From 19173c2385b50704a2b9389cd6da6fe2de4d67e7 Mon Sep 17 00:00:00 2001 From: Jose Hidalgo Date: Tue, 24 Oct 2023 14:31:03 -0400 Subject: [PATCH 1/8] resolving conflicts --- cmd/root.go | 2 +- internal/utils.go | 18 ++++++++++++++++++ 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/cmd/root.go b/cmd/root.go index f3e31ce..afa2b26 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -47,8 +47,8 @@ func Execute() { func init() { persistent := rootCmd.PersistentFlags() persistent.BoolP("disable_slack", "d", false, "Disable Slack alerts.") - persistent.StringP("config", "c", "config.toml", "Config file path.") + persistent.StringSliceP("reporters", "r", []string{"slack"}, "Specify a list of reporters for reporting vulnerabilities.") persistent.BoolP("quiet", "q", false, "Suppress all console output. (Mutually exclusive with 'verbose'.)") persistent.CountP("verbose", "v", "More verbose output. Specifying multiple times increases verbosity. (Mutually exclusive with 'quiet'.)") diff --git a/internal/utils.go b/internal/utils.go index 57bc09a..d75f082 100644 --- a/internal/utils.go +++ b/internal/utils.go @@ -24,6 +24,13 @@ func getString(flags *pflag.FlagSet, flag string) string { return s } +// getStringSlice return the []string value of a flag with the given name +func getStringSlice(flags *pflag.FlagSet, flag string) []string { + s, err := flags.GetStringSlice(flag) + checkErr(err) + return s +} + // GetProjectRootDir retrieves the root directory of the project func GetProjectRootDir() string { // Retrieve information about the caller @@ -32,3 +39,14 @@ func GetProjectRootDir() string { parentDir := filepath.Dir(callerDir) return parentDir } + +// stringInSlice checks if a string exists in a slice of strings. +// It returns true if the string is found in the slice, and false otherwise. +func stringInSlice(s string, slice []string) bool { + for _, item := range slice { + if item == s { + return true + } + } + return false +} From 6c8347325a2314212ac5d8fc7a67841ef2560e80 Mon Sep 17 00:00:00 2001 From: Jose Hidalgo Date: Tue, 24 Oct 2023 14:31:18 -0400 Subject: [PATCH 2/8] resolving conflicts --- go.mod | 2 +- go.sum | 2 ++ internal/scan.go | 1 + 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 6d8ee07..c26a665 100644 --- a/go.mod +++ b/go.mod @@ -12,7 +12,7 @@ require ( github.com/spf13/pflag v1.0.5 github.com/spf13/viper v1.16.0 github.com/stretchr/testify v1.8.3 - golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 + golang.org/x/exp v0.0.0-20231006140011-7918f672742d golang.org/x/oauth2 v0.8.0 golang.org/x/text v0.13.0 ) diff --git a/go.sum b/go.sum index e2bea29..9e332a7 100644 --- a/go.sum +++ b/go.sum @@ -220,6 +220,8 @@ golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EH golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 h1:k/i9J1pBpvlfR+9QsetwPyERsqu1GIbi967PQMq3Ivc= golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1/go.mod h1:V1LtkGg67GoY2N1AnLN78QLrzxkLyJw7RJb1gzOOz9w= +golang.org/x/exp v0.0.0-20231006140011-7918f672742d h1:jtJma62tbqLibJ5sFQz8bKtEM8rJBtfilJ2qTU199MI= +golang.org/x/exp v0.0.0-20231006140011-7918f672742d/go.mod h1:ldy0pHrwJyGW56pPQzzkH36rKxoZW1tw7ZJpeKx+hdo= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= diff --git a/internal/scan.go b/internal/scan.go index 4bd981b..9497f26 100644 --- a/internal/scan.go +++ b/internal/scan.go @@ -9,6 +9,7 @@ import ( "github.com/underdog-tech/vulnbot/reporting" "github.com/spf13/cobra" + "golang.org/x/exp/slices" ) func Scan(cmd *cobra.Command, args []string) { From 336a33371f7c968cff4d734285e7bb3d0a5a4b49 Mon Sep 17 00:00:00 2001 From: Jose Hidalgo Date: Tue, 24 Oct 2023 10:45:09 -0400 Subject: [PATCH 3/8] deprecates stringInSlice --- internal/utils.go | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) diff --git a/internal/utils.go b/internal/utils.go index d75f082..267c12c 