From a2dd8d15874b0f8b6bbcbdae083b9a5b081384bc Mon Sep 17 00:00:00 2001 From: Hirokuni Kitahara Date: Thu, 16 May 2024 17:55:06 +0900 Subject: [PATCH] add --save-only-rule-result option (#235) Signed-off-by: hirokuni-kitahara --- ansible_risk_insight/cli/__init__.py | 7 +++++++ ansible_risk_insight/model_loader.py | 1 + ansible_risk_insight/risk_detector.py | 5 ++++- ansible_risk_insight/scanner.py | 8 +++++++- 4 files changed, 19 insertions(+), 2 deletions(-) diff --git a/ansible_risk_insight/cli/__init__.py b/ansible_risk_insight/cli/__init__.py index 4d966696..3de40bff 100644 --- a/ansible_risk_insight/cli/__init__.py +++ b/ansible_risk_insight/cli/__init__.py @@ -59,6 +59,9 @@ def __init__(self): parser.add_argument("--show-all", action="store_true", help="if true, show findings even if missing dependencies are found") parser.add_argument("--json", help="if specified, show findings in json format") parser.add_argument("--yaml", help="if specified, show findings in yaml format") + parser.add_argument( + "--save-only-rule-result", action="store_true", help="if true, save only rule results and remove node details to reduce result file size" + ) parser.add_argument("-o", "--out-dir", help="output directory for the rule evaluation result") parser.add_argument( "-r", "--rules-dir", help=f"specify custom rule directories. use `-R` instead to ignore default rules in {config.rules_dir}" @@ -139,6 +142,9 @@ def run(self): load_all_taskfiles = True if args.skip_isolated_taskfiles: load_all_taskfiles = False + save_only_rule_result = False + if args.save_only_rule_result: + save_only_rule_result = True c = ARIScanner( root_dir=config.data_dir, @@ -170,6 +176,7 @@ def run(self): taskfile_only=args.taskfile_only, include_test_contents=args.include_tests, load_all_taskfiles=load_all_taskfiles, + save_only_rule_result=save_only_rule_result, objects=args.objects, out_dir=args.out_dir, ) diff --git a/ansible_risk_insight/model_loader.py b/ansible_risk_insight/model_loader.py index 629553c2..7404758c 100644 --- a/ansible_risk_insight/model_loader.py +++ b/ansible_risk_insight/model_loader.py @@ -879,6 +879,7 @@ def load_playbooks( playbooks = [] playbook_names = [] + candidates = sorted(list(set(candidates))) for fpath in candidates: if could_be_playbook(fpath=fpath) and could_be_playbook_detail(fpath=fpath): relative_path = "" diff --git a/ansible_risk_insight/risk_detector.py b/ansible_risk_insight/risk_detector.py index 4e140d7c..a5b8161f 100644 --- a/ansible_risk_insight/risk_detector.py +++ b/ansible_risk_insight/risk_detector.py @@ -123,7 +123,7 @@ def make_subject_str(playbook_num: int, role_num: int): return subject -def detect(contexts: List[AnsibleRunContext], rules_dir: str = "", rules: list = [], rules_cache: list = []): +def detect(contexts: List[AnsibleRunContext], rules_dir: str = "", rules: list = [], rules_cache: list = [], save_only_rule_result: bool = False): loaded_rules = [] if rules_cache: loaded_rules = rules_cache @@ -202,6 +202,9 @@ def detect(contexts: List[AnsibleRunContext], rules_dir: str = "", rules: list = exc = traceback.format_exc() r_result.error = f"failed to execute the rule `{rule.rule_id}`: {exc}" n_result.rules.append(r_result) + # remove node details + if save_only_rule_result: + n_result.node = None t_result.nodes.append(n_result) ari_result.targets.append(t_result) diff --git a/ansible_risk_insight/scanner.py b/ansible_risk_insight/scanner.py index a2dfe032..300a5205 100644 --- a/ansible_risk_insight/scanner.py +++ b/ansible_risk_insight/scanner.py @@ -209,6 +209,8 @@ class SingleScan(object): load_all_taskfiles: bool = False yaml_label_list: list = field(default_factory=list) + save_only_rule_result: bool = False + extra_requirements: list = field(default_factory=list) resolve_failures: dict = field(default_factory=dict) @@ -664,7 +666,9 @@ def apply_rules(self): target_name = self.collection_name if self.role_name: target_name = self.role_name - data_report, rules_cache = detect(self.contexts, rules_dir=self.rules_dir, rules=self.rules, rules_cache=self.rules_cache) + data_report, rules_cache = detect( + self.contexts, rules_dir=self.rules_dir, rules=self.rules, rules_cache=self.rules_cache, save_only_rule_result=self.save_only_rule_result + ) self.rules_cache = rules_cache spec_mutations = data_report.get("spec_mutations", {}) if spec_mutations: @@ -833,6 +837,7 @@ def evaluate( raw_yaml: str = "", include_test_contents: bool = False, load_all_taskfiles: bool = False, + save_only_rule_result: bool = False, yaml_label_list: list = None, objects: bool = False, out_dir: str = "", @@ -875,6 +880,7 @@ def evaluate( taskfile_only=taskfile_only, include_test_contents=include_test_contents, load_all_taskfiles=load_all_taskfiles, + save_only_rule_result=save_only_rule_result, yaml_label_list=yaml_label_list, out_dir=out_dir, root_dir=self.root_dir,