Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add build policy validation #40

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions go.mod
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
module github.com/paloaltonetworks/prisma-cloud-go

go 1.13

require gopkg.in/yaml.v2 v2.4.0 // indirect
3 changes: 3 additions & 0 deletions go.sum
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
1 change: 1 addition & 0 deletions policy/const.go
Original file line number Diff line number Diff line change
Expand Up @@ -33,3 +33,4 @@ const (
)

var Suffix = []string{"policy"}
var BridgecrewSuffix = []string{"bridgecrew/api/v1/policies"}
61 changes: 61 additions & 0 deletions policy/funcs.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ import (
"strings"

pc "github.com/paloaltonetworks/prisma-cloud-go"
"gopkg.in/yaml.v2"
)

// List returns a list of available policies, both system default and custom.
Expand Down Expand Up @@ -77,6 +78,36 @@ func Delete(c pc.PrismaCloudClient, id string) error {
return err
}

// Validate the metadata.code string for a code security build policy.
func ValidateBuildPolicy(c pc.PrismaCloudClient, policy Policy) error {
var code map[interface{}]interface{}
var codeStr string
c.Log(pc.LogAction, "(validate) %s", singular)
c.Log(pc.LogAction, "(validate) policy.Rule.Children %s", policy.Rule.Children)

if len(policy.Rule.Children) > 0 {
codeStr = policy.Rule.Children[0].Metadata.Code
if codeStr == "" {
return nil
}
} else {
return nil
}

if err := yaml.Unmarshal([]byte(codeStr), &code); err != nil {
return err
}

codeMapS := convertMapI2MapS(code)
path := make([]string, 0, len(Suffix)+1)
path = append(path, BridgecrewSuffix...)
path = append(path, "definition/none")

c.Log(pc.LogAction, "(validate) printing path:\n%s", path)
_, err := c.Communicate("POST", path, nil, codeMapS, nil)
return err
}

func createUpdate(exists bool, c pc.PrismaCloudClient, policy Policy) error {
var (
logMsg strings.Builder
Expand Down Expand Up @@ -110,3 +141,33 @@ func createUpdate(exists bool, c pc.PrismaCloudClient, policy Policy) error {
_, err := c.Communicate(method, path, nil, policy, nil)
return err
}

// ConvertMapI2MapS walks the given dynamic build policy object recursively, and
// converts maps with interface{} key type to maps with string key type.
func convertMapI2MapS(v interface{}) interface{} {
switch x := v.(type) {
case map[interface{}]interface{}:
m := map[string]interface{}{}
for k, v2 := range x {
switch k2 := k.(type) {
case string: // Fast check if it's already a string
m[k2] = convertMapI2MapS(v2)
default:
m[fmt.Sprint(k)] = convertMapI2MapS(v2)
}
}
v = m

case []interface{}:
for i, v2 := range x {
x[i] = convertMapI2MapS(v2)
}

case map[string]interface{}:
for k, v2 := range x {
x[k] = convertMapI2MapS(v2)
}
}

return v
}