Skip to content

Commit

Permalink
Add labeling functionality
Browse files Browse the repository at this point in the history 
This adds labels to outputs and facets for help with policy and
auditing purposes.

These labels shouldn't be taken as truth but help in pointing
out the claims being made by Skootrs projects and used with
auditing.
  • Loading branch information
@mlieberman85
mlieberman85 committed Apr 14, 2024
1 parent 984ffec commit 997bf86
Show file tree
Hide file tree
Showing 8 changed files with 182 additions and 73 deletions.
7 changes: 4 additions & 3 deletions skootrs-bin/src/helpers.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ use serde::Serialize;
use skootrs_lib::service::{project::ProjectService, source::LocalSourceService};
use skootrs_model::skootrs::{
facet::InitializedFacet, Config, EcosystemInitializeParams, FacetGetParams, FacetMapKey,
GithubRepoParams, GithubUser, GoParams, InitializedProject, MavenParams, ProjectArchiveParams,
GithubRepoParams, GithubUser, GoParams, InitializedProject, ProjectArchiveParams,
ProjectCreateParams, ProjectGetParams, ProjectOutput, ProjectOutputGetParams,
ProjectOutputReference, ProjectOutputType, ProjectOutputsListParams, ProjectReleaseParam,
ProjectUpdateParams, RepoCreateParams, SkootError, SourceInitializeParams, SupportedEcosystems,
Expand Down Expand Up @@ -118,11 +118,12 @@ impl Project {
name: name.clone(),
host: format!("github.com/{organization}"),
}),
// TODO: Re-add Maven support.
// TODO: Unclear if this is the right way to handle Maven group and artifact.
SupportedEcosystems::Maven => EcosystemInitializeParams::Maven(MavenParams {
/*SupportedEcosystems::Maven => EcosystemInitializeParams::Maven(MavenParams {
group_id: format!("com.{organization}.{name}"),
artifact_id: name.clone(),
}),
}),*/
};

let repo_params = RepoCreateParams::Github(GithubRepoParams {
Expand Down
85 changes: 53 additions & 32 deletions skootrs-lib/src/service/facet.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,9 +46,9 @@ use skootrs_model::{
facet::{
APIBundleFacet, APIBundleFacetParams, APIContent, CommonFacetCreateParams,
FacetCreateParams, FacetSetCreateParams, InitializedFacet, SourceBundleFacet,
SourceBundleFacetCreateParams, SourceFile, SourceFileContent, SourceFileFacet,
SourceFileFacetParams, SupportedFacetType,
SourceBundleFacetCreateParams, SourceFile, SourceFileContent, SupportedFacetType,
},
label::Label,
InitializedEcosystem, InitializedGithubRepo, InitializedRepo, SkootError,
},
};
Expand All @@ -73,19 +73,6 @@ pub trait RootFacetService {
) -> impl std::future::Future<Output = Result<Vec<InitializedFacet>, SkootError>> + Send;
}

/// (DEPRECATED) The `SourceFileFacetService` trait provides an interface for initializing and managing a project's source
/// file facets. This includes things like initializing and managing READMEs, licenses, and security policy
/// files.
///
pub trait SourceFileFacetService {
/// Initializes a source file facet.
///
/// # Errors
///
/// Returns an error if the source file facet can't be initialized.
fn initialize(&self, params: SourceFileFacetParams) -> Result<SourceFileFacet, SkootError>;
}

/// The `SourceBundleFacetService` trait provides an interface for initializing and managing a project's source
/// bundle facets. This includes things like initializing and managing set of files.
///
Expand Down Expand Up @@ -191,6 +178,7 @@ impl SourceBundleFacetService for LocalFacetService {
source_files: Some(source_files),
facet_type: params.facet_type,
source_files_content: None,
labels: params.labels,
};

