Skip to content

Commit

Permalink
refactor: import dataclasses from cc-utils / pipeline-template
Browse files Browse the repository at this point in the history
Reduce dependencies from delivery-service-repository towards cc-utils
(in particular such dependenceis against cc-util's pipeline-template).

As GithubIssueTemplateCfg is quite a trivial datastructure, copy it for
now (will be deduplicated again by planned mv of upstream
github.compliance-package - which is currently blocked by remaining,
pipeline-based scans (CX + OS-id), yet to be migrated into
ocm-gear-extensions).

LicenseCfg was not longer used within cc-utils.
  • Loading branch information
ccwienk committed Dec 9, 2024
1 parent 282d09d commit 3b9a29e
Show file tree
Hide file tree
Showing 3 changed files with 68 additions and 37 deletions.
3 changes: 1 addition & 2 deletions bdba/scanning.py
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,6 @@
import cnudie.access
import cnudie.iter
import cnudie.retrieve
import concourse.model.traits.image_scan as image_scan
import delivery.client
import dso.cvss
import dso.labels
Expand Down Expand Up @@ -283,7 +282,7 @@ def process(
known_scan_results: tuple[bm.Product],
processing_mode: bm.ProcessingMode,
delivery_client: delivery.client.DeliveryServiceClient=None,
license_cfg: image_scan.LicenseCfg=None,
license_cfg: config.LicenseCfg=None,
cve_rescoring_ruleset: rescore.model.CveRescoringRuleSet=None,
auto_assess_max_severity: dso.cvss.CVESeverity=dso.cvss.CVESeverity.MEDIUM,
use_product_cache: bool=True,
Expand Down
4 changes: 2 additions & 2 deletions bdba/util.py
Original file line number Diff line number Diff line change
Expand Up @@ -9,12 +9,12 @@

import ci.log
import cnudie.iter
import concourse.model.traits.image_scan as image_scan
import delivery.client
import dso.model
import github.compliance.model as gcm
import github.compliance.report as gcr

import config
import bdba.model as bm


Expand Down Expand Up @@ -47,7 +47,7 @@ def iter_existing_findings(
def iter_artefact_metadata(
scanned_element: cnudie.iter.ResourceNode,
scan_result: bm.AnalysisResult,
license_cfg: image_scan.LicenseCfg=None,
license_cfg: config.LicenseCfg=None,
delivery_client: delivery.client.DeliveryServiceClient=None,
) -> collections.abc.Generator[dso.model.ArtefactMetadata, None, None]:
now = datetime.datetime.now(tz=datetime.timezone.utc)
Expand Down
98 changes: 65 additions & 33 deletions config.py
Original file line number Diff line number Diff line change
Expand Up @@ -3,12 +3,12 @@
import datetime
import enum
import logging
import re

import dacite
import github3
import github3.repos

import concourse.model.traits.image_scan as image_scan
import cnudie.iter
import dso.cvss
import dso.model
Expand Down Expand Up @@ -94,6 +94,64 @@ class ClamAVConfig:
artefact_types: tuple[str]


@dataclasses.dataclass(frozen=True)
class FindingTypeIssueReplicationCfgBase:
'''
:param str finding_type:
finding type this configuration should be applied for
(see cc-utils dso/model.py for available "Datatype"s)
:param bool enable_issue_assignees
:param bool enable_issue_per_finding:
when set to true issues are created per finding for a
specific artefact as oppsed to a single issue with
all findings
'''
finding_type: str
enable_issue_assignees: bool
enable_issue_per_finding: bool


@dataclasses.dataclass(frozen=True)
class VulnerabilityIssueReplicationCfg(FindingTypeIssueReplicationCfgBase):
'''
:param int cve_threshold:
vulnerability findings below this threshold won't be reported in the issue(s)
'''
cve_threshold: int


@dataclasses.dataclass(frozen=True)
class GithubIssueTemplateCfg:
'''
a github-issue-template specific for an issue-type
note: this class was copy-pasted from https://github.com/gardener/cc-utils (where it is
planned for removal). Should not be changed incompatibly until removal is done upstream.
'''
body: str
type: str


