Merge pull request #80 from underdog-tech/feat/consolidated-config

feat: Move ecosystem and severity code into config package
underdog-tech · Aug 30, 2023 · 1f47ce6 · 1f47ce6
2 parents f5d4675 + e57e2b2
commit 1f47ce6
Show file tree

Hide file tree

Showing 9 changed files with 151 additions and 126 deletions.
diff --git a/config/config.go b/config/config.go
@@ -10,16 +10,6 @@ import (
 	"github.com/spf13/viper"
 )
 
-type SeverityConfig struct {
-	Label       string
-	Slack_emoji string
-}
-
-type EcosystemConfig struct {
-	Label       string
-	Slack_emoji string
-}
-
 type TeamConfig struct {
 	Name          string
 	Github_slug   string

diff --git a/querying/ecosystems.go → config/ecosystems.go b/querying/ecosystems.go → config/ecosystems.go
@@ -1,4 +1,4 @@
-package querying
+package config
 
 type FindingEcosystemType string
 
@@ -18,3 +18,18 @@ const (
 	FindingEcosystemRust   FindingEcosystemType = "rust"
 	FindingEcosystemSwift  FindingEcosystemType = "swift"
 )
+
+func GetConsoleEcosystemIcons() map[FindingEcosystemType]string {
+	return map[FindingEcosystemType]string{
+		FindingEcosystemGo:     "🦦",
+		FindingEcosystemJava:   "🪶 ",
+		FindingEcosystemJS:     "⬢ ",
+		FindingEcosystemPython: "🐍",
+		FindingEcosystemRuby:   "♦️ ",
+	}
+}
+
+type EcosystemConfig struct {
+	Label       string
+	Slack_emoji string
+}
diff --git a/config/severities.go b/config/severities.go
@@ -0,0 +1,63 @@
+package config
+
+type FindingSeverityType uint8
+
+const (
+	FindingSeverityCritical FindingSeverityType = iota
+	FindingSeverityHigh
+	FindingSeverityModerate
+	FindingSeverityLow
+	FindingSeverityInfo
+	FindingSeverityUndefined
+)
+
+var SeverityNames = map[FindingSeverityType]string{
+	FindingSeverityCritical:  "Critical",
+	FindingSeverityHigh:      "High",
+	FindingSeverityModerate:  "Moderate",
+	FindingSeverityLow:       "Low",
+	FindingSeverityInfo:      "Info",
+	FindingSeverityUndefined: "Undefined",
+}
+
+// NewSeverityMap returns a map of finding severities all associated with a
+// value of 0, meant to be populated with a count of findings in the relevant
+// scope. Notably, this map does not include either "Info" or "Undefined"
+// severities, as these are only reported if present.
+func NewSeverityMap() map[FindingSeverityType]int {
+	return map[FindingSeverityType]int{
+		FindingSeverityCritical: 0,
+		FindingSeverityHigh:     0,
+		FindingSeverityModerate: 0,
+		FindingSeverityLow:      0,
+	}
+}
+
+// GetSeverityReportOrder returns the order in which we want to report severities.
+// This is necessary because we cannot declare a constant array in Go.
+func GetSeverityReportOrder() []FindingSeverityType {
+	return []FindingSeverityType{
+		FindingSeverityCritical,
+		FindingSeverityHigh,
+		FindingSeverityModerate,
+		FindingSeverityLow,
+		FindingSeverityInfo,
+		FindingSeverityUndefined,
+	}
+}
+
+func GetConsoleSeverityColors() map[FindingSeverityType]string {
+	return map[FindingSeverityType]string{
+		FindingSeverityCritical:  "#B21515",
+		FindingSeverityHigh:      "#D26C00",
+		FindingSeverityModerate:  "#FBD100",
+		FindingSeverityLow:       "#233EB5",
+		FindingSeverityInfo:      "#56B8F5",
+		FindingSeverityUndefined: "#CFD0D1",
+	}
+}
+
+type SeverityConfig struct {
+	Label       string
+	Slack_emoji string
+}
diff --git a/internal/summary.go b/internal/summary.go
@@ -5,46 +5,11 @@ import (
 	"github.com/underdog-tech/vulnbot/querying"
 )
 
