diff --git a/config/config.go b/config/config.go index db5f60d..201d615 100644 --- a/config/config.go +++ b/config/config.go @@ -10,16 +10,6 @@ import ( "github.com/spf13/viper" ) -type SeverityConfig struct { - Label string - Slack_emoji string -} - -type EcosystemConfig struct { - Label string - Slack_emoji string -} - type TeamConfig struct { Name string Github_slug string diff --git a/querying/ecosystems.go b/config/ecosystems.go similarity index 69% rename from querying/ecosystems.go rename to config/ecosystems.go index c5f2966..93b2435 100644 --- a/querying/ecosystems.go +++ b/config/ecosystems.go @@ -1,4 +1,4 @@ -package querying +package config type FindingEcosystemType string @@ -18,3 +18,18 @@ const ( FindingEcosystemRust FindingEcosystemType = "rust" FindingEcosystemSwift FindingEcosystemType = "swift" ) + +func GetConsoleEcosystemIcons() map[FindingEcosystemType]string { + return map[FindingEcosystemType]string{ + FindingEcosystemGo: "🦦", + FindingEcosystemJava: "🪶 ", + FindingEcosystemJS: "⬢ ", + FindingEcosystemPython: "🐍", + FindingEcosystemRuby: "♦️ ", + } +} + +type EcosystemConfig struct { + Label string + Slack_emoji string +} diff --git a/config/severities.go b/config/severities.go new file mode 100644 index 0000000..6f3e17e --- /dev/null +++ b/config/severities.go @@ -0,0 +1,63 @@ +package config + +type FindingSeverityType uint8 + +const ( + FindingSeverityCritical FindingSeverityType = iota + FindingSeverityHigh + FindingSeverityModerate + FindingSeverityLow + FindingSeverityInfo + FindingSeverityUndefined +) + +var SeverityNames = map[FindingSeverityType]string{ + FindingSeverityCritical: "Critical", + FindingSeverityHigh: "High", + FindingSeverityModerate: "Moderate", + FindingSeverityLow: "Low", + FindingSeverityInfo: "Info", + FindingSeverityUndefined: "Undefined", +} + +// NewSeverityMap returns a map of finding severities all associated with a +// value of 0, meant to be populated with a count of findings in the relevant +// scope. Notably, this map does not include either "Info" or "Undefined" +// severities, as these are only reported if present. +func NewSeverityMap() map[FindingSeverityType]int { + return map[FindingSeverityType]int{ + FindingSeverityCritical: 0, + FindingSeverityHigh: 0, + FindingSeverityModerate: 0, + FindingSeverityLow: 0, + } +} + +// GetSeverityReportOrder returns the order in which we want to report severities. +// This is necessary because we cannot declare a constant array in Go. +func GetSeverityReportOrder() []FindingSeverityType { + return []FindingSeverityType{ + FindingSeverityCritical, + FindingSeverityHigh, + FindingSeverityModerate, + FindingSeverityLow, + FindingSeverityInfo, + FindingSeverityUndefined, + } +} + +func GetConsoleSeverityColors() map[FindingSeverityType]string { + return map[FindingSeverityType]string{ + FindingSeverityCritical: "#B21515", + FindingSeverityHigh: "#D26C00", + FindingSeverityModerate: "#FBD100", + FindingSeverityLow: "#233EB5", + FindingSeverityInfo: "#56B8F5", + FindingSeverityUndefined: "#CFD0D1", + } +} + +type SeverityConfig struct { + Label string + Slack_emoji string +} diff --git a/internal/summary.go b/internal/summary.go index b536497..08f57d3 100644 --- a/internal/summary.go +++ b/internal/summary.go @@ -5,46 +5,11 @@ import ( "github.com/underdog-tech/vulnbot/querying" ) -var SeverityNames = map[querying.FindingSeverityType]string{ - querying.FindingSeverityCritical: "Critical", - querying.FindingSeverityHigh: "High", - querying.FindingSeverityModerate: "Moderate", - querying.FindingSeverityLow: "Low", - querying.FindingSeverityInfo: "Info", - querying.FindingSeverityUndefined: "Undefined", -} - -// NewSeverityMap returns a map of finding severities all associated with a -// value of 0, meant to be populated with a count of findings in the relevant -// scope. Notably, this map does not include either "Info" or "Undefined" -// severities, as these are only reported