From 1f5f62c5c694934e559617ce06f592c59043a5dd Mon Sep 17 00:00:00 2001 From: Christoph Hartmann Date: Fri, 8 Mar 2024 21:15:27 +0100 Subject: [PATCH 1/3] =?UTF-8?q?=F0=9F=A7=B9=20use=20bom=20for=20vuln=20sca?= =?UTF-8?q?nning?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/cnspec/cmd/vuln.go | 175 ++++++++++++++-------------------------- 1 file changed, 60 insertions(+), 115 deletions(-) diff --git a/apps/cnspec/cmd/vuln.go b/apps/cnspec/cmd/vuln.go index cd4230f9..b928999b 100644 --- a/apps/cnspec/cmd/vuln.go +++ b/apps/cnspec/cmd/vuln.go @@ -4,24 +4,19 @@ package cmd import ( - "context" - "encoding/json" - "strings" - + "bytes" "github.com/rs/zerolog/log" "github.com/spf13/cobra" "github.com/spf13/viper" - "go.mondoo.com/cnquery/v10/cli/shell" - "go.mondoo.com/cnquery/v10/explorer/executor" "go.mondoo.com/cnquery/v10/logger" "go.mondoo.com/cnquery/v10/providers" "go.mondoo.com/cnquery/v10/providers-sdk/v1/plugin" - "go.mondoo.com/cnquery/v10/providers-sdk/v1/upstream/gql" "go.mondoo.com/cnquery/v10/providers-sdk/v1/upstream/mvd" + "go.mondoo.com/cnquery/v10/sbom" + "go.mondoo.com/cnquery/v10/shared" "go.mondoo.com/cnspec/v10/cli/reporter" - mondoogql "go.mondoo.com/mondoo-go" - "go.mondoo.com/ranger-rpc/codes" - "go.mondoo.com/ranger-rpc/status" + "go.mondoo.com/cnspec/v10/policy" + "strings" ) func init() { @@ -43,7 +38,6 @@ var vulnCmd = &cobra.Command{ PreRun: func(cmd *cobra.Command, args []string) { // for all assets viper.BindPFlag("platform-id", cmd.Flags().Lookup("platform-id")) - viper.BindPFlag("inventory-file", cmd.Flags().Lookup("inventory-file")) viper.BindPFlag("inventory-ansible", cmd.Flags().Lookup("inventory-ansible")) viper.BindPFlag("inventory-domainlist", cmd.Flags().Lookup("inventory-domainlist")) @@ -51,139 +45,90 @@ var vulnCmd = &cobra.Command{ } var vulnCmdRun = func(cmd *cobra.Command, runtime *providers.Runtime, cliRes *plugin.ParseCLIRes) { - conf, err := getCobraScanConfig(cmd, runtime, cliRes) - // conf := cnquery_app.ParseShellConfig(cmd, cliRes) + pb, err := sbom.QueryPack() if err != nil { - log.Fatal().Err(err).Msg("failed to prepare config") - } - - unauthedErrorMsg := "vulnerability scan requires authentication, login with `cnspec login --token`" - if runtime.UpstreamConfig == nil { - log.Fatal().Msg(unauthedErrorMsg) + log.Fatal().Err(err).Msg("failed to load sbom query pack") } - err = runtime.Connect(&plugin.ConnectReq{ - Features: conf.Features, - Asset: cliRes.Asset, - Upstream: runtime.UpstreamConfig, - }) + conf, err := getCobraScanConfig(cmd, runtime, cliRes) if err != nil { - log.Fatal().Err(err).Msg("could not load asset information") + log.Fatal().Err(err).Msg("failed to gather scan config") } - // when we close the shell, we need to close the backend and store the recording - onCloseHandler := func() { - // close backend connection - runtime.Close() - } - - shellOptions := []shell.ShellOption{} - shellOptions = append(shellOptions, shell.WithOnCloseListener(onCloseHandler)) - shellOptions = append(shellOptions, shell.WithFeatures(conf.Features)) - - if conf.runtime.UpstreamConfig != nil { - shellOptions = append(shellOptions, shell.WithUpstreamConfig(conf.runtime.UpstreamConfig)) - } + conf.PolicyNames = nil + conf.PolicyPaths = nil + conf.Bundle = policy.FromQueryPackBundle(pb) + conf.IsIncognito = true - sh, err := shell.New(runtime, shellOptions...) + report, err := RunScan(conf) if err != nil { - log.Error().Err(err).Msg("failed to initialize cnspec shell") + log.Fatal().Err(err).Msg("error happened during package analysis") } - packagesQuery := "packages { name version origin format }" - packagesDatapointChecksum := executor.MustGetOneDatapoint(executor.MustCompile(packagesQuery)) - codeBundle, results, err := sh.RunOnce(packagesQuery) - if err != nil { - log.Error().Err(err).Msg("failed to run query") - return + buf := bytes.Buffer{} + w := shared.IOWriter{Writer: &buf} + err = reporter.ReportCollectionToJSON(report, &w) + if err == nil { + logger.DebugDumpJSON("mondoo-sbom-report", buf.Bytes()) } - // render vulnerability report - value, ok := results[packagesDatapointChecksum] - if !ok { - log.Error().Msg("could not find packages data\n\n") - return + boms, err := sbom.NewBom(buf.Bytes()) + if err != nil { + log.Fatal().Err(err).Msg("failed to parse sbom data") } - if value == nil || value.Data == nil { - log.Error().Msg("could not load packages data\n\n") - return + if len(boms) != 1 { + log.Fatal().Msg("received data for more than one asset, this is not supported yet.") } + bom := boms[0] - if value.Data.Error != nil { - log.Err(value.Data.Error).Msg("could not load packages data\n\n") - return + ctx := cmd.Context() + upstreamConf := conf.runtime.UpstreamConfig + if upstreamConf == nil { + log.Fatal().Err(err).Msg("run `cnspec login` to authenticate with Mondoo platform") } - - packagesJson := value.Data.JSON(packagesDatapointChecksum, codeBundle) - - gqlPackages := []mondoogql.PackageInput{} - err = json.Unmarshal(packagesJson, &gqlPackages) + client, err := upstreamConf.InitClient(ctx) if err != nil { - log.Error().Err(err).Msg("failed to unmarshal packages") - return + log.Fatal().Err(err).Msg("failed to initialize authentication with Mondoo platform") } - client, err := runtime.UpstreamConfig.InitClient(context.Background()) - if err != nil { - if status, ok := status.FromError(err); ok { - code := status.Code() - switch code { - case codes.Unauthenticated: - log.Fatal().Msg(unauthedErrorMsg) - default: - log.Err(err).Msg("could not authenticate upstream") - return - } - } - } - mondooClient, err := gql.NewClient(runtime.UpstreamConfig, client.HttpClient) + scannerClient, err := mvd.NewAdvisoryScannerClient(client.ApiEndpoint, client.HttpClient, client.Plugins...) if err != nil { - log.Error().Err(err).Msg("could not initialize mondoo client") - return - } - - platform := runtime.Provider.Connection.GetAsset().GetPlatform() - family := []*mondoogql.String{} - for _, f := range platform.Family { - family = append(family, mondoogql.NewStringPtr(mondoogql.String(f))) - } - inputPlatform := mondoogql.PlatformInput{ - Name: mondoogql.NewStringPtr(mondoogql.String(platform.Name)), - Release: mondoogql.NewStringPtr(mondoogql.String(platform.Version)), - Build: mondoogql.NewStringPtr(mondoogql.String(platform.Build)), - Family: &family, - } - inputLabels := []*mondoogql.KeyValueInput{} - for k := range platform.Labels { - inputLabels = append(inputLabels, &mondoogql.KeyValueInput{ - Key: mondoogql.String(k), - Value: mondoogql.NewStringPtr(mondoogql.String(platform.Labels[k])), + log.Fatal().Err(err).Msg("failed to initialize advisory scanner