From 8fb76a995e75ddcd2d319d4cd8f796eb1818b15a Mon Sep 17 00:00:00 2001
From: Prachi Damle <prachi@rancher.com>
Date: Fri, 25 Sep 2020 15:58:03 -0700
Subject: [PATCH] vendor update to pull in report changes

---
 go.mod                                        |  2 +-
 go.sum                                        |  4 +-
 .../pkg/kb-summarizer/report/report.go        | 39 ++++++----
 .../kb-summarizer/summarizer/summarizer.go    | 72 +++++++++++--------
 vendor/modules.txt                            |  2 +-
 5 files changed, 72 insertions(+), 47 deletions(-)

diff --git a/go.mod b/go.mod
index 78b6fe35..900a9bbf 100644
--- a/go.mod
+++ b/go.mod
@@ -8,7 +8,7 @@ require (
 	github.com/blang/semver v3.5.0+incompatible
 	github.com/rancher/kubernetes-provider-detector v0.0.0-20200807181951-690274ab1fb3
 	github.com/rancher/lasso v0.0.0-20200820172840-0e4cc0ef5cb0
-	github.com/rancher/security-scan v0.1.14
+	github.com/rancher/security-scan v0.2.1
 	github.com/rancher/wrangler v0.6.2-0.20200829053106-7e1dd4260224
 	github.com/sirupsen/logrus v1.4.2
 	github.com/urfave/cli v1.22.2
diff --git a/go.sum b/go.sum
index 150b07cf..3931f815 100644
--- a/go.sum
+++ b/go.sum
@@ -348,8 +348,8 @@ github.com/rancher/kubernetes-provider-detector v0.0.0-20200807181951-690274ab1f
 github.com/rancher/kubernetes-provider-detector v0.0.0-20200807181951-690274ab1fb3/go.mod h1:ypuJS7kP7rUiAn330xG46mj+Nhvym05GM8NqMVekpH0=
 github.com/rancher/lasso v0.0.0-20200820172840-0e4cc0ef5cb0 h1:ng7i8n0kzTGnXyvVK+nkb+sLm06BBNdsbd2aqJAP3lM=
 github.com/rancher/lasso v0.0.0-20200820172840-0e4cc0ef5cb0/go.mod h1:OhBBBO1pBwYp0hacWdnvSGOj+XE9yMLOLnaypIlic18=
-github.com/rancher/security-scan v0.1.14 h1:JKqWJGonIL8EBpj60Axqag/FNdWK8OcLiOYkbxRjY6s=
-github.com/rancher/security-scan v0.1.14/go.mod h1:WlLAocVyVQs5J8r0IiQXsp0ajVZO6hYi/Vo6zxjo73s=
+github.com/rancher/security-scan v0.2.1 h1:3PFS3k5hz0G0VflHVJdK65y680X6MwzRMbu/PlzD+YE=
+github.com/rancher/security-scan v0.2.1/go.mod h1:WlLAocVyVQs5J8r0IiQXsp0ajVZO6hYi/Vo6zxjo73s=
 github.com/rancher/wrangler v0.6.2-0.20200829053106-7e1dd4260224 h1:NWYSyS1YiWJOB84xq0FcGDY8xQQwrfKoip2BjMSlu1g=
 github.com/rancher/wrangler v0.6.2-0.20200829053106-7e1dd4260224/go.mod h1:I7qe4DZNMOLKVa9ax7DJdBZ0XtKOppLF/dalhPX3vaE=
 github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
diff --git a/vendor/github.com/rancher/security-scan/pkg/kb-summarizer/report/report.go b/vendor/github.com/rancher/security-scan/pkg/kb-summarizer/report/report.go
index 99363348..e82368cd 100644
--- a/vendor/github.com/rancher/security-scan/pkg/kb-summarizer/report/report.go
+++ b/vendor/github.com/rancher/security-scan/pkg/kb-summarizer/report/report.go
@@ -3,6 +3,7 @@ package report
 import (
 	"encoding/json"
 	"fmt"
+	"os/exec"
 	"sort"
 
