fix: remove page generation from tracee Rego signatures

Signed-off-by: Nikita Pivkin <[email protected]>
aquasecurity · Dec 18, 2024 · 8186fe9 · 8186fe9
1 parent 482476a
commit 8186fe9
Show file tree

Hide file tree

Showing 20 changed files with 19 additions and 1,773 deletions.
diff --git a/docGen/files.go b/docGen/files.go
@@ -3,7 +3,6 @@ package main
 import (
 	"os"
 	"path/filepath"
-	"strings"
 )
 
 func getAllFiles(dir string) ([]string, error) {
@@ -25,18 +24,3 @@ func getAllFiles(dir string) ([]string, error) {
 	}
 	return filesFound, nil
 }
-
-func getAllFilesOfKind(dir string, include string, exclude string) ([]string, error) { // TODO: include and exclude should be slices/variadic
-	var filteredFiles []string
-	files, err := getAllFiles(dir)
-	if err != nil {
-		return nil, err
-	}
-
-	for _, f := range files {
-		if strings.Contains(f, include) && !strings.Contains(f, exclude) {
-			filteredFiles = append(filteredFiles, f)
-		}
-	}
-	return filteredFiles, nil
-}
diff --git a/docGen/go.mod b/docGen/go.mod
@@ -6,7 +6,6 @@ toolchain go1.22.2
 
 require (
 	github.com/Masterminds/semver v1.5.0
-	github.com/aquasecurity/tracee v0.7.0
 	github.com/aquasecurity/trivy v0.57.0
 	github.com/aquasecurity/vuln-list-update v0.0.0-20191016075347-3d158c2bf9a2
 	github.com/leekchan/gtf v0.0.0-20190214083521-5fba33c5b00b
@@ -56,7 +55,6 @@ require (
 	github.com/agext/levenshtein v1.2.3 // indirect
 	github.com/agnivade/levenshtein v1.1.1 // indirect
 	github.com/alecthomas/chroma v0.10.0 // indirect
-	github.com/aquasecurity/tracee/types v0.0.0-20220228102148-dffb469aed94 // indirect
 	github.com/aquasecurity/trivy-checks v1.2.2 // indirect
 	github.com/araddon/dateparse v0.0.0-20190426192744-0d74ffceef83 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect

diff --git a/docGen/go.sum b/docGen/go.sum
@@ -19,10 +19,6 @@ github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFI
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4=
 github.com/apparentlymart/go-textseg/v15 v15.0.0 h1:uYvfpb3DyLSCGWnctWKGj857c6ew1u1fNQOlOtuGxQY=
 github.com/apparentlymart/go-textseg/v15 v15.0.0/go.mod h1:K8XmNZdhEBkdlyDdvbmmsvpAG721bKi0joRfFdHIWJ4=
-github.com/aquasecurity/tracee v0.7.0 h1:xAsERkCvhTTfjxTh4236ghGnoA0q3zqau3NEEwLQXIA=
-github.com/aquasecurity/tracee v0.7.0/go.mod h1:gdYXY4zhvEYAE8QShFKRHF9xkOKjPI74O0wJGTggH5g=
-github.com/aquasecurity/tracee/types v0.0.0-20220228102148-dffb469aed94 h1:8dNst7rq3V688n0CyVGy0aNV179s5jGfi6i+C8fCeh4=
-github.com/aquasecurity/tracee/types v0.0.0-20220228102148-dffb469aed94/go.mod h1:l8MikK8yNCxoFVFq+WqvRg3kiDUX4wDTQwo7oD7YnWM=
 github.com/aquasecurity/trivy v0.57.0 h1:W3L+VVvAQjYsJsyiBsThs5xec66g2LpbVkWQJNcaZE0=
 github.com/aquasecurity/trivy v0.57.0/go.mod h1:MPExNeIDQASo9nHkVjN4pSsx7Vxoka96FnjryoSnhk0=
 github.com/aquasecurity/trivy-checks v1.2.2 h1:EVHi0gthYzDLfqdAqBBwVGfg2l/gdZ622pIlC9rP+lU=
@@ -39,7 +35,6 @@ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/bytecodealliance/wasmtime-go/v3 v3.0.2 h1:3uZCA/BLTIu+DqCfguByNMJa2HVHpXvjfy0Dy7g6fuA=
 github.com/bytecodealliance/wasmtime-go/v3 v3.0.2/go.mod h1:RnUjnIXxEJcL6BgCvNyzCCRzZcxCgsZCi+RNlvYor5Q=
-github.com/cenkalti/backoff v2.2.1+incompatible h1:tNowT99t7UNflLxfYYSlKYsBpXdEet03Pg2g16Swow4=
 github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8=
 github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
 github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko=