client") + } + + req := &mvd.AnalyseAssetRequest{ + Platform: &mvd.Platform{ + Name: bom.Asset.Platform.Name, + Arch: bom.Asset.Platform.Arch, + Build: bom.Asset.Platform.Build, + Release: bom.Asset.Platform.Version, + Labels: bom.Asset.Platform.Labels, + Title: bom.Asset.Platform.Title, + }, + Packages: make([]*mvd.Package, 0), + } + + for i := range bom.Packages { + pkg := bom.Packages[i] + req.Packages = append(req.Packages, &mvd.Package{ + Name: pkg.Name, + Version: pkg.Version, + Arch: pkg.Architecture, + Format: pkg.Type, + Origin: pkg.Origin, }) } - inputPlatform.Labels = &inputLabels - gqlVulnReport, err := mondooClient.GetIncognitoVulnReport(inputPlatform, gqlPackages) - if err != nil { - log.Error().Err(err).Msg("could not load advisory report") - return - } - vulnReport := gql.ConvertToMvdVulnReport(gqlVulnReport) - - target := runtime.Provider.Connection.Asset.Name - if target == "" { - target = runtime.Provider.Connection.Asset.Mrn + vulnReport, err := scannerClient.AnalyseAsset(ctx, req) + if err != nil { + log.Fatal().Err(err).Msg("failed to analyse asset") } - printVulns(vulnReport, conf, target) -} - -func printVulns(report *mvd.VulnReport, conf *scanConfig, target string) { // print the output using the specified output format r := reporter.NewReporter(reporter.Formats[strings.ToLower(conf.OutputFormat)], false) - logger.DebugDumpJSON("vulnReport", report) - if err := r.PrintVulns(report, target); err != nil { + if err := r.PrintVulns(vulnReport, bom.Asset.Name); err != nil { log.Fatal().Err(err).Msg("failed to print") } } From 02c91e369cca48d3b0f880e7c039632858faf04a Mon Sep 17 00:00:00 2001 From: Christoph Hartmann Date: Wed, 13 Mar 2024 15:01:02 +0100 Subject: [PATCH 2/3] =?UTF-8?q?=F0=9F=A7=B9=20update=20cnquery?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 15ae63ba..47fbdb71 100644 --- a/go.mod +++ b/go.mod @@ -34,7 +34,7 @@ require ( github.com/spf13/pflag v1.0.6-0.20201009195203-85dd5c8bc61c github.com/spf13/viper v1.18.2 github.com/stretchr/testify v1.9.0 - go.mondoo.com/cnquery/v10 v10.7.1 + go.mondoo.com/cnquery/v10 v10.7.2-0.20240313135139-202e991e6f97 go.mondoo.com/mondoo-go v0.0.0-20240312054001-2ab23a39b500 go.mondoo.com/ranger-rpc v0.6.0 go.opentelemetry.io/otel v1.24.0 diff --git a/go.sum b/go.sum index 49c06c2f..c5cd7d61 100644 --- a/go.sum +++ b/go.sum @@ -1189,8 +1189,8 @@ go-simpler.org/sloglint v0.4.0/go.mod h1:v6zJ++j/thFPhefs2wEXoCKwT10yo5nkBDYRCXy go.etcd.io/etcd/api/v3 v3.5.1/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs= go.etcd.io/etcd/client/pkg/v3 v3.5.1/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g= go.etcd.io/etcd/client/v2 v2.305.1/go.mod h1:pMEacxZW7o8pg4CrFE7pquyCJJzZvkvdD2RibOCCCGs= -go.mondoo.com/cnquery/v10 v10.7.1 h1:eV9YV1kO+3QudOFIbxElBo631hSNpMmKB2ltRDDwQZU= -go.mondoo.com/cnquery/v10 v10.7.1/go.mod h1:Z4Sg9WJ4iPruChj5T10X9ogG3Wb9SPKAPCFjQ1VcGbU= +go.mondoo.com/cnquery/v10 v10.7.2-0.20240313135139-202e991e6f97 h1:gmy/lcHCI0jRH7H9LsANSpnwIBnWMzd9Q7+THZYyKnw= +go.mondoo.com/cnquery/v10 v10.7.2-0.20240313135139-202e991e6f97/go.mod h1:Z4Sg9WJ4iPruChj5T10X9ogG3Wb9SPKAPCFjQ1VcGbU= go.mondoo.com/mondoo-go v0.0.0-20240312054001-2ab23a39b500 h1:HjtfupqfqKnDaK+XUXZC/3JyIwK09C3TFNggwReuDlY= go.mondoo.com/mondoo-go v0.0.0-20240312054001-2ab23a39b500/go.mod h1:pFmkGNtz+oa1iE/0Ssjo5KCTQ2VFeZgyIaD8c7nqcoc= go.mondoo.com/ranger-rpc v0.6.0 h1:u8FY0NGhR1B/LZk9+DdmqksrWc007argv+nMGJGa3OA= From da760f1e0c71266bba1cd9bbedbd7c723be11bcd Mon Sep 17 00:00:00 2001 From: Christoph Hartmann Date: Fri, 8 Mar 2024 20:18:40 +0100 Subject: [PATCH 3/3] =?UTF-8?q?