#33 Introduce a operator which indicates how multiple matchers are combined

J12934 · J12934 · commit ffb03e2384f8 · 2020-06-25T12:47:19.000+02:00
diff --git a/hooks/declarative-subsequent-scans/hook.ts b/hooks/declarative-subsequent-scans/hook.ts
@@ -22,10 +22,14 @@ interface CascadingRules {
 }
 
 interface CascadingRuleSpec {
-  matches: Array<Finding>;
+  matches: Matches;
   scanSpec: ScanSpec;
 }
 
+interface Matches {
+  anyOf: Array<Finding>;
+}
+
 interface Scan {
   metadata: k8s.V1ObjectMeta;
   spec: ScanSpec;
@@ -74,7 +78,7 @@ export function getCascadingScans(
   for (const cascadingRule of cascadingRules) {
     for (const finding of findings) {
       // Check if one (ore more) of the CascadingRule matchers apply to the finding
-      const matches = cascadingRule.spec.matches.some((matchesRule) =>
+      const matches = cascadingRule.spec.matches.anyOf.some((matchesRule) =>
         isMatch(finding, matchesRule)
       );
 
diff --git a/hooks/declarative-subsequent-scans/tmpCascadingRules/sslyze.yaml b/hooks/declarative-subsequent-scans/tmpCascadingRules/sslyze.yaml
@@ -4,13 +4,14 @@ metadata:
   name: "tls-scans"
 spec:
   matches:
-    - category: "Open Port"
-      attributes:
-        port: 443
-        service: "https"
-    - category: "Open Port"
-      attributes:
-        service: "https"
+    anyOf:
+      - category: "Open Port"
+        attributes:
+          port: 443
+          service: "https"
+      - category: "Open Port"
+        attributes:
+          service: "https"
   scanSpec:
     name: "sslyze"
     parameters: ["--regular", "{{attributes.hostname}}"]
diff --git a/operator/apis/cascading/v1/cascadingrule_types.go b/operator/apis/cascading/v1/cascadingrule_types.go
@@ -30,11 +30,17 @@ type CascadingRuleSpec struct {
 	// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
 	// Important: Run "make" to regenerate code after modifying this file
 
-	// Foo is an example field of CascadingRule. Edit CascadingRule_types.go to remove/update
-	Matches  []MatchesRule        `json:"matches"`
+	// Matches defines to which findings the CascadingRule should apply
+	Matches Matches `json:"matches"`
+	// ScanSpec defines how the cascaded scan should look like
 	ScanSpec executionv1.ScanSpec `json:"scanSpec"`
 }
 
+// Matches defines how matching rules should be combined. Do all have to match? Or just One?
+type Matches struct {
+	AnyOf []MatchesRule `json:"anyOf,omitempty"`
+}
+
 // MatchesRule is a generic map which is used to model the structure of a finding for which the CascadingRule should take effect
 type MatchesRule struct {
 	Name        string                        `json:"name,omitempty"`
diff --git a/operator/apis/cascading/v1/zz_generated.deepcopy.go b/operator/apis/cascading/v1/zz_generated.deepcopy.go
diff --git a/operator/config/crd/bases/cascading.experimental.securecodebox.io_cascadingrules.yaml b/operator/config/crd/bases/cascading.experimental.securecodebox.io_cascadingrules.yaml
@@ -35,35 +35,39 @@ spec:
           description: CascadingRuleSpec defines the desired state of CascadingRule
           properties:
             matches:
-              description: Foo is an example field of CascadingRule. Edit CascadingRule_types.go
-                to remove/update
-              items:
-                description: MatchesRule is a generic map which is used to model the
-                  structure of a finding for which the CascadingRule should take effect
-                properties:
-                  attributes:
-                    additionalProperties:
-                      anyOf:
-                      - type: integer
-                      - type: string
-                      x-kubernetes-int-or-string: true
+              description: Matches defines to which findings the CascadingRule should
+                apply
+              properties:
+                anyOf:
+                  items:
+                    description: MatchesRule is a generic map which is used to model
+                      the structure of a finding for which the CascadingRule should
+                      take effect
+                    properties:
+                      attributes:
+                        additionalProperties:
+                          anyOf:
+                          - type: integer
+                          - type: string
+                          x-kubernetes-int-or-string: true
+                        type: object
+                      category:
+                        type: string
+                      description:
+                        type: string
+                      location:
+                        type: string
+                      name:
+                        type: string
+                      osi_layer:
+                        type: string
+                      severity:
+                        type: string
                     type: object
-                  category:
-                    type: string
-                  description:
-                    type: string
-                  location:
-                    type: string
-                  name:
-                    type: string
-                  osi_layer:
-                    type: string
-                  severity:
-                    type: string
-                type: object
-              type: array
+                  type: array
+              type: object
             scanSpec:
-              description: ScanSpec defines the desired state of Scan
+              description: ScanSpec defines how the cascaded scan should look like
               properties:
                 parameters:
                   items:
