Merge pull request #71 from 4urcloud/dev

Dev
kexa-io · Oct 31, 2023 · 3ea1687 · 3ea1687
2 parents 4e807f4 + 64bdd29
commit 3ea1687
Show file tree

Hide file tree

Showing 13 changed files with 605 additions and 159 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -30,8 +30,43 @@ jobs:
       - name: Run tests
         run: npm run test
 
+      - name: Git Version
+        id: versioning
+        uses: codacy/[email protected]
+        with:
+          release-branch: main
+          dev-branch: dev
+          log-paths: Kexa/
+          minor-identifier: 'feat:'
+          major-identifier: 'break:'
+
+      - name: Set up version in file
+        run: echo "${{ steps.versioning.outputs.version }}" > VERSION
+
       - name: Run extract Addon
         run: npm run update
+
+      - name: Get changed files
+        id: changed-files
+        uses: tj-actions/changed-files@v39
+
+      - name: List all changed files
+        run: |
+          echo "## ${{ steps.versioning.outputs.version }}" >> CHANGELOG.md
+          echo "" >> CHANGELOG.md
+          echo "### Files added: ${{steps.changed-files.outputs.added_files_count}}" >> CHANGELOG.md
+          echo "" >> CHANGELOG.md
+          for file in ${{ steps.changed-files.outputs.added_files }}; do 
+            echo "$file was added" >> CHANGELOG.md
+            echo "" >> CHANGELOG.md
+          done
+          echo "### Files changed: ${{steps.changed-files.outputs.all_changed_and_modified_files_count}}" >> CHANGELOG.md
+          echo "" >> CHANGELOG.md
+          for file in ${{ steps.changed-files.outputs.all_changed_files }}; do 
+            echo "$file was changed" >> CHANGELOG.md
+            echo "" >> CHANGELOG.md
+          done
+          echo "" >> CHANGELOG.md
       
       - name: commit changes
         uses: EndBug/add-and-commit@v4
@@ -44,16 +79,6 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
 
-      - name: Git Version
-        id: versionning
-        uses: codacy/[email protected]
-        with:
-          release-branch: main
-          dev-branch: dev
-          log-paths: Kexa/
-          minor-identifier: 'feat:'
-          major-identifier: 'break:'
-
       - name: Login to Docker Registry
         uses: docker/login-action@v2
         with:
@@ -67,10 +92,10 @@ jobs:
           context: ./
           push: true
           tags: |
-            ${{ secrets.DOCKER_REGISTRY_NAME}}/innovtech/kexa:${{ steps.versionning.outputs.version }}
+            ${{ secrets.DOCKER_REGISTRY_NAME}}/innovtech/kexa:${{ steps.versioning.outputs.version }}
             ${{ secrets.DOCKER_REGISTRY_NAME}}/innovtech/kexa:latest
       