100644 --- a/internal/utils.go +++ b/internal/utils.go @@ -38,15 +38,4 @@ func GetProjectRootDir() string { callerDir := path.Join(path.Dir(callerFile)) parentDir := filepath.Dir(callerDir) return parentDir -} - -// stringInSlice checks if a string exists in a slice of strings. -// It returns true if the string is found in the slice, and false otherwise. -func stringInSlice(s string, slice []string) bool { - for _, item := range slice { - if item == s { - return true - } - } - return false -} +} \ No newline at end of file From 73d5e66af74598b50fd50d6786130159e230082f Mon Sep 17 00:00:00 2001 From: Jose Hidalgo Date: Tue, 24 Oct 2023 10:45:32 -0400 Subject: [PATCH 4/8] newline --- internal/utils.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/utils.go b/internal/utils.go index 267c12c..6f738c8 100644 --- a/internal/utils.go +++ b/internal/utils.go @@ -38,4 +38,4 @@ func GetProjectRootDir() string { callerDir := path.Join(path.Dir(callerFile)) parentDir := filepath.Dir(callerDir) return parentDir -} \ No newline at end of file +} From 89192d29c75bb2dbae03f920c1f9042a1e379d99 Mon Sep 17 00:00:00 2001 From: Jose Hidalgo Date: Tue, 24 Oct 2023 14:32:36 -0400 Subject: [PATCH 5/8] using new config obj --- config/config.go | 2 +- internal/scan.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/config/config.go b/config/config.go index 1777d6a..7522c7b 100644 --- a/config/config.go +++ b/config/config.go @@ -19,7 +19,6 @@ type TeamConfig struct { type Config struct { Default_slack_channel string - Disable_slack bool Github_org string Slack_auth_token string Github_token string @@ -28,6 +27,7 @@ type Config struct { Severity []SeverityConfig Ecosystem []EcosystemConfig Team []TeamConfig + Reporters []string } func fileExists(fname string) bool { diff --git a/internal/scan.go b/internal/scan.go index 9497f26..f97c6e0 100644 --- a/internal/scan.go +++ b/internal/scan.go @@ -36,7 +36,7 @@ func Scan(cmd *cobra.Command, args []string) { // Load and report out to all configured reporters reporters := []reporting.Reporter{} - if !cfg.Disable_slack { + if slices.Contains(cfg.Reporters, "slack") { slackReporter, err := reporting.NewSlackReporter(&cfg) if err != nil { log.Error().Err(err).Msg("Failed to create Slack reporter.") From e81f3dafdbb0761f5efa7bd35772e4b1abeb9962 Mon Sep 17 00:00:00 2001 From: Jose Hidalgo Date: Tue, 24 Oct 2023 14:33:27 -0400 Subject: [PATCH 6/8] deprecates getStringSlice --- internal/utils.go | 7 ------- 1 file changed, 7 deletions(-) diff --git a/internal/utils.go b/internal/utils.go index 6f738c8..57bc09a 100644 --- a/internal/utils.go +++ b/internal/utils.go @@ -24,13 +24,6 @@ func getString(flags *pflag.FlagSet, flag string) string { return s } -// getStringSlice return the []string value of a flag with the given name -func getStringSlice(flags *pflag.FlagSet, flag string) []string { - s, err := flags.GetStringSlice(flag) - checkErr(err) - return s -} - // GetProjectRootDir retrieves the root directory of the project func GetProjectRootDir() string { // Retrieve information about the caller From 4d32bf91eef290136a243bb096eda7c92ccb3547 Mon Sep 17 00:00:00 2001 From: Jose Hidalgo Date: Wed, 25 Oct 2023 11:51:53 -0400 Subject: [PATCH 7/8] adding unit test --- cmd/root.go | 2 -- config/config_test.go | 7 +++++-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/cmd/root.go b/cmd/root.go index afa2b26..4173b36 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -46,10 +46,8 @@ func Execute() { func init() { persistent := rootCmd.PersistentFlags() - persistent.BoolP("disable_slack", "d", false, "Disable Slack alerts.") persistent.StringP("config", "c", "config.toml", "Config file path.") persistent.StringSliceP("reporters", "r", []string{"slack"}, "Specify a list of reporters for reporting vulnerabilities.") - persistent.BoolP("quiet", "q", false, "Suppress