=F0=9F=A7=B9=20refactor=20vuln=20reporter?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/cnspec/cmd/policy.go | 13 ++++--- cli/components/advisory_results.go | 2 +- cli/reporter/cli_reporter.go | 7 ++-- .../vuln}/advisories/report.go | 0 .../vuln}/advisories/report_test.go | 0 cli/reporter/{ => vuln}/csv_vuln.go | 4 +-- cli/reporter/{ => vuln}/csv_vuln_test.go | 2 +- cli/reporter/{ => vuln}/json_vuln.go | 4 +-- cli/reporter/{ => vuln}/json_vuln_test.go | 2 +- policy/scan/local_scanner.go | 17 +++------ policy/scan/reporter.go | 4 +-- policy/scan/reporter_aggregate.go | 7 ++-- upstream/gql.go | 35 ++++++++++++++++--- 13 files changed, 56 insertions(+), 41 deletions(-) rename cli/{components => reporter/vuln}/advisories/report.go (100%) rename cli/{components => reporter/vuln}/advisories/report_test.go (100%) rename cli/reporter/{ => vuln}/csv_vuln.go (96%) rename cli/reporter/{ => vuln}/csv_vuln_test.go (97%) rename cli/reporter/{ => vuln}/json_vuln.go (98%) rename cli/reporter/{ => vuln}/json_vuln_test.go (97%) diff --git a/apps/cnspec/cmd/policy.go b/apps/cnspec/cmd/policy.go index 14325358..d313e5cd 100644 --- a/apps/cnspec/cmd/policy.go +++ b/apps/cnspec/cmd/policy.go @@ -19,7 +19,6 @@ import ( "go.mondoo.com/cnquery/v10/cli/theme" "go.mondoo.com/cnquery/v10/providers" "go.mondoo.com/cnquery/v10/providers-sdk/v1/upstream" - "go.mondoo.com/cnquery/v10/providers-sdk/v1/upstream/gql" "go.mondoo.com/cnspec/v10/internal/bundle" "go.mondoo.com/cnspec/v10/policy" cnspec_upstream "go.mondoo.com/cnspec/v10/upstream" @@ -115,8 +114,8 @@ var policyListCmd = &cobra.Command{ } assignedOnly := !viper.GetBool("all") - policies, err = cnspec_upstream.SearchPolicy( - context.Background(), mondooClient, opts.GetParentMrn(), ptr.To(assignedOnly), ptr.To(true), ptr.To(true)) + policies, err = mondooClient.SearchPolicy( + context.Background(), opts.GetParentMrn(), ptr.To(assignedOnly), ptr.To(true), ptr.To(true)) if err != nil { return err } @@ -247,7 +246,7 @@ var policyUploadCmd = &cobra.Command{ fmt.Println(termenv.String(" " + getPolicyMrn(opts.GetParentMrn(), p.Uid)).Foreground(theme.DefaultTheme.Colors.Disabled)) } - space, err := cnspec_upstream.GetSpace(ctx, mondooClient, opts.GetParentMrn()) + space, err := mondooClient.GetSpace(ctx, opts.GetParentMrn()) if err != nil { log.Error().Msgf("failed to get space: %s", err) os.Exit(1) @@ -308,7 +307,7 @@ var policyDeleteCmd = &cobra.Command{ os.Exit(1) } - space, err := cnspec_upstream.GetSpace(ctx, mondooClient, opts.GetParentMrn()) + space, err := mondooClient.GetSpace(ctx, opts.GetParentMrn()) if err != nil { log.Error().Msgf("failed to get space: %s", err) os.Exit(1) @@ -721,7 +720,7 @@ var policyDocsCmd = &cobra.Command{ }, } -func getGqlClient(opts *config.Config) (*gql.MondooClient, error) { +func getGqlClient(opts *config.Config) (*cnspec_upstream.MondooClient, error) { serviceAccount := opts.GetServiceCredential() if serviceAccount == nil { return nil, fmt.Errorf("cnspec has no credentials. Log in with `cnspec login`") @@ -739,7 +738,7 @@ func getGqlClient(opts *config.Config) (*gql.MondooClient, error) { Creds: serviceAccount, } - mondooClient, err := gql.NewClient(upstreamConfig, httpClient) + mondooClient, err := cnspec_upstream.NewClient(upstreamConfig, httpClient) if err != nil { return nil, err } diff --git a/cli/components/advisory_results.go b/cli/components/advisory_results.go index 739965a6..ea79bf41 100644 --- a/cli/components/advisory_results.go +++ b/cli/components/advisory_results.go @@ -13,7 +13,7 @@ import ( "github.com/olekukonko/tablewriter" "go.mondoo.com/cnquery/v10/providers-sdk/v1/upstream/mvd" "go.mondoo.com/cnquery/v10/providers-sdk/v1/upstream/mvd/cvss" - "go.mondoo.com/cnspec/v10/cli/components/advisories" + "go.mondoo.com/cnspec/v10/cli/reporter/vuln/advisories" ) func NewAdvisoryResultTable() AdvisoryResultTable { diff --git a/cli/reporter/cli_reporter.go b/cli/reporter/cli_reporter.go index 2ab0891c..d4e4a713 100644 --- a/cli/reporter/cli_reporter.go +++ b/cli/reporter/cli_reporter.go @@ -20,6 +20,7 @@ import ( "go.mondoo.com/cnquery/v10/providers-sdk/v1/upstream/mvd" "go.mondoo.com/cnquery/v10/shared" "go.mondoo.com/cnspec/v10/policy" + "go.mondoo.com/cnspec/v10/vuln" "sigs.k8s.io/yaml" ) @@ -199,11 +200,11 @@ func (r *Reporter) PrintVulns(data *mvd.VulnReport, target string) error { return errors.New("'junit' is not supported for vuln reports, please use one of the other formats") case CSV: writer := shared.IOWriter{Writer: r.out} - return VulnReportToCSV(data, &writer) + return vuln.VulnReportToCSV(data, &writer) case YAML: raw := bytes.Buffer{} writer := shared.IOWriter{Writer: &raw} - err := VulnReportToJSON(target, data, &writer) + err := vuln.VulnReportToJSON(target, data, &writer) if err != nil { return err } @@ -216,7 +217,7 @@ func (r *Reporter) PrintVulns(data *mvd.VulnReport, target string) error { return err case JSON: writer := shared.IOWriter{Writer: r.out} - return VulnReportToJSON(target, data, &writer) + return vuln.VulnReportToJSON(target, data, &writer) default: return errors.New("unknown reporter type, don't recognize this Format") } diff --git a/cli/components/advisories/report.go b/cli/reporter/vuln/advisories/report.go similarity index 100% rename from cli/components/advisories/report.go rename to cli/reporter/vuln/advisories/report.go diff --git a/cli/components/advisories/report_test.go b/cli/reporter/vuln/advisories/report_test.go similarity index 100% rename from cli/components/advisories/report_test.go rename to cli/reporter/vuln/advisories/report_test.go diff --git a/cli/reporter/csv_vuln.go b/cli/reporter/vuln/csv_vuln.go similarity index 96% rename from cli/reporter/csv_vuln.go rename to cli/reporter/vuln/csv_vuln.go index 27fa62f1..5b6d6300 100644 --- a/cli/reporter/csv_vuln.go +++ b/cli/reporter/vuln/csv_vuln.go @@ -1,7 +1,7 @@ // Copyright (c) Mondoo, Inc. // SPDX-License-Identifier: BUSL-1.1 -package reporter +package vuln import ( "encoding/csv" @@ -11,7 +11,7 @@ import ( "go.mondoo.com/cnquery/v10/providers-sdk/v1/upstream/mvd" "go.mondoo.com/cnquery/v10/shared" "go.mondoo.com/cnspec/v10/cli/components" - "go.mondoo.com/cnspec/v10/cli/components/advisories" + "go.mondoo.com/cnspec/v10/cli/reporter/vuln/advisories" ) type csvStruct struct { diff --git a/cli/reporter/csv_vuln_test.go b/cli/reporter/vuln/csv_vuln_test.go similarity index 97% rename