review feedback: stop reading an environmental variable inside a func…

…tion, and instead use the viper library for that

cmd/vulcan-api/commands.go

@@ -146,22 +146,27 @@ type awsCatalogueConfig struct {
 	RetryInterval int    `mapstructure:"retry_interval"`
 }
 
+type dnsHostnameValidation struct {
+	DnsHostnameValidation string `mapstructure:"dns_hostname_validation"`
+}
+
 type config struct {
-	Server             serverConfig
-	DB                 dbConfig
-	Log                logConfig
-	SAML               samlConfig
-	Defaults           store.DefaultEntities
-	ScanEngine         scanengine.Config
-	Scheduler          schedule.Config
-	Reports            reports.Config
-	VulcanCore         vulcanCoreConfig
-	VulnerabilityDB    vulnerabilityDBConfig
-	VulcanTracker      vulcantrackerConfig
-	Metrics            metricsConfig
-	AWSCatalogue       awsCatalogueConfig
-	Kafka              kafkaConfig               `mapstructure:"kafka"`
-	GlobalPolicyConfig global.GlobalPolicyConfig `mapstructure:"globalpolicy"`
+	Server                serverConfig
+	DB                    dbConfig
+	Log                   logConfig
+	SAML                  samlConfig
+	Defaults              store.DefaultEntities
+	ScanEngine            scanengine.Config
+	Scheduler             schedule.Config
+	Reports               reports.Config
+	VulcanCore            vulcanCoreConfig
+	VulnerabilityDB       vulnerabilityDBConfig
+	VulcanTracker         vulcantrackerConfig
+	Metrics               metricsConfig
+	AWSCatalogue          awsCatalogueConfig
+	Kafka                 kafkaConfig               `mapstructure:"kafka"`
+	GlobalPolicyConfig    global.GlobalPolicyConfig `mapstructure:"globalpolicy"`
+	DnsHostnameValidation dnsHostnameValidation
 }
 
 func initConfig() {
@@ -277,7 +282,7 @@ func startServer() error {
 	// Add global middleware to the vulcanito service.
 	vulcanitoService = globalMiddleware(vulcanitoService)
 
-	endpoints := endpoint.MakeEndpoints(vulcanitoService, vulcantrackerClient != nil, logger)
+	endpoints := endpoint.MakeEndpoints(vulcanitoService, vulcantrackerClient != nil, logger, strings.EqualFold(cfg.DnsHostnameValidation.DnsHostnameValidation, "true"))
 
 	endpoints = addAuthorizationMiddleware(endpoints, db, logger)
 	endpoints = addWhitelistingMiddleware(endpoints, logger)

config.toml

@@ -71,3 +71,6 @@ topics = $KAFKA_TOPICS
 # Leave this entry at the end so run.sh can fill dynamically
 # global program policy configurations accordingly.
 [globalpolicy]
+
+[assets]
+dns_hostname_validaton = "$DNS_HOSTNAME_VALIDATION"

pkg/api/asset.go

@@ -57,7 +57,7 @@ func validateAWSARN(arn string) bool {
 }
 
 // Validate checks if an asset is valid.
-func (a Asset) Validate() error {
+func (a Asset) Validate(dnsHostnameValidation bool) error {
 	err := validator.New().Struct(a)
 	if err != nil {
 		return errors.Validation(err)
@@ -68,14 +68,12 @@ func (a Asset) Validate() error {
 
 	switch a.AssetType.Name {
 	case "Hostname":
-		if os.Getenv("VULCAN_HOSTNAME_VALIDATION_WITH_DNS") == "false" {
-			if !types.IsHostnameNoDnsResolution(a.Identifier) {
-				return errors.Validation("Identifier is not a valid Hostname")
-			}
-		} else {
+		if dnsHostnameValidation {
 			if !types.IsHostname(a.Identifier) {
 				return errors.Validation("Identifier is not a valid Hostname")
 			}
+		} else if !types.IsHostnameNoDnsResolution(a.Identifier) {
+			return errors.Validation("Identifier is not a valid Hostname")
 		}
 	case "AWSAccount":
 		if !validateAWSARN(a.Identifier) || !types.IsAWSARN(a.Identifier) {

pkg/api/endpoint/assets.go

@@ -85,7 +85,7 @@ func makeListAssetsEndpoint(s api.VulcanitoService, logger kitlog.Logger) endpoi
 }
 
