Add explicit severity to rule types (#2452)

This adds an explicit severity section for rule types. In the YAML representation it would look as follows: ```yaml --- version: v1 type: rule-type name: artifact_signature ... severity: value: <severity> ``` The available severity values are: * `unknown` * `info` * `low` * `medium` * `high` * `critical` The default value is currently `unknown` which means that rule types will need to be explicitly updated. Signed-off-by: Juan Antonio Osorio <[email protected]>
mindersec · Feb 28, 2024 · 9f277df · 9f277df
1 parent 7f06c0a
commit 9f277df
Show file tree

Hide file tree

Showing 14 changed files with 1,902 additions and 1,333 deletions.
diff --git a/database/migrations/000021_rule_type_severity.down.sql b/database/migrations/000021_rule_type_severity.down.sql
@@ -0,0 +1,17 @@
+-- Copyright 2024 Stacklok, Inc
+--
+-- Licensed under the Apache License, Version 2.0 (the "License");
+-- you may not use this file except in compliance with the License.
+-- You may obtain a copy of the License at
+--
+--      http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS,
+-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-- See the License for the specific language governing permissions and
+-- limitations under the License.
+
+DROP TYPE severity;
+
+ALTER TABLE rule_type DROP COLUMN severity_value;
diff --git a/database/migrations/000021_rule_type_severity.up.sql b/database/migrations/000021_rule_type_severity.up.sql
@@ -0,0 +1,18 @@
+-- Copyright 2024 Stacklok, Inc
+--
+-- Licensed under the Apache License, Version 2.0 (the "License");
+-- you may not use this file except in compliance with the License.
+-- You may obtain a copy of the License at
+--
+--      http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS,
+-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-- See the License for the specific language governing permissions and
+-- limitations under the License.
+
+-- severity is an enum that represents the severity of a rule
+CREATE TYPE severity AS ENUM ('unknown', 'info', 'low', 'medium', 'high', 'critical');
+
+ALTER TABLE rule_type ADD COLUMN severity_value severity NOT NULL DEFAULT 'unknown';
diff --git a/database/query/rule_types.sql b/database/query/rule_types.sql
@@ -5,7 +5,8 @@ INSERT INTO rule_type (
     project_id,
     description,
     guidance,
-    definition) VALUES ($1, $2, $3, $4, $5, sqlc.arg(definition)::jsonb) RETURNING *;
+    definition,
+    severity_value) VALUES ($1, $2, $3, $4, $5, sqlc.arg(definition)::jsonb, sqlc.arg(severity_value)) RETURNING *;
 
 -- name: ListRuleTypesByProviderAndProject :many
 SELECT * FROM rule_type WHERE provider = $1 AND project_id = $2;
@@ -20,4 +21,4 @@ SELECT * FROM rule_type WHERE provider = $1 AND project_id = $2 AND name = $3;
 DELETE FROM rule_type WHERE id = $1;
 
 -- name: UpdateRuleType :exec
-UPDATE rule_type SET description = $2, definition = sqlc.arg(definition)::jsonb WHERE id = $1;
+UPDATE rule_type SET description = $2, definition = sqlc.arg(definition)::jsonb, severity_value = sqlc.arg(severity_value) WHERE id = $1;
diff --git a/docs/docs/ref/proto.md b/docs/docs/ref/proto.md
diff --git a/internal/controlplane/handlers_ruletype.go b/internal/controlplane/handlers_ruletype.go
@@ -188,13 +188,21 @@ func (s *Server) CreateRuleType(
 		return nil, fmt.Errorf("cannot convert rule definition to db: %v", err)
 	}
 
+	sev := in.GetSeverity().InitializedStringValue()
+	var seval db.Severity
+
+	if err := seval.Scan(sev); err != nil {
+		return nil, fmt.Errorf("cannot convert severity to db: %v", err)
+	}
+
 	rtdb, err := s.store.CreateRuleType(ctx, db.CreateRuleTypeParams{
-		Name:        in.GetName(),
-		Provider:    entityCtx.Provider.Name,
-		ProjectID:   entityCtx.Project.ID,
-		Description: in.GetDescription(),
-		Definition:  def,
-		Guidance:    in.GetGuidance(),
+		Name:          in.GetName(),
+		Provider:      entityCtx.Provider.Name,
+		ProjectID:     entityCtx.Project.ID,
+		Description:   in.GetDescription(),
+		Definition:    def,
+		Guidance:      in.GetGuidance(),
+		SeverityValue: seval,
 	})
 	if err != nil {
 		return nil, status.Errorf(codes.Unknown, "failed to create rule type: %s", err)
@@ -278,10 +286,18 @@ func (s *Server) UpdateRuleType(
 		return nil, status.Errorf(codes.Internal, "cannot convert rule definition to db: %s", err)
 	}
 
+	sev := in.GetSeverity().InitializedStringValue()
+	var seval db.Severity
+
+	if err := seval.Scan(sev); err != nil {
+		return nil, fmt.Errorf("cannot convert severity to db: %v", err)
+	}
+
 	err = s.store.UpdateRuleType(ctx, db.UpdateRuleTypeParams{
-		ID:          rtdb.ID,
-		Description: in.GetDescription(),
-		Definition:  def,
+		ID:            rtdb.ID,
+		Description:   in.GetDescription(),
+		Definition:    def,
+		SeverityValue: seval,
 	})
 	if err != nil {
 		return nil, status.Errorf(codes.Unknown, "failed to create rule type: %s", err)

diff --git a/internal/db/models.go b/internal/db/models.go
diff --git a/internal/db/profiles_test.go b/internal/db/profiles_test.go
@@ -41,12 +41,13 @@ func createRandomRuleType(t *testing.T, provName string, projectID uuid.UUID) Ru
 	seed := time.Now().UnixNano()
 
 	arg := CreateRuleTypeParams{
-		Name:        rand.RandomName(seed),
-		Provider:    provName,
-		ProjectID:   projectID,
-		Description: rand.RandomString(64, seed),
-		Guidance:    rand.RandomString(64, seed),
-		Definition:  json.RawMessage(`{"key": "value"}`),
+		Name:          rand.RandomName(seed),
+		Provider:      provName,
+		ProjectID:     projectID,
+		Description:   rand.RandomString(64, seed),
+		Guidance:      rand.RandomString(64, seed),
+		Definition:    json.RawMessage(`{"key": "value"}`),
+		SeverityValue: SeverityHigh,
 	}
 
 	ruleType, err := testQueries.CreateRuleType(context.Background(), arg)

diff --git a/internal/db/rule_types.sql.go b/internal/db/rule_types.sql.go
diff --git a/internal/engine/rule_types.go b/internal/engine/rule_types.go
@@ -305,6 +305,12 @@ func RuleTypePBFromDB(rt *db.RuleType) (*minderv1.RuleType, error) {
 	id := rt.ID.String()
 	project := rt.ProjectID.String()
 
+	var seval minderv1.Severity_Value
+
+	if err := seval.FromString(string(rt.SeverityValue)); err != nil {
+		seval = minderv1.Severity_VALUE_UNKNOWN
+	}
+
 	return &minderv1.RuleType{
 		Id:   &id,
 		Name: rt.Name,
@@ -315,6 +321,9 @@ func RuleTypePBFromDB(rt *db.RuleType) (*minderv1.RuleType, error) {
 		Description: rt.Description,
 		Guidance:    rt.Guidance,
 		Def:         def,
+		Severity: &minderv1.Severity{
+			Value: seval,
+		},
 	}, nil
 }