-var SeverityNames = map[querying.FindingSeverityType]string{
-	querying.FindingSeverityCritical:  "Critical",
-	querying.FindingSeverityHigh:      "High",
-	querying.FindingSeverityModerate:  "Moderate",
-	querying.FindingSeverityLow:       "Low",
-	querying.FindingSeverityInfo:      "Info",
-	querying.FindingSeverityUndefined: "Undefined",
-}
-
-// NewSeverityMap returns a map of finding severities all associated with a
-// value of 0, meant to be populated with a count of findings in the relevant
-// scope. Notably, this map does not include either "Info" or "Undefined"
-// severities, as these are only reported if present.
-func NewSeverityMap() map[querying.FindingSeverityType]int {
-	return map[querying.FindingSeverityType]int{
-		querying.FindingSeverityCritical: 0,
-		querying.FindingSeverityHigh:     0,
-		querying.FindingSeverityModerate: 0,
-		querying.FindingSeverityLow:      0,
-	}
-}
-
-// GetSeverityReportOrder returns the order in which we want to report severities.
-// This is necessary because we cannot declare a constant array in Go.
-func GetSeverityReportOrder() []querying.FindingSeverityType {
-	return []querying.FindingSeverityType{
-		querying.FindingSeverityCritical,
-		querying.FindingSeverityHigh,
-		querying.FindingSeverityModerate,
-		querying.FindingSeverityLow,
-		querying.FindingSeverityInfo,
-		querying.FindingSeverityUndefined,
-	}
-}
-
 type FindingSummary struct {
 	TotalCount       int
 	AffectedRepos    int
-	VulnsByEcosystem map[querying.FindingEcosystemType]int
-	VulnsBySeverity  map[querying.FindingSeverityType]int
+	VulnsByEcosystem map[config.FindingEcosystemType]int
+	VulnsBySeverity  map[config.FindingSeverityType]int
 }
 
 type ProjectFindingSummary struct {
@@ -55,23 +20,23 @@ type ProjectFindingSummary struct {
 
 // GetHighestCriticality looks for the severity level of the most critical
 // vulnerability in a project.
-func (r FindingSummary) GetHighestCriticality() querying.FindingSeverityType {
-	severities := GetSeverityReportOrder()
+func (r FindingSummary) GetHighestCriticality() config.FindingSeverityType {
+	severities := config.GetSeverityReportOrder()
 	for _, sev := range severities {
 		count, exists := r.VulnsBySeverity[sev]
 		if exists && count > 0 {
 			return sev
 		}
 	}
-	return querying.FindingSeverityUndefined
+	return config.FindingSeverityUndefined
 }
 
 func NewFindingSummary() FindingSummary {
 	return FindingSummary{
 		AffectedRepos:    0,
 		TotalCount:       0,
-		VulnsByEcosystem: map[querying.FindingEcosystemType]int{},
-		VulnsBySeverity:  NewSeverityMap(),
+		VulnsByEcosystem: map[config.FindingEcosystemType]int{},
+		VulnsBySeverity:  config.NewSeverityMap(),
 	}
 }
 

diff --git a/internal/summary_test.go b/internal/summary_test.go
@@ -18,15 +18,15 @@ var testProjectFindings = querying.ProjectCollection{
 			Name: "foo",
 			Findings: []*querying.Finding{
 				{
-					Ecosystem: querying.FindingEcosystemGo,
-					Severity:  querying.FindingSeverityCritical,
+					Ecosystem: config.FindingEcosystemGo,
+					Severity:  config.FindingSeverityCritical,
 					Identifiers: querying.FindingIdentifierMap{
 						querying.FindingIdentifierCVE: "CVE-1",
 					},
 				},
 				{
-					Ecosystem: querying.FindingEcosystemPython,
-					Severity:  querying.FindingSeverityHigh,
+					Ecosystem: config.FindingEcosystemPython,
+					Severity:  config.FindingSeverityHigh,
 					Identifiers: querying.FindingIdentifierMap{
 						querying.FindingIdentifierCVE: "CVE-2",
 					},
@@ -37,15 +37,15 @@ var testProjectFindings = querying.ProjectCollection{
 			Name: "bar",
 			Findings: []*querying.Finding{
 				{
-					Ecosystem: querying.FindingEcosystemGo,
-					Severity:  querying.FindingSeverityInfo,
+					Ecosystem: config.FindingEcosystemGo,
+					Severity:  config.FindingSeverityInfo,
 					Identifiers: querying.FindingIdentifierMap{
 						querying.FindingIdentifierCVE: "CVE-3",
 					},
 				},
 				{
-					Ecosystem: querying.FindingEcosystemJS,
-					Severity:  querying.FindingSeverityCritical,
+					Ecosystem: config.FindingEcosystemJS,
+					Severity:  config.FindingSeverityCritical,
 					Identifiers: querying.FindingIdentifierMap{
 						querying.FindingIdentifierCVE: "CVE-4",
 					},
@@ -60,17 +60,17 @@ var testProjectFindings = querying.ProjectCollection{
 }
 
 func TestSummarizeGeneratesOverallSummary(t *testing.T) {
-	severities := internal.NewSeverityMap()
-	severities[querying.FindingSeverityCritical] = 2
-	severities[querying.FindingSeverityHigh] = 1
-	severities[querying.FindingSeverityInfo] = 1
+	severities := config.NewSeverityMap()
+	severities[config.FindingSeverityCritical] = 2
+	severities[config.FindingSeverityHigh] = 1
+	severities[config.FindingSeverityInfo] = 1
 	expected := internal.FindingSummary{
 		AffectedRepos: 2,
 		TotalCount:    4,
-		VulnsByEcosystem: map[querying.FindingEcosystemType]int{
-			querying.FindingEcosystemGo:     2,
-			querying.FindingEcosystemJS:     1,
-			querying.FindingEcosystemPython: 1,
+		VulnsByEcosystem: map[config.FindingEcosystemType]int{
+			config.FindingEcosystemGo:     2,
+			config.FindingEcosystemJS:     1,
+			config.FindingEcosystemPython: 1,
 		},
 		VulnsBySeverity: severities,
 	}
@@ -79,33 +79,33 @@ func TestSummarizeGeneratesOverallSummary(t *testing.T) {
 }
 
 func TestSummarizeGeneratesProjectReports(t *testing.T) {
-	fooSeverities := internal.NewSeverityMap()
-	fooSeverities[querying.FindingSeverityCritical] = 1
-	fooSeverities[querying.FindingSeverityHigh] = 1
+	fooSeverities := config.NewSeverityMap()
+	fooSeverities[config.FindingSeverityCritical] = 1
+	fooSeverities[config.FindingSeverityHigh] = 1
 	foo := internal.ProjectFindingSummary{
 		Name: "foo",
 		FindingSummary: internal.FindingSummary{
 			AffectedRepos: 1,
 			TotalCount:    2,
-			VulnsByEcosystem: map[querying.FindingEcosystemType]int{
-				querying.FindingEcosystemGo:     1,
-				querying.FindingEcosystemPython: 1,
+			VulnsByEcosystem: map[config.FindingEcosystemType]int{
+				config.FindingEcosystemGo:     1,
+				config.FindingEcosystemPython: 1,
 			},
 			VulnsBySeverity: fooSeverities,
 		},
 	}
 