 // makeCreateAssetEndpoint returns an endpoint that creates new assets.
-func makeCreateAssetEndpoint(s api.VulcanitoService, logger kitlog.Logger) endpoint.Endpoint {
+func makeCreateAssetEndpoint(s api.VulcanitoService, logger kitlog.Logger, dnsHostnameValidation bool) endpoint.Endpoint {
 	return func(ctx context.Context, request interface{}) (interface{}, error) {
 		// We are expecting an assets list.
 		requestBody, ok := request.(*AssetsListRequest)
@@ -115,7 +115,7 @@ func makeCreateAssetEndpoint(s api.VulcanitoService, logger kitlog.Logger) endpo
 		annotations := requestBody.Annotations.ToModel()
 
 		// Ask for the service layer to create the assets.
-		createdAssets, err := s.CreateAssets(ctx, assets, groups, annotations)
+		createdAssets, err := s.CreateAssets(ctx, assets, groups, annotations, dnsHostnameValidation)
 		if err != nil {
 			return nil, err
 		}
@@ -132,7 +132,7 @@ func makeCreateAssetEndpoint(s api.VulcanitoService, logger kitlog.Logger) endpo
 }
 
 // makeCreateAssetMultiStatusEndpoint returns an endpoint that creates new assets.
-func makeCreateAssetMultiStatusEndpoint(s api.VulcanitoService, logger kitlog.Logger) endpoint.Endpoint {
+func makeCreateAssetMultiStatusEndpoint(s api.VulcanitoService, logger kitlog.Logger, dnsHostnameValidation bool) endpoint.Endpoint {
 	return func(ctx context.Context, request interface{}) (interface{}, error) {
 		// We are expecting an assets list.
 		requestBody, ok := request.(*AssetsListRequest)
@@ -162,7 +162,7 @@ func makeCreateAssetMultiStatusEndpoint(s api.VulcanitoService, logger kitlog.Lo
 		annotations := requestBody.Annotations.ToModel()
 
 		// Ask for the service layer to create the assets.
-		responses, err := s.CreateAssetsMultiStatus(ctx, assets, groups, annotations)
+		responses, err := s.CreateAssetsMultiStatus(ctx, assets, groups, annotations, dnsHostnameValidation)
 		if err != nil {
 			return nil, err
 		}

pkg/api/endpoint/endpoints.go

@@ -127,7 +127,7 @@ type Endpoints map[string]endpoint.Endpoint
 var endpoints = make(Endpoints)
 
 // MakeEndpoints initialize endpoints using the given service
-func MakeEndpoints(s api.VulcanitoService, isJiraIntEnabled bool, logger log.Logger) Endpoints {
+func MakeEndpoints(s api.VulcanitoService, isJiraIntEnabled bool, logger log.Logger, dnsHostnameValidation bool) Endpoints {
 	endpoints[Healthcheck] = makeHealthcheckEndpoint(s, logger)
 
 	endpoints[FindJob] = makeFindJobEndpoint(s, logger)
@@ -157,8 +157,8 @@ func MakeEndpoints(s api.VulcanitoService, isJiraIntEnabled bool, logger log.Log
 	endpoints[UpdateRecipients] = makeUpdateRecipientsEndpoint(s, logger)
 
 	endpoints[ListAssets] = makeListAssetsEndpoint(s, logger)
-	endpoints[CreateAsset] = makeCreateAssetEndpoint(s, logger)
-	endpoints[CreateAssetMultiStatus] = makeCreateAssetMultiStatusEndpoint(s, logger)
+	endpoints[CreateAsset] = makeCreateAssetEndpoint(s, logger, dnsHostnameValidation)
+	endpoints[CreateAssetMultiStatus] = makeCreateAssetMultiStatusEndpoint(s, logger, dnsHostnameValidation)
 	endpoints[MergeDiscoveredAssets] = makeMergeDiscoveredAssetsEndpoint(s, logger)
 	endpoints[FindAsset] = makeFindAssetEndpoint(s, logger)
 	endpoints[UpdateAsset] = makeUpdateAssetEndpoint(s, logger)

pkg/api/service/assets.go

@@ -46,7 +46,7 @@ func (s vulcanitoService) ListAssets(ctx context.Context, teamID string, asset a
 }
 
 // CreateAssets receives an array of assets and creates them on store layer.
-func (s vulcanitoService) CreateAssets(ctx context.Context, assets []api.Asset, groups []api.Group, annotations []*api.AssetAnnotation) ([]api.Asset, error) {
+func (s vulcanitoService) CreateAssets(ctx context.Context, assets []api.Asset, groups []api.Group, annotations []*api.AssetAnnotation, dnsHostnameValidation bool) ([]api.Asset, error) {
 	assetsToCreate := []api.Asset{}
 
 	// If no group is specified, add Default group data to groups list.
@@ -86,14 +86,14 @@ func (s vulcanitoService) CreateAssets(ctx context.Context, assets []api.Asset,
 			asset.AssetTypeID = assetTypeObj.ID
 			asset.AssetType = &api.AssetType{Name: assetTypeObj.Name}
 