all console output. (Mutually exclusive with 'verbose'.)") persistent.CountP("verbose", "v", "More verbose output. Specifying multiple times increases verbosity. (Mutually exclusive with 'quiet'.)") diff --git a/config/config_test.go b/config/config_test.go index 5a86a12..b87800c 100644 --- a/config/config_test.go +++ b/config/config_test.go @@ -4,6 +4,7 @@ import ( "fmt" "os" "path/filepath" + "strings" "testing" "github.com/stretchr/testify/assert" @@ -80,7 +81,8 @@ func TestGetUserConfigFromFile(t *testing.T) { } func TestGetUserConfigFromEnv(t *testing.T) { - t.Setenv("VULNBOT_DISABLE_SLACK", "1") + sliceAsStrings := strings.Join([]string{"slack"}, ",") + t.Setenv("VULNBOT_REPORTERS", sliceAsStrings) t.Setenv("VULNBOT_GITHUB_ORG", "hitchhikers") // This should override the config file t.Setenv("VULNBOT_DEFAULT_SLACK_CHANNEL", "other_slack_channel") @@ -91,7 +93,8 @@ func TestGetUserConfigFromEnv(t *testing.T) { cfg, err := config.GetUserConfig(testDataPath) assert.Nil(t, err) - assert.True(t, cfg.Disable_slack) + deserializedSlice := strings.Split(sliceAsStrings, ",") + assert.Equal(t, deserializedSlice, cfg.Reporters) assert.Equal(t, "hitchhikers", cfg.Github_org) assert.Equal(t, "other_slack_channel", cfg.Default_slack_channel) } From 965ffdb10c2d0169ffa6ef9ab39c39130c195a8e Mon Sep 17 00:00:00 2001 From: Jose Hidalgo Date: Wed, 25 Oct 2023 19:05:16 -0400 Subject: [PATCH 8/8] new updates --- cmd/root.go | 2 +- config/config_test.go | 7 ++----- internal/scan.go | 5 ++++- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/cmd/root.go b/cmd/root.go index 4173b36..2d5e42c 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -47,7 +47,7 @@ func Execute() { func init() { persistent := rootCmd.PersistentFlags() persistent.StringP("config", "c", "config.toml", "Config file path.") - persistent.StringSliceP("reporters", "r", []string{"slack"}, "Specify a list of reporters for reporting vulnerabilities.") + persistent.StringSliceP("reporters", "r", []string{"slack", "console"}, "Specify a list of reporters for reporting vulnerabilities.") persistent.BoolP("quiet", "q", false, "Suppress all console output. (Mutually exclusive with 'verbose'.)") persistent.CountP("verbose", "v", "More verbose output. Specifying multiple times increases verbosity. (Mutually exclusive with 'quiet'.)") diff --git a/config/config_test.go b/config/config_test.go index b87800c..774a57d 100644 --- a/config/config_test.go +++ b/config/config_test.go @@ -4,7 +4,6 @@ import ( "fmt" "os" "path/filepath" - "strings" "testing" "github.com/stretchr/testify/assert" @@ -81,8 +80,7 @@ func TestGetUserConfigFromFile(t *testing.T) { } func TestGetUserConfigFromEnv(t *testing.T) { - sliceAsStrings := strings.Join([]string{"slack"}, ",") - t.Setenv("VULNBOT_REPORTERS", sliceAsStrings) + t.Setenv("VULNBOT_REPORTERS", "slack") t.Setenv("VULNBOT_GITHUB_ORG", "hitchhikers") // This should override the config file t.Setenv("VULNBOT_DEFAULT_SLACK_CHANNEL", "other_slack_channel") @@ -93,8 +91,7 @@ func TestGetUserConfigFromEnv(t *testing.T) { cfg, err := config.GetUserConfig(testDataPath) assert.Nil(t, err) - deserializedSlice := strings.Split(sliceAsStrings, ",") - assert.Equal(t, deserializedSlice, cfg.Reporters) + assert.Equal(t, []string{"slack"}, cfg.Reporters) assert.Equal(t, "hitchhikers", cfg.Github_org) assert.Equal(t, "other_slack_channel", cfg.Default_slack_channel) } diff --git a/internal/scan.go b/internal/scan.go index f97c6e0..ed7390a 100644 --- a/internal/scan.go +++ b/internal/scan.go @@ -45,7 +45,10 @@ func Scan(cmd *cobra.Command, args []string) { } } - reporters = append(reporters, &reporting.ConsoleReporter{Config: &cfg}) + if slices.Contains(cfg.Reporters, "console") { + reporters = append(reporters, &reporting.ConsoleReporter{Config: &cfg}) + } + reportTime := time.Now().UTC() wg := new(sync.WaitGroup)