Skip to content

Commit 869f4d2

Browse files
author
Jop Zitman
committed
Rename ScanAnnotationSelector to ScopeLimiter and SelectorAttributeMappings to ScopeLimiterAliases
Signed-off-by: Jop Zitman <jop.zitman@secura.com>
1 parent da3eeae commit 869f4d2

16 files changed

Lines changed: 200 additions & 200 deletions

hooks/cascading-scans/hook/hook.test.js

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@
55
const { getCascadingScans } = require("./hook");
66
const {LabelSelectorRequirementOperator} = require("./kubernetes-label-selector");
77
const {
8-
ScanAnnotationSelectorRequirementOperator,
8+
ScopeLimiterRequirementOperator,
99
} = require("./reverse-matches");
1010

1111
let parentScan = undefined;
@@ -29,7 +29,7 @@ beforeEach(() => {
2929
parseDefinition = {
3030
meta: {},
3131
spec: {
32-
selectorAttributeMappings: {},
32+
scopeLimiterAliases: {},
3333
},
3434
}
3535

@@ -2148,13 +2148,13 @@ test("should append cascading rule to further cascading scan chains", () => {
21482148
expect(secondCascadedScan.metadata.annotations["cascading.securecodebox.io/chain"]).toEqual("tls-scans,tls-scans-second")
21492149
});
21502150

2151-
test("should not cascade if scan annotation selector does not match", () => {
2151+
test("should not cascade if scope limiter does not pass", () => {
21522152
parentScan.metadata.annotations["scope.cascading.securecodebox.io/ports"] = "80,443";
2153-
parentScan.spec.cascades.scanAnnotationSelector = {
2153+
parentScan.spec.cascades.scopeLimiter = {
21542154
allOf: [
21552155
{
21562156
key: "scope.cascading.securecodebox.io/ports",
2157-
operator: ScanAnnotationSelectorRequirementOperator.Contains,
2157+
operator: ScopeLimiterRequirementOperator.Contains,
21582158
values: ["{{$.port}}"],
21592159
},
21602160
],
@@ -2183,7 +2183,7 @@ test("should not cascade if scan annotation selector does not match", () => {
21832183
},
21842184
];
21852185

2186-
parseDefinition.spec.selectorAttributeMappings["port"] = "{{attributes.port}}";
2186+
parseDefinition.spec.scopeLimiterAliases["port"] = "{{attributes.port}}";
21872187

21882188
const cascadedScans = getCascadingScans(
21892189
parentScan,
@@ -2221,7 +2221,7 @@ test("should not cascade if scan annotation selector does not match", () => {
22212221
},
22222222
"spec": Object {
22232223
"cascades": Object {
2224-
"scanAnnotationSelector": Object {
2224+
"scopeLimiter": Object {
22252225
"allOf": Array [
22262226
Object {
22272227
"key": "scope.cascading.securecodebox.io/ports",

hooks/cascading-scans/hook/hook.ts

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -116,17 +116,17 @@ function getScansMatchingRule(
116116
for (const finding of findings) {
117117
// Check if the scan matches for the current finding
118118
const reverseMatches = isReverseMatch(
119-
parentScan.spec.cascades.scanAnnotationSelector,
119+
parentScan.spec.cascades.scopeLimiter,
120120
parentScan.metadata.annotations,
121121
finding,
122-
parseDefinition.spec.selectorAttributeMappings,
122+
parseDefinition.spec.scopeLimiterAliases,
123123
);
124124

125125
if (!reverseMatches) {
126-
console.log(`Cascading Rule ${cascadingRule.metadata.name} not triggered as scan annotation selector did not match`);
126+
console.log(`Cascading Rule ${cascadingRule.metadata.name} not triggered as scope limiter did not pass`);
127127
console.log(`Scan annotations ${parentScan.metadata.annotations}`);
128-
console.log(`Scan annotation selector ${parentScan.spec.cascades.scanAnnotationSelector}`);
129-
console.log(`Selector Attribute Mappings ${parseDefinition.spec.selectorAttributeMappings}`);
128+
console.log(`Scope limiter ${parentScan.spec.cascades.scopeLimiter}`);
129+
console.log(`Scope limiter aliases ${parseDefinition.spec.scopeLimiterAliases}`);
130130
console.log(`Finding ${finding}`);
131131
continue;
132132
}

hooks/cascading-scans/hook/reverse-matches.test.js

Lines changed: 26 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@
55
const { isReverseMatch } = require("./reverse-matches");
66