-			if err := asset.Validate(); err != nil {
+			if err := asset.Validate(dnsHostnameValidation); err != nil {
 				return nil, err
 			}
 			assetsToCreate = append(assetsToCreate, asset)
 		} else {
 			// Asset type NOT provided by the user in the request. Try to infere
 			// asset type based on the identifier
-			assetsDetected, err := s.detectAssets(ctx, asset)
+			assetsDetected, err := s.detectAssets(ctx, asset, dnsHostnameValidation)
 			if err != nil {
 				return nil, errors.Validation(err, "asset", asset.Identifier, asset.AssetType.Name)
 			}
@@ -135,7 +135,7 @@ func (s vulcanitoService) getAccountName(identifier string) string {
 // CreateAssetsMultiStatus receives an array of assets and request their creation to the store layer.
 // Also, this method will associate the assets with the specified groups.
 // It returns an array containing one response per request, in the same order as in the original request.
-func (s vulcanitoService) CreateAssetsMultiStatus(ctx context.Context, assets []api.Asset, groups []api.Group, annotations []*api.AssetAnnotation) ([]api.AssetCreationResponse, error) {
+func (s vulcanitoService) CreateAssetsMultiStatus(ctx context.Context, assets []api.Asset, groups []api.Group, annotations []*api.AssetAnnotation, dnsHostnameValidation bool) ([]api.AssetCreationResponse, error) {
 	responses := []api.AssetCreationResponse{}
 
 	// If no group is specified, add Default group data to groups list.
@@ -198,7 +198,7 @@ func (s vulcanitoService) CreateAssetsMultiStatus(ctx context.Context, assets []
 			asset.AssetType = &api.AssetType{Name: assetTypeObj.Name}
 
 			// If the asset is invalid, abort the asset creation.
-			if err := asset.Validate(); err != nil {
+			if err := asset.Validate(dnsHostnameValidation); err != nil {
 				response.Status = err
 				responses = append(responses, response)
 				continue
@@ -208,7 +208,7 @@ func (s vulcanitoService) CreateAssetsMultiStatus(ctx context.Context, assets []
 
 		} else {
 			// If user did not specify the asset type, auto detect it.
-			assetsDetected, err := s.detectAssets(ctx, asset)
+			assetsDetected, err := s.detectAssets(ctx, asset, dnsHostnameValidation)
 			if err != nil {
 				response.Status = errors.Validation(err, "asset", asset.Identifier, asset.AssetType.Name)
 				responses = append(responses, response)
@@ -527,7 +527,7 @@ func (s vulcanitoService) MergeDiscoveredAssetsAsync(ctx context.Context, teamID
 	return s.db.MergeAssetsAsync(teamID, assets, groupName)
 }
 
-func (s vulcanitoService) detectAssets(ctx context.Context, asset api.Asset) ([]api.Asset, error) {
+func (s vulcanitoService) detectAssets(ctx context.Context, asset api.Asset, dnsHostnameValidation bool) ([]api.Asset, error) {
 	assets, err := getTypesFromIdentifier(asset.Identifier)
 	if err != nil {
 		return nil, err
@@ -565,7 +565,7 @@ func (s vulcanitoService) detectAssets(ctx context.Context, asset api.Asset) ([]
 		}
 
 		// Validate asset model before appending it to the results
-		if err = asset.Validate(); err != nil {
+		if err = asset.Validate(dnsHostnameValidation); err != nil {
 			return nil, err
 		}
 

pkg/api/vulcanito.go

@@ -48,8 +48,8 @@ type VulcanitoService interface {
 
 	// Assets
 	ListAssets(ctx context.Context, teamID string, asset Asset) ([]*Asset, error)
-	CreateAssets(ctx context.Context, assets []Asset, groups []Group, annotations []*AssetAnnotation) ([]Asset, error)
-	CreateAssetsMultiStatus(ctx context.Context, assets []Asset, groups []Group, annotations []*AssetAnnotation) ([]AssetCreationResponse, error)
+	CreateAssets(ctx context.Context, assets []Asset, groups []Group, annotations []*AssetAnnotation, dnsHostnameValidation bool) ([]Asset, error)
+	CreateAssetsMultiStatus(ctx context.Context, assets []Asset, groups []Group, annotations []*AssetAnnotation, dnsHostnameValidation bool) ([]AssetCreationResponse, error)
 	MergeDiscoveredAssets(ctx context.Context, teamID string, assets []Asset, groupName string) error
 	MergeDiscoveredAssetsAsync(ctx context.Context, teamID string, assets []Asset, groupName string) (*Job, error)
 	FindAsset(ctx context.Context, asset Asset) (*Asset, error)