diff --git a/pkg/k8s/writer_test.go b/pkg/k8s/writer_test.go index 2253dea17c93..1b5b6af93c9c 100644 --- a/pkg/k8s/writer_test.go +++ b/pkg/k8s/writer_test.go @@ -23,9 +23,6 @@ const ( tableFormat = "table" jsonFormat = "json" cycloneDXFormat = "cyclonedx" - - workloadComponent = "workload" - infraComponent = "infra" ) var ( @@ -204,118 +201,118 @@ func TestReportWrite_Summary(t *testing.T) { scanners types.Scanners severities []dbTypes.Severity expectedOutput string - }{ /* - { - name: "Only config, all serverities", - report: report.Report{ - ClusterName: "test", - Resources: []report.Resource{deployOrionWithMisconfigs}, - }, - scanners: types.Scanners{types.MisconfigScanner}, - severities: allSeverities, - expectedOutput: `Summary Report for test - ======================= - - Workload Assessment - ┌───────────┬──────────────┬───────────────────┐ - │ Namespace │ Resource │ Misconfigurations │ - │ │ ├───┬───┬───┬───┬───┤ - │ │ │ C │ H │ M │ L │ U │ - ├───────────┼──────────────┼───┼───┼───┼───┼───┤ - │ default │ Deploy/orion │ 1 │ 2 │ 1 │ 2 │ 1 │ - └───────────┴──────────────┴───┴───┴───┴───┴───┘ - Severities: C=CRITICAL H=HIGH M=MEDIUM L=LOW U=UNKNOWN - - - Infra Assessment - ┌───────────┬──────────┬───────────────────┐ - │ Namespace │ Resource │ Misconfigurations │ - │ │ ├───┬───┬───┬───┬───┤ - │ │ │ C │ H │ M │ L │ U │ - └───────────┴──────────┴───┴───┴───┴───┴───┘ - Severities: C=CRITICAL H=HIGH M=MEDIUM L=LOW U=UNKNOWN`, - }, - { - name: "Only vuln, all serverities", - report: report.Report{ - ClusterName: "test", - Resources: []report.Resource{deployOrionWithVulns}, - }, - scanners: types.Scanners{types.VulnerabilityScanner}, - severities: allSeverities, - expectedOutput: `Summary Report for test - ======================= - - Workload Assessment - ┌───────────┬──────────────┬───────────────────┐ - │ Namespace │ Resource │ Vulnerabilities │ - │ │ ├───┬───┬───┬───┬───┤ - │ │ │ C │ H │ M │ L │ U │ - ├───────────┼──────────────┼───┼───┼───┼───┼───┤ - │ default │ Deploy/orion │ 2 │ 1 │ 2 │ 1 │ 1 │ - └───────────┴──────────────┴───┴───┴───┴───┴───┘ - Severities: C=CRITICAL H=HIGH M=MEDIUM L=LOW U=UNKNOWN - - - Infra Assessment - ┌───────────┬──────────┬───────────────────┐ - │ Namespace │ Resource │ Vulnerabilities │ - │ │ ├───┬───┬───┬───┬───┤ - │ │ │ C │ H │ M │ L │ U │ - └───────────┴──────────┴───┴───┴───┴───┴───┘ - Severities: C=CRITICAL H=HIGH M=MEDIUM L=LOW U=UNKNOWN`, - }, - { - name: "Only rbac, all serverities", - report: report.Report{ - ClusterName: "test", - Resources: []report.Resource{roleWithMisconfig}, - }, - scanners: types.Scanners{types.RBACScanner}, - severities: allSeverities, - expectedOutput: `Summary Report for test - ======================= - - RBAC Assessment - ┌───────────┬─────────────────────────────────────────────────────┬───────────────────┐ - │ Namespace │ Resource │ RBAC Assessment │ - │ │ ├───┬───┬───┬───┬───┤ - │ │ │ C │ H │ M │ L │ U │ - ├───────────┼─────────────────────────────────────────────────────┼───┼───┼───┼───┼───┤ - │ default │ Role/system::leader-locking-kube-controller-manager │ │ │ 1 │ │ │ - └───────────┴─────────────────────────────────────────────────────┴───┴───┴───┴───┴───┘ - Severities: C=CRITICAL H=HIGH M=MEDIUM L=LOW U=UNKNOWN`, - }, - { - name: "Only secret, all serverities", - report: report.Report{ - ClusterName: "test", - Resources: []report.Resource{deployLuaWithSecrets}, - }, - scanners: types.Scanners{types.SecretScanner}, - severities: allSeverities, - expectedOutput: `Summary Report for test - ======================= - - Workload Assessment - ┌───────────┬────────────┬───────────────────┐ - │ Namespace │ Resource │ Secrets │ - │ │ ├───┬───┬───┬───┬───┤ - │ │ │ C │ H │ M │ L │ U │ - ├───────────┼────────────┼───┼───┼───┼───┼───┤ - │ default │ Deploy/lua │ 1 │ │ 1 │ │ │ - └───────────┴────────────┴───┴───┴───┴───┴───┘ - Severities: C=CRITICAL H=HIGH M=MEDIUM L=LOW U=UNKNOWN - - - Infra Assessment - ┌───────────┬──────────┬───────────────────┐ - │ Namespace │ Resource │ Secrets │ - │ │ ├───┬───┬───┬───┬───┤ - │ │ │ C │ H │ M │ L │ U │ - └───────────┴──────────┴───┴───┴───┴───┴───┘ - Severities: C=CRITICAL H=HIGH M=MEDIUM L=LOW U=UNKNOWN`, - },*/ + }{ + { + name: "Only config, all serverities", + report: report.Report{ + ClusterName: "test", + Resources: []report.Resource{deployOrionWithMisconfigs}, + }, + scanners: types.Scanners{types.MisconfigScanner}, + severities: allSeverities, + expectedOutput: `Summary Report for test +======================= + +Workload Assessment +┌───────────┬──────────────┬───────────────────┐ +│ Namespace │ Resource │ Misconfigurations │ +│ │ ├───┬───┬───┬───┬───┤ +│ │ │ C │ H │ M │ L │ U │ +├───────────┼──────────────┼───┼───┼───┼───┼───┤ +│ default │ Deploy/orion │ 1 │ 2 │ 1 │ 2 │ 1 │ +└───────────┴──────────────┴───┴───┴───┴───┴───┘ +Severities: C=CRITICAL H=HIGH M=MEDIUM L=LOW U=UNKNOWN + + +Infra Assessment +┌───────────┬──────────┬───────────────────┐ +│ Namespace │ Resource │ Misconfigurations │ +│ │ ├───┬───┬───┬───┬───┤ +│ │ │ C │ H │ M │ L │ U │ +└───────────┴──────────┴───┴───┴───┴───┴───┘ +Severities: C=CRITICAL H=HIGH M=MEDIUM L=LOW U=UNKNOWN`, + }, + { + name: "Only vuln, all serverities", + report: report.Report{ + ClusterName: "test", + Resources: []report.Resource{deployOrionWithVulns}, + }, + scanners: types.Scanners{types.VulnerabilityScanner}, + severities: allSeverities, + expectedOutput: `Summary Report for test +======================= + +Workload Assessment +┌───────────┬──────────────┬───────────────────┐ +│ Namespace │ Resource │ Vulnerabilities │ +│ │ ├───┬───┬───┬───┬───┤ +│ │ │ C │ H │ M │ L │ U │ +├───────────┼──────────────┼───┼───┼───┼───┼───┤ +│ default │ Deploy/orion │ 2 │ 1 │ 2 │ 1 │ 1 │ +└───────────┴──────────────┴───┴───┴───┴───┴───┘ +Severities: C=CRITICAL H=HIGH M=MEDIUM L=LOW U=UNKNOWN + + +Infra Assessment +┌───────────┬──────────┬───────────────────┐ +│ Namespace │ Resource │ Vulnerabilities │ +│ │ ├───┬───┬───┬───┬───┤ +│ │ │ C │ H │ M │ L │ U │ +└───────────┴──────────┴───┴───┴───┴───┴───┘ +Severities: C=CRITICAL H=HIGH M=MEDIUM L=LOW U=UNKNOWN`, + }, + { + name: "Only rbac, all serverities", + report: report.Report{ + ClusterName: "test", + Resources: []report.Resource{roleWithMisconfig}, + }, + scanners: types.Scanners{types.RBACScanner}, + severities: allSeverities, + expectedOutput: `Summary Report for test +======================= + +RBAC Assessment +┌───────────┬─────────────────────────────────────────────────────┬───────────────────┐ +│ Namespace │ Resource │ RBAC Assessment │ +│ │ ├───┬───┬───┬───┬───┤ +│ │ │ C │ H │ M │ L │ U │ +├───────────┼─────────────────────────────────────────────────────┼───┼───┼───┼───┼───┤ +│ default │ Role/system::leader-locking-kube-controller-manager │ │ │ 1 │ │ │ +└───────────┴─────────────────────────────────────────────────────┴───┴───┴───┴───┴───┘ +Severities: C=CRITICAL H=HIGH M=MEDIUM L=LOW U=UNKNOWN`, + }, + { + name: "Only secret, all serverities", + report: report.Report{ + ClusterName: "test", + Resources: []report.Resource{deployLuaWithSecrets}, + }, + scanners: types.Scanners{types.SecretScanner}, + severities: allSeverities, + expectedOutput: `Summary Report for test +======================= + +Workload Assessment +┌───────────┬────────────┬───────────────────┐ +│ Namespace │ Resource │ Secrets │ +│ │ ├───┬───┬───┬───┬───┤ +│ │ │ C │ H │ M │ L │ U │ +├───────────┼────────────┼───┼───┼───┼───┼───┤ +│ default │ Deploy/lua │ 1 │ │ 1 │ │ │ +└───────────┴────────────┴───┴───┴───┴───┴───┘ +Severities: C=CRITICAL H=HIGH M=MEDIUM L=LOW U=UNKNOWN + + +Infra Assessment +┌───────────┬──────────┬───────────────────┐ +│ Namespace │ Resource │ Secrets │ +│ │ ├───┬───┬───┬───┬───┤ +│ │ │ C │ H │ M │ L │ U │ +└───────────┴──────────┴───┴───┴───┴───┴───┘ +Severities: C=CRITICAL H=HIGH M=MEDIUM L=LOW U=UNKNOWN`, + }, { name: "apiserver, only infra and serverities", report: report.Report{ @@ -345,65 +342,74 @@ Infra Assessment │ kube-system │ Pod/kube-apiserver │ │ 1 │ 2 │ 2 │ │ └─────────────┴────────────────────┴───┴───┴───┴───┴───┘ Severities: C=CRITICAL H=HIGH M=MEDIUM L=LOW U=UNKNOWN`, - }, /* - { - name: "apiserver, vuln,config,secret and serverities", - report: report.Report{ - ClusterName: "test", - Resources: []report.Resource{apiseverPodWithMisconfigAndInfra}, - }, - scanners: types.Scanners{ - types.VulnerabilityScanner, - types.MisconfigScanner, - types.SecretScanner, - }, - severities: allSeverities, - expectedOutput: `Summary Report for test - ======================= - - Infra Assessment - ┌─────────────┬────────────────────┬───────────────────┬───────────────────┬───────────────────┐ - │ Namespace │ Resource │ Vulnerabilities │ Misconfigurations │ Secrets │ - │ │ ├───┬───┬───┬───┬───┼───┬───┬───┬───┬───┼───┬───┬───┬───┬───┤ - │ │ │ C │ H │ M │ L │ U │ C │ H │ M │ L │ U │ C │ H │ M │ L │ U │ - ├─────────────┼────────────────────┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┤ - │ kube-system │ Pod/kube-apiserver │ │ │ │ │ │ │ 1 │ 2 │ 2 │ │ │ │ │ │ │ - └─────────────┴────────────────────┴───┴───┴───┴───┴───┴───┴───┴───┴───┴───┴───┴───┴───┴───┴───┘ - Severities: C=CRITICAL H=HIGH M=MEDIUM L=LOW U=UNKNOWN`, - }, - { - name: "apiserver, all misconfig and vuln scanners and serverities", - report: report.Report{ - ClusterName: "test", - Resources: []report.Resource{apiseverPodWithMisconfigAndInfra}, - }, - scanners: types.Scanners{ - types.MisconfigScanner, - types.VulnerabilityScanner, - }, - severities: allSeverities, - expectedOutput: `Summary Report for test - ======================= - - Workload Assessment - ┌───────────┬──────────┬───────────────────┬───────────────────┐ - │ Namespace │ Resource │ Vulnerabilities │ Misconfigurations │ - │ │ ├───┬───┬───┬───┬───┼───┬───┬───┬───┬───┤ - │ │ │ C │ H │ M │ L │ U │ C │ H │ M │ L │ U │ - └───────────┴──────────┴───┴───┴───┴───┴───┴───┴───┴───┴───┴───┘ - Severities: C=CRITICAL H=HIGH M=MEDIUM L=LOW U=UNKNOWN - - - Infra Assessment - ┌─────────────┬────────────────────┬───────────────────┬───────────────────┐ - │ Namespace │ Resource │ Vulnerabilities │ Misconfigurations │ - │ │ ├───┬───┬───┬───┬───┼───┬───┬───┬───┬───┤ - │ │ │ C │ H │ M │ L │ U │ C │ H │ M │ L │ U │ - ├─────────────┼────────────────────┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┤ - │ kube-system │ Pod/kube-apiserver │ │ │ │ │ │ │ 1 │ 2 │ 2 │ │ - └─────────────┴────────────────────┴───┴───┴───┴───┴───┴───┴───┴───┴───┴───┘ - Severities: C=CRITICAL H=HIGH M=MEDIUM L=LOW U=UNKNOWN`, - },*/ + }, + { + name: "apiserver, vuln,config,secret and serverities", + report: report.Report{ + ClusterName: "test", + Resources: []report.Resource{apiseverPodWithMisconfigAndInfra}, + }, + scanners: types.Scanners{ + types.VulnerabilityScanner, + types.MisconfigScanner, + types.SecretScanner, + }, + severities: allSeverities, + expectedOutput: `Summary Report for test +======================= + +Workload Assessment +┌───────────┬──────────┬───────────────────┬───────────────────┬───────────────────┐ +│ Namespace │ Resource │ Vulnerabilities │ Misconfigurations │ Secrets │ +│ │ ├───┬───┬───┬───┬───┼───┬───┬───┬───┬───┼───┬───┬───┬───┬───┤ +│ │ │ C │ H │ M │ L │ U │ C │ H │ M │ L │ U │ C │ H │ M │ L │ U │ +└───────────┴──────────┴───┴───┴───┴───┴───┴───┴───┴───┴───┴───┴───┴───┴───┴───┴───┘ +Severities: C=CRITICAL H=HIGH M=MEDIUM L=LOW U=UNKNOWN + + +Infra Assessment +┌─────────────┬────────────────────┬───────────────────┬───────────────────┬───────────────────┐ +│ Namespace │ Resource │ Vulnerabilities │ Misconfigurations │ Secrets │ +│ │ ├───┬───┬───┬───┬───┼───┬───┬───┬───┬───┼───┬───┬───┬───┬───┤ +│ │ │ C │ H │ M │ L │ U │ C │ H │ M │ L │ U │ C │ H │ M │ L │ U │ +├─────────────┼────────────────────┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┤ +│ kube-system │ Pod/kube-apiserver │ │ │ │ │ │ │ 1 │ 2 │ 2 │ │ │ │ │ │ │ +└─────────────┴────────────────────┴───┴───┴───┴───┴───┴───┴───┴───┴───┴───┴───┴───┴───┴───┴───┘ +Severities: C=CRITICAL H=HIGH M=MEDIUM L=LOW U=UNKNOWN`, + }, + { + name: "apiserver, all misconfig and vuln scanners and serverities", + report: report.Report{ + ClusterName: "test", + Resources: []report.Resource{apiseverPodWithMisconfigAndInfra}, + }, + scanners: types.Scanners{ + types.MisconfigScanner, + types.VulnerabilityScanner, + }, + severities: allSeverities, + expectedOutput: `Summary Report for test +======================= + +Workload Assessment +┌───────────┬──────────┬───────────────────┬───────────────────┐ +│ Namespace │ Resource │ Vulnerabilities │ Misconfigurations │ +│ │ ├───┬───┬───┬───┬───┼───┬───┬───┬───┬───┤ +│ │ │ C │ H │ M │ L │ U │ C │ H │ M │ L │ U │ +└───────────┴──────────┴───┴───┴───┴───┴───┴───┴───┴───┴───┴───┘ +Severities: C=CRITICAL H=HIGH M=MEDIUM L=LOW U=UNKNOWN + + +Infra Assessment +┌─────────────┬────────────────────┬───────────────────┬───────────────────┐ +│ Namespace │ Resource │ Vulnerabilities │ Misconfigurations │ +│ │ ├───┬───┬───┬───┬───┼───┬───┬───┬───┬───┤ +│ │ │ C │ H │ M │ L │ U │ C │ H │ M │ L │ U │ +├─────────────┼────────────────────┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┤ +│ kube-system │ Pod/kube-apiserver │ │ │ │ │ │ │ 1 │ 2 │ 2 │ │ +└─────────────┴────────────────────┴───┴───┴───┴───┴───┴───┴───┴───┴───┴───┘ +Severities: C=CRITICAL H=HIGH M=MEDIUM L=LOW U=UNKNOWN`, + }, } for _, tc := range tests {