diff --git a/src/extensions/nginx-app-protect/nap/attack_signatures.go b/src/extensions/nginx-app-protect/nap/attack_signatures.go index a41aeb275..fc9a34368 100644 --- a/src/extensions/nginx-app-protect/nap/attack_signatures.go +++ b/src/extensions/nginx-app-protect/nap/attack_signatures.go @@ -6,6 +6,7 @@ import ( "time" "github.com/nginx/agent/v2/src/core" + "gopkg.in/yaml.v2" ) @@ -29,7 +30,7 @@ func getAttackSignaturesVersion(versionFile string) (string, error) { // Read bytes into object attackSigVersionDateTime := napRevisionDateTime{} - err = yaml.Unmarshal([]byte(versionBytes), &attackSigVersionDateTime) + err = yaml.UnmarshalStrict([]byte(versionBytes), &attackSigVersionDateTime) if err != nil { return "", err } diff --git a/src/extensions/nginx-app-protect/nap/attack_signatures_test.go b/src/extensions/nginx-app-protect/nap/attack_signatures_test.go index 37bd2daed..adc94a397 100644 --- a/src/extensions/nginx-app-protect/nap/attack_signatures_test.go +++ b/src/extensions/nginx-app-protect/nap/attack_signatures_test.go @@ -5,13 +5,15 @@ import ( "testing" "github.com/stretchr/testify/assert" - "gopkg.in/yaml.v2" + "github.com/stretchr/testify/require" ) const ( - testAttackSigVersionFile = "/tmp/test-attack-sigs-version.yaml" - testAttackSigDateTime = "2022-02-24T20:32:01Z" - testAttackSigVersion = "2022.02.24" + testAttackSigVersionFile = "/tmp/test-attack-sigs-version.yaml" + testAttackSigVersionFileContents = `--- +checksum: t+N7AHGIKPhdDwb8zMZh2w +filename: signatures.bin.tgz +revisionDatetime: 2022-02-24T20:32:01Z` ) func TestGetAttackSignaturesVersion(t *testing.T) { @@ -26,9 +28,9 @@ func TestGetAttackSignaturesVersion(t *testing.T) { testName: "AttackSignaturesInstalled", versionFile: testAttackSigVersionFile, attackSigDateTime: &napRevisionDateTime{ - RevisionDatetime: testAttackSigDateTime, + RevisionDatetime: "2022-02-24T20:32:01Z", }, - expVersion: testAttackSigVersion, + expVersion: "2022.02.24", expError: nil, }, { @@ -42,25 +44,18 @@ func TestGetAttackSignaturesVersion(t *testing.T) { for _, tc := range testCases { t.Run(tc.testName, func(t *testing.T) { - // Create a fake version file if required by test if tc.attackSigDateTime != nil { - yamlBytes, err := yaml.Marshal(tc.attackSigDateTime) - assert.Nil(t, err) - - err = os.WriteFile(tc.versionFile, yamlBytes, 0644) - assert.Nil(t, err) + err := os.WriteFile(tc.versionFile, []byte(testAttackSigVersionFileContents), 0644) + require.NoError(t, err) defer func() { err := os.Remove(tc.versionFile) - assert.Nil(t, err) + require.NoError(t, err) }() } - // Get attack signature version version version, err := getAttackSignaturesVersion(tc.versionFile) - - // Validate returned info assert.Equal(t, err, tc.expError) assert.Equal(t, tc.expVersion, version) }) diff --git a/src/extensions/nginx-app-protect/nap/errors.go b/src/extensions/nginx-app-protect/nap/errors.go index 66742b5e9..15a588aa6 100644 --- a/src/extensions/nginx-app-protect/nap/errors.go +++ b/src/extensions/nginx-app-protect/nap/errors.go @@ -1,8 +1,8 @@ package nap const ( - FILE_NOT_FOUND = "The following file could not be found - %s" - UNABLE_TO_MATCH_NAP_BUILD_VERSION = "Couldn't match the NAP build version (%s) to a supported NAP release..." - UNABLE_TO_FIND_RELEASE_VERION_INFO = "Unable to find NAP release info for supplied NAP release version - %s" - UNSUPPORTED_NAP_RELEASE_VERSION = "The supplied release version (%s) is not within the supported release versions - %v" + FILE_NOT_FOUND = "The following file could not be found - %s" + UNABLE_TO_MATCH_NAP_BUILD_VERSION = "Couldn't match the NAP build version (%s) to a supported NAP release..." + UNABLE_TO_FIND_RELEASE_VERSION_INFO = "Unable to find NAP release info for supplied NAP release version - %s" + UNSUPPORTED_NAP_RELEASE_VERSION = "The supplied release version (%s) is not within the supported release versions - %v" ) diff --git a/src/extensions/nginx-app-protect/nap/nap.go b/src/extensions/nginx-app-protect/nap/nap.go index 29df9a6f1..99f410e2c 100644 --- a/src/extensions/nginx-app-protect/nap/nap.go +++ b/src/extensions/nginx-app-protect/nap/nap.go @@ -18,7 +18,6 @@ var ( // the system then a NginxAppProtect object is still returned, the status field will be set // as MISSING and all other fields will be blank. func NewNginxAppProtect() (*NginxAppProtect, error) { - nap := &NginxAppProtect{ Status: "", Release: NAPRelease{}, @@ -69,12 +68,12 @@ func NewNginxAppProtect() (*NginxAppProtect, error) { // function returns. Additionally if any changes are detected the NAP object that called // this monitoring function will have its attributes updated to the new changes. Here are // examples of NAP changes that would be detected and communicated: -// - NAP installed/version changed -// - NAP started running -// - NAP stopped running -// - NAP version changed -// - Attack signature installed/version changed -// - Threat campaign installed/version changed +// - NAP installed/version changed +// - NAP started running +// - NAP stopped running +// - NAP version changed +// - Attack signature installed/version changed +// - Threat campaign installed/version changed func (nap *NginxAppProtect) Monitor(pollInterval time.Duration) chan NAPReportBundle { msgChannel := make(chan NAPReportBundle) go nap.monitor(msgChannel, pollInterval) diff --git a/src/extensions/nginx-app-protect/nap/nap_release.go b/src/extensions/nginx-app-protect/nap/nap_release.go index c760112da..2c0af6dfa 100644 --- a/src/extensions/nginx-app-protect/nap/nap_release.go +++ b/src/extensions/nginx-app-protect/nap/nap_release.go @@ -37,7 +37,7 @@ func NAPReleaseInfo(napReleaseVersion string) (*NAPRelease, error) { napRelease, exists := NewNAPReleaseMap().ReleaseMap[napReleaseVersion] if !exists { // Couldn't find details for supplied version - msg := fmt.Sprintf(UNABLE_TO_FIND_RELEASE_VERION_INFO, napReleaseVersion) + msg := fmt.Sprintf(UNABLE_TO_FIND_RELEASE_VERSION_INFO, napReleaseVersion) logger.Error(msg) return nil, errors.New(msg) } diff --git a/src/extensions/nginx-app-protect/nap/nap_release_test.go b/src/extensions/nginx-app-protect/nap/nap_release_test.go index 764998ed2..477da53b3 100644 --- a/src/extensions/nginx-app-protect/nap/nap_release_test.go +++ b/src/extensions/nginx-app-protect/nap/nap_release_test.go @@ -36,7 +36,7 @@ func TestNAPReleaseInfo(t *testing.T) { testName: "InvalidNAPRelease", napReleaseVersion: "invalid-release", expReleaseVersion: nil, - expError: fmt.Errorf(UNABLE_TO_FIND_RELEASE_VERION_INFO, "invalid-release"), + expError: fmt.Errorf(UNABLE_TO_FIND_RELEASE_VERSION_INFO, "invalid-release"), }, } diff --git a/src/extensions/nginx-app-protect/nap/threat_campaigns.go b/src/extensions/nginx-app-protect/nap/threat_campaigns.go index a7021f15c..a6cdf0b4a 100644 --- a/src/extensions/nginx-app-protect/nap/threat_campaigns.go +++ b/src/extensions/nginx-app-protect/nap/threat_campaigns.go @@ -6,6 +6,7 @@ import ( "time" "github.com/nginx/agent/v2/src/core" + "gopkg.in/yaml.v2" ) @@ -29,7 +30,7 @@ func getThreatCampaignsVersion(versionFile string) (string, error) { // Read bytes into object threatCampVersionDateTime := napRevisionDateTime{} - err = yaml.Unmarshal([]byte(versionBytes), &threatCampVersionDateTime) + err = yaml.UnmarshalStrict([]byte(versionBytes), &threatCampVersionDateTime) if err != nil { return "", err } diff --git a/src/extensions/nginx-app-protect/nap/threat_campaigns_test.go b/src/extensions/nginx-app-protect/nap/threat_campaigns_test.go index e918a6bba..fe376b703 100644 --- a/src/extensions/nginx-app-protect/nap/threat_campaigns_test.go +++ b/src/extensions/nginx-app-protect/nap/threat_campaigns_test.go @@ -5,13 +5,15 @@ import ( "testing" "github.com/stretchr/testify/assert" - "gopkg.in/yaml.v2" + "github.com/stretchr/testify/require" ) const ( - testThreatCampaignsVersionFile = "/tmp/test-threat-campaigns-version.yaml" - testThreatCampaignsDateTime = "2022-03-01T20:32:01Z" - testThreatCampaignsVersion = "2022.03.01" + testThreatCampaignsVersionFile = "/tmp/test-threat-campaigns-version.yaml" + testThreatCampaignsVersionFileContents = `--- +checksum: ALCdgk8CQgQQLRJ1ydZA4g +filename: threat_campaigns.bin.tgz +revisionDatetime: 2022-03-01T20:32:01Z` ) func TestGetThreatCampaignsVersion(t *testing.T) { @@ -26,9 +28,9 @@ func TestGetThreatCampaignsVersion(t *testing.T) { testName: "ThreatCampaignsInstalled", versionFile: testThreatCampaignsVersionFile, threatCampaignDateTime: &napRevisionDateTime{ - RevisionDatetime: testThreatCampaignsDateTime, + RevisionDatetime: "2022-03-01T20:32:01Z", }, - expVersion: testThreatCampaignsVersion, + expVersion: "2022.03.01", expError: nil, }, { @@ -44,22 +46,16 @@ func TestGetThreatCampaignsVersion(t *testing.T) { t.Run(tc.testName, func(t *testing.T) { // Create a fake version file if required by test if tc.threatCampaignDateTime != nil { - yamlBytes, err := yaml.Marshal(tc.threatCampaignDateTime) - assert.Nil(t, err) - - err = os.WriteFile(tc.versionFile, yamlBytes, 0644) - assert.Nil(t, err) + err := os.WriteFile(tc.versionFile, []byte(testThreatCampaignsVersionFileContents), 0644) + require.NoError(t, err) defer func() { err := os.Remove(tc.versionFile) - assert.Nil(t, err) + require.NoError(t, err) }() } - // Get threat campaign version version, err := getThreatCampaignsVersion(tc.versionFile) - - // Validate returned info assert.Equal(t, err, tc.expError) assert.Equal(t, tc.expVersion, version) }) diff --git a/src/extensions/nginx-app-protect/nap/types.go b/src/extensions/nginx-app-protect/nap/types.go index dc6cd37cf..07ae1806b 100644 --- a/src/extensions/nginx-app-protect/nap/types.go +++ b/src/extensions/nginx-app-protect/nap/types.go @@ -75,4 +75,6 @@ type NAPReleaseMap struct { // captured in their yaml files under the field "revisionDatetime". type napRevisionDateTime struct { RevisionDatetime string `yaml:"revisionDatetime,omitempty"` + Checksum string `yaml:"checksum,omitempty"` + Filename string `yaml:"filename,omitempty"` } diff --git a/test/performance/vendor/github.com/nginx/agent/v2/src/extensions/nginx-app-protect/nap/attack_signatures.go b/test/performance/vendor/github.com/nginx/agent/v2/src/extensions/nginx-app-protect/nap/attack_signatures.go index a41aeb275..fc9a34368 100644 --- a/test/performance/vendor/github.com/nginx/agent/v2/src/extensions/nginx-app-protect/nap/attack_signatures.go +++ b/test/performance/vendor/github.com/nginx/agent/v2/src/extensions/nginx-app-protect/nap/attack_signatures.go @@ -6,6 +6,7 @@ import ( "time" "github.com/nginx/agent/v2/src/core" + "gopkg.in/yaml.v2" ) @@ -29,7 +30,7 @@ func getAttackSignaturesVersion(versionFile string) (string, error) { // Read bytes into object attackSigVersionDateTime := napRevisionDateTime{} - err = yaml.Unmarshal([]byte(versionBytes), &attackSigVersionDateTime) + err = yaml.UnmarshalStrict([]byte(versionBytes), &attackSigVersionDateTime) if err != nil { return "", err } diff --git a/test/performance/vendor/github.com/nginx/agent/v2/src/extensions/nginx-app-protect/nap/errors.go b/test/performance/vendor/github.com/nginx/agent/v2/src/extensions/nginx-app-protect/nap/errors.go index 66742b5e9..15a588aa6 100644 --- a/test/performance/vendor/github.com/nginx/agent/v2/src/extensions/nginx-app-protect/nap/errors.go +++ b/test/performance/vendor/github.com/nginx/agent/v2/src/extensions/nginx-app-protect/nap/errors.go @@ -1,8 +1,8 @@ package nap const ( - FILE_NOT_FOUND = "The following file could not be found - %s" - UNABLE_TO_MATCH_NAP_BUILD_VERSION = "Couldn't match the NAP build version (%s) to a supported NAP release..." - UNABLE_TO_FIND_RELEASE_VERION_INFO = "Unable to find NAP release info for supplied NAP release version - %s" - UNSUPPORTED_NAP_RELEASE_VERSION = "The supplied release version (%s) is not within the supported release versions - %v" + FILE_NOT_FOUND = "The following file could not be found - %s" + UNABLE_TO_MATCH_NAP_BUILD_VERSION = "Couldn't match the NAP build version (%s) to a supported NAP release..." + UNABLE_TO_FIND_RELEASE_VERSION_INFO = "Unable to find NAP release info for supplied NAP release version - %s" + UNSUPPORTED_NAP_RELEASE_VERSION = "The supplied release version (%s) is not within the supported release versions - %v" ) diff --git a/test/performance/vendor/github.com/nginx/agent/v2/src/extensions/nginx-app-protect/nap/nap.go b/test/performance/vendor/github.com/nginx/agent/v2/src/extensions/nginx-app-protect/nap/nap.go index 29df9a6f1..99f410e2c 100644 --- a/test/performance/vendor/github.com/nginx/agent/v2/src/extensions/nginx-app-protect/nap/nap.go +++ b/test/performance/vendor/github.com/nginx/agent/v2/src/extensions/nginx-app-protect/nap/nap.go @@ -18,7 +18,6 @@ var ( // the system then a NginxAppProtect object is still returned, the status field will be set // as MISSING and all other fields will be blank. func NewNginxAppProtect() (*NginxAppProtect, error) { - nap := &NginxAppProtect{ Status: "", Release: NAPRelease{}, @@ -69,12 +68,12 @@ func NewNginxAppProtect() (*NginxAppProtect, error) { // function returns. Additionally if any changes are detected the NAP object that called // this monitoring function will