       - name: Release
         uses: ncipollo/release-action@v1
         with:
-          tag: "${{ steps.versionning.outputs.version }}"
+          tag: "${{ steps.versioning.outputs.version }}"
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -0,0 +1,23 @@
+# CHANGELOG
+
+## 1.8.0-SNAPSHOT.51.f9fa354
+
+### Files added: 2
+
+CHANGELOG.md was added
+
+VERSION was added
+
+### Files changed: 5
+
+CHANGELOG.md was changed
+
+VERSION was changed
+
+.github/workflows/ci.yml was changed
+
+Kexa/services/updateCapability.service.ts was changed
+
+package.json was changed
+
+
diff --git a/Kexa/rules/PostDeployement.yaml b/Kexa/rules/PostDeployement.yaml
@@ -0,0 +1,84 @@
+- version: 2.0.0
+  date: 10-25-2023
+  alert:
+    fatal:
+      enabled: false
+      type: 
+        - log
+        #- email
+      to: 
+        - [email protected]
+    error:
+      enabled: false
+      type: 
+        - log
+        #- email
+      to: 
+        - [email protected]
+    warning:
+      enabled: false
+      type: 
+        - log
+        #- email
+      to:
+        - [email protected]
+    info:
+      enabled: false
+      type: 
+        - log
+        #- email
+      to: 
+        - [email protected]
+    global:
+      enabled: true
+      type: 
+        - log
+        #- email
+      to: 
+        - [email protected]
+      conditions:
+        - level: 0
+          min: 1
+        - level: 1
+          min: 1
+        - level: 2
+          min: 1
+        - level: 3
+          min: 1
+  rules:
+    - name: "http request date in body"
+      description : "date check"
+      applied: true
+      level: 0
+      cloudProvider: http
+      objectName : request
+      conditions:
+        - operator: NAND
+          criteria :
+            - property : body.date
+              condition : EQUAL
+              value : null
+    - name: "http request certificate"
+      description : "certificate check"
+      applied: true
+      level: 0
+      cloudProvider: http
+      objectName : request
+      conditions:
+        - property : certificate.issuer.CN
+          condition : EQUAL
+          value : "Kubernetes Ingress Controller Fake Certificate"
+        - property : certificate.valid_to
+          condition : DATE_INF
+          value : 0 0 0 0 0 0
+          date: "MMM DD HH:mm:ss YYYY GMT"
+    - name: "http request header"
+      description : "header check"
+      applied: true
+      level: 0
+      cloudProvider: http
+      objectName : request
+      conditions:
+        - property : headers.content-type
+          condition : INCLUDE
+          value : "application/json"
diff --git a/Kexa/rules/PreDeployement.yaml b/Kexa/rules/PreDeployement.yaml
@@ -0,0 +1,97 @@
+- version: 1.0.0
+  date: 10-26-2023
+  alert:
+    fatal:
+      enabled: false
+      type: 
+        - log
+        #- email
+      to: 
+        - [email protected]
+    error:
+      enabled: false
+      type: 
+        - log
+        #- email
+      to: 
+        - [email protected]
+    warning:
+      enabled: false
+      type: 
+        - log
+        #- email
+      to:
+        - [email protected]
+    info:
+      enabled: false
+      type: 
+        - log
+        #- email
+      to: 
+        - [email protected]
+    global:
+      enabled: true
+      type: 
+        - log
+        #- email
+      to: 
+        - [email protected]
+      conditions:
+        - level: 0
+          min: 1
+        - level: 1
+          min: 1
+        - level: 2
+          min: 1
+        - level: 3
+          min: 1
+  rules:
+    - name: "Git repo check"
+      description: "this rules is to check if my git repo is private"
+      applied: true
+      level: 1
+      cloudProvider: github
+      objectName: repositories
+      conditions:
+        - operator: NAND
+          criteria:
+            - property: private
+              condition: EQUAL
+              value: false
+            - property: full_name
+              condition: EQUAL
+              #change the name with your repo name
+              value: 4urcloud/Kexa_website
+    - name: "Git_branch_protect"
+      description: "this rules is to check if my git branch is protected"
+      applied: true
+      level: 1
+      cloudProvider: github
+      objectName: branches
+      conditions:
+        - operator: OR
+          criteria:
+            - property: repo
+              condition: DIFFERENT
+              #change the name with your repo name
+              value: Kexa_website
+            - property : name
+              condition : DIFFERENT
+              value : main
+            - property : protected
+              condition : EQUAL
+              value : true
+    - name: alert-if-namespace-not-exist-api-4urcloud
+      description : "this rules is to check if namespace exist and notifiable if not"
+      applied: true
+      level: 0
+      cloudProvider: kubernetes
+      objectName : namespaces
+      conditions:
+        - property : .
+          condition: SOME
+          value:
+            - property : metadata.name
+              condition : EQUAL
+              #change the name with your namespace
+              value : kexawebsitepublic
diff --git a/Kexa/services/alerte.service.ts b/Kexa/services/alerte.service.ts
@@ -90,15 +90,14 @@ export function alertLogGlobal(alert: GlobalConfigAlert, compteError: number[],
     Object.entries(subResult).forEach(([key, value]) => {
         context?.log("rule:"+key);
         logger.info("rule:"+key);
+        context?.log("description:"+value[0].rule?.description);
+        logger.info("description:"+value[0].rule?.description);
         context?.log("all resources who not respect the rules:");
         logger.info("all resources who not respect the rules:");
         value.map((scan:ResultScan) => scan.objectContent).forEach((resource, index) => {
             context?.log("resource " + (index+1) + ":");
             logger.info("resource " + (index+1) + ":");
-            //context?.log(jsome.getColoredString(resource));
-            logger.debug(jsome.getColoredString(resource));
-            context?.log(propertyToSend(value[index].rule, resource, true));
-            logger.info(propertyToSend(value[index].rule, resource, true));
+            alertLog(value[index].rule, value[index].error, resource, false);
         });
     });
     context?.log("_____________________________________-= End Result Global scan =-_________________________________");
@@ -229,39 +228,68 @@ const sentenceConditionLog = (resource : string) => {
     return "condition not respect for " + resource + " :";
 }
 
