Merge pull request #51 from nireeshT/master

Artifact audit - include third party check

pom.xml

@@ -4,7 +4,7 @@
     <artifactId>api-audit</artifactId>
     <packaging>jar</packaging>
     <name>${project.groupId}:${project.artifactId}</name>
-    <version>3.3.7-SNAPSHOT</version>
+    <version>3.3.8-SNAPSHOT</version>
     <description>Hygieia Audit Rest API Layer</description>
     <url>https://github.com/Hygieia/${repository.name}</url>
 

src/main/java/com/capitalone/dashboard/ApiSettings.java

@@ -48,6 +48,7 @@ public class ApiSettings {
     private int criticalLicenseVulnerabilitiesAge;
     private List<String> buildStageRegEx;
     private List<String> ldapdnCheckIgnoredAuthorTypes = new ArrayList<>();
+    private String thirdPartyRegex;
 
     public String getKey() {
         return key;
@@ -233,4 +234,11 @@ public void setLdapdnCheckIgnoredAuthorTypes(List<String> ldapdnCheckIgnoredAuth
         this.ldapdnCheckIgnoredAuthorTypes = ldapdnCheckIgnoredAuthorTypes;
     }
 
+    public String getThirdPartyRegex() {
+        return thirdPartyRegex;
+    }
+
+    public void setThirdPartyRegex(String thirdPartyRegex) {
+        this.thirdPartyRegex = thirdPartyRegex;
+    }
 }

src/main/java/com/capitalone/dashboard/evaluator/ArtifactEvaluator.java

@@ -64,23 +64,26 @@ private ArtifactAuditResponse getArtifactAuditResponse(CollectorItem collectorIt
         String repoName = getValue(collectorItem, REPO_NAME);
         artifactAuditResponse.setAuditEntity(collectorItem.getOptions());
         if (StringUtils.isEmpty(artifactName) || StringUtils.isEmpty(repoName) || StringUtils.isEmpty(path)) {
-            return getErrorResponse(collectorItem, ArtifactAuditStatus.COLLECTOR_ITEM_ERROR);
+            return getErrorResponse(collectorItem, artifactAuditResponse,ArtifactAuditStatus.COLLECTOR_ITEM_ERROR);
         }
         if (!CollectionUtils.isEmpty(collectorItem.getErrors())) {
-            return getErrorResponse(collectorItem, ArtifactAuditStatus.UNAVAILABLE);
+            return getErrorResponse(collectorItem,artifactAuditResponse, ArtifactAuditStatus.UNAVAILABLE);
+        }
+        if(isThirdParty(repoName)){
+            artifactAuditResponse.addAuditStatus(ArtifactAuditStatus.ART_SYS_ACCT_BUILD_THIRD_PARTY);
         }
         List<BinaryArtifact> binaryArtifacts = binaryArtifactRepository.findByCollectorItemIdAndTimestampIsBetweenOrderByTimestampDesc(collectorItem.getId(), beginDate - 1, endDate + 1);
         if (CollectionUtils.isEmpty(binaryArtifacts)) {
-            return getErrorResponse(collectorItem, ArtifactAuditStatus.NO_ACTIVITY);
+            return getErrorResponse(collectorItem, artifactAuditResponse, ArtifactAuditStatus.NO_ACTIVITY);
         }
         artifactAuditResponse.setBinaryArtifacts(binaryArtifacts);
         binaryArtifacts.sort(Comparator.comparing(BinaryArtifact::getCreatedTimeStamp));
         artifactAuditResponse.setLastUpdated(getLastUpdated(binaryArtifacts));
         boolean isBuild = binaryArtifacts.stream().anyMatch(ba-> CollectionUtils.isNotEmpty(ba.getBuildInfos()));
-        boolean isServiceAccount = binaryArtifacts.stream().anyMatch(ba-> isServiceAccount(ba.getCreatedBy()));
-        boolean isDocker = binaryArtifacts.stream().anyMatch(ba-> Optional.ofNullable(ba.getVirtualRepos()).orElse(Collections.emptyList()).stream().anyMatch(repo -> repo.contains(DOCKER)));        if (isServiceAccount) {
-            evaluateArtifactForServiceAccountAndBuild(artifactAuditResponse, isBuild);
-        }
+        boolean isDocker = binaryArtifacts.stream().anyMatch(ba-> Optional.ofNullable(ba.getVirtualRepos()).orElse(Collections.emptyList()).stream().anyMatch(repo -> repo.contains(DOCKER)));
+        evaluateArtifactForServiceAccountAndBuild(artifactAuditResponse, isBuild);
+
+
         if (isDocker) {
             artifactAuditResponse.addAuditStatus(ArtifactAuditStatus.ART_DOCK_IMG_FOUND);
         }
@@ -112,15 +115,14 @@ private void evaluateArtifactForServiceAccountAndBuild(ArtifactAuditResponse art
         }
     }
 
-    private boolean isServiceAccount(String createdBy) {
-        if(StringUtils.isNotEmpty(createdBy)){
-            return !Pattern.compile(apiSettings.getServiceAccountRegEx()).matcher(createdBy).matches();
+    private boolean isThirdParty(String repoName) {
+        if(StringUtils.isNotEmpty(repoName)){
+            return Pattern.compile(apiSettings.getThirdPartyRegex()).matcher(repoName).matches();
         }
         return false;
     }
 
