forked from Tufin/oasdiff
-
Notifications
You must be signed in to change notification settings - Fork 0
/
check-components-security-updated.go
120 lines (101 loc) · 4.06 KB
/
check-components-security-updated.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
package checker
import (
"github.com/tufin/oasdiff/diff"
)
const (
APIComponentsSecurityRemovedId = "api-security-component-removed"
APIComponentsSecurityAddedId = "api-security-component-added"
APIComponentsSecurityComponentOauthUrlUpdatedId = "api-security-component-oauth-url-changed"
APIComponentsSecurityTypeUpdatedId = "api-security-component-type-changed"
APIComponentsSecurityOauthTokenUrlUpdatedId = "api-security-component-oauth-token-url-changed"
APIComponentSecurityOauthScopeAddedId = "api-security-component-oauth-scope-added"
APIComponentSecurityOauthScopeRemovedId = "api-security-component-oauth-scope-removed"
APIComponentSecurityOauthScopeUpdatedId = "api-security-component-oauth-scope-changed"
)
const ComponentSecuritySchemes = "securitySchemes"
func checkOAuthUpdates(updatedSecurity *diff.SecuritySchemeDiff, config *Config, updatedSecurityName string) Changes {
result := make(Changes, 0)
if updatedSecurity.OAuthFlowsDiff == nil {
return result
}
if updatedSecurity.OAuthFlowsDiff.ImplicitDiff == nil {
return result
}
if urlDiff := updatedSecurity.OAuthFlowsDiff.ImplicitDiff.AuthorizationURLDiff; urlDiff != nil {
result = append(result, ComponentChange{
Id: APIComponentsSecurityComponentOauthUrlUpdatedId,
Level: INFO,
Args: []any{updatedSecurityName, urlDiff.From, urlDiff.To},
Component: ComponentSecuritySchemes,
})
}
if tokenDiff := updatedSecurity.OAuthFlowsDiff.ImplicitDiff.TokenURLDiff; tokenDiff != nil {
result = append(result, ComponentChange{
Id: APIComponentsSecurityOauthTokenUrlUpdatedId,
Level: INFO,
Args: []any{updatedSecurityName, tokenDiff.From, tokenDiff.To},
Component: ComponentSecuritySchemes,
})
}
if scopesDiff := updatedSecurity.OAuthFlowsDiff.ImplicitDiff.ScopesDiff; scopesDiff != nil {
for _, addedScope := range scopesDiff.Added {
result = append(result, ComponentChange{
Id: APIComponentSecurityOauthScopeAddedId,
Level: INFO,
Args: []any{updatedSecurityName, addedScope},
Component: ComponentSecuritySchemes,
})
}
for _, removedScope := range scopesDiff.Deleted {
result = append(result, ComponentChange{
Id: APIComponentSecurityOauthScopeRemovedId,
Level: INFO,
Args: []any{updatedSecurityName, removedScope},
Component: ComponentSecuritySchemes,
})
}
for name, modifiedScope := range scopesDiff.Modified {
result = append(result, ComponentChange{
Id: APIComponentSecurityOauthScopeUpdatedId,
Level: INFO,
Args: []any{updatedSecurityName, name, modifiedScope.From, modifiedScope.To},
Component: ComponentSecuritySchemes,
})
}
}
return result
}
func APIComponentsSecurityUpdatedCheck(diffReport *diff.Diff, operationsSources *diff.OperationsSourcesMap, config *Config) Changes {
result := make(Changes, 0)
if diffReport.ComponentsDiff.SecuritySchemesDiff == nil {
return result
}
for _, updatedSecurity := range diffReport.ComponentsDiff.SecuritySchemesDiff.Added {
result = append(result, ComponentChange{
Id: APIComponentsSecurityAddedId,
Level: INFO,
Args: []any{updatedSecurity},
Component: ComponentSecuritySchemes,
})
}
for _, updatedSecurity := range diffReport.ComponentsDiff.SecuritySchemesDiff.Deleted {
result = append(result, ComponentChange{
Id: APIComponentsSecurityRemovedId,
Level: INFO,
Args: []any{updatedSecurity},
Component: ComponentSecuritySchemes,
})
}
for updatedSecurityName, updatedSecurity := range diffReport.ComponentsDiff.SecuritySchemesDiff.Modified {
result = append(result, checkOAuthUpdates(updatedSecurity, config, updatedSecurityName)...)
if updatedSecurity.TypeDiff != nil {
result = append(result, ComponentChange{
Id: APIComponentsSecurityTypeUpdatedId,
Level: INFO,
Args: []any{updatedSecurityName, updatedSecurity.TypeDiff.From, updatedSecurity.TypeDiff.To},
Component: ComponentSecuritySchemes,
})
}
}
return result
}