Skip to content

Commit

Permalink
handle EOL bool items in policy (#154)
Browse files Browse the repository at this point in the history
Signed-off-by: Benji Visser <benji@093b.org>
  • Loading branch information
noqcks authored Aug 25, 2023
1 parent d61d0ce commit 8e4fb17
Show file tree
Hide file tree
Showing 2 changed files with 51 additions and 2 deletions.
16 changes: 14 additions & 2 deletions xeol/policy/eol/eol.go
Original file line number Diff line number Diff line change
Expand Up @@ -129,6 +129,15 @@ func evaluateMatches(policies []Policy, matches match.Matches, projectName strin
for _, policy := range policies {
policyCopy := policy
for _, match := range matches.Sorted() {
// skip matches eol bool set to true. Unfortunately, setting
// a policy around a software that has EOL true does not give operators
// enough time to respond so we will skip for now
if match.Cycle.EolBool {
results = append(results, createEolEvaluationResult(Policy{}, match, types.PolicyActionWarn))
evaluatedMatches[match.Cycle.ProductName] = true
continue
}

if evaluatedMatches[match.Cycle.ProductName] {
continue
}
Expand All @@ -153,6 +162,7 @@ func evaluateMatches(policies []Policy, matches match.Matches, projectName strin
if warnMatch(&policyCopy, match) {
results = append(results, createEolEvaluationResult(policyCopy, match, types.PolicyActionWarn))
evaluatedMatches[match.Cycle.ProductName] = true
continue
}
}
}
Expand Down Expand Up @@ -272,8 +282,10 @@ func createEolEvaluationResult(policy Policy, match match.Match, policyAction ty
ProductName: match.Cycle.ProductName,
Cycle: match.Cycle.ReleaseCycle,
}
if policyAction == types.PolicyActionWarn {
result.FailDate = policy.DenyDate
if policy != (Policy{}) {
if policyAction == types.PolicyActionWarn {
result.FailDate = policy.DenyDate
}
}
return result
}
37 changes: 37 additions & 0 deletions xeol/policy/eol/eol_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,43 @@ func TestEvaluate(t *testing.T) {
matches []match.Match
want []types.EolEvaluationResult
}{
{
name: "policy with eol bool match",
policy: []Policy{
{
ProductName: "foo",
Cycle: "1.0.0",
PolicyScope: PolicyScopeSoftware,
CycleOperator: CycleOperatorLessThan,
WarnDate: "2021-01-01",
DenyDate: "2021-01-01",
},
},
matches: []match.Match{
{
Cycle: eol.Cycle{
ProductName: "foo",
ReleaseCycle: "1.0.0",
EolBool: true,
},
Package: pkg.Package{
ID: pkg.ID(uuid.NewString()),
Name: "package-e",
Version: "2.0.0",
Type: syftPkg.RpmPkg,
},
},
},
want: []types.EolEvaluationResult{
{
Action: types.PolicyActionWarn, // eol bool is always a warn
Type: types.PolicyTypeEol,
ProductName: "foo",
Cycle: "1.0.0",
// fail date should be empty for eol bool
},
},
},
{
name: "policy with no matches",
policy: []Policy{
Expand Down

0 comments on commit 8e4fb17

Please sign in to comment.