Refactor notify pkg

Author: Daniel Jimenez

pkg/notify/notifier.go

@@ -4,8 +4,25 @@ Copyright 2020 Adevinta
 
 package notify
 
+import (
+	"github.com/adevinta/vulnerability-db/pkg/store"
+)
+
+// FindingNotification represents a notification associated with a finding state change.
+type FindingNotification struct {
+	store.FindingExpanded
+	// TODO: Tag field is defined here in order for the FindingNotification struct to be
+	// backward compatible with the "old" vulnerability notifications format so integrations
+	// with external components that still use the old representation (e.g.: Hermes) are
+	// maintained and can be isolated in the notify pkg. Once these integrations are modified
+	// to use the new notification format we'll have to decide if we make this tag field
+	// serializable into JSON and keep using the tag field as identifier, or we migrate to use
+	// the current team identifier.
+	Tag string `json:"-"`
+}
+
 // Notifier is a connector that allows
 // to push messages to a notification service.
 type Notifier interface {
-	Push(mssg interface{}) error
+	PushFinding(f FindingNotification) error
 }

pkg/notify/sns.go

@@ -55,14 +55,14 @@ func NewSNSNotifier(conf SNSConfig, logger *log.Logger) (*SNSNotifier, error) {
 	return notifier, nil
 }
 
-// Push pushes a notification to the configured sns topic.
-func (n *SNSNotifier) Push(message interface{}) error {
+// PushFinding pushes a finding notification to the configured sns topic.
+func (n *SNSNotifier) PushFinding(f FindingNotification) error {
 	if !n.conf.Enabled {
 		return nil
 	}
 
 	n.logger.Info("Pushing notification to SNS")
-	content, err := json.Marshal(&message)
+	content, err := json.Marshal(f)
 	if err != nil {
 		return err
 	}

pkg/notify/sns_test.go

@@ -6,14 +6,18 @@ package notify
 
 import (
 	"testing"
+	"unicode"
 
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/google/go-cmp/cmp"
 	"github.com/google/go-cmp/cmp/cmpopts"
+	"github.com/lib/pq"
 
 	"github.com/aws/aws-sdk-go/service/sns"
 	"github.com/aws/aws-sdk-go/service/sns/snsiface"
 	log "github.com/sirupsen/logrus"
+
+	"github.com/adevinta/vulnerability-db/pkg/store"
 )
 
 type snsMock struct {
@@ -26,7 +30,7 @@ func (m *snsMock) Publish(s *sns.PublishInput) (*sns.PublishOutput, error) {
 	return nil, nil
 }
 
