Skip to content

Commit

Permalink
- Added exclusion information to the analysis report (#99)
Browse files Browse the repository at this point in the history
  • Loading branch information
gadinaor-r7 authored Feb 14, 2024
1 parent ba68853 commit 98ac2d8
Show file tree
Hide file tree
Showing 2 changed files with 47 additions and 27 deletions.
65 changes: 38 additions & 27 deletions pkg/analysis/analysis.go
Original file line number Diff line number Diff line change
Expand Up @@ -258,8 +258,8 @@ func (a *analyzer) initialize() error {
return nil
}

func (a *analyzer) shouldExclude(subject map[string]interface{}, exclusions []*exclusion) (bool, error) {
for _, exclusion := range exclusions {
func (a *analyzer) shouldExclude(subject map[string]interface{}, exclusions []*exclusion) (bool, int, error) {
for i, exclusion := range exclusions {
if exclusion.exclusion.Disabled {
klog.V(7).Infof("Exclusion '%v' is disabled - skipping", exclusion.exclusion.Comment)
continue
Expand All @@ -275,20 +275,20 @@ func (a *analyzer) shouldExclude(subject map[string]interface{}, exclusions []*e
})

if err != nil {
return false, err
return false, i, err
}

exclude, ok := recommendationOutput.Value().(bool)
if !ok {
return false, fmt.Errorf("Failed to cast exclusion result '%v'", exclusion.exclusion.Comment)
return false, i, fmt.Errorf("Failed to cast exclusion result '%v'", exclusion.exclusion.Comment)
}

if exclude {
return true, nil
return true, i, nil
}
}

return false, nil
return false, 0, nil
}

func (a *analyzer) Analyze() (*AnalysisReport, error) {
Expand All @@ -301,8 +301,9 @@ func (a *analyzer) Analyze() (*AnalysisReport, error) {
Description: a.config.Description,
Uuid: a.config.Uuid,
},
CreatedOn: time.Now().Format(time.RFC3339),
Findings: []AnalysisReportFinding{},
CreatedOn: time.Now().Format(time.RFC3339),
Findings: []AnalysisReportFinding{},
ExclusionsInfo: []ExclusionInfo{},
}

errs := []error{}
Expand Down Expand Up @@ -339,20 +340,39 @@ func (a *analyzer) Analyze() (*AnalysisReport, error) {
for _, subject := range subjects {
sub := subject.(map[string]interface{})

exclude, err := a.shouldExclude(sub, rule.exclusions)
s := v1.Subject{}
if kind, exist := sub["kind"]; exist {
s.Kind = kind.(string)
}
if apiGroup, exist := sub["apiGroup"]; exist {
s.APIGroup = apiGroup.(string)
}
if name, exist := sub["name"]; exist {
s.Name = name.(string)
}
if namespace, exist := sub["namespace"]; exist {
s.Namespace = namespace.(string)
}

exclude, index, err := a.shouldExclude(sub, rule.exclusions)
if err != nil {
klog.Errorf("Failed to check exclusion for rule '%v' and subject %v - %v", rule.rule.Name, sub, err)
klog.Errorf("Failed to check exclusion for rule '%v' and subject %v - %v (exclusion #%v)", rule.rule.Name, sub, err, index+1)
errs = append(errs, err)
//Continue on error - assume malformed exception expression
}

if exclude {
analysisStats.ExclusionCount++
klog.V(5).Infof("Skipping subject '%v' from rule exclusion - %v", sub, rule.rule.Name)
klog.V(5).Infof("Skipping subject '%v' from rule exclusion - %v (exclusion #%v)", sub, rule.rule.Name, index+1)
ei := ExclusionInfo{
Subject: &s,
Message: fmt.Sprintf("For rule: \"%v\", subject excluded by the rule-level (#%v) - \"%v\" ", rule.rule.Name, index+1, rule.rule.Exclusions[index].Comment),
}
report.ExclusionsInfo = append(report.ExclusionsInfo, ei)
continue
}

exclude, err = a.shouldExclude(sub, a.globalExclusions)
exclude, index, err = a.shouldExclude(sub, a.globalExclusions)
if err != nil {
klog.Errorf("Failed to check global exclusion for rule '%v' and subject %v - %v", rule.rule.Name, sub, err)
errs = append(errs, err)
Expand All @@ -361,7 +381,12 @@ func (a *analyzer) Analyze() (*AnalysisReport, error) {

if exclude {
analysisStats.ExclusionCount++
klog.V(5).Infof("Skipping subject '%v' from rule exclusion - %v", sub, rule.rule.Name)
klog.V(5).Infof("Skipping subject '%v' from global exclusion - %v", s, index+1)
ei := ExclusionInfo{
Subject: &s,
Message: fmt.Sprintf("For rule: \"%v\", subject excluded by a global exclusion (#%v) - \"%v\" ", rule.rule.Name, index+1, a.globalExclusions[index].exclusion.Comment),
}
report.ExclusionsInfo = append(report.ExclusionsInfo, ei)
continue
}

Expand Down Expand Up @@ -389,20 +414,6 @@ func (a *analyzer) Analyze() (*AnalysisReport, error) {
References: rule.rule.References,
}

s := v1.Subject{}
if kind, exist := sub["kind"]; exist {
s.Kind = kind.(string)
}
if apiGroup, exist := sub["apiGroup"]; exist {
s.APIGroup = apiGroup.(string)
}
if name, exist := sub["name"]; exist {
s.Name = name.(string)
}
if namespace, exist := sub["namespace"]; exist {
s.Namespace = namespace.(string)
}

finding := AnalysisReportFinding{
Subject: &s,
Finding: info,
Expand Down
9 changes: 9 additions & 0 deletions pkg/analysis/report.go
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,8 @@ type AnalysisReport struct {
CreatedOn string

Findings []AnalysisReportFinding

ExclusionsInfo []ExclusionInfo
}

type AnalysisStats struct {
Expand Down Expand Up @@ -45,3 +47,10 @@ type AnalysisFinding struct {
//Documetation & additional reading references
References []string
}

type ExclusionInfo struct {
Subject *v1.Subject

//Exclusion Message
Message string
}

0 comments on commit 98ac2d8

Please sign in to comment.