-
Notifications
You must be signed in to change notification settings - Fork 818
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Add the debugging ability for scanning Helm chart #1215
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A good starting point for not breaking existing tests however I am missing unit tests as this PR introduces a quite amount of new code.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some nit.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for this great work!
Here are my few comments:
- I see there are some linter issues, please resolve them
- We are missing here unit tests. Please add unit tests to the
cautils
package and to theSARIF
printer. - Please keep your fork up-to-date with the master
- Please attach an example of the output. I suggest you set up a repository with a helm chart and a GitHub workflow so we can test this properly
- Please update the PR description
@MMMMMMorty can you rebase? |
Yes, I can do that. |
bf066e0
to
c6d0e48
Compare
@MMMMMMorty please notice the tests failed |
Yes, I noticed that. I guess it is the part in unit test, I will change them. |
49f3aa1
to
9bb1173
Compare
7ea6f4c
to
17d9323
Compare
48c25db
to
e2ffaf7
Compare
This is a great contribution that we would like to merge to Kubescape.
example
|
@dwertent For the printing problem, I will fix it soon. For the panic problem, I guess it mainly because I haven't updated this feature for a long time, I will fix it, too. |
Thank you! You can reproduce the panic by running
|
Signed-off-by: MMMMMMorty <465346562@qq.com>
Signed-off-by: mmmmmmorty <mmmmmmorty@outlook.com>
Signed-off-by: mmmmmmorty <mmmmmmorty@outlook.com>
Signed-off-by: mmmmmmorty <mmmmmmorty@outlook.com>
Signed-off-by: mmmmmmorty <mmmmmmorty@outlook.com>
Signed-off-by: mmmmmmorty <mmmmmmorty@outlook.com>
Signed-off-by: mmmmmmorty <mmmmmmorty@outlook.com>
Signed-off-by: mmmmmmorty <mmmmmmorty@outlook.com>
Overview
Mapping struct is defined in. 'mappingnode.go'. Three mapping objects are used, the connection among them is that one MappingNode represents one line in one template, MappingNodes represents one template, FileMapping represents one file, and one file can contain many template.
GetMapping function in GetWorkLoads function is to call yqlib package to form the FileMapping, which is the most important part.
Adding one more output FileMapping for GetWorkLoads function and change all the related functions which call it.
After that, I connect the Filemappingwith sarif Printer. After connecting, I can use the mapping to generate correct location and fixed object for helm chart.
Additional Information
Kubescape can scan helm chart files, however, Helm does not give information about which output line is coming from which input line.
For kubescape, there is no backward connection to the original sources file after the chart was templated.
More than that, Kubescape cannot not produce correct fixes for Helm charts.
How to Test
I have created the unit tests for filemapping in helmchart.go and sarif report.
In addition, I created a Github-action repository where I change docker image to my branch image, so I could test and use my branch there.
Examples
Here is the result example, the report format is sarif.
report.sarif.txt
For the helm chart object, it has correct locations and recommended fix objects