-func TestSNSNotifier_Push(t *testing.T) {
+func TestSNSNotifier_PushFinding(t *testing.T) {
 	type fields struct {
 		conf   SNSConfig
 		sns    *snsMock
@@ -36,7 +40,7 @@ func TestSNSNotifier_Push(t *testing.T) {
 	tests := []struct {
 		name    string
 		fields  fields
-		message map[string]interface{}
+		f       FindingNotification
 		want    *sns.PublishInput
 		wantErr bool
 	}{
@@ -50,27 +54,165 @@ func TestSNSNotifier_Push(t *testing.T) {
 					Enabled:  true,
 				},
 			},
-			message: map[string]interface{}{"a": "b"},
+			f: FindingNotification{
+				FindingExpanded: store.FindingExpanded{
+					Finding: store.Finding{
+						ID:               "FindingID-1",
+						AffectedResource: "AffectedResource-1",
+						Score:            9,
+						Status:           "OPEN",
+						Details:          "Details-1",
+						ImpactDetails:    "ImpactDetails-1",
+					},
+					Issue: store.IssueLabels{
+						Issue: store.Issue{
+							ID:          "IssueID-1",
+							Summary:     "Summary-1",
+							CWEID:       1,
+							Description: "Description-1",
+							Recommendations: pq.StringArray{
+								"Recommendation-1",
+								"Recommendation-2",
+							},
+							ReferenceLinks: pq.StringArray{
+								"ReferenceLink-1",
+								"ReferenceLink-2",
+							},
+						},
+						Labels: []string{
+							"Label-1",
+							"Label-2",
+						},
+					},
+					Target: store.TargetTeams{
+						Target: store.Target{
+							ID:         "TargetID-1",
+							Identifier: "Identifier-1",
+						},
+						Teams: []string{
+							"Team-1",
+							"Team-2",
+						},
+					},
+					Source: store.Source{
+						ID:       "SourceID-1",
+						Instance: "SourceInstance-1",
+						Options:  "SourceOptions-1",
+						SourceFamily: store.SourceFamily{
+							Name:      "SourceName-1",
+							Component: "SourceComponent-1",
+						},
+					},
+					Resources: store.Resources{
+						{
+							Name: "ResourceName-1",
+							Attributes: []string{
+								"Attr-1",
+								"Attr-2",
+							},
+							Resources: []map[string]string{
+								{
+									"Attr-1": "1",
+									"Attr-2": "2",
+								},
+							},
+						},
+					},
+					TotalExposure:   10,
+					CurrentExposure: 5,
+				},
+				Tag: "tag-1",
+			},
 			want: &sns.PublishInput{
-				Message:  aws.String(`{"a":"b"}`),
+				Message: aws.String(removeSpaces(
+					`{
+					"id": "FindingID-1",
+					"affected_resource": "AffectedResource-1",
+					"score": 9,
+					"status": "OPEN",
+					"details": "Details-1",
+					"impact_details": "ImpactDetails-1",
+					"issue": {
+						"id": "IssueID-1",
+						"summary": "Summary-1",
+						"cwe_id": 1,
+						"description": "Description-1",
+						"recommendations": [
+							"Recommendation-1",
+							"Recommendation-2"
+						],
+						"reference_links": [
+							"ReferenceLink-1",
+							"ReferenceLink-2"
+						],
+						"labels": [
+							"Label-1",
+							"Label-2"
+						]
+					},
+					"target": {
+						"id": "TargetID-1",
+						"identifier": "Identifier-1",
+						"teams": [
+							"Team-1",
+							"Team-2"
+						]
+					},
+					"source": {
+						"id": "SourceID-1",
+						"instance": "SourceInstance-1",
+						"options": "SourceOptions-1",
+						"time": "0001-01-01T00:00:00Z",
+						"name": "SourceName-1",
+						"component": "SourceComponent-1"
+					},
+					"resources": [
+						{
+							"name": "ResourceName-1",
+							"attributes": [
+								"Attr-1",
+								"Attr-2"
+							],
+							"resources": [
+								{
+									"Attr-1": "1",
+									"Attr-2": "2"
+								}
+							]
+						}
+					],
+					"total_exposure": 10,
+					"current_exposure": 5
+				}`)),
 				TopicArn: aws.String("arn:aTopic"),
 			},
 		},
 	}
+
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			s := &SNSNotifier{
 				conf:   tt.fields.conf,
 				sns:    tt.fields.sns,
 				logger: tt.fields.logger,
 			}
-			if err := s.Push(tt.message); (err != nil) != tt.wantErr {
-				t.Errorf("SNSNotifier.Push() error = %v, wantErr %v", err, tt.wantErr)
+			if err := s.PushFinding(tt.f); (err != nil) != tt.wantErr {
+				t.Errorf("got error: %v but wanted: %v", err, tt.wantErr)
 			}
 			diff := cmp.Diff(tt.want, tt.fields.sns.notification, cmpopts.IgnoreUnexported(sns.PublishInput{}))
 			if diff != "" {
-				t.Errorf("want!= got. Diffs:%s", diff)
+				t.Errorf("SNS payload does not match with expected one. Diff:\n%s", diff)
 			}
 		})
 	}
 }
+
+func removeSpaces(s string) string {
+	rr := make([]rune, 0, len(s))
+	for _, r := range s {
+		if !unicode.IsSpace(r) {
+			rr = append(rr, r)
+		}
+	}
+	return string(rr)
+}

pkg/processor/processor.go

@@ -296,7 +296,7 @@ func (p *CheckProcessor) notifyFindings(findingsState []store.FindingState, tag
 