have its attributes updated to the new changes. Here are // examples of NAP changes that would be detected and communicated: -// - NAP installed/version changed -// - NAP started running -// - NAP stopped running -// - NAP version changed -// - Attack signature installed/version changed -// - Threat campaign installed/version changed +// - NAP installed/version changed +// - NAP started running +// - NAP stopped running +// - NAP version changed +// - Attack signature installed/version changed +// - Threat campaign installed/version changed func (nap *NginxAppProtect) Monitor(pollInterval time.Duration) chan NAPReportBundle { msgChannel := make(chan NAPReportBundle) go nap.monitor(msgChannel, pollInterval) diff --git a/test/performance/vendor/github.com/nginx/agent/v2/src/extensions/nginx-app-protect/nap/nap_release.go b/test/performance/vendor/github.com/nginx/agent/v2/src/extensions/nginx-app-protect/nap/nap_release.go index c760112da..2c0af6dfa 100644 --- a/test/performance/vendor/github.com/nginx/agent/v2/src/extensions/nginx-app-protect/nap/nap_release.go +++ b/test/performance/vendor/github.com/nginx/agent/v2/src/extensions/nginx-app-protect/nap/nap_release.go @@ -37,7 +37,7 @@ func NAPReleaseInfo(napReleaseVersion string) (*NAPRelease, error) { napRelease, exists := NewNAPReleaseMap().ReleaseMap[napReleaseVersion] if !exists { // Couldn't find details for supplied version - msg := fmt.Sprintf(UNABLE_TO_FIND_RELEASE_VERION_INFO, napReleaseVersion) + msg := fmt.Sprintf(UNABLE_TO_FIND_RELEASE_VERSION_INFO, napReleaseVersion) logger.Error(msg) return nil, errors.New(msg) } diff --git a/test/performance/vendor/github.com/nginx/agent/v2/src/extensions/nginx-app-protect/nap/threat_campaigns.go b/test/performance/vendor/github.com/nginx/agent/v2/src/extensions/nginx-app-protect/nap/threat_campaigns.go index a7021f15c..a6cdf0b4a 100644 --- a/test/performance/vendor/github.com/nginx/agent/v2/src/extensions/nginx-app-protect/nap/threat_campaigns.go +++ b/test/performance/vendor/github.com/nginx/agent/v2/src/extensions/nginx-app-protect/nap/threat_campaigns.go @@ -6,6 +6,7 @@ import ( "time" "github.com/nginx/agent/v2/src/core" + "gopkg.in/yaml.v2" ) @@ -29,7 +30,7 @@ func getThreatCampaignsVersion(versionFile string) (string, error) { // Read bytes into object threatCampVersionDateTime := napRevisionDateTime{} - err = yaml.Unmarshal([]byte(versionBytes), &threatCampVersionDateTime) + err = yaml.UnmarshalStrict([]byte(versionBytes), &threatCampVersionDateTime) if err != nil { return "", err } diff --git a/test/performance/vendor/github.com/nginx/agent/v2/src/extensions/nginx-app-protect/nap/types.go b/test/performance/vendor/github.com/nginx/agent/v2/src/extensions/nginx-app-protect/nap/types.go index dc6cd37cf..07ae1806b 100644 --- a/test/performance/vendor/github.com/nginx/agent/v2/src/extensions/nginx-app-protect/nap/types.go +++ b/test/performance/vendor/github.com/nginx/agent/v2/src/extensions/nginx-app-protect/nap/types.go @@ -75,4 +75,6 @@ type NAPReleaseMap struct { // captured in their yaml files under the field "revisionDatetime". type napRevisionDateTime struct { RevisionDatetime string `yaml:"revisionDatetime,omitempty"` + Checksum string `yaml:"checksum,omitempty"` + Filename string `yaml:"filename,omitempty"` }