diff --git a/docGen/main.go b/docGen/main.go
@@ -45,7 +45,9 @@ func main() {
 	generateDefsecComplianceSpecPages("../avd-repo/trivy-policies-repo/rules/specs/compliance", "../avd-repo/content/compliance")
 	generateKubeHunterPages("../avd-repo/kube-hunter-repo/docs/_kb", "../avd-repo/content/misconfig/kubernetes")
 	generateCloudSploitPages("../avd-repo/cloudsploit-repo/plugins", "../avd-repo/content/misconfig", "../avd-repo/remediations-repo/en")
-	generateTraceePages("../avd-repo/tracee-repo/signatures", "../avd-repo/content/tracee", realClock{})
+	if err := generateTraceePages("../avd-repo/tracee-repo/signatures", "../avd-repo/content/tracee", realClock{}); err != nil {
+		fail(err)
+	}
 	generateDefsecPages("../avd-repo/trivy-policies-repo/avd_docs", "../avd-repo/content/misconfig")
 
 	nvdGenerator := NewNvdGenerator()

diff --git a/docGen/tracee.go b/docGen/tracee.go
@@ -1,9 +1,7 @@
 package main
 
 import (
-	"encoding/json"
 	"fmt"
-	"io/ioutil"
 	"log"
 	"os"
 	"path/filepath"
@@ -14,7 +12,6 @@ import (
 
 	"github.com/aquasecurity/avd-generator/menu"
 	"github.com/aquasecurity/avd-generator/util"
-	"github.com/aquasecurity/tracee/pkg/rules/regosig"
 )
 
 var (
@@ -83,21 +80,18 @@ func TraceePostToMarkdown(tp TraceePost, outputFile *os.File) error {
 	return nil
 }
 
-func generateTraceePages(rulesDir, postsDir string, clock Clock) {
+func generateTraceePages(rulesDir, postsDir string, clock Clock) error {
 	err := os.MkdirAll(postsDir, 0755)
 	if err != nil {
-		log.Fatal("unable to create tracee directory ", err)
+		return fmt.Errorf("create dir: %w", err)
 	}
 
 	log.Println("generating tracee pages in: ", postsDir)
 
-	if err := generateRegoSigPages(rulesDir, postsDir, clock); err != nil {
-		log.Fatal("failed to generate rego sig pages: ", err)
-	}
-
 	if err := generateGoSigPages(rulesDir, postsDir, clock); err != nil {
-		log.Fatal("failed to generate go sig pages: ", err)
+		return fmt.Errorf("generate go sig pages: %w", err)
 	}
+	return nil
 }
 
 func generateGoSigPages(rulesDir string, postsDir string, clock Clock) error {
@@ -119,7 +113,7 @@ func generateGoSigPages(rulesDir string, postsDir string, clock Clock) error {
 				return
 			}
 
-			b, _ := ioutil.ReadFile(file)
+			b, _ := os.ReadFile(file)
 			r := strings.NewReplacer(`"`, ``)
 			rTitle := strings.NewReplacer("/", "-", `"`, "")
 
@@ -191,93 +185,6 @@ func getRegexMatch(regex, str string) string {
 	return strings.TrimSpace(parts[1])
 }
 