@dataclasses.dataclass
class LicenseCfg:
'''
configures license policies for discovered licences
licenses are configured as lists of regular expressions (matching is done case-insensitive)
'''
prohibited_licenses: list[str] = None

def is_allowed(self, license: str):
if not self.prohibited_licenses:
return True

for prohibited in self.prohibited_licenses:
if re.fullmatch(prohibited, license, re.IGNORECASE):
return False
else:
return True


@dataclasses.dataclass(frozen=True)
class BDBAConfig:
'''
Expand Down Expand Up @@ -141,37 +199,11 @@ class BDBAConfig:
node_filter: collections.abc.Callable[[cnudie.iter.Node], bool]
cve_rescoring_ruleset: rescore.model.CveRescoringRuleSet | None
auto_assess_max_severity: dso.cvss.CVESeverity
license_cfg: image_scan.LicenseCfg
license_cfg: LicenseCfg
delete_inactive_products_after_seconds: int
blacklist_finding_types: set[str]


@dataclasses.dataclass(frozen=True)
class FindingTypeIssueReplicationCfgBase:
'''
:param str finding_type:
finding type this configuration should be applied for
(see cc-utils dso/model.py for available "Datatype"s)
:param bool enable_issue_assignees
:param bool enable_issue_per_finding:
when set to true issues are created per finding for a
specific artefact as oppsed to a single issue with
all findings
'''
finding_type: str
enable_issue_assignees: bool
enable_issue_per_finding: bool


@dataclasses.dataclass(frozen=True)
class VulnerabilityIssueReplicationCfg(FindingTypeIssueReplicationCfgBase):
'''
:param int cve_threshold:
vulnerability findings below this threshold won't be reported in the issue(s)
'''
cve_threshold: int


@dataclasses.dataclass(frozen=True)
class IssueReplicatorConfig:
'''
Expand Down Expand Up @@ -206,11 +238,11 @@ class IssueReplicatorConfig:
delivery_dashboard_url: str
replication_interval: int
lookup_new_backlog_item_interval: int
license_cfg: image_scan.LicenseCfg
license_cfg: LicenseCfg
max_processing_days: github.compliance.model.MaxProcessingTimesDays
github_api_lookup: collections.abc.Callable[[str], github3.GitHub]
github_issues_repository: github3.repos.Repository
github_issue_template_cfgs: tuple[image_scan.GithubIssueTemplateCfg]
github_issue_template_cfgs: tuple[GithubIssueTemplateCfg]
github_issue_labels_to_preserve: set[str]
number_included_closed_issues: int
artefact_types: tuple[str]
Expand Down Expand Up @@ -617,7 +649,7 @@ def deserialise_bdba_config(
default_config=default_config,
default_value=[],
)
license_cfg = image_scan.LicenseCfg(prohibited_licenses=prohibited_licenses)
license_cfg = LicenseCfg(prohibited_licenses=prohibited_licenses)

delete_inactive_products_after_seconds = deserialise_config_property(
config=bdba_config,
Expand Down Expand Up @@ -799,7 +831,7 @@ def deserialise_issue_replicator_config(
default_config=default_config,
default_value=[],
)
license_cfg = image_scan.LicenseCfg(prohibited_licenses=prohibited_licenses)
license_cfg = LicenseCfg(prohibited_licenses=prohibited_licenses)

max_processing_days_raw = deserialise_config_property(
config=issue_replicator_config,
Expand Down Expand Up @@ -836,7 +868,7 @@ def deserialise_issue_replicator_config(
)
github_issue_template_cfgs = tuple(
dacite.from_dict(
data_class=image_scan.GithubIssueTemplateCfg,
data_class=GithubIssueTemplateCfg,
data=ghit,
) for ghit in github_issue_templates
)
Expand Down

0 comments on commit 3b9a29e

Please sign in to comment.