nginx · oliveromahony · Oct 24, 2022 · Oct 14, 2022 · Oct 14, 2022 · Oct 14, 2022
@@ -6,6 +6,7 @@ import (
 	"time"
 
 	"github.com/nginx/agent/v2/src/core"
+
 	"gopkg.in/yaml.v2"
 )
 
@@ -29,7 +30,7 @@ func getAttackSignaturesVersion(versionFile string) (string, error) {
 
 	// Read bytes into object
 	attackSigVersionDateTime := napRevisionDateTime{}
-	err = yaml.Unmarshal([]byte(versionBytes), &attackSigVersionDateTime)
+	err = yaml.UnmarshalStrict([]byte(versionBytes), &attackSigVersionDateTime)
 	if err != nil {
 		return "", err
 	}

@@ -5,13 +5,15 @@ import (
 	"testing"
 
 	"github.com/stretchr/testify/assert"
-	"gopkg.in/yaml.v2"
+	"github.com/stretchr/testify/require"
 )
 
 const (
-	testAttackSigVersionFile = "/tmp/test-attack-sigs-version.yaml"
-	testAttackSigDateTime    = "2022-02-24T20:32:01Z"
-	testAttackSigVersion     = "2022.02.24"
+	testAttackSigVersionFile         = "/tmp/test-attack-sigs-version.yaml"
+	testAttackSigVersionFileContents = `---
+checksum: t+N7AHGIKPhdDwb8zMZh2w
+filename: signatures.bin.tgz
+revisionDatetime: 2022-02-24T20:32:01Z`
 )
 
 func TestGetAttackSignaturesVersion(t *testing.T) {
@@ -26,9 +28,9 @@ func TestGetAttackSignaturesVersion(t *testing.T) {
 			testName:    "AttackSignaturesInstalled",
 			versionFile: testAttackSigVersionFile,
 			attackSigDateTime: &napRevisionDateTime{
-				RevisionDatetime: testAttackSigDateTime,
+				RevisionDatetime: "2022-02-24T20:32:01Z",
 			},
-			expVersion: testAttackSigVersion,
+			expVersion: "2022.02.24",
 			expError:   nil,
 		},
 		{
@@ -42,25 +44,18 @@ func TestGetAttackSignaturesVersion(t *testing.T) {
 
 	for _, tc := range testCases {
 		t.Run(tc.testName, func(t *testing.T) {
-
 			// Create a fake version file if required by test
 			if tc.attackSigDateTime != nil {
-				yamlBytes, err := yaml.Marshal(tc.attackSigDateTime)
-				assert.Nil(t, err)
-
-				err = os.WriteFile(tc.versionFile, yamlBytes, 0644)
-				assert.Nil(t, err)
+				err := os.WriteFile(tc.versionFile, []byte(testAttackSigVersionFileContents), 0644)
+				require.NoError(t, err)
 
 				defer func() {
 					err := os.Remove(tc.versionFile)
-					assert.Nil(t, err)
+					require.NoError(t, err)
 				}()
 			}
 
-			// Get attack signature version version
 			version, err := getAttackSignaturesVersion(tc.versionFile)
-
-			// Validate returned info
 			assert.Equal(t, err, tc.expError)
 			assert.Equal(t, tc.expVersion, version)
 		})

@@ -1,8 +1,8 @@
 package nap
 
 const (
-	FILE_NOT_FOUND                     = "The following file could not be found - %s"
-	UNABLE_TO_MATCH_NAP_BUILD_VERSION  = "Couldn't match the NAP build version (%s) to a supported NAP release..."
-	UNABLE_TO_FIND_RELEASE_VERION_INFO = "Unable to find NAP release info for supplied NAP release version - %s"
-	UNSUPPORTED_NAP_RELEASE_VERSION    = "The supplied release version (%s) is not within the supported release versions - %v"
+	FILE_NOT_FOUND                      = "The following file could not be found - %s"
+	UNABLE_TO_MATCH_NAP_BUILD_VERSION   = "Couldn't match the NAP build version (%s) to a supported NAP release..."
+	UNABLE_TO_FIND_RELEASE_VERSION_INFO = "Unable to find NAP release info for supplied NAP release version - %s"
+	UNSUPPORTED_NAP_RELEASE_VERSION     = "The supplied release version (%s) is not within the supported release versions - %v"
 )
@@ -18,7 +18,6 @@ var (
 // the system then a NginxAppProtect object is still returned, the status field will be set
 // as MISSING and all other fields will be blank.
 func NewNginxAppProtect() (*NginxAppProtect, error) {
-
 	nap := &NginxAppProtect{
 		Status:                  "",
 		Release:                 NAPRelease{},
@@ -69,12 +68,12 @@ func NewNginxAppProtect() (*NginxAppProtect, error) {
 // function returns. Additionally if any changes are detected the NAP object that called
 // this monitoring function will have its attributes updated to the new changes. Here are
 // examples of NAP changes that would be detected and communicated:
-//	- NAP installed/version changed
-//	- NAP started running
-//	- NAP stopped running
-//	- NAP version changed
-//	- Attack signature installed/version changed
-//	- Threat campaign installed/version changed
+//   - NAP installed/version changed
+//   - NAP started running
+//   - NAP stopped running
+//   - NAP version changed
+//   - Attack signature installed/version changed
+//   - Threat campaign installed/version changed
 func (nap *NginxAppProtect) Monitor(pollInterval time.Duration) chan NAPReportBundle {
 	msgChannel := make(chan NAPReportBundle)
 	go nap.monitor(msgChannel, pollInterval)

