Added rule policy deflation (#168)

Signed-off-by: Afek Berger <[email protected]>
kubescape · Nov 18, 2024 · 5785b47 · 5785b47
1 parent ebcd04e
commit 5785b47
Show file tree

Hide file tree

Showing 3 changed files with 108 additions and 1 deletion.
diff --git a/pkg/registry/file/applicationprofile_processor.go b/pkg/registry/file/applicationprofile_processor.go
@@ -99,6 +99,6 @@ func deflateApplicationProfileContainer(container softwarecomposition.Applicatio
 		Endpoints:      endpoints,
 		ImageTag:       container.ImageTag,
 		ImageID:        container.ImageID,
-		PolicyByRuleId: container.PolicyByRuleId,
+		PolicyByRuleId: DeflateRulePolicies(container.PolicyByRuleId),
 	}
 }
diff --git a/pkg/registry/file/applicationprofile_processor_test.go b/pkg/registry/file/applicationprofile_processor_test.go
@@ -163,3 +163,97 @@ func TestApplicationProfileProcessor_PreSave(t *testing.T) {
 		})
 	}
 }
+
+func TestDeflateRulePolicies(t *testing.T) {
+	tests := []struct {
+		name string
+		in   map[string]softwarecomposition.RulePolicy
+		want map[string]softwarecomposition.RulePolicy
+	}{
+		{
+			name: "nil map",
+			in:   nil,
+			want: nil,
+		},
+		{
+			name: "empty map",
+			in:   map[string]softwarecomposition.RulePolicy{},
+			want: map[string]softwarecomposition.RulePolicy{},
+		},
+		{
+			name: "single rule with unsorted processes",
+			in: map[string]softwarecomposition.RulePolicy{
+				"rule1": {
+					AllowedProcesses: []string{"cat", "bash", "ls"},
+					AllowedContainer: true,
+				},
+			},
+			want: map[string]softwarecomposition.RulePolicy{
+				"rule1": {
+					AllowedProcesses: []string{"bash", "cat", "ls"},
+					AllowedContainer: true,
+				},
+			},
+		},
+		{
+			name: "multiple rules with duplicate processes",
+			in: map[string]softwarecomposition.RulePolicy{
+				"rule1": {
+					AllowedProcesses: []string{"cat", "bash", "ls", "bash"},
+					AllowedContainer: true,
+				},
+				"rule2": {
+					AllowedProcesses: []string{"nginx", "nginx", "python"},
+					AllowedContainer: false,
+				},
+			},
+			want: map[string]softwarecomposition.RulePolicy{
+				"rule1": {
+					AllowedProcesses: []string{"bash", "cat", "ls"},
+					AllowedContainer: true,
+				},
+				"rule2": {
+					AllowedProcesses: []string{"nginx", "python"},
+					AllowedContainer: false,
+				},
+			},
+		},
+		{
+			name: "rule with empty processes",
+			in: map[string]softwarecomposition.RulePolicy{
+				"rule1": {
+					AllowedProcesses: []string{},
+					AllowedContainer: true,
+				},
+			},
+			want: map[string]softwarecomposition.RulePolicy{
+				"rule1": {
+					AllowedProcesses: []string{},
+					AllowedContainer: true,
+				},
+			},
+		},
+		{
+			name: "rule with nil processes",
+			in: map[string]softwarecomposition.RulePolicy{
+				"rule1": {
+					AllowedProcesses: nil,
+					AllowedContainer: true,
+				},
+			},
+			want: map[string]softwarecomposition.RulePolicy{
+				"rule1": {
+					AllowedProcesses: []string{},
+					AllowedContainer: true,
+				},
+			},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got := DeflateRulePolicies(tt.in)
+			assert.Equal(t, tt.want, got)
+		})
+	}
+}
diff --git a/pkg/registry/file/processor.go b/pkg/registry/file/processor.go
@@ -2,6 +2,7 @@ package file
 
 import (
 	mapset "github.com/deckarep/golang-set/v2"
+	"github.com/kubescape/storage/pkg/apis/softwarecomposition"
 	"k8s.io/apimachinery/pkg/runtime"
 )
 
@@ -34,3 +35,15 @@ func DeflateStringer[T Stringer](in []T) []T {
 	}
 	return out
 }
+
+func DeflateRulePolicies(in map[string]softwarecomposition.RulePolicy) map[string]softwarecomposition.RulePolicy {
+	if in == nil {
+		return nil
+	}
+
+	for key, item := range in {
+		item.AllowedProcesses = mapset.Sorted(mapset.NewThreadUnsafeSet(item.AllowedProcesses...))
+		in[key] = item
+	}
+	return in
+}