77
test("Should error if selecting an invalid key", () => {
8-
const scanAnnotationSelector = {
8+
const scopeLimiter = {
99
validOnMissingRender: false,
1010
allOf: [
1111
{
@@ -22,7 +22,7 @@ test("Should error if selecting an invalid key", () => {
2222
};
2323

2424
const cascadedScans = () => isReverseMatch(
25-
scanAnnotationSelector,
25+
scopeLimiter,
2626
{},
2727
finding,
2828
{}
@@ -35,7 +35,7 @@ test("Matches using templates populated with finding", () => {
3535
const annotations = {
3636
"scope.cascading.securecodebox.io/domains": "example.com,subdomain.example.com",
3737
}
38-
const scanAnnotationSelector = {
38+
const scopeLimiter = {
3939
validOnMissingRender: false,
4040
allOf: [
4141
{
@@ -52,7 +52,7 @@ test("Matches using templates populated with finding", () => {
5252
};
5353

5454
const cascadedScans = isReverseMatch(
55-
scanAnnotationSelector,
55+
scopeLimiter,
5656
annotations,
5757
finding,
5858
{}
@@ -65,7 +65,7 @@ test("Does not match using if selector does not match", () => {
6565
const annotations = {
6666
"scope.cascading.securecodebox.io/domains": "subdomain.example.com",
6767
}
68-
const scanAnnotationSelector = {
68+
const scopeLimiter = {
6969
validOnMissingRender: false,
7070
allOf: [
7171
{
@@ -82,7 +82,7 @@ test("Does not match using if selector does not match", () => {
8282
};
8383

8484
const cascadedScans = isReverseMatch(
85-
scanAnnotationSelector,
85+
scopeLimiter,
8686
annotations,
8787
finding,
8888
{}
@@ -95,7 +95,7 @@ test("Does not match if one of selector types does not match", () => {
9595
const annotations = {
9696
"scope.cascading.securecodebox.io/domains": "example.com",
9797
}
98-
const scanAnnotationSelector = {
98+
const scopeLimiter = {
9999
validOnMissingRender: false,
100100
allOf: [
101101
{
@@ -119,7 +119,7 @@ test("Does not match if one of selector types does not match", () => {
119119
};
120120

121121
const cascadedScans = isReverseMatch(
122-
scanAnnotationSelector,
122+
scopeLimiter,
123123
annotations,
124124
finding,
125125
{}
@@ -132,7 +132,7 @@ test("Matches InCIDR if attributes.ip in subnet", () => {
132132
const annotations = {
133133
"scope.cascading.securecodebox.io/cidr": "10.0.0.0/16",
134134
}
135-
const scanAnnotationSelector = {
135+
const scopeLimiter = {
136136
validOnMissingRender: false,
137137
allOf: [
138138
{
@@ -149,7 +149,7 @@ test("Matches InCIDR if attributes.ip in subnet", () => {
149149
};
150150

151151
const cascadedScans = isReverseMatch(
152-
scanAnnotationSelector,
152+
scopeLimiter,
153153
annotations,
154154
finding,
155155
{}
@@ -162,7 +162,7 @@ test("Does not match InCIDR if attributes.ip not in subnet", () => {
162162
const annotations = {
163163
"scope.cascading.securecodebox.io/cidr": "10.0.0.0/32",
164164
}
165-
const scanAnnotationSelector = {
165+
const scopeLimiter = {
166166
validOnMissingRender: false,
167167
allOf: [
168168
{
@@ -179,7 +179,7 @@ test("Does not match InCIDR if attributes.ip not in subnet", () => {
179179
};
180180

