-
Notifications
You must be signed in to change notification settings - Fork 551
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #3857 from snyk/chore/add-experimental-test-analyt…
- Loading branch information
Showing
9 changed files
with
268 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,123 @@ | ||
import { SEVERITY } from '../../../../snyk-test/legacy'; | ||
import { ResourceKind, TestOutput } from '../scan/results'; | ||
|
||
export function getIacType(testOutput: TestOutput): IacType { | ||
const resourcesCountByPackageManager = getResourcesCountByPackageManager( | ||
testOutput, | ||
); | ||
|
||
const filesCountByPackageManager = getFilesCountByPackageManager(testOutput); | ||
|
||
const vulnAnalyticsByPackageManager = getVulnerabilityAnalyticsByPackageManager( | ||
testOutput, | ||
); | ||
|
||
return Object.keys(resourcesCountByPackageManager).reduce( | ||
(acc, packageManager) => { | ||
acc[packageManager] = { | ||
count: filesCountByPackageManager[packageManager], | ||
'resource-count': resourcesCountByPackageManager[packageManager], | ||
...vulnAnalyticsByPackageManager[packageManager], | ||
}; | ||
return acc; | ||
}, | ||
{}, | ||
); | ||
} | ||
|
||
export type PackageManager = ResourceKind; | ||
|
||
export type IacType = { | ||
[packageManager in PackageManager]?: { | ||
count: number; | ||
'resource-count': number; | ||
} & { | ||
[severity in SEVERITY]?: number; | ||
}; | ||
}; | ||
|
||
function getResourcesCountByPackageManager( | ||
testOutput: TestOutput, | ||
): ResourcesCountByPackageManager { | ||
if (!testOutput.results?.resources?.length) { | ||
return {}; | ||
} | ||
|
||
return testOutput.results.resources.reduce((acc, resource) => { | ||
const packageManager = resource.kind; | ||
|
||
if (!acc[packageManager]) { | ||
acc[packageManager] = 0; | ||
} | ||
|
||
acc[packageManager]++; | ||
|
||
return acc; | ||
}, {}); | ||
} | ||
|
||
export type ResourcesCountByPackageManager = { | ||
[packageManager in PackageManager]?: number; | ||
}; | ||
|
||
function getFilesCountByPackageManager( | ||
testOutput: TestOutput, | ||
): FilesCountByPackageManager { | ||
if (!testOutput.results?.resources?.length) { | ||
return {}; | ||
} | ||
|
||
return Object.entries( | ||
testOutput.results.resources.reduce((acc, resource) => { | ||
const packageManager = resource.kind; | ||
|
||
if (!acc[packageManager]) { | ||
acc[packageManager] = new Set(); | ||
} | ||
|
||
acc[packageManager].add(resource.file); | ||
|
||
return acc; | ||
}, {} as { [packageManager in PackageManager]: Set<string> }), | ||
).reduce((acc, [packageManager, filesSet]) => { | ||
acc[packageManager] = filesSet.size; | ||
|
||
return acc; | ||
}, {}); | ||
} | ||
|
||
export type FilesCountByPackageManager = { | ||
[packageManager in PackageManager]?: number; | ||
}; | ||
|
||
function getVulnerabilityAnalyticsByPackageManager( | ||
testOutput: TestOutput, | ||
): VulnerabilityAnalyticsByPackageManager { | ||
if (!testOutput.results?.vulnerabilities?.length) { | ||
return {}; | ||
} | ||
|
||
return testOutput.results.vulnerabilities.reduce((acc, vuln) => { | ||
const packageManager = vuln.resource.kind; | ||
|
||
if (!acc[packageManager]) { | ||
acc[packageManager] = {}; | ||
} | ||
|
||
if (!acc[packageManager][vuln.severity]) { | ||
acc[packageManager][vuln.severity] = 0; | ||
} | ||
|
||
acc[packageManager][vuln.severity]++; | ||
|
||
return acc; | ||
}, {}); | ||
} | ||
|
||
export type VulnerabilityAnalyticsByPackageManager = { | ||
[packageManager in PackageManager]?: VulnerabilityAnalitycs; | ||
}; | ||
|
||
export type VulnerabilityAnalitycs = { | ||
[severity in SEVERITY]?: number; | ||
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
import * as createDebugLogger from 'debug'; | ||
|
||
import { policyEngineReleaseVersion } from '../local-cache/policy-engine/constants'; | ||
import { ResourceKind, TestOutput } from '../scan/results'; | ||