-    private ArtifactAuditResponse getErrorResponse(CollectorItem collectorItem, ArtifactAuditStatus artifactAuditStatus) {
-        ArtifactAuditResponse errorAuditResponse = new ArtifactAuditResponse();
+    private ArtifactAuditResponse getErrorResponse(CollectorItem collectorItem, ArtifactAuditResponse errorAuditResponse, ArtifactAuditStatus artifactAuditStatus) {
         errorAuditResponse.addAuditStatus(artifactAuditStatus);
         errorAuditResponse.setLastExecutionTime(collectorItem.getLastUpdated());
         errorAuditResponse.setArtifactName(getValue(collectorItem, ARTIFACT_NAME));

src/test/java/com/capitalone/dashboard/evaluator/ArtifactEvaluatorTest.java

@@ -76,6 +76,7 @@ public void testEvaluate_Unavailable() {
     @Test
     public void test_Evaluate_NoActivity() {
         when(binaryArtifactRepository.findByCollectorItemIdAndTimestampIsBetweenOrderByTimestampDesc(any(ObjectId.class), any(Long.class), any(Long.class))).thenReturn(null);
+        when(apiSettings.getThirdPartyRegex()).thenReturn("(?i:.*third)");
         response = artifactEvaluator.evaluate(getCollectorItem("artifact", "/test", "repo", false), 125634536, 6235263, null);
         Assert.assertEquals(true, response.getAuditStatuses().toString().contains("NO_ACTIVITY"));
         Mockito.verify(binaryArtifactRepository, times(1)).findByCollectorItemIdAndTimestampIsBetweenOrderByTimestampDesc(any(ObjectId.class), any(Long.class), any(Long.class));
@@ -87,6 +88,7 @@ public void test_Evaluate_NoActivity() {
     public void test_Evaluate_ART_SYS_ACCT_BUILD_AUTO() {
         when(binaryArtifactRepository.findByCollectorItemIdAndTimestampIsBetweenOrderByTimestampDesc(any(ObjectId.class), any(Long.class), any(Long.class))).thenReturn(Stream.of(getBinaryArtifact(true,1565479975000L),getBinaryArtifact(true,1565393575000L)).collect(Collectors.toList()));
         when(apiSettings.getServiceAccountRegEx()).thenReturn("/./g");
+        when(apiSettings.getThirdPartyRegex()).thenReturn("(?i:.*third)");
         response = artifactEvaluator.evaluate(getCollectorItem("artifact", "/test", "repo", false), 125634536, 6235263, null);
         Assert.assertEquals(true, response.getAuditStatuses().toString().contains("ART_SYS_ACCT_BUILD_AUTO"));
         Mockito.verify(binaryArtifactRepository, times(1)).findByCollectorItemIdAndTimestampIsBetweenOrderByTimestampDesc(any(ObjectId.class), any(Long.class), any(Long.class));
@@ -98,6 +100,7 @@ public void test_Evaluate_ART_SYS_ACCT_BUILD_AUTO() {
     public void test_Evaluate_ART_SYS_ACCT_BUILD_USER() {
         when(binaryArtifactRepository.findByCollectorItemIdAndTimestampIsBetweenOrderByTimestampDesc(any(ObjectId.class), any(Long.class), any(Long.class))).thenReturn(Stream.of(getBinaryArtifact(false,1565393575000L),getBinaryArtifact(false,1565479975000L)).collect(Collectors.toList()));
         when(apiSettings.getServiceAccountRegEx()).thenReturn("/./g");
+        when(apiSettings.getThirdPartyRegex()).thenReturn("(?i:.*third)");
         response = artifactEvaluator.evaluate(getCollectorItem("artifact", "/test", "repo", false), 125634536, 6235263, null);
         Assert.assertEquals(true, response.getAuditStatuses().toString().contains("ART_SYS_ACCT_BUILD_USER"));
         Assert.assertEquals(true, response.getAuditEntity().toString().contains("artifactName"));
@@ -110,8 +113,10 @@ public void test_Evaluate_ART_SYS_ACCT_BUILD_USER() {
     public void test_Evaluate_ART_DOCK_IMG_FOUND() {
         when(binaryArtifactRepository.findByCollectorItemIdAndTimestampIsBetweenOrderByTimestampDesc(any(ObjectId.class), any(Long.class), any(Long.class))).thenReturn(Stream.of(getBinaryArtifact(false,1565393575000L),getBinaryArtifact(true,1565479975000L)).collect(Collectors.toList()));
         when(apiSettings.getServiceAccountRegEx()).thenReturn("/./g");
-        response = artifactEvaluator.evaluate(getCollectorItem("artifact", "/test", "repo", false), 125634536, 6235263, null);
+        when(apiSettings.getThirdPartyRegex()).thenReturn("(?i:.*third)");
+        response = artifactEvaluator.evaluate(getCollectorItem("artifact", "/test", "artifact-third", false), 125634536, 6235263, null);
         Assert.assertEquals(true, response.getAuditStatuses().toString().contains("ART_DOCK_IMG_FOUND"));
+        Assert.assertEquals(true, response.getAuditStatuses().toString().contains("ART_SYS_ACCT_BUILD_THIRD_PARTY"));
         Mockito.verify(binaryArtifactRepository, times(1)).findByCollectorItemIdAndTimestampIsBetweenOrderByTimestampDesc(any(ObjectId.class), any(Long.class), any(Long.class));
         Assert.assertEquals(true, response.getAuditEntity().toString().contains("path"));
 

src/test/java/com/capitalone/dashboard/service/DashboardAuditServiceTest.java

@@ -131,6 +131,7 @@ public void loadStuff() throws IOException {
         TestUtils.loadFeature(featureRepository);
         TestUtils.loadArtifacts(binaryArtifactRepository);
         apiSettings.setServiceAccountRegEx("/./g");
+        apiSettings.setThirdPartyRegex("(?i:.*third)");
     }
 
     @Test