-	barSeverities := internal.NewSeverityMap()
-	barSeverities[querying.FindingSeverityCritical] = 1
-	barSeverities[querying.FindingSeverityInfo] = 1
+	barSeverities := config.NewSeverityMap()
+	barSeverities[config.FindingSeverityCritical] = 1
+	barSeverities[config.FindingSeverityInfo] = 1
 	bar := internal.ProjectFindingSummary{
 		Name: "bar",
 		FindingSummary: internal.FindingSummary{
 			AffectedRepos: 1,
 			TotalCount:    2,
-			VulnsByEcosystem: map[querying.FindingEcosystemType]int{
-				querying.FindingEcosystemGo: 1,
-				querying.FindingEcosystemJS: 1,
+			VulnsByEcosystem: map[config.FindingEcosystemType]int{
+				config.FindingEcosystemGo: 1,
+				config.FindingEcosystemJS: 1,
 			},
 			VulnsBySeverity: barSeverities,
 		},
@@ -121,10 +121,10 @@ func TestSummarizeGeneratesProjectReports(t *testing.T) {
 }
 
 func TestGetHighestCriticality(t *testing.T) {
-	severities := internal.GetSeverityReportOrder()
+	severities := config.GetSeverityReportOrder()
 	for _, severity := range severities {
 		t.Run(string(severity), func(t *testing.T) {
-			sevMap := internal.NewSeverityMap()
+			sevMap := config.NewSeverityMap()
 			sevMap[severity] = 1
 			summary := internal.ProjectFindingSummary{
 				Name: "foo",
@@ -141,13 +141,13 @@ func TestGetHighestCriticality(t *testing.T) {
 
 func TestGetHighestCriticalityNoFindings(t *testing.T) {
 	summary := internal.NewProjectFindingSummary("foo")
-	assert.Equal(t, summary.GetHighestCriticality(), querying.FindingSeverityUndefined)
+	assert.Equal(t, summary.GetHighestCriticality(), config.FindingSeverityUndefined)
 }
 
 func TestSortTeamProjectCollection(t *testing.T) {
-	fooSeverities := internal.NewSeverityMap()
-	fooSeverities[querying.FindingSeverityCritical] = 1
-	fooSeverities[querying.FindingSeverityHigh] = 1
+	fooSeverities := config.NewSeverityMap()
+	fooSeverities[config.FindingSeverityCritical] = 1
+	fooSeverities[config.FindingSeverityHigh] = 1
 	foo := internal.ProjectFindingSummary{
 		Name: "foo",
 		FindingSummary: internal.FindingSummary{
@@ -157,9 +157,9 @@ func TestSortTeamProjectCollection(t *testing.T) {
 		},
 	}
 
-	barSeverities := internal.NewSeverityMap()
-	barSeverities[querying.FindingSeverityCritical] = 1
-	barSeverities[querying.FindingSeverityInfo] = 1
+	barSeverities := config.NewSeverityMap()
+	barSeverities[config.FindingSeverityCritical] = 1
+	barSeverities[config.FindingSeverityInfo] = 1
 	bar := internal.ProjectFindingSummary{
 		Name: "bar",
 		FindingSummary: internal.FindingSummary{
@@ -169,8 +169,8 @@ func TestSortTeamProjectCollection(t *testing.T) {
 		},
 	}
 
-	bazSeverities := internal.NewSeverityMap()
-	bazSeverities[querying.FindingSeverityModerate] = 1
+	bazSeverities := config.NewSeverityMap()
+	bazSeverities[config.FindingSeverityModerate] = 1
 	baz := internal.ProjectFindingSummary{
 		Name: "baz",
 		FindingSummary: internal.FindingSummary{

diff --git a/querying/finding.go b/querying/finding.go
@@ -1,6 +1,10 @@
 package querying
 
-import "sync"
+import (
+	"sync"
+
+	"github.com/underdog-tech/vulnbot/config"
+)
 
 type FindingIdentifierType string
 type FindingIdentifierMap map[FindingIdentifierType]string
@@ -12,8 +16,8 @@ const (
 
 type Finding struct {
 	Identifiers FindingIdentifierMap
-	Ecosystem   FindingEcosystemType
-	Severity    FindingSeverityType
+	Ecosystem   config.FindingEcosystemType
+	Severity    config.FindingSeverityType
 	Description string
 	PackageName string
 	mu          sync.Mutex