feat: Implement large portion of the plugin system

This commit aggregates a bunch of work on the plugin system, specifically: - Added code to retreive config information from policy file analyses. - Added `concern`s field to `Query` gRPC message - Added `PolicyFile::get_config` method - Update legacy config Salsa functions to use `PolicyFile::get_config` - Change legacy analyses to return `QueryResult` - Plugin downloading and extraction added to `hc check` Co-authored-by: Julian Lanson <[email protected]> Co-authored-by: Michael Chernicoff <[email protected]> Co-authored-by: Patrick Casey <[email protected]> Co-authored-by: Andrew Lilley Brinker <[email protected]> Signed-off-by: Andrew Lilley Brinker <[email protected]>
mitre · Sep 7, 2024 · c88609a · c88609a
1 parent 16023e8
commit c88609a
Show file tree

Hide file tree

Showing 35 changed files with 1,045 additions and 972 deletions.
diff --git a/config/Hipcheck.kdl b/config/Hipcheck.kdl
@@ -0,0 +1,43 @@
+plugins {
+    plugin "mitre/activity" version="0.1.0"
+    plugin "mitre/binary" version="0.1.0"
+    plugin "mitre/fuzz" version="0.1.0"
+    plugin "mitre/review" version="0.1.0"
+    plugin "mitre/typo" version="0.1.0"
+    plugin "mitre/affiliation" version="0.1.0"
+    plugin "mitre/entropy" version="0.1.0"
+    plugin "mitre/churn" version="0.1.0"
+}
+
+analyze {
+    investigate policy="(gt 0.5 $)"
+    investigate-if-fail "mitre/typo" "mitre/binary"
+
+    category "practices" {
+        analysis "mitre/activity" policy="(lte 52 $)" weight=3
+        analysis "mitre/binary" policy="(eq 0 (count $))" {
+			binary-file "./config/Binary.toml"
+		}
+        analysis "mitre/fuzz" policy="(eq #t $)"
+        analysis "mitre/review" policy="(lte 0.05 $)"
+    }
+
+    category "attacks" {
+        analysis "mitre/typo" policy="(eq 0 (count $))" {
+            typo-file "./config/Typos.toml"
+        }
+
+        category "commit" {
+            analysis "mitre/affiliation" policy="(eq 0 (count $))" {
+                orgs-file "./config/Orgs.toml"
+            }
+
+            analysis "mitre/entropy" policy="(eq 0 (count (filter (gt 8.0) $)))" {
+				langs-file "./config/Langs.toml"
+			}
+            analysis "mitre/churn" policy="(eq 0 (count (filter (gt 8.0) $)))" {
+				langs-file "./config/Langs.toml"
+			}
+        }
+    }
+}
diff --git a/hipcheck/proto/hipcheck/v1/hipcheck.proto b/hipcheck/proto/hipcheck/v1/hipcheck.proto
@@ -160,6 +160,10 @@ message Query {
     // Hipcheck for future queries matching the publisher name, plugin name,
     // query name, and key.
     string output = 7;
+
+	// An unstructured concern raised during the query that will be raised
+	// in the final Hipcheck report.
+	repeated string concern = 8;
 }
 
 enum QueryState {