From e1554f22459edc48889774479665fc063c3077ae Mon Sep 17 00:00:00 2001 From: chenk Date: Wed, 3 Jan 2024 15:34:11 +0200 Subject: [PATCH] fix: update audit command to string (#90) * fix: update audit command to string Signed-off-by: chenk * fix: update audit command to string Signed-off-by: chenk * fix: update audit command to string Signed-off-by: chenk --------- Signed-off-by: chenk --- cmd/root.go | 2 +- cmd/util.go | 22 ++++++++++++++++++++-- cmd/util_test.go | 34 +++++++++++++++++++++++++++++++++- shell/powershell.go | 10 +++++----- shell/powershell_test.go | 4 ++-- 5 files changed, 61 insertions(+), 11 deletions(-) diff --git a/cmd/root.go b/cmd/root.go index 44a2d82..cfb83dd 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -63,7 +63,7 @@ var RootCmd = &cobra.Command{ glog.V(2).Info("Returning a PowerShell (Auditer) \n") return ps }) - return runChecks(b) + return runChecks(b, ps.OsType) }, } diff --git a/cmd/util.go b/cmd/util.go index b955ddd..de776a5 100644 --- a/cmd/util.go +++ b/cmd/util.go @@ -18,12 +18,13 @@ import ( "fmt" "path/filepath" + "github.com/aquasecurity/bench-common/check" commonCheck "github.com/aquasecurity/bench-common/check" "github.com/aquasecurity/bench-common/util" "github.com/golang/glog" ) -func runChecks(b commonCheck.Bench) error { +func runChecks(b commonCheck.Bench, serverType string) error { var version string var err error @@ -51,6 +52,12 @@ func runChecks(b commonCheck.Bench) error { summary := runControls(controls, checkList) + controls = updateControlCheck(controls, serverType) + + return outputResults(controls, summary) +} + +func updateControlCheck(controls *check.Controls, osType string) *check.Controls { // `runControls` can detect some items without correct `cmd`, and the state will be set `SKIP` // We should remove skipped controls, because there is no way to print them. for _, group := range controls.Groups { @@ -58,10 +65,21 @@ func runChecks(b commonCheck.Bench) error { if group.Checks[i].State == commonCheck.SKIP { group.Checks = append(group.Checks[:i], group.Checks[i+1:]...) } + group.Checks[i].Audit = getOsTypeAuditCommand(group.Checks[i].Audit, osType) } } - return outputResults(controls, summary) + return controls +} +func getOsTypeAuditCommand(audit interface{}, serverType string) string { + if a, ok := audit.(map[interface{}]interface{}); ok { + if cmd, ok := a["cmd"].(map[interface{}]interface{}); ok { + if val, ok := cmd[serverType].(string); ok { + return val + } + } + } + return fmt.Sprintf("%v", audit) } // loadConfig finds the correct config dir based on the kubernetes version, diff --git a/cmd/util_test.go b/cmd/util_test.go index 3e1eca1..4b9f231 100644 --- a/cmd/util_test.go +++ b/cmd/util_test.go @@ -21,7 +21,9 @@ import ( "strings" "testing" + "github.com/aquasecurity/bench-common/check" "github.com/stretchr/testify/assert" + "gopkg.in/yaml.v2" ) func TestLoadConfig(t *testing.T) { @@ -53,7 +55,7 @@ func TestLoadConfig(t *testing.T) { func TestRunChecks(t *testing.T) { b := getMockBench() - err := runChecks(b) + err := runChecks(b, "Server") var write bytes.Buffer outputWriter = &write if err != nil { @@ -61,3 +63,33 @@ func TestRunChecks(t *testing.T) { } assert.NoError(t, err) } + +func TestUpdateControl(t *testing.T) { + here, _ := os.Getwd() + // cfgDir is defined in root.go + type TestCase struct { + version string + cfgPath string + want string + } + + testCases := []TestCase{ + { + version: "2.0.0", + cfgPath: fmt.Sprintf("%s/../cfg", here), + want: "cfg/2.0.0/definitions.yaml", + }, + } + for _, tc := range testCases { + cfgDir = tc.cfgPath + config, err := loadConfig(tc.version) + assert.NoError(t, err) + f, err := os.ReadFile(config) + assert.NoError(t, err) + var c check.Controls + err = yaml.Unmarshal(f, &c) + assert.NoError(t, err) + got := updateControlCheck(&c, "DomainController") + assert.Equal(t, got.Groups[0].Checks[0].Audit.(string), "Get-ADDefaultDomainPasswordPolicy -Current LocalComputer | Select -ExpandProperty PasswordHistoryCount") + } +} diff --git a/shell/powershell.go b/shell/powershell.go index 30850b8..44f42b4 100644 --- a/shell/powershell.go +++ b/shell/powershell.go @@ -46,7 +46,7 @@ var memberServerRoles = []string{ type PowerShell struct { Cmd map[string]string sh ps.Shell - osType string + OsType string } type shellStarter interface { @@ -80,9 +80,9 @@ func NewPowerShell() (*PowerShell, error) { if err != nil { return nil, fmt.Errorf("Failed to get operating system type: %w", err) } - p.osType = osType + p.OsType = osType if osType == "Server" { - p.osType, err = getServerType(p) + p.OsType, err = getServerType(p) if err != nil { return nil, fmt.Errorf("failed to get server type: %w", err) } @@ -156,9 +156,9 @@ func (p *PowerShell) executeCommand() (string, error) { } func (p *PowerShell) commandForRuntimeOS() (string, error) { - cmd, found := p.Cmd[p.osType] + cmd, found := p.Cmd[p.OsType] if !found { - return "", errors.Wrap(errWrongOSType, fmt.Sprintf("Unable to find matching command for OS Type: %q", p.osType)) + return "", errors.Wrap(errWrongOSType, fmt.Sprintf("Unable to find matching command for OS Type: %q", p.OsType)) } return cmd, nil } diff --git a/shell/powershell_test.go b/shell/powershell_test.go index 332e6d9..54e1b9a 100644 --- a/shell/powershell_test.go +++ b/shell/powershell_test.go @@ -146,7 +146,7 @@ func TestExecute(t *testing.T) { osTypeCmd: testSpace + testPShellCommand + testSpace, // surrounded by spaces }, sh: &mockShell{}, - osType: osTypeCmd, + OsType: osTypeCmd, }, expectedResult: testPShellCommand, fail: false, @@ -157,7 +157,7 @@ func TestExecute(t *testing.T) { osTypeCmd: testSpace + testPShellCommand + testNewLine, // starts with space end with new lines }, sh: &mockShell{}, - osType: osTypeCmd, + OsType: osTypeCmd, }, expectedResult: testPShellCommand, fail: false,