 	"github.com/rancher/security-scan/pkg/kb-summarizer/summarizer"
@@ -28,12 +29,19 @@ const (
 )
 
 type Check struct {
-	ID          string     `yaml:"id" json:"id"`
-	Text        string     `json:"description"`
-	Remediation string     `json:"remediation"`
-	State       State      `json:"state"`
-	NodeType    []NodeType `json:"node_type"`
-	Nodes       []string   `json:"nodes,omitempty"`
+	ID             string      `yaml:"id" json:"id"`
+	Text           string      `json:"description"`
+	Remediation    string      `json:"remediation"`
+	State          State       `json:"state"`
+	NodeType       []NodeType  `json:"node_type"`
+	Nodes          []string    `json:"nodes,omitempty"`
+	Audit          string      `json:"audit"`
+	AuditConfig    string      `json:"audit_config"`
+	TestInfo       []string    `json:"test_info"`
+	Commands       []*exec.Cmd `json:"commands"`
+	ConfigCommands []*exec.Cmd `json:"config_commands"`
+	ActualValue    string      `json:"actual_value"`
+	ExpectedResult string      `json:"expected_result"`
 }
 
 type Group struct {
@@ -91,12 +99,19 @@ func mapNodeType(nodeType []summarizer.NodeType) []NodeType {
 
 func mapCheck(intCheck *summarizer.CheckWrapper) *Check {
 	return &Check{
-		ID:          intCheck.ID,
-		Text:        intCheck.Text,
-		Remediation: intCheck.Remediation,
-		State:       mapState(intCheck.State),
-		NodeType:    mapNodeType(intCheck.NodeType),
-		Nodes:       intCheck.Nodes,
+		ID:             intCheck.ID,
+		Text:           intCheck.Text,
+		Remediation:    intCheck.Remediation,
+		State:          mapState(intCheck.State),
+		NodeType:       mapNodeType(intCheck.NodeType),
+		Nodes:          intCheck.Nodes,
+		Audit:          intCheck.Audit,
+		AuditConfig:    intCheck.AuditConfig,
+		TestInfo:       intCheck.TestInfo,
+		Commands:       intCheck.Commands,
+		ConfigCommands: intCheck.ConfigCommands,
+		ActualValue:    intCheck.ActualValue,
+		ExpectedResult: intCheck.ExpectedResult,
 	}
 }
 
diff --git a/vendor/github.com/rancher/security-scan/pkg/kb-summarizer/summarizer/summarizer.go b/vendor/github.com/rancher/security-scan/pkg/kb-summarizer/summarizer/summarizer.go
index 8a1f923c..e8daa3e7 100644
--- a/vendor/github.com/rancher/security-scan/pkg/kb-summarizer/summarizer/summarizer.go
+++ b/vendor/github.com/rancher/security-scan/pkg/kb-summarizer/summarizer/summarizer.go
@@ -6,14 +6,14 @@ import (
 	"io"
 	"io/ioutil"
 	"os"
+	"os/exec"
 	"path/filepath"
 	"sort"
 
-	"gopkg.in/yaml.v2"
-
 	kb "github.com/aquasecurity/kube-bench/check"
 	"github.com/sirupsen/logrus"
 	"github.com/spf13/viper"
+	"gopkg.in/yaml.v2"
 )
 
 const (
@@ -76,16 +76,23 @@ const (
 )
 
 type CheckWrapper struct {
-	ID          string                       `yaml:"id" json:"id"`
-	Text        string                       `json:"d"`
-	Type        string                       `json:"-"`
-	Remediation string                       `json:"r"`
-	State       State                        `json:"s"`
-	Scored      bool                         `json:"-"`
-	Result      map[kb.State]map[string]bool `json:"-"`
-	NodeType    []NodeType                   `json:"t"`
-	NodesMap    map[string]bool              `json:"-"`
-	Nodes       []string                     `json:"n,omitempty"`
+	ID             string                       `yaml:"id" json:"id"`
+	Text           string                       `json:"d"`
+	Type           string                       `json:"-"`
+	Remediation    string                       `json:"r"`
+	State          State                        `json:"s"`
+	Scored         bool                         `json:"-"`
+	Result         map[kb.State]map[string]bool `json:"-"`
+	NodeType       []NodeType                   `json:"t"`
+	NodesMap       map[string]bool              `json:"-"`
+	Nodes          []string                     `json:"n,omitempty"`
+	Audit          string                       `json:"a"`
+	AuditConfig    string                       `json:"ac"`
+	TestInfo       []string                     `json:"ti"`
+	Commands       []*exec.Cmd                  `json:"c"`
+	ConfigCommands []*exec.Cmd                  `json:"cc"`
+	ActualValue    string                       `json:"av"`
+	ExpectedResult string                       `json:"er"`
 }
 