181181
const cascadedScans = isReverseMatch(
182-
scanAnnotationSelector,
182+
scopeLimiter,
183183
annotations,
184184
finding,
185185
{}
@@ -192,7 +192,7 @@ test("Matches using templates populated with finding and a mapped selector", ()
192192
const annotations = {
193193
"scope.cascading.securecodebox.io/domains": "example.com,subdomain.example.com",
194194
}
195-
const scanAnnotationSelector = {
195+
const scopeLimiter = {
196196
requiresMapping: false,
197197
validOnMissingRender: false,
198198
allOf: [
@@ -209,15 +209,15 @@ test("Matches using templates populated with finding and a mapped selector", ()
209209
}
210210
};
211211

212-
const selectorAttributeMappings = {
212+
const scopeLimiterAliases = {
213213
"hostname": "{{attributes.hostname}}",
214214
}
215215

216216
const cascadedScans = isReverseMatch(
217-
scanAnnotationSelector,
217+
scopeLimiter,
218218
annotations,
219219
finding,
220-
selectorAttributeMappings
220+
scopeLimiterAliases
221221
);
222222

223223
expect(cascadedScans).toBe(true);
@@ -227,7 +227,7 @@ test("Matches if mapping is not available: validOnMissingRender true", () => {
227227
const annotations = {
228228
"scope.cascading.securecodebox.io/domains": "example.com,subdomain.example.com",
229229
}
230-
const scanAnnotationSelector = {
230+
const scopeLimiter = {
231231
validOnMissingRender: true,
232232
allOf: [
233233
{
@@ -239,7 +239,7 @@ test("Matches if mapping is not available: validOnMissingRender true", () => {
239239
}
240240

241241
const cascadedScans = isReverseMatch(
242-
scanAnnotationSelector,
242+
scopeLimiter,
243243
annotations,
244244
{},
245245
{},
@@ -252,7 +252,7 @@ test("Does not match if mapping is not available: validOnMissingRender false", (
252252
const annotations = {
253253
"scope.cascading.securecodebox.io/domains": "example.com,subdomain.example.com",
254254
}
255-
const scanAnnotationSelector = {
255+
const scopeLimiter = {
256256
validOnMissingRender: false,
257257
allOf: [
258258
{
@@ -264,7 +264,7 @@ test("Does not match if mapping is not available: validOnMissingRender false", (
264264
}
265265

266266
const cascadedScans = isReverseMatch(
267-
scanAnnotationSelector,
267+
scopeLimiter,
268268
annotations,
269269
{},
270270
{},
@@ -277,7 +277,7 @@ test("Matches subdomainOf if is subdomain", () => {
277277
const annotations = {
278278
"scope.cascading.securecodebox.io/domain": "example.com",
279279
}
280-
const scanAnnotationSelector = {
280+
const scopeLimiter = {
281281
validOnMissingRender: false,
282282
allOf: [
283283
{
@@ -295,7 +295,7 @@ test("Matches subdomainOf if is subdomain", () => {
295295
};
296296

297297
const cascadedScans = isReverseMatch(
298-
scanAnnotationSelector,
298+
scopeLimiter,
299299
annotations,
300300
finding,
301301
{},
@@ -308,7 +308,7 @@ test("Does not match subdomainOf if is not subdomain", () => {
308308
const annotations = {
309309
"scope.cascading.securecodebox.io/domain": "example.com",
310310
}
311-
const scanAnnotationSelector = {
311+
const scopeLimiter = {
312312
validOnMissingRender: false,
313313
allOf: [
314314
{
@@ -326,7 +326,7 @@ test("Does not match subdomainOf if is not subdomain", () => {
326326
};
327327

328328
const cascadedScans = isReverseMatch(
329-
scanAnnotationSelector,
329+
scopeLimiter,
330330
annotations,
331331
finding,
332332
{},
@@ -336,7 +336,7 @@ test("Does not match subdomainOf if is not subdomain", () => {
336336
});
337337

338338
test("Throws errors when missing fields", () => {
339-
const scanAnnotationSelector = {
339+
const scopeLimiter = {
340340
validOnMissingRender: false,
341341
allOf: [
342342
{
@@ -354,7 +354,7 @@ test("Throws errors when missing fields", () => {
354354
};
355355

356356
const cascadedScans = () => isReverseMatch(
357-
scanAnnotationSelector,
357+
scopeLimiter,
358358
{},
359359
finding,
360360
{},

0 commit comments

Comments
 (0)