Added Open API query example #2796 #2810 (#2808)

Signed-off-by: Felipe Avelar <[email protected]>

assets/libraries/openapi/library.rego

@@ -0,0 +1,9 @@
+package generic.openapi
+
+checkOpenAPI(doc) = version {
+  object.get(doc, "openapi", "undefined") != "undefined"
+  version = doc.openapi
+  regex.match("^3\\.0\\.\\d+$", doc.openapi)
+} else = version {
+  version = "undefined"
+}

assets/queries/openAPI/security_empty_array/metadata.json

@@ -0,0 +1,9 @@
+{
+  "id": "d674aea4-ba8b-454b-bb97-88a772ea33f0",
+  "queryName": "Security array is empty",
+  "severity": "HIGH",
+  "category": "Access Control",
+  "descriptionText": "Security object need to be defined with a default values and, if needed, specified for particular cases on securityScheme",
+  "descriptionUrl": "https://swagger.io/specification/#security-requirement-object",
+  "platform": "OpenAPI"
+}

assets/queries/openAPI/security_empty_array/query.rego

@@ -0,0 +1,33 @@
+package Cx
+
+import data.generic.openapi as openAPILib
+
+CxPolicy[result] {
+	doc := input.document[i]
+	openAPILib.checkOpenAPI(doc) != "undefined"
+	object.get(doc, "security", "undefined") == "undefined"
+
+	result := {
+		"documentId": doc.id,
+		"searchKey": "openapi",
+		"issueType": "MissingAttribute",
+		"keyExpectedValue": "A default security schema should be defined",
+		"keyActualValue": "A default security schema is not defined",
+	}
+}
+
+CxPolicy[result] {
+	doc := input.document[i]
+	openAPILib.checkOpenAPI(doc) != "undefined"
+	object.get(doc, "security", "undefined") != "undefined"
+
+	count(doc.security) == 0
+
+	result := {
+		"documentId": doc.id,
+		"searchKey": "security",
+		"issueType": "IncorrectValue",
+		"keyExpectedValue": "A default security schema should be defined",
+		"keyActualValue": "A default security schema is not defined",
+	}
+}

assets/queries/openAPI/security_empty_array/test/negative1.json

@@ -0,0 +1,54 @@
+{
+  "openapi": "3.0.0",
+  "info": {
+    "title": "Simple API overview",
+    "version": "1.0.0"
+  },
+  "paths": {
+    "/": {
+      "get": {
+        "operationId": "listVersionsv2",
+        "summary": "List API versions",
+        "responses": {
+          "200": {
+            "description": "200 response",
+            "content": {
+              "application/json": {
+                "examples": {
+                  "foo": {
+                    "value": {
+                      "versions": [
+                        {
+                          "status": "CURRENT",
+                          "updated": "2011-01-21T11:33:21Z",
+                          "id": "v2.0",
+                          "links": [
+                            {
+                              "href": "http://127.0.0.1:8774/v2/",
+                              "rel": "self"
+                            }
+                          ]
+                        }
+                      ]
+                    }
+                  }
+                }
+              }
+            }
+          }
+        }
+      }
+    }
+  },
+  "security":[
+    {
+      "exampleSecurity": []
+    }
+  ],
+  "components": {
+    "exampleSecurity": {
+      "type": "http",
+      "scheme": "basic"
+    }
+  }
+}

assets/queries/openAPI/security_empty_array/test/negative2.yaml

@@ -0,0 +1,30 @@
+openapi: 3.0.0
+info:
+  title: Simple API overview
+  version: 1.0.0
+paths:
+  "/":
+    get:
+      operationId: listVersionsv2
+      summary: List API versions
+      responses:
+        '200':
+          description: 200 response
+          content:
+            application/json:
+              examples:
+                foo:
+                  value:
+                    versions:
+                    - status: CURRENT
+                      updated: '2011-01-21T11:33:21Z'
+                      id: v2.0
+                      links:
+                      - href: http://127.0.0.1:8774/v2/
+                        rel: self
+security:
+- exampleSecurity: []
+components:
+  exampleSecurity:
+    type: http
+    scheme: basic