from cli/reporter/csv_vuln_test.go rename to cli/reporter/vuln/csv_vuln_test.go index 6653df8f..0ff90a40 100644 --- a/cli/reporter/csv_vuln_test.go +++ b/cli/reporter/vuln/csv_vuln_test.go @@ -1,7 +1,7 @@ // Copyright (c) Mondoo, Inc. // SPDX-License-Identifier: BUSL-1.1 -package reporter +package vuln import ( "bytes" diff --git a/cli/reporter/json_vuln.go b/cli/reporter/vuln/json_vuln.go similarity index 98% rename from cli/reporter/json_vuln.go rename to cli/reporter/vuln/json_vuln.go index ef066901..3bf3c30b 100644 --- a/cli/reporter/json_vuln.go +++ b/cli/reporter/vuln/json_vuln.go @@ -1,7 +1,7 @@ // Copyright (c) Mondoo, Inc. // SPDX-License-Identifier: BUSL-1.1 -package reporter +package vuln import ( "encoding/json" @@ -13,7 +13,7 @@ import ( "go.mondoo.com/cnquery/v10/providers-sdk/v1/upstream/mvd" "go.mondoo.com/cnquery/v10/shared" "go.mondoo.com/cnspec/v10/cli/components" - "go.mondoo.com/cnspec/v10/cli/components/advisories" + "go.mondoo.com/cnspec/v10/cli/reporter/vuln/advisories" ) // advisoryPrintable is a snapshot of the fields that get exported diff --git a/cli/reporter/json_vuln_test.go b/cli/reporter/vuln/json_vuln_test.go similarity index 97% rename from cli/reporter/json_vuln_test.go rename to cli/reporter/vuln/json_vuln_test.go index 7994560f..2611a812 100644 --- a/cli/reporter/json_vuln_test.go +++ b/cli/reporter/vuln/json_vuln_test.go @@ -1,7 +1,7 @@ // Copyright (c) Mondoo, Inc. // SPDX-License-Identifier: BUSL-1.1 -package reporter +package vuln import ( "bytes" diff --git a/policy/scan/local_scanner.go b/policy/scan/local_scanner.go index ff70d0e6..da6abb7a 100644 --- a/policy/scan/local_scanner.go +++ b/policy/scan/local_scanner.go @@ -28,7 +28,7 @@ import ( "go.mondoo.com/cnquery/v10/providers-sdk/v1/inventory" "go.mondoo.com/cnquery/v10/providers-sdk/v1/plugin" "go.mondoo.com/cnquery/v10/providers-sdk/v1/upstream" - "go.mondoo.com/cnquery/v10/providers-sdk/v1/upstream/gql" + "go.mondoo.com/cnquery/v10/providers-sdk/v1/upstream/mvd" "go.mondoo.com/cnquery/v10/utils/multierr" "go.mondoo.com/cnquery/v10/utils/slicesx" "go.mondoo.com/cnspec/v10" @@ -517,18 +517,9 @@ func (s *LocalScanner) RunAssetJob(job *AssetJob) { upstream := s.upstreamServices(job.Ctx, job.UpstreamConfig) // The vuln report is relevant only when we have an aggregate reporter if vulnReporter, isAggregateReporter := job.Reporter.(VulnReporter); upstream != nil && isAggregateReporter { - // get new gql client - mondooClient, err := gql.NewClient(job.UpstreamConfig, s._upstreamClient.HttpClient) - if err != nil { - return - } - - gqlVulnReport, err := mondooClient.GetVulnCompactReport(job.Asset.Mrn) - if err != nil { - log.Error().Err(err).Msg("could not get vulnerability report") - return - } - vulnReporter.AddVulnReport(job.Asset, gqlVulnReport) + // TODO: implement new API to get the vuln report from server + vulnReport := &mvd.VulnReport{} + vulnReporter.AddVulnReport(job.Asset, vulnReport) } // When the progress bar is disabled there's no feedback when an asset is done scanning. Adding this message diff --git a/policy/scan/reporter.go b/policy/scan/reporter.go index d50f1954..54ecc533 100644 --- a/policy/scan/reporter.go +++ b/policy/scan/reporter.go @@ -5,7 +5,7 @@ package scan import ( "go.mondoo.com/cnquery/v10/providers-sdk/v1/inventory" - "go.mondoo.com/cnquery/v10/providers-sdk/v1/upstream/gql" + "go.mondoo.com/cnquery/v10/providers-sdk/v1/upstream/mvd" "go.mondoo.com/cnspec/v10/policy" ) @@ -17,7 +17,7 @@ type AssetReport struct { type VulnReporter interface { // AddVulnReport adds the vulnerability scan results to the reporter - AddVulnReport(asset *inventory.Asset, vulnReport *gql.VulnReport) + AddVulnReport(asset *inventory.Asset, vulnReport *mvd.VulnReport) } type Reporter interface { diff --git a/policy/scan/reporter_aggregate.go b/policy/scan/reporter_aggregate.go index a6a646dd..8dd0cdbc 100644 --- a/policy/scan/reporter_aggregate.go +++ b/policy/scan/reporter_aggregate.go @@ -7,7 +7,6 @@ import ( "github.com/hashicorp/go-multierror" "github.com/rs/zerolog/log" "go.mondoo.com/cnquery/v10/providers-sdk/v1/inventory" - "go.mondoo.com/cnquery/v10/providers-sdk/v1/upstream/gql" "go.mondoo.com/cnquery/v10/providers-sdk/v1/upstream/mvd" "go.mondoo.com/cnspec/v10/policy" ) @@ -54,15 +53,13 @@ func (r *AggregateReporter) AddReport(asset *inventory.Asset, results *AssetRepo } } -func (r *AggregateReporter) AddVulnReport(asset *inventory.Asset, vulnReport *gql.VulnReport) { +func (r *AggregateReporter) AddVulnReport(asset *inventory.Asset, vulnReport *mvd.VulnReport) { if vulnReport == nil { return } log.Debug().Str("asset", asset.Name).Msg("add scan result to report") - - mvdVulnReport := gql.ConvertToMvdVulnReport(vulnReport) r.assets[asset.Mrn] = asset - r.assetVulnReports[asset.Mrn] = mvdVulnReport + r.assetVulnReports[asset.Mrn] = vulnReport } func (r *AggregateReporter) AddScanError(asset *inventory.Asset, err error) { diff --git a/upstream/gql.go b/upstream/gql.go index c1aa895e..7d37e82f 100644 --- a/upstream/gql.go +++ b/upstream/gql.go @@ -5,12 +5,40 @@ package upstream import ( "context" + "encoding/json" + "go.mondoo.com/cnquery/v10/providers-sdk/v1/upstream" + "go.mondoo.com/mondoo-go/option" + "net/http" - "go.mondoo.com/cnquery/v10/providers-sdk/v1/upstream/gql" policy "go.mondoo.com/cnspec/v10/policy" mondoogql "go.mondoo.com/mondoo-go" ) +type MondooClient struct { + *mondoogql.Client +} + +// NewClient creates a new GraphQL client for the Mondoo API +// provide the http client used for rpc, to also pass in the proxy settings +func NewClient(upstream *upstream.UpstreamConfig, httpClient *http.Client) (*MondooClient, error) { + gqlEndpoint := upstream.ApiEndpoint + "/query" + creds, err := json.Marshal(upstream.Creds) + if err != nil { + return nil, err + } + // Initialize the client + gqlClient, err := mondoogql.NewClient( + option.WithEndpoint(gqlEndpoint), + option.WithHTTPClient(httpClient), + option.WithServiceAccount(creds), + ) + if err != nil { + return nil, err + } + + return &MondooClient{gqlClient}, nil +} + type PageInfo struct { StartCursor string `json:"startCursor"` EndCursor string `json:"endCursor"` @@ -25,9 +53,8 @@ type UpstreamPolicy struct { Assigned bool } -func SearchPolicy( +func (c *MondooClient) SearchPolicy( ctx context.Context, - c *gql.MondooClient, scopeMrn string, assingedOnly, includePublic, @@ -92,7 +119,7 @@ type Space struct { Name string } -func GetSpace(ctx context.Context, c *gql.MondooClient, mrn string) (*Space, error) { +func (c *MondooClient) GetSpace(ctx context.Context, mrn string) (*Space, error) { var q struct { Space Space `graphql:"space(mrn: $mrn)"` }