Ok(source_bundle_facet)
Expand Down Expand Up @@ -233,11 +221,6 @@ pub struct SourceBundleContent {
impl RootFacetService for LocalFacetService {
async fn initialize(&self, params: FacetCreateParams) -> Result<InitializedFacet, SkootError> {
match params {
FacetCreateParams::SourceFile(_params) => {
todo!("This has been removed in favor of SourceBundle")
/*let source_file_facet = SourceFileFacetService::initialize(self, params)?;
Ok(InitializedFacet::SourceFile(source_file_facet))*/
}
FacetCreateParams::SourceBundle(params) => {
let source_bundle_facet = SourceBundleFacetService::initialize(self, params)?;
Ok(InitializedFacet::SourceBundle(source_bundle_facet))
Expand Down Expand Up @@ -336,6 +319,7 @@ impl GithubAPIBundleHandler {
Ok(APIBundleFacet {
facet_type: SupportedFacetType::BranchProtection,
apis,
labels: vec![],
})
}

Expand Down Expand Up @@ -370,6 +354,7 @@ impl GithubAPIBundleHandler {
Ok(APIBundleFacet {
facet_type: SupportedFacetType::VulnerabilityReporting,
apis,
labels: vec![],
})
}
}
Expand Down Expand Up @@ -894,40 +879,76 @@ impl FacetSetParamsGenerator {
Scorecard, SecurityInsights, SecurityPolicy, SAST,
};
let supported_facets = [
Readme,
License,
Gitignore,
SecurityPolicy,
SecurityInsights,
SLSABuild,
FacetTypeLabels {
supported_facet_type: Readme,
labels: vec![],
},
FacetTypeLabels {
supported_facet_type: License,
labels: vec![],
},
FacetTypeLabels {
supported_facet_type: Gitignore,
labels: vec![],
},
FacetTypeLabels {
supported_facet_type: SecurityPolicy,
labels: vec![],
},
FacetTypeLabels {
supported_facet_type: SecurityInsights,
labels: vec![],
},
FacetTypeLabels {
supported_facet_type: SLSABuild,
labels: vec![Label::SLSABuildLevel3, Label::S2C2FAUD1],
},
// SBOMGenerator, // Handled by the SLSABuild facet
// StaticCodeAnalysis,
DependencyUpdateTool,
FacetTypeLabels {
supported_facet_type: DependencyUpdateTool,
labels: vec![Label::S2C2FUPD2],
},
// TODO: Fuzzing right now requires a bunch of resources that are unavailable to most projects without
// some sort of manual intervention. This is disabled until some option becomes available.
// Fuzzing,
Scorecard,
FacetTypeLabels {
supported_facet_type: Scorecard,
labels: vec![],
},
// PublishPackages,
// PinnedDependencies,
SAST,
FacetTypeLabels {
supported_facet_type: SAST,
labels: vec![Label::S2C2FSCA1],
},
// VulnerabilityScanner,
// GUACForwardingConfig,
// These are at the end to allow Skootrs to push initial commits without needing
// code review or branches.
// CodeReview, // TODO: Implement this
//BranchProtection, //TODO: Implement this
DefaultSourceCode,
FacetTypeLabels {
supported_facet_type: DefaultSourceCode,
labels: vec![],
},
];
let facets_params = supported_facets
.iter()
.map(|facet_type| {
.map(|facet_type_labels| {
FacetCreateParams::SourceBundle(SourceBundleFacetCreateParams {
common: common_params.clone(),
facet_type: facet_type.clone(),
facet_type: facet_type_labels.supported_facet_type.clone(),
labels: facet_type_labels.labels.clone(),
})
})
.collect::<Vec<FacetCreateParams>>();

Ok(FacetSetCreateParams { facets_params })
}
}

struct FacetTypeLabels {
supported_facet_type: SupportedFacetType,
labels: Vec<Label>,
}
15 changes: 13 additions & 2 deletions skootrs-lib/src/service/output.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@

use octocrab::models::repos::{Asset, Release};
use skootrs_model::skootrs::{
ProjectOutput, ProjectOutputGetParams, ProjectOutputReference, ProjectOutputType,
label::Label, ProjectOutput, ProjectOutputGetParams, ProjectOutputReference, ProjectOutputType,
ProjectOutputsListParams, SkootError,
};
pub trait OutputService {
Expand Down Expand Up @@ -83,6 +83,7 @@ impl GithubReleaseHandler {
.map(|asset| ProjectOutputReference {
name: asset.name.clone(),
output_type: Self::get_type(asset),
labels: Self::get_labels(asset),
})
.collect();