assets/queries/openAPI/security_empty_array/test/positive1.json

@@ -0,0 +1,43 @@
+{
+  "openapi": "3.0.0",
+  "info": {
+    "title": "Simple API overview",
+    "version": "1.0.0"
+  },
+  "paths": {
+    "/": {
+      "get": {
+        "operationId": "listVersionsv2",
+        "summary": "List API versions",
+        "responses": {
+          "200": {
+            "description": "200 response",
+            "content": {
+              "application/json": {
+                "examples": {
+                  "foo": {
+                    "value": {
+                      "versions": [
+                        {
+                          "status": "CURRENT",
+                          "updated": "2011-01-21T11:33:21Z",
+                          "id": "v2.0",
+                          "links": [
+                            {
+                              "href": "http://127.0.0.1:8774/v2/",
+                              "rel": "self"
+                            }
+                          ]
+                        }
+                      ]
+                    }
+                  }
+                }
+              }
+            }
+          }
+        }
+      }
+    }
+  }
+}

assets/queries/openAPI/security_empty_array/test/positive2.json

@@ -0,0 +1,44 @@
+{
+  "openapi": "3.0.0",
+  "info": {
+    "title": "Simple API overview",
+    "version": "1.0.0"
+  },
+  "paths": {
+    "/": {
+      "get": {
+        "operationId": "listVersionsv2",
+        "summary": "List API versions",
+        "responses": {
+          "200": {
+            "description": "200 response",
+            "content": {
+              "application/json": {
+                "examples": {
+                  "foo": {
+                    "value": {
+                      "versions": [
+                        {
+                          "status": "CURRENT",
+                          "updated": "2011-01-21T11:33:21Z",
+                          "id": "v2.0",
+                          "links": [
+                            {
+                              "href": "http://127.0.0.1:8774/v2/",
+                              "rel": "self"
+                            }
+                          ]
+                        }
+                      ]
+                    }
+                  }
+                }
+              }
+            }
+          }
+        }
+      }
+    }
+  },
+  "security":[]
+}

assets/queries/openAPI/security_empty_array/test/positive3.yaml

@@ -0,0 +1,24 @@
+openapi: 3.0.0
+info:
+  title: Simple API overview
+  version: 1.0.0
+paths:
+  "/":
+    get:
+      operationId: listVersionsv2
+      summary: List API versions
+      responses:
+        '200':
+          description: 200 response
+          content:
+            application/json:
+              examples:
+                foo:
+                  value:
+                    versions:
+                    - status: CURRENT
+                      updated: '2011-01-21T11:33:21Z'
+                      id: v2.0
+                      links:
+                      - href: http://127.0.0.1:8774/v2/
+                        rel: self

assets/queries/openAPI/security_empty_array/test/positive4.yaml

@@ -0,0 +1,25 @@
+openapi: 3.0.0
+info:
+  title: Simple API overview
+  version: 1.0.0
+paths:
+  "/":
+    get:
+      operationId: listVersionsv2
+      summary: List API versions
+      responses:
+        '200':
+          description: 200 response
+          content:
+            application/json:
+              examples:
+                foo:
+                  value:
+                    versions:
+                    - status: CURRENT
+                      updated: '2011-01-21T11:33:21Z'
+                      id: v2.0
+                      links:
+                      - href: http://127.0.0.1:8774/v2/
+                        rel: self
+security: []

assets/queries/openAPI/security_empty_array/test/positive_expected_result.json

@@ -0,0 +1,26 @@
+[
+	{
+		"queryName": "Security array is empty",
+		"severity": "HIGH",
+		"line": 2,
+		"filename": "positive1.json"
+	},
+	{
+		"queryName": "Security array is empty",
+		"severity": "HIGH",
+		"line": 43,
+		"filename": "positive2.json"
+	},
+	{
+		"queryName": "Security array is empty",
+		"severity": "HIGH",
+		"line": 1,
+		"filename": "positive3.yaml"
+	},
+	{
+		"queryName": "Security array is empty",
+		"severity": "HIGH",
+		"line": 25,
+		"filename": "positive4.yaml"
+	}
+]