 type GroupWrapper struct {
@@ -249,6 +256,9 @@ func (s *Summarizer) processOneResultFileForHost(results *kb.Controls, hostname
 				continue
 			}
 
+			if check.Type == CheckTypeSkip {
+				check.State = NA
+			}
 			if msg, ok := s.notApplicable[check.ID]; ok {
 				check.State = NA
 				check.Remediation = msg
@@ -440,6 +450,9 @@ func (s *Summarizer) loadControls() error {
 				if !check.Scored {
 					continue
 				}
+				if check.Type == CheckTypeSkip {
+					check.State = NA
+				}
 				if msg, ok := s.notApplicable[check.ID]; ok {
 					check.State = NA
 					check.Remediation = msg
@@ -486,7 +499,7 @@ func getMappedState(state kb.State) State {
 	case kb.WARN:
 		return Fail
 	case kb.INFO:
-		return Fail
+		return NotApplicable
 	case SKIP:
 		return Skip
 	case NA:
@@ -497,12 +510,19 @@ func getMappedState(state kb.State) State {
 
 func getCheckWrapper(check *kb.Check) *CheckWrapper {
 	return &CheckWrapper{
-		ID:          check.ID,
-		Text:        check.Text,
-		Type:        check.Type,
-		Remediation: check.Remediation,
-		Scored:      check.Scored,
-		Result:      map[kb.State]map[string]bool{},
+		ID:             check.ID,
+		Text:           check.Text,
+		Type:           check.Type,
+		Remediation:    check.Remediation,
+		Scored:         check.Scored,
+		Result:         map[kb.State]map[string]bool{},
+		Audit:          check.Audit,
+		AuditConfig:    check.AuditConfig,
+		TestInfo:       check.TestInfo,
+		Commands:       check.Commands,
+		ConfigCommands: check.ConfigCommands,
+		ActualValue:    check.ActualValue,
+		ExpectedResult: check.ExpectedResult,
 	}
 }
 
@@ -703,18 +723,8 @@ func (s *Summarizer) printReport() error {
 }
 
 func printCheck(check *kb.Check) {
-	logrus.Debugf("check: ")
-	logrus.Debugf("ID: %v", check.ID)
-	logrus.Debugf("State: %v", check.State)
-	logrus.Debugf("Text: %v", check.Text)
-	logrus.Debugf("Audit: %v", check.Audit)
-	logrus.Debugf("ActualValue: %v", check.ActualValue)
+	logrus.Debugf("KB check: %+v", check)
 }
 func printCheckWrapper(cw *CheckWrapper) {
-	logrus.Debugf("checkWrapper:")
-	logrus.Debugf("id: %v", cw.ID)
-	logrus.Debugf("state: %v", cw.State)
-	logrus.Debugf("node_type: %+v", cw.NodeType)
-	logrus.Debugf("nodes: %+v", cw.Nodes)
-	logrus.Debugf("result: %+v", cw.Result)
+	logrus.Debugf("checkWrapper: %+v", cw)
 }
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 6daf6ac7..3762e269 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -77,7 +77,7 @@ github.com/rancher/lasso/pkg/controller
 github.com/rancher/lasso/pkg/log
 github.com/rancher/lasso/pkg/mapper
 github.com/rancher/lasso/pkg/scheme
-# github.com/rancher/security-scan v0.1.14
+# github.com/rancher/security-scan v0.2.1
 github.com/rancher/security-scan/pkg/kb-summarizer/report
 github.com/rancher/security-scan/pkg/kb-summarizer/summarizer
 # github.com/rancher/wrangler v0.6.2-0.20200829053106-7e1dd4260224