Merge pull request #151 from kubescape/FixByNP

add func IsFixedByNetworkPolicy
kubescape · Mar 13, 2024 · d0cb0db · d0cb0db
2 parents 579a594 + 3633bc3
commit d0cb0db
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 1 deletion.
diff --git a/reporthandling/datastructuresmethods.go b/reporthandling/datastructuresmethods.go
@@ -12,7 +12,10 @@ import (
 	"golang.org/x/exp/slices"
 )
 
-const ActionRequiredAttribute string = "actionRequired"
+const (
+	ActionRequiredAttribute                   string = "actionRequired"
+	ControlAttributeKeyIsFixedByNetworkPolicy string = "isFixedByNetworkPolicy"
+)
 
 // ==============================================================================================
 // ========================== PostureReport =====================================================
@@ -443,6 +446,19 @@ func (control *Control) GetControlTypeTags() []string {
 	return []string{}
 }
 
+// returns true if control has attribute "isFixedByNetworkPolicy" and its value is true
+func (control *Control) IsFixedByNetworkPolicy() bool {
+	if control.Attributes == nil {
+		return false
+	}
+	if v, exist := control.Attributes[ControlAttributeKeyIsFixedByNetworkPolicy]; exist {
+		if isFixedByNetworkPolicy, ok := v.(bool); ok {
+			return isFixedByNetworkPolicy
+		}
+	}
+	return false
+}
+
 func (control *Control) SupportSmartRemediation() bool {
 	typeTags := control.GetControlTypeTags()
 	return slices.Contains(typeTags, v1alpha1.ControlTypeTagSmartRemediation)

diff --git a/reporthandling/datastructuresmethods_test.go b/reporthandling/datastructuresmethods_test.go
@@ -192,3 +192,22 @@ func TestControl_GetControlTypeTags(t *testing.T) {
 	assert.NoError(t, err, err)
 	assert.Equal(t, []string{}, missingAttributeControl.GetControlTypeTags())
 }
+
+func TestControl_IsFixedByNetworkPolicy(t *testing.T) {
+	validControlJsonNoAttributes := `{"name":"TEST","description":"","remediation":"","rulesNames":["CVE-2022-0185"],"id":"C-0079","long_description":"","test":"","controlID":"C-0079","baseScore":4,"example":""}`
+	var validControl Control
+	err := json.Unmarshal([]byte(validControlJsonNoAttributes), &validControl)
+	assert.NoError(t, err, err)
+	assert.False(t, validControl.IsFixedByNetworkPolicy())
+
+	validControlJson := `{"name":"TEST","attributes":{"controlTypeTags":["security","compliance"],"isFixedByNetworkPolicy":true, "attackTracks":[{"attackTrack": "network","categories": ["Eavesdropping","Spoofing"]}]},"description":"","remediation":"","rulesNames":["CVE-2022-0185"],"id":"C-0079","long_description":"","test":"","controlID":"C-0079","baseScore":4,"example":""}`
+	err = json.Unmarshal([]byte(validControlJson), &validControl)
+	assert.NoError(t, err, err)
+	assert.True(t, validControl.IsFixedByNetworkPolicy())
+
+	missingAttributeControlJson := `{"name":"TEST","attributes":{"controlTypeTags":["security","compliance"]},"description":"","remediation":"","rulesNames":["CVE-2022-0185"],"id":"C-0079","long_description":"","test":"","controlID":"C-0079","baseScore":4,"example":""}`
+	var missingAttributeControl Control
+	err = json.Unmarshal([]byte(missingAttributeControlJson), &missingAttributeControl)
+	assert.NoError(t, err, err)
+	assert.False(t, missingAttributeControl.IsFixedByNetworkPolicy())
+}