go.sum

@@ -1335,6 +1335,7 @@ golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=
 golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
 golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.3.0 h1:RM4zey1++hCTbCVQfnWeKs9/IEsaBLA8vTkd0WVtmH4=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -1587,6 +1588,7 @@ golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roY
 golang.org/x/tools v0.0.0-20200616133436-c1934b75d054/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
 golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.1.0 h1:po9/4sTYwZU9lPhi1tOrb4hCv3qrhiQ77LZfGa2OjwY=
 golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=

pkg/engine/source/filesystem.go

@@ -40,6 +40,7 @@ var (
 		"Dockerfile":     "dockerfile",
 		"Kubernetes":     "k8s",
 		"Terraform":      "terraform",
+		"OpenAPI":        "openapi",
 	}
 )
 
@@ -250,6 +251,8 @@ func getPlatform(queryPath string) string {
 		return "k8s"
 	} else if strings.Contains(queryPath, "terraform") {
 		return "terraform"
+	} else if strings.Contains(queryPath, "openAPI") {
+		return "openAPI"
 	}
 
 	return "unknown"

pkg/engine/source/filesystem_test.go

@@ -324,6 +324,13 @@ func Test_getPlatform(t *testing.T) {
 			},
 			want: "k8s",
 		},
+		{
+			name: "get_platform_open_api",
+			args: args{
+				queryPath: "../test/openAPI/test",
+			},
+			want: "openAPI",
+		},
 		{
 			name: "get_platform_terraform",
 			args: args{
@@ -348,6 +355,7 @@ func TestListSupportedPlatforms(t *testing.T) {
 		"CloudFormation",
 		"Dockerfile",
 		"Kubernetes",
+		"OpenAPI",
 		"Terraform",
 	}
 	actual := ListSupportedPlatforms()

pkg/parser/json/parser.go

@@ -41,5 +41,5 @@ func (p *Parser) GetKind() model.FileKind {
 
 // SupportedTypes returns types supported by this parser, which are cloudFormation
 func (p *Parser) SupportedTypes() []string {
-	return []string{"CloudFormation"}
+	return []string{"CloudFormation", "OpenAPI"}
 }

pkg/parser/json/parser_test.go

@@ -30,7 +30,7 @@ func TestParser_SupportedExtensions(t *testing.T) {
 // TestParser_SupportedExtensions tests the functions [SupportedTypes()] and all the methods called by them
 func TestParser_SupportedTypes(t *testing.T) {
 	p := &Parser{}
-	require.Equal(t, []string{"CloudFormation"}, p.SupportedTypes())
+	require.Equal(t, []string{"CloudFormation", "OpenAPI"}, p.SupportedTypes())
 }
 
 // TestParser_Parse tests the functions [Parse()] and all the methods called by them

pkg/parser/yaml/parser.go

@@ -57,7 +57,7 @@ func (p *Parser) SupportedExtensions() []string {
 
 // SupportedTypes returns types supported by this parser, which are ansible, cloudFormation, k8s
 func (p *Parser) SupportedTypes() []string {
-	return []string{"Ansible", "CloudFormation", "Kubernetes"}
+	return []string{"Ansible", "CloudFormation", "Kubernetes", "OpenAPI"}
 }
 
 // GetKind returns YAML constant kind

pkg/parser/yaml/parser_test.go

@@ -22,7 +22,7 @@ func TestParser_SupportedExtensions(t *testing.T) {
 // TestParser_SupportedExtensions tests the functions [SupportedTypes()] and all the methods called by them
 func TestParser_SupportedTypes(t *testing.T) {
 	p := &Parser{}
-	require.Equal(t, []string{"Ansible", "CloudFormation", "Kubernetes"}, p.SupportedTypes())
+	require.Equal(t, []string{"Ansible", "CloudFormation", "Kubernetes", "OpenAPI"}, p.SupportedTypes())
 }
 
 // TestParser_Parse tests the functions [Parse()] and all the methods called by them