 	// Notify finding state update
 	for _, f := range findings {
-		err = p.notifier.Push(FindingNotification{
+		err = p.notifier.PushFinding(notify.FindingNotification{
 			FindingExpanded: f,
 			Tag:             tag,
 		})

pkg/processor/processor_test.go

@@ -28,18 +28,17 @@ type mockNotifier struct {
 	calls uint8
 }
 
-func (n *mockNotifier) Push(mssg interface{}) error {
+func (n *mockNotifier) PushFinding(f notify.FindingNotification) error {
 	n.calls++
 	return nil
 }
 
 type inMemMockNotifier struct {
-	sent []FindingNotification
+	sent []notify.FindingNotification
 }
 
-func (n *inMemMockNotifier) Push(mssg interface{}) error {
-	notif, _ := mssg.(FindingNotification)
-	n.sent = append(n.sent, notif)
+func (n *inMemMockNotifier) PushFinding(f notify.FindingNotification) error {
+	n.sent = append(n.sent, f)
 	return nil
 }
 
@@ -221,7 +220,7 @@ func TestNotifyOpenFindings(t *testing.T) {
 		name           string
 		fields         fields
 		input          input
-		expectedNotifs []FindingNotification
+		expectedNotifs []notify.FindingNotification
 	}{
 		{
 			name: "Should send notificatons adding check tag",
@@ -242,7 +241,7 @@ func TestNotifyOpenFindings(t *testing.T) {
 				},
 				tag: "test-tag",
 			},
-			expectedNotifs: []FindingNotification{
+			expectedNotifs: []notify.FindingNotification{
 				{
 					FindingExpanded: store.FindingExpanded{
 						Finding: store.Finding{ID: "1"},

pkg/processor/types.go

@@ -4,8 +4,6 @@ Copyright 2020 Adevinta
 
 package processor
 
-import "github.com/adevinta/vulnerability-db/pkg/store"
-
 // Notification is the message received in the queue from the Vulcan Core SNS topic.
 type Notification struct {
 	Type             string `json:"Type"`
@@ -42,19 +40,6 @@ type CheckMessage struct {
 	Tag           string  `json:"tag"`
 }
 
-// FindingNotification represents a notification associated with a finding state change.
-type FindingNotification struct {
-	store.FindingExpanded
-	// TODO: Tag field is defined here in order for the FindingNotification struct to be
-	// backward compatible with the "old" vulnerability notifications format so integrations
-	// with external components that still use the old representation (e.g.: Hermes) are
-	// maintained and can be isolated in the notify pkg. Once these integrations are modified
-	// to use the new notification format we'll have to decide if we make this tag field
-	// serializable into JSON and keep using the tag field as identifier, or we migrate to use
-	// the current team identifier.
-	Tag string `json:"-"`
-}
-
 type vulnerability struct {
 	ID          string  `json:"id"`
 	Summary     string  `json:"summary"`

pkg/store/findings.go

@@ -84,12 +84,12 @@ type FindingExposure struct {
 // and source data.
 type FindingExpanded struct {
 	Finding
-	TotalExposure   int64       `json:"total_exposure"`
-	CurrentExposure int64       `json:"current_exposure,omitempty"`
-	Resources       Resources   `json:"resources"`
 	Issue           IssueLabels `json:"issue"`
 	Target          TargetTeams `json:"target"`
 	Source          Source      `json:"source"`
+	Resources       Resources   `json:"resources"`
+	TotalExposure   int64       `json:"total_exposure"`
+	CurrentExposure int64       `json:"current_exposure,omitempty"`
 }
 
 // Resources defines the structure of a the resources of a finding.

pkg/store/targets.go

@@ -9,14 +9,14 @@ import "context"
 // Target represents the target
 // scope for a check execution.
 type Target struct {
-	ID         string
-	Identifier string
+	ID         string `json:"id"`
+	Identifier string `json:"identifier"`
 }
 
 // TargetTeams represents a target along with its associated teams.
 type TargetTeams struct {
 	Target
-	Teams []string
+	Teams []string `json:"teams"`
 }
 
 func (db *psqlxStore) CreateTarget(t Target) (*Target, error) {