-export function alertLog(rule: Rules, conditions: SubResultScan[], objectResource: any) {
+export function alertLog(rule: Rules, conditions: SubResultScan[], objectResource: any, fullDetail:boolean = true) {
+    const context = getContext();
     switch(rule.level){
         case LevelEnum.INFO:
-            logger.info("information:"+rule.name);
-            logger.info(sentenceConditionLog(objectResource.id));
+            if(fullDetail){
+                context?.log("info name:"+rule.name);
+                logger.info("info name:"+rule.name);
+                context?.log("info description:"+rule?.description);
+                logger.info("info description:"+rule?.description);
+                context?.log(sentenceConditionLog(objectResource.id));
+                logger.info(sentenceConditionLog(objectResource.id));
+            }
             logger.debug(jsome.getColoredString(conditions));
+            context?.log(propertyToSend(rule, objectResource, true));
             logger.info(propertyToSend(rule, objectResource, true));
             break;
         case LevelEnum.WARNING:
             warnLog(rule, conditions, objectResource);
             break;
         case LevelEnum.ERROR:
-            logger.error("error:"+rule.name);
-            logger.error(sentenceConditionLog(objectResource.id));
+            if(fullDetail){
+                context?.log("error name:"+rule.name);
+                logger.error("error name:"+rule.name);
+                context?.log("error description:"+rule?.description);
+                logger.error("error description:"+rule?.description);
+                context?.log(sentenceConditionLog(objectResource.id));
+                logger.error(sentenceConditionLog(objectResource.id));
+            }
             logger.debug(jsome.getColoredString(conditions));
-            logger.info(propertyToSend(rule, objectResource, true));
+            context?.log(propertyToSend(rule, objectResource, true));
+            logger.error(propertyToSend(rule, objectResource, true));
             break;
         case LevelEnum.FATAL:
-            logger.fatal("critical:"+rule.name);
-            logger.fatal(sentenceConditionLog(objectResource.id));
+            if(fullDetail){
+                context?.log("critical name:"+rule.name);
+                logger.fatal("critical name:"+rule.name);
+                context?.log("critical description:"+rule?.description);
+                logger.fatal("critical description:"+rule?.description);
+                context?.log(sentenceConditionLog(objectResource.id));
+                logger.fatal(sentenceConditionLog(objectResource.id));
+            }
             logger.debug(jsome.getColoredString(conditions));
-            logger.info(propertyToSend(rule, objectResource, true));
+            context?.log(propertyToSend(rule, objectResource, true));
+            logger.fatal(propertyToSend(rule, objectResource, true));
             break;
         default:
             warnLog(rule, conditions, objectResource);
             break;
     }
 }
 
-export function warnLog(rule: Rules, conditions:SubResultScan[], objectResource:any){
-    logger.warn("warning:"+rule.name);
-    logger.warn(sentenceConditionLog(objectResource.id));
-    logger.info(jsome.getColoredString(conditions));
+export function warnLog(rule: Rules, conditions:SubResultScan[], objectResource:any, fullDetail:boolean = true){
+    const context = getContext();
+    if(fullDetail){
+        context?.log("warning:"+rule.name);
+        logger.warn("warning:"+rule.name);
+        context?.log(sentenceConditionLog(objectResource.id));
+        logger.warn(sentenceConditionLog(objectResource.id));
+    }
+    logger.debug(jsome.getColoredString(conditions));
+    context?.log(propertyToSend(rule, objectResource, true));
+    logger.warn(propertyToSend(rule, objectResource, true));
 }
 
 export function alertTeams(detailAlert: ConfigAlert|GlobalConfigAlert ,rule: Rules, objectResource:any) {

diff --git a/Kexa/services/analyse.service.ts b/Kexa/services/analyse.service.ts
@@ -550,7 +550,7 @@ export function checkIncludeNS(condition:RulesConditions, value:any): boolean {
 export function checkRegex(condition:RulesConditions, value:any): boolean {
     logger.debug("check regex");
     if (typeof value == "number") {
-        if (value.toString().match(condition.value.toString()))
+        if (RegExp(condition.value.toString()).exec(value.toString()))
             return true;
         else
             return false;