@@ -37,7 +37,7 @@ func NAPReleaseInfo(napReleaseVersion string) (*NAPRelease, error) {
 	napRelease, exists := NewNAPReleaseMap().ReleaseMap[napReleaseVersion]
 	if !exists {
 		// Couldn't find details for supplied version
-		msg := fmt.Sprintf(UNABLE_TO_FIND_RELEASE_VERION_INFO, napReleaseVersion)
+		msg := fmt.Sprintf(UNABLE_TO_FIND_RELEASE_VERSION_INFO, napReleaseVersion)
 		logger.Error(msg)
 		return nil, errors.New(msg)
 	}

@@ -36,7 +36,7 @@ func TestNAPReleaseInfo(t *testing.T) {
 			testName:          "InvalidNAPRelease",
 			napReleaseVersion: "invalid-release",
 			expReleaseVersion: nil,
-			expError:          fmt.Errorf(UNABLE_TO_FIND_RELEASE_VERION_INFO, "invalid-release"),
+			expError:          fmt.Errorf(UNABLE_TO_FIND_RELEASE_VERSION_INFO, "invalid-release"),
 		},
 	}
 

@@ -6,6 +6,7 @@ import (
 	"time"
 
 	"github.com/nginx/agent/v2/src/core"
+
 	"gopkg.in/yaml.v2"
 )
 
@@ -29,7 +30,7 @@ func getThreatCampaignsVersion(versionFile string) (string, error) {
 
 	// Read bytes into object
 	threatCampVersionDateTime := napRevisionDateTime{}
-	err = yaml.Unmarshal([]byte(versionBytes), &threatCampVersionDateTime)
+	err = yaml.UnmarshalStrict([]byte(versionBytes), &threatCampVersionDateTime)
 	if err != nil {
 		return "", err
 	}

@@ -5,13 +5,15 @@ import (
 	"testing"
 
 	"github.com/stretchr/testify/assert"
-	"gopkg.in/yaml.v2"
+	"github.com/stretchr/testify/require"
 )
 
 const (
-	testThreatCampaignsVersionFile = "/tmp/test-threat-campaigns-version.yaml"
-	testThreatCampaignsDateTime    = "2022-03-01T20:32:01Z"
-	testThreatCampaignsVersion     = "2022.03.01"
+	testThreatCampaignsVersionFile         = "/tmp/test-threat-campaigns-version.yaml"
+	testThreatCampaignsVersionFileContents = `---
+checksum: ALCdgk8CQgQQLRJ1ydZA4g
+filename: threat_campaigns.bin.tgz
+revisionDatetime: 2022-03-01T20:32:01Z`
 )
 
 func TestGetThreatCampaignsVersion(t *testing.T) {
@@ -26,9 +28,9 @@ func TestGetThreatCampaignsVersion(t *testing.T) {
 			testName:    "ThreatCampaignsInstalled",
 			versionFile: testThreatCampaignsVersionFile,
 			threatCampaignDateTime: &napRevisionDateTime{
-				RevisionDatetime: testThreatCampaignsDateTime,
+				RevisionDatetime: "2022-03-01T20:32:01Z",
 			},
-			expVersion: testThreatCampaignsVersion,
+			expVersion: "2022.03.01",
 			expError:   nil,
 		},
 		{
@@ -44,22 +46,16 @@ func TestGetThreatCampaignsVersion(t *testing.T) {
 		t.Run(tc.testName, func(t *testing.T) {
 			// Create a fake version file if required by test
 			if tc.threatCampaignDateTime != nil {
-				yamlBytes, err := yaml.Marshal(tc.threatCampaignDateTime)
-				assert.Nil(t, err)
-
-				err = os.WriteFile(tc.versionFile, yamlBytes, 0644)
-				assert.Nil(t, err)
+				err := os.WriteFile(tc.versionFile, []byte(testThreatCampaignsVersionFileContents), 0644)
+				require.NoError(t, err)
 
 				defer func() {
 					err := os.Remove(tc.versionFile)
-					assert.Nil(t, err)
+					require.NoError(t, err)
 				}()
 			}
 
-			// Get threat campaign version
 			version, err := getThreatCampaignsVersion(tc.versionFile)
-
-			// Validate returned info
 			assert.Equal(t, err, tc.expError)
 			assert.Equal(t, tc.expVersion, version)
 		})

@@ -75,4 +75,6 @@ type NAPReleaseMap struct {
 // captured in their yaml files under the field "revisionDatetime".
 type napRevisionDateTime struct {
 	RevisionDatetime string `yaml:"revisionDatetime,omitempty"`
+	Checksum         string `yaml:"checksum,omitempty"`
+	Filename         string `yaml:"filename,omitempty"`
 }