if present. -func NewSeverityMap() map[querying.FindingSeverityType]int { - return map[querying.FindingSeverityType]int{ - querying.FindingSeverityCritical: 0, - querying.FindingSeverityHigh: 0, - querying.FindingSeverityModerate: 0, - querying.FindingSeverityLow: 0, - } -} - -// GetSeverityReportOrder returns the order in which we want to report severities. -// This is necessary because we cannot declare a constant array in Go. -func GetSeverityReportOrder() []querying.FindingSeverityType { - return []querying.FindingSeverityType{ - querying.FindingSeverityCritical, - querying.FindingSeverityHigh, - querying.FindingSeverityModerate, - querying.FindingSeverityLow, - querying.FindingSeverityInfo, - querying.FindingSeverityUndefined, - } -} - type FindingSummary struct { TotalCount int AffectedRepos int - VulnsByEcosystem map[querying.FindingEcosystemType]int - VulnsBySeverity map[querying.FindingSeverityType]int + VulnsByEcosystem map[config.FindingEcosystemType]int + VulnsBySeverity map[config.FindingSeverityType]int } type ProjectFindingSummary struct { @@ -55,23 +20,23 @@ type ProjectFindingSummary struct { // GetHighestCriticality looks for the severity level of the most critical // vulnerability in a project. -func (r FindingSummary) GetHighestCriticality() querying.FindingSeverityType { - severities := GetSeverityReportOrder() +func (r FindingSummary) GetHighestCriticality() config.FindingSeverityType { + severities := config.GetSeverityReportOrder() for _, sev := range severities { count, exists := r.VulnsBySeverity[sev] if exists && count > 0 { return sev } } - return querying.FindingSeverityUndefined + return config.FindingSeverityUndefined } func NewFindingSummary() FindingSummary { return FindingSummary{ AffectedRepos: 0, TotalCount: 0, - VulnsByEcosystem: map[querying.FindingEcosystemType]int{}, - VulnsBySeverity: NewSeverityMap(), + VulnsByEcosystem: map[config.FindingEcosystemType]int{}, + VulnsBySeverity: config.NewSeverityMap(), } } diff --git a/internal/summary_test.go b/internal/summary_test.go index a7ed4c5..70be2c5 100644 --- a/internal/summary_test.go +++ b/internal/summary_test.go @@ -18,15 +18,15 @@ var testProjectFindings = querying.ProjectCollection{ Name: "foo", Findings: []*querying.Finding{ { - Ecosystem: querying.FindingEcosystemGo, - Severity: querying.FindingSeverityCritical, + Ecosystem: config.FindingEcosystemGo, + Severity: config.FindingSeverityCritical, Identifiers: querying.FindingIdentifierMap{ querying.FindingIdentifierCVE: "CVE-1", }, }, { - Ecosystem: querying.FindingEcosystemPython, - Severity: querying.FindingSeverityHigh, + Ecosystem: config.FindingEcosystemPython, + Severity: config.FindingSeverityHigh, Identifiers: querying.FindingIdentifierMap{ querying.FindingIdentifierCVE: "CVE-2", }, @@ -37,15 +37,15 @@ var testProjectFindings = querying.ProjectCollection{ Name: "bar", Findings: []*querying.Finding{ { - Ecosystem: querying.FindingEcosystemGo, - Severity: querying.FindingSeverityInfo, + Ecosystem: config.FindingEcosystemGo, + Severity: config.FindingSeverityInfo, Identifiers: querying.FindingIdentifierMap{ querying.FindingIdentifierCVE: "CVE-3", }, }, { - Ecosystem: querying.FindingEcosystemJS, - Severity: querying.FindingSeverityCritical, + Ecosystem: config.FindingEcosystemJS, + Severity: config.FindingSeverityCritical, Identifiers: querying.FindingIdentifierMap{ querying.FindingIdentifierCVE: "CVE-4", }, @@ -60,17 +60,17 @@ var testProjectFindings = querying.ProjectCollection{ } func TestSummarizeGeneratesOverallSummary(t *testing.T) { - severities := internal.NewSeverityMap() - severities[querying.FindingSeverityCritical] = 2 - severities[querying.FindingSeverityHigh] = 1 - severities[querying.FindingSeverityInfo] = 1 + severities := config.NewSeverityMap() + severities[config.FindingSeverityCritical] = 2 + severities[config.FindingSeverityHigh] = 1 + severities[config.FindingSeverityInfo] = 1 expected := internal.FindingSummary{ AffectedRepos: 2, TotalCount: 4, - VulnsByEcosystem: map[querying.FindingEcosystemType]int{ - querying.FindingEcosystemGo: 2, - querying.FindingEcosystemJS: 1, - querying.FindingEcosystemPython: 1, + VulnsByEcosystem: map[config.FindingEcosystemType]int{ + config.FindingEcosystemGo: 2, + config.FindingEcosystemJS: 1, + config.FindingEcosystemPython: 1, }, VulnsBySeverity: severities, } @@ -79,33 +79,33 @@ func TestSummarizeGeneratesOverallSummary(t *testing.T) { } func TestSummarizeGeneratesProjectReports(t *testing.T) { - fooSeverities := internal.NewSeverityMap() - fooSeverities[querying.FindingSeverityCritical] = 1 - fooSeverities[querying.FindingSeverityHigh] = 1 + fooSeverities := config.NewSeverityMap() + fooSeverities[config.FindingSeverityCritical] = 1 + fooSeverities[config.FindingSeverityHigh] = 1 foo := internal.ProjectFindingSummary{ Name: "foo", FindingSummary: internal.FindingSummary{ AffectedRepos: 1, TotalCount: 2, - VulnsByEcosystem: map[querying.FindingEcosystemType]int{ - querying.FindingEcosystemGo: 1, - querying.FindingEcosystemPython: 1, + VulnsByEcosystem: map[config.FindingEcosystemType]int{ + config.FindingEcosystemGo: 1, + config.FindingEcosystemPython: 1, }, VulnsBySeverity: fooSeverities, }, } - barSeverities := internal.NewSeverityMap() - barSeverities[querying.FindingSeverityCritical] = 1 - barSeverities[querying.FindingSeverityInfo] = 1 + barSeverities := config.NewSeverityMap() + barSeverities[config.FindingSeverityCritical] = 1 + barSeverities[config.FindingSeverityInfo] = 1 bar := internal.ProjectFindingSummary{ Name: "bar", FindingSummary: internal.FindingSummary{ AffectedRepos: 1, TotalCount: 2, - VulnsByEcosystem: map[querying.FindingEcosystemType]int{ - querying.FindingEcosystemGo: 1, - querying.FindingEcosystemJS: 1, + VulnsByEcosystem: map[config.FindingEcosystemType]int{ + config.FindingEcosystemGo: 1, + config.FindingEcosystemJS: 1, }, VulnsBySeverity: barSeverities, }, @@ -121,10 +121,10 @@ func TestSummarizeGeneratesProjectReports(t *testing.T) { } func TestGetHighestCriticality(t *testing.T) { - severities := internal.GetSeverityReportOrder() + severities := config.GetSeverityReportOrder() for _, severity := range severities { t.Run(string(severity), func(t *testing.T) { - sevMap := internal.NewSeverityMap() + sevMap := config.NewSeverityMap() sevMap[severity] = 1 summary := internal.ProjectFindingSummary{ Name: "foo", @@ -141,13 +141,13 @@ func TestGetHighestCriticality(t *testing.T) { func TestGetHighestCriticalityNoFindings(t *testing.T) { summary := internal.NewProjectFindingSummary("foo") - assert.Equal(t, summary.GetHighestCriticality(), querying.FindingSeverityUndefined) + assert.Equal(t, summary.GetHighestCriticality(), config.FindingSeverityUndefined) } func TestSortTeamProjectCollection(t *testing.T) { - fooSeverities := internal.NewSeverityMap() - fooSeverities[querying.FindingSeverityCritical] = 1 - fooSeverities[querying.FindingSeverityHigh] = 1 + fooSeverities := config.NewSeverityMap() + fooSeverities[config.FindingSeverityCritical] = 1 + fooSeverities[config.FindingSeverityHigh] = 1 foo := internal.ProjectFindingSummary{ Name: "foo", FindingSummary: internal.FindingSummary{ @@ -157,9 +157,9 @@ func TestSortTeamProjectCollection(t *testing.T) { }, } - barSeverities := internal.NewSeverityMap() - barSeverities[querying.FindingSeverityCritical] = 1 - barSeverities[querying.FindingSeverityInfo] = 1 + barSeverities := config.NewSeverityMap() + barSeverities[config.FindingSeverityCritical] = 1 + barSeverities[config.FindingSeverityInfo] = 1 bar := internal.ProjectFindingSummary{ Name: "bar", FindingSummary: internal.FindingSummary{ @@ -169,8 +169,8 @@ func TestSortTeamProjectCollection(t *testing.T) { }, } - bazSeverities := internal.NewSeverityMap() - bazSeverities[querying.FindingSeverityModerate] = 1 + bazSeverities := config.NewSeverityMap() + bazSeverities[config.FindingSeverityModerate] = 1 baz := internal.ProjectFindingSummary{ Name: "baz", FindingSummary: internal.FindingSummary{ diff --git a/querying/finding.go b/querying/finding.go index de4bd23..a458eb0 100644 --- a/querying/finding.go +++ b/querying/finding.go @@ -1,6 +1,10 @@ package querying -import "sync" +import ( + "sync" + + "github.com/underdog-tech/vulnbot/config" +) type FindingIdentifierType string type FindingIdentifierMap map[FindingIdentifierType]string @@ -12,8 +16,8 @@ const ( type Finding struct { Identifiers FindingIdentifierMap - Ecosystem FindingEcosystemType - Severity FindingSeverityType + Ecosystem config.FindingEcosystemType + Severity config.FindingSeverityType Description string PackageName string mu sync.Mutex diff --git a/querying/github.go b/querying/github.go index 4542504..5b8fdf3 100644 --- a/querying/github.go +++ b/querying/github.go @@ -81,19 +81,19 @@ type orgVulnerabilityQuery struct { } // Ref: https://docs.github.com/en/graphql/reference/enums#securityadvisoryecosystem -var githubEcosystems = map[string]FindingEcosystemType{ - "ACTIONS": FindingEcosystemGHA, - "COMPOSER": FindingEcosystemPHP, - "ERLANG": FindingEcosystemErlang, - "GO": FindingEcosystemGo, - "MAVEN": FindingEcosystemJava, - "NPM": FindingEcosystemJS, - "NUGET": FindingEcosystemCSharp, - "PIP": FindingEcosystemPython, - "PUB": FindingEcosystemDart, - "RUBYGEMS": FindingEcosystemRuby, - "RUST": FindingEcosystemRust, - "SWIFT": FindingEcosystemSwift, +var githubEcosystems = map[string]config.FindingEcosystemType{ + "ACTIONS": config.FindingEcosystemGHA, + "COMPOSER": config.FindingEcosystemPHP, + "ERLANG": config.FindingEcosystemErlang, + "GO": config.FindingEcosystemGo, + "MAVEN": config.FindingEcosystemJava, + "NPM": config.FindingEcosystemJS, + "NUGET": config.FindingEcosystemCSharp, + "PIP": config.FindingEcosystemPython, + "PUB": config.FindingEcosystemDart, + "RUBYGEMS": config.FindingEcosystemRuby, + "RUST": config.FindingEcosystemRust, + "SWIFT": config.FindingEcosystemSwift, } func (gh *GithubDataSource) CollectFindings(projects *ProjectCollection, wg *sync.WaitGroup) error { diff --git a/querying/github_test.go b/querying/github_test.go index ed94d1f..7a6274a 100644 --- a/querying/github_test.go +++ b/querying/github_test.go @@ -56,8 +56,8 @@ func TestCollectFindingsSingleProjectSingleFinding(t *testing.T) { }, Findings: []*querying.Finding{ { - Ecosystem: querying.FindingEcosystemGo, - Severity: querying.FindingSeverityCritical, + Ecosystem: config.FindingEcosystemGo, + Severity: config.FindingSeverityCritical, Description: "The Improbability Drive is far too improbable.", PackageName: "improbability-drive", Identifiers: querying.FindingIdentifierMap{ @@ -116,8 +116,8 @@ func TestCollectFindingsOwnerNotConfigured(t *testing.T) { }, Findings: []*querying.Finding{ { - Ecosystem: querying.FindingEcosystemGo, - Severity: querying.FindingSeverityCritical, + Ecosystem: config.FindingEcosystemGo, + Severity: config.FindingSeverityCritical, Description: "The Improbability Drive is far too improbable.", PackageName: "improbability-drive", Identifiers: querying.FindingIdentifierMap{ @@ -180,8 +180,8 @@ func TestCollectFindingsOwnerIsConfigured(t *testing.T) { }, Findings: []*querying.Finding{ { - Ecosystem: querying.FindingEcosystemGo, - Severity: querying.FindingSeverityCritical, + Ecosystem: config.FindingEcosystemGo, + Severity: config.FindingSeverityCritical, Description: "The Improbability Drive is far too improbable.", PackageName: "improbability-drive", Identifiers: querying.FindingIdentifierMap{ diff --git a/querying/severities.go b/querying/severities.go deleted file mode 100644 index ddfe8f6..0000000 --- a/querying/severities.go +++ /dev/null @@ -1,12 +0,0 @@ -package querying - -type FindingSeverityType uint8 - -const ( - FindingSeverityCritical FindingSeverityType = iota - FindingSeverityHigh - FindingSeverityModerate - FindingSeverityLow - FindingSeverityInfo - FindingSeverityUndefined -)