-007-1,res-007-1-no-default-cpu-request-for-namespace,alert,,LimitRange.spec.limits.defaultRequest.cpu|.spe...,Reliability,No Default Cpu Request For Namespace,RES-007
2,RES-007-2,res-007-2-no-default-cpu-limits-for-namespace,alert,,LimitRange.spec.limits.default.cpu|.spec.limit...,Reliability,No Default Cpu Limits For Namespace,RES-007
3,RES-007-3,res-007-3-no-cpu-limits-for-namespace,alert,,LimitRange.spec.limits.min.cpu|LimitRange.spec...,Reliability,No Cpu Limits For Namespace,RES-007
4,RES-008-1,res-008-1-no-default-memory-request-for-namespace,alert,,LimitRange.spec.limits.defaultRequest.memory|....,Reliability,No Default Memory Request For Namespace,RES-008


In [26]:
df_overview = df_bench.groupby(by=[Col.Category, BASE_CHECK_ID]).aggregate(name=pd.NamedAgg(PRETTY_NAME, "first"), num_variants= pd.NamedAgg(Col.CheckId, 'count'))

In [27]:
pd.options.display.max_rows = 1000
print(df_overview.to_latex(caption="An overview of all generated checks"))

\begin{table}
\caption{An overview of all generated checks}
\begin{tabular}{lllr}
\toprule
 &  & name & num_variants \\
category & base_check_id &  &  \\
\midrule
DataSecurity & CM-001 & Sensitive Key Referenced In Configmap & 1 \\
\cline{1-4}
\multirow[t]{17}{*}{IAM} & RBAC-001 & Use Cluster Admin Role & 2 \\
 & RBAC-002 & Read Access To Secrets & 6 \\
 & RBAC-003 & Role Use Resource Wildcard & 6 \\
 & RBAC-004 & Role Creates Pods & 2 \\
 & RBAC-005 & Role Attaches To Pods & 2 \\
 & RBAC-006 & Role Exec Into Pods & 2 \\
 & RBAC-007 & Role Binds Default Serviceaccount & 2 \\
 & RBAC-008 & Role Port Forward Pods & 6 \\
 & RBAC-009 & Role Impersonation & 2 \\
 & RBAC-010 & Role Manages Rbac & 8 \\
 & RBAC-012 & Role Info Disclosure & 6 \\
 & RBAC-013 & Role Destructive & 4 \\
 & RBAC-014 & Role Event Deletion & 4 \\
 & RBAC-015 & Role Core Dns Poisoning & 4 \\
 & RBAC-016 & Serviceaccount Without Binding & 1 \\
 & RBAC-017 & Too Many Roles Per Subject & 1 \\
 & RBAC-020 & Role Manages Rb

In [28]:
df_overview


Unnamed: 0_level_0,Unnamed: 1_level_0,name,num_variants
category,base_check_id,Unnamed: 2_level_1,Unnamed: 3_level_1
DataSecurity,CM-001,Sensitive Key Referenced In Configmap,1
IAM,RBAC-001,Use Cluster Admin Role,2
IAM,RBAC-002,Read Access To Secrets,6
IAM,RBAC-003,Role Use Resource Wildcard,6
IAM,RBAC-004,Role Creates Pods,2
IAM,RBAC-005,Role Attaches To Pods,2
IAM,RBAC-006,Role Exec Into Pods,2
IAM,RBAC-007,Role Binds Default Serviceaccount,2
IAM,RBAC-008,Role Port Forward Pods,6
IAM,RBAC-009,Role Impersonation,2