Expand Down Expand Up @@ -116,7 +117,16 @@ impl GithubReleaseHandler {
_ if asset.name.contains(".cdx.") => ProjectOutputType::SBOM,
_ if asset.name.contains(".intoto.") => ProjectOutputType::InToto,
// TODO: Add more types
_ => ProjectOutputType::Custom("Unknown".to_string()),
_ => ProjectOutputType::Unknown("Unknown".to_string()),
}
}

fn get_labels(asset: &Asset) -> Vec<Label> {
match asset.url {
_ if asset.name.contains(".spdx.") => vec![Label::S2C2FAUD4],
_ if asset.name.contains(".cdx.") => vec![Label::S2C2FAUD4],
_ if asset.name.contains(".intoto.") => vec![Label::SLSABuildLevel3],
_ => vec![],
}
}

Expand All @@ -139,6 +149,7 @@ impl GithubReleaseHandler {
reference: ProjectOutputReference {
name: asset.name.clone(),
output_type: Self::get_type(asset),
labels: Self::get_labels(asset),
},
output: serde_json::to_string_pretty(&content)?,
})
Expand Down
8 changes: 6 additions & 2 deletions skootrs-lib/src/service/project.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -251,14 +251,14 @@ where
facet_type: s.facet_type.clone(),
source_files: None,
source_files_content: Some(source_files_content_map),
labels: s.labels.clone(),
},
))
} else {
Err(SkootError::from("No source files found"))
}
}
InitializedFacet::APIBundle(a) => Ok(InitializedFacet::APIBundle(a.clone())),
InitializedFacet::SourceFile(_) => Err(SkootError::from("Facet type not supported")),
}
}

Expand Down Expand Up @@ -346,6 +346,7 @@ mod tests {
APIBundleFacet, APIContent, FacetCreateParams, FacetSetCreateParams, SourceBundleFacet,
SupportedFacetType,
},
label::Label,
EcosystemInitializeParams, GithubRepoParams, GithubUser, GoParams, InitializedEcosystem,
InitializedGithubRepo, InitializedGo, InitializedMaven, InitializedRepo, ProjectOutputType,
RepoCreateParams, SourceInitializeParams,
Expand Down Expand Up @@ -557,7 +558,6 @@ mod tests {
params: FacetCreateParams,
) -> Result<InitializedFacet, SkootError> {
match params {
FacetCreateParams::SourceFile(_) => Err("Error".into()),
FacetCreateParams::SourceBundle(s) => {
if s.common.project_name == "error" {
return Err("Error".into());
Expand All @@ -570,6 +570,7 @@ mod tests {
}]),
facet_type: SupportedFacetType::Readme,
source_files_content: None,
labels: vec![Label::Custom("test".to_string())],
};

Ok(InitializedFacet::SourceBundle(source_bundle_facet))
Expand All @@ -585,6 +586,7 @@ mod tests {
response: "worked".to_string(),
}],
facet_type: SupportedFacetType::BranchProtection,
labels: vec![Label::Custom("test".to_string())],
};

Ok(InitializedFacet::APIBundle(api_bundle_facet))
Expand Down Expand Up @@ -614,6 +616,7 @@ mod tests {
Ok(vec![ProjectOutputReference {
name: "test".into(),
output_type: ProjectOutputType::SBOM,
labels: vec![Label::Custom("test".to_string())],
}])
}

Expand All @@ -625,6 +628,7 @@ mod tests {
reference: ProjectOutputReference {
name: "test".into(),
output_type: ProjectOutputType::SBOM,
labels: vec![Label::Custom("test".to_string())],
},
output: "test".into(),
})
Expand Down
Loading

0 comments on commit 997bf86

Please sign in to comment.