import { getIacType, IacType } from './iac-type'; | ||
|
||
const debugLog = createDebugLogger('snyk-iac'); | ||
|
||
export interface IacAnalytics { | ||
packageManager: ResourceKind[]; | ||
'iac-type': IacType; | ||
'iac-issues-count': number; | ||
'iac-ignored-issues-count': number; | ||
'iac-files-count': number; | ||
'iac-resources-count': number; | ||
'iac-test-binary-version': string; | ||
'iac-error-codes': number[]; | ||
// 'iac-rules-bundle-version': string; // TODO: Add when we have the rules bundle version | ||
} | ||
|
||
export function addIacAnalytics(testOutput: TestOutput): void { | ||
const iacAnalytics = computeIacAnalytics(testOutput); | ||
|
||
debugLog(iacAnalytics); | ||
} | ||
|
||
export function computeIacAnalytics(testOutput: TestOutput): IacAnalytics { | ||
const iacType = getIacType(testOutput); | ||
|
||
return { | ||
'iac-type': iacType, | ||
packageManager: Object.keys(iacType) as ResourceKind[], | ||
'iac-issues-count': testOutput.results?.vulnerabilities?.length || 0, | ||
'iac-ignored-issues-count': | ||
testOutput.results?.scanAnalytics.ignoredCount || 0, | ||
'iac-files-count': Object.values(iacType).reduce( | ||
(acc, packageManagerAnalytics) => acc + packageManagerAnalytics!.count, | ||
0, | ||
), | ||
'iac-resources-count': testOutput.results?.resources?.length || 0, | ||
'iac-error-codes': | ||
[...new Set(testOutput.errors?.map((error) => error.code!))] || [], | ||
'iac-test-binary-version': policyEngineReleaseVersion, | ||
// iacAnalytics['iac-rules-bundle-version'] = ''; // TODO: Add when we have the rules bundle version | ||
}; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
21 changes: 21 additions & 0 deletions
21
test/jest/unit/lib/iac/test/v2/analytics/fixtures/iac-analytics.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
{ | ||
"iac-type": { | ||
"terraformconfig": { | ||
"count": 2, | ||
"resource-count": 4, | ||
"medium": 4 | ||
} | ||
}, | ||
"packageManager": [ | ||
"terraformconfig" | ||
], | ||
"iac-issues-count": 4, | ||
"iac-ignored-issues-count": 3, | ||
"iac-files-count": 2, | ||
"iac-error-codes": [ | ||
2114 | ||
], | ||
"iac-resources-count": 4, | ||
"iac-test-binary-version": "test-policy-engine-release-version" | ||
} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,58 @@ | ||
import * as clonedeep from 'lodash.clonedeep'; | ||
import * as path from 'path'; | ||
import * as fs from 'fs'; | ||
|
||
import { SnykIacTestOutput } from '../../../../../../../../src/lib/iac/test/v2/scan/results'; | ||
import { | ||
computeIacAnalytics, | ||
IacAnalytics, | ||
} from '../../../../../../../../src/lib/iac/test/v2/analytics'; | ||
|
||
jest.mock( | ||
'../../../../../../../../src/lib/iac/test/v2/local-cache/policy-engine/constants', | ||
() => ({ | ||
...jest.requireActual( | ||
'../../../../../../../../src/lib/iac/test/v2/local-cache/policy-engine/constants', | ||
), | ||
policyEngineReleaseVersion: 'test-policy-engine-release-version', | ||
}), | ||
); | ||
|
||
describe('computeIacAnalytics', () => { | ||
const snykIacTestOutputFixture: SnykIacTestOutput = JSON.parse( | ||
fs.readFileSync( | ||
path.join( | ||
__dirname, | ||
'..', | ||
'..', | ||
'..', | ||
'..', | ||
'..', | ||
'iac', | ||
'process-results', | ||
'fixtures', | ||
'snyk-iac-test-results.json', | ||
), | ||
'utf-8', | ||
), | ||
); | ||
|
||
const iacAnalyticsFixture: IacAnalytics = JSON.parse( | ||
fs.readFileSync( | ||
path.join(__dirname, 'fixtures', 'iac-analytics.json'), | ||
'utf-8', | ||
), | ||
); | ||
|
||
it('generates the correct analytics', async () => { | ||
// Arrange | ||
const testOutput = clonedeep(snykIacTestOutputFixture); | ||
const expectedAnalytics = clonedeep(iacAnalyticsFixture); | ||
|
||
// Act | ||
const result = computeIacAnalytics(testOutput); | ||
|
||
// Assert | ||
expect(result).toStrictEqual(expectedAnalytics); | ||
}); | ||
}); |