-func generateRegoSigPages(rulesDir string, postsDir string, clock Clock) error {
-	files, err := getAllFilesOfKind(rulesDir, "rego", "_test")
-	if err != nil {
-		log.Println("unable to get rego signature files: ", err)
-		return err
-	}
-
-	helpers, err := ioutil.ReadFile(filepath.Join(rulesDir, "rego", "helpers.rego"))
-	if err != nil {
-		log.Println("unable to read helpers.rego file: ", err)
-		return err
-	}
-
-	for _, file := range files {
-		if findSubstringsInString(file, []string{"helpers", "example", ".go", "aio", "disabled"}) { // TODO: This should be handled by a filter in GetAllFilesOfKind
-			continue
-		}
-
-		log.Printf("Processing Tracee rego signature file: %s", file)
-
-		b, err := ioutil.ReadFile(file)
-		if err != nil {
-			log.Printf("unable to read signature file: %s, %s\n", file, err)
-			return err
-		}
-
-		sig, err := regosig.NewRegoSignature("rego", false, string(b), string(helpers))
-		if err != nil {
-			log.Printf("unable to create new rego signature in file %s: %s\n", file, err)
-			return err
-		}
-		m, _ := sig.GetMetadata()
-
-		var severity int64
-		if m.Properties["Severity"] != nil {
-			severity, _ = m.Properties["Severity"].(json.Number).Int64()
-		}
-		var ma string
-		if m.Properties["MITRE ATT&CK"] != nil {
-			ma = m.Properties["MITRE ATT&CK"].(string)
-		}
-
-		topLevelIDName := strings.TrimSpace(strings.Split(ma, ":")[0])
-		topLevelID := strings.ToLower(strings.ReplaceAll(topLevelIDName, " ", "-"))
-		runTimeSecurityMenu.AddNode(topLevelID, strings.Title(topLevelIDName), postsDir, "tracee", []string{"runtime"}, []menu.BreadCrumb{
-			{Name: "Tracee", Url: "/tracee"},
-		}, "tracee", false)
-		parentID := topLevelID
-
-		outputFilepath := filepath.Join(postsDir, parentID, fmt.Sprintf("%s.md", strings.ReplaceAll(m.ID, "-", "")))
-		if err := os.MkdirAll(filepath.Dir(outputFilepath), 0755); err != nil {
-			log.Printf("error occurred while creating target directory: %s, %s", filepath.Dir(outputFilepath), err)
-		}
-
-		f, err := os.Create(outputFilepath)
-		if err != nil {
-			log.Printf("unable to create tracee markdown file: %s for sig: %s, skipping...\n", err, m.ID)
-			continue
-		}
-
-		if err = TraceePostToMarkdown(TraceePost{
-			Title:      util.Nicify(strings.Title(m.Name)),
-			ParentID:   parentID,
-			ParentName: strings.Title(topLevelIDName),
-			AliasID:    strings.ToLower(strings.ReplaceAll(m.ID, "-", "")),
-			TopLevelID: parentID,
-			Date:       clock.Now("2006-01-02"),
-			Signature: Signature{
-				ID:          m.ID,
-				Version:     m.Version,
-				Name:        strings.ReplaceAll(m.Name, " ", "-"),
-				Description: m.Description,
-				Severity:    SeverityNames[severity],
-				MitreAttack: ma,
-				RegoPolicy:  string(b),
-			},
-		}, f); err != nil {
-			log.Printf("unable to write tracee signature markdown: %s.md, err: %s", m.ID, err)
-			continue
-		}
-
-		// TODO: Add MITRE classification details
-		// TODO: Add ability to append custom aqua blog post from another markdown
-	}
-	return nil
-}
-
 const signaturePostTemplate = `---
 title: {{.Title}}
 id: {{.Signature.ID}}

diff --git a/docGen/tracee_test.go b/docGen/tracee_test.go
@@ -1,8 +1,6 @@
 package main
 
 import (
-	"fmt"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"regexp"
@@ -15,28 +13,23 @@ import (
 )
 
 func Test_generateTraceePages(t *testing.T) {
-	postsDir, _ := ioutil.TempDir("", "Test_generateTraceePages-*")
-	defer func() {
-		_ = os.RemoveAll(postsDir)
-	}()
-	generateTraceePages("../goldens/tracee-sigs", filepath.Join(postsDir, "tracee"), fakeClock{})
+	postsDir := t.TempDir()
+
+	err := generateTraceePages("../goldens/tracee-sigs", filepath.Join(postsDir, "tracee"), fakeClock{})
+	require.NoError(t, err)
 
 	gotFiles, err := getAllFiles(postsDir)
 	require.NoError(t, err)
-	require.Equal(t, 3, len(gotFiles))
+	require.Equal(t, 1, len(gotFiles))
 
 	dirRegex := regexp.MustCompile("(?m).+MITRE ATT&CK\n(.*):")
 
-	// check for various files and contents
-	for i := 1; i <= 3; i++ {
-		want, err := ioutil.ReadFile(fmt.Sprintf("../goldens/tracee-sigs/generated-mds/TRC%d.md", i))
-		require.NoError(t, err)
-
-		dir := strings.ReplaceAll(string(dirRegex.FindSubmatch(want)[1]), " ", "-")
+	want, err := os.ReadFile("../goldens/tracee-sigs/generated-mds/TRC1.md")
+	require.NoError(t, err)
 
-		got, err := ioutil.ReadFile(filepath.Join(postsDir, "tracee", strings.ToLower(dir), fmt.Sprintf("TRC%d.md", i)))
-		require.NoError(t, err)
+	dir := strings.ReplaceAll(string(dirRegex.FindSubmatch(want)[1]), " ", "-")
 
-		assert.Equal(t, string(want), string(got))
-	}
+	got, err := os.ReadFile(filepath.Join(postsDir, "tracee", strings.ToLower(dir), "TRC1.md"))
+	require.NoError(t, err)
+	assert.Equal(t, string(want), string(got))
 }
diff --git a/goldens/tracee-sigs/generated-mds/TRC2.md b/goldens/tracee-sigs/generated-mds/TRC2.md