Validate rule type alert during creation / update

mindersec · Nov 19, 2024 · 7e3eeaf · 7e3eeaf
1 parent 6bd6f55
commit 7e3eeaf
Show file tree

Hide file tree

Showing 2 changed files with 83 additions and 0 deletions.
diff --git a/pkg/api/protobuf/go/minder/v1/validators.go b/pkg/api/protobuf/go/minder/v1/validators.go
@@ -177,6 +177,13 @@ func (def *RuleType_Definition) Validate() error {
 		return err
 	}
 
+	// Alert is not required and can be nil
+	if def.Alert != nil {
+		if err := def.Alert.Validate(); err != nil {
+			return err
+		}
+	}
+
 	return def.Eval.Validate()
 }
 
@@ -286,6 +293,32 @@ func (ing *RuleType_Definition_Ingest) Validate() error {
 	return nil
 }
 
+// Validate validates a rule type definition alert
+func (alert *RuleType_Definition_Alert) Validate() error {
+	if alert == nil {
+		return nil
+	}
+
+	// Not using import to avoid circular dependency
+	if alert.Type == "security_advisory" {
+		if err := alert.GetSecurityAdvisory().Validate(); err != nil {
+			return err
+		}
+	} else {
+		return fmt.Errorf("%w: alert type cannot be empty", ErrInvalidRuleTypeDefinition)
+	}
+	return nil
+}
+
+// Validate validates a rule type alert security advisory
+func (sa *RuleType_Definition_Alert_AlertTypeSA) Validate() error {
+	if sa == nil {
+		return fmt.Errorf("%w: security advisory is nil", ErrInvalidRuleTypeDefinition)
+	}
+
+	return nil
+}
+
 // Validate validates a rule type definition ingest diff
 func (diffing *DiffType) Validate() error {
 	if diffing == nil {

diff --git a/pkg/api/protobuf/go/minder/v1/validators_test.go b/pkg/api/protobuf/go/minder/v1/validators_test.go
@@ -194,3 +194,53 @@ func TestRuleType_Definition_Eval_Rego_Validate(t *testing.T) {
 		})
 	}
 }
+
+func TestRuleType_Definition_Alert_Validate(t *testing.T) {
+	t.Parallel()
+	tests := []struct {
+		name    string
+		alert   *RuleType_Definition_Alert
+		wantErr bool
+	}{
+		{
+			name: "valid alert definition",
+			alert: &RuleType_Definition_Alert{
+				Type:             "security_advisory",
+				SecurityAdvisory: &RuleType_Definition_Alert_AlertTypeSA{},
+			},
+			wantErr: false,
+		},
+		{
+			name:    "nil alert is valid",
+			alert:   nil,
+			wantErr: false,
+		},
+		{
+			name: "empty alert type",
+			alert: &RuleType_Definition_Alert{
+				Type: "",
+			},
+			wantErr: true,
+		},
+		{
+			name: "invalid security advisory",
+			alert: &RuleType_Definition_Alert{
+				Type:             "security_advisory",
+				SecurityAdvisory: nil,
+			},
+			wantErr: true,
+		},
+	}
+
+	for _, tt := range tests {
+		tt := tt
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+
+			err := tt.alert.Validate()
+			if (err != nil) != tt.wantErr {
+				t.Errorf("Validate() error = %v, wantErr %v", err, tt.wantErr)
+			}
+		})
+	}
+}