Skip to content

Commit cf9040d

Browse files
committed
filter component
1 parent 7c059b0 commit cf9040d

File tree

1,678 files changed

+1046438
-0
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

1,678 files changed

+1046438
-0
lines changed
Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
name: severity
2+
description: "Tags all findings below a certain severity as 'Filtered Out'"
3+
type: filter
4+
parameters:
5+
- name: minimum_severity
6+
type: string
7+
value: "High"
8+
steps:
9+
- name: filters
10+
image: components/filters/severity
11+
env_vars:
12+
MINIMUM_SEVERITY: "{{.parameters.minimum_severity}}"
13+
executable: /bin/app

components/filters/severity/go.mod

Lines changed: 57 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,57 @@
1+
module github.com/smithy-security/smithy/components/filters/severity
2+
3+
go 1.23.7
4+
5+
require github.com/smithy-security/smithy/sdk v0.0.7-alpha
6+
7+
require (
8+
ariga.io/atlas v0.29.0 // indirect
9+
github.com/Masterminds/goutils v1.1.1 // indirect
10+
github.com/Masterminds/semver/v3 v3.2.0 // indirect
11+
github.com/Masterminds/sprig/v3 v3.2.3 // indirect
12+
github.com/abice/go-enum v0.6.0 // indirect
13+
github.com/agext/levenshtein v1.2.3 // indirect
14+
github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect
15+
github.com/bmatcuk/doublestar v1.3.4 // indirect
16+
github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
17+
github.com/go-errors/errors v1.5.1 // indirect
18+
github.com/go-openapi/inflect v0.19.0 // indirect
19+
github.com/golang/mock v1.6.0 // indirect
20+
github.com/google/go-cmp v0.6.0 // indirect
21+
github.com/google/uuid v1.6.0 // indirect
22+
github.com/hashicorp/hcl/v2 v2.18.1 // indirect
23+
github.com/huandu/xstrings v1.3.3 // indirect
24+
github.com/imdario/mergo v0.3.13 // indirect
25+
github.com/jackc/pgpassfile v1.0.0 // indirect
26+
github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a // indirect
27+
github.com/jackc/pgx/v5 v5.6.0 // indirect
28+
github.com/jonboulle/clockwork v0.4.0 // indirect
29+
github.com/labstack/gommon v0.4.1 // indirect
30+
github.com/mattn/go-colorable v0.1.13 // indirect
31+
github.com/mattn/go-isatty v0.0.20 // indirect
32+
github.com/mattn/go-sqlite3 v1.14.24 // indirect
33+
github.com/mattn/goveralls v0.0.12 // indirect
34+
github.com/mitchellh/copystructure v1.2.0 // indirect
35+
github.com/mitchellh/go-wordwrap v1.0.1 // indirect
36+
github.com/mitchellh/reflectwalk v1.0.2 // indirect
37+
github.com/russross/blackfriday/v2 v2.1.0 // indirect
38+
github.com/shopspring/decimal v1.2.0 // indirect
39+
github.com/smithy-security/pkg/env v0.0.1 // indirect
40+
github.com/spf13/cast v1.3.1 // indirect
41+
github.com/sqlc-dev/sqlc v1.27.0 // indirect
42+
github.com/urfave/cli/v2 v2.26.0 // indirect
43+
github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 // indirect
44+
github.com/zclconf/go-cty v1.14.4 // indirect
45+
go.uber.org/mock v0.5.0 // indirect
46+
golang.org/x/crypto v0.24.0 // indirect
47+
golang.org/x/mod v0.18.0 // indirect
48+
golang.org/x/net v0.26.0 // indirect
49+
golang.org/x/sync v0.8.0 // indirect
50+
golang.org/x/sys v0.22.0 // indirect
51+
golang.org/x/text v0.16.0 // indirect
52+
golang.org/x/tools v0.22.0 // indirect
53+
golang.org/x/tools/cmd/cover v0.1.0-deprecated // indirect
54+
google.golang.org/genproto/googleapis/rpc v0.0.0-20240528184218-531527333157 // indirect
55+
google.golang.org/grpc v1.65.0 // indirect
56+
google.golang.org/protobuf v1.35.1 // indirect
57+
)

components/filters/severity/go.sum

Lines changed: 247 additions & 0 deletions
Large diffs are not rendered by default.
Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
package main
2+
3+
import (
4+
"context"
5+
"log"
6+
"log/slog"
7+
"time"
8+
9+
"github.com/smithy-security/smithy/sdk/component"
10+
vf "github.com/smithy-security/smithy/sdk/component/vulnerability-finding"
11+
v1 "github.com/smithy-security/smithy/sdk/gen/ocsf_schema/v1"
12+
)
13+
14+
type SeverityFilter struct{}
15+
16+
func (s SeverityFilter) Filter(ctx context.Context, findings []*vf.VulnerabilityFinding) ([]*vf.VulnerabilityFinding, bool, error) {
17+
component.LoggerFromContext(ctx).Info("Running Severity Filter")
18+
findings_filtered := 0
19+
for _, f := range findings {
20+
switch f.Finding.SeverityId {
21+
case v1.VulnerabilityFinding_SEVERITY_ID_UNKNOWN:
22+
case v1.VulnerabilityFinding_SEVERITY_ID_INFORMATIONAL:
23+
case v1.VulnerabilityFinding_SEVERITY_ID_LOW:
24+
case v1.VulnerabilityFinding_SEVERITY_ID_MEDIUM:
25+
f.Finding.Enrichments = append(f.Finding.Enrichments, &v1.Enrichment{})
26+
findings_filtered++
27+
}
28+
}
29+
component.LoggerFromContext(ctx).Info("filtered", slog.Int("findings_filtered", findings_filtered))
30+
return findings, findings_filtered > 0, nil
31+
}
32+
33+
func main() {
34+
ctx, cancel := context.WithTimeout(context.Background(), time.Second*10)
35+
defer cancel()
36+
37+
if err := component.RunFilter(ctx, SeverityFilter{}); err != nil {
38+
log.Fatalf("unexpected run error: %v", err)
39+
}
40+
}

components/filters/severity/vendor/ariga.io/atlas/LICENSE

Lines changed: 202 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)