Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

⭐️ newcnspec bundle lint cmd #253

Merged
merged 1 commit into from
Jan 3, 2023
Merged

⭐️ newcnspec bundle lint cmd #253

merged 1 commit into from
Jan 3, 2023

Conversation

chris-rock
Copy link
Member

@chris-rock chris-rock commented Dec 28, 2022
edited
Loading

Problem:

As a developer of policies I want to verify that my developed bundle meets the requirements and conforms to best-practices.

Solution:

The new cnspec bundle lint command (previously called cnspec bundle validate ships with a set of rules:

  • "MQL compile error"
  • "UID is not valid"
  • "Missing policy UID"
  • "Missing policy name"
  • "No unique policy UID"
  • "Policy is missing checks"
  • "Assigned query missing"
  • "Policy version is missing"
  • "Policy version is wrong"
  • "Missing query UID"
  • "Missing query title"
  • "No unique query UID"
  • "Unassigned Query"

A major improvement compared to the previous implementation is the detection of file name and line number. The allows the output to highlights the rule id and message with the file and line number. To see the new linting output, just run:

cnspec bundle lint policy.mql.yaml

Screenshot 2023-01-01 at 14 00 50

The new cnspec bundle lint also allows users to export the output as sarif with the -o sarif option. Best is to pipe the output into a file:

cnspec bundle lint -o sarif --output-file report.sarif policy.mql.yaml

The report can then be viewed in Visual Studio Code and the Sarif Extension

Screenshot 2023-01-01 at 14 10 39

We also improved renamed cnspec bundle upload to cnspec bundle publish.

@chris-rock
Copy link
Member Author

cnspec bundle validate should also warn when queries are not assigned

@chris-rock chris-rock changed the title ⭐️ extends the cnspec bundle validate cmd Draft: ⭐️ extends the cnspec bundle validate cmd Dec 30, 2022
@chris-rock chris-rock force-pushed the chris-rock/validate branch from 0b118df to 6fb0278 Compare January 1, 2023 12:41
@chris-rock chris-rock changed the title Draft: ⭐️ extends the cnspec bundle validate cmd ⭐️ newcnspec bundle lint cmd Jan 1, 2023
@chris-rock chris-rock force-pushed the chris-rock/validate branch 4 times, most recently from 2096367 to ef9af5c Compare January 1, 2023 17:40
@chris-rock chris-rock mentioned this pull request Jan 2, 2023
Merged
@chris-rock chris-rock force-pushed the chris-rock/validate branch from ef9af5c to 8c7e66a Compare January 2, 2023 09:01
@chris-rock chris-rock mentioned this pull request Jan 2, 2023
Merged
chris-rock added a commit to mondoohq/cnspec-policies that referenced this pull request Jan 2, 2023
@chris-rock
🐛 fix yaml issues detected by new linter (#99)
789f38c 
The new linter mondoohq/cnspec#253 found a few
issues in the yaml files where tags have been used twice.
@chris-rock chris-rock force-pushed the chris-rock/validate branch from 8c7e66a to 47e7cca Compare January 3, 2023 09:28
@chris-rock
⭐️ cnspec mql bundle linting
9a2f261 
- extends the `cnspec bundle validate` cmd to check for unique policy and query ids
- sarif output for cnspec bundle lint
- add line number output for issues so that it is easier to track down issues in bundles
@chris-rock chris-rock force-pushed the chris-rock/validate branch from 47e7cca to 9a2f261 Compare January 3, 2023 11:42
@chris-rock chris-rock merged commit 3aeec4d into main Jan 3, 2023
@chris-rock chris-rock deleted the chris-rock/validate branch January 3, 2023 16:15
@github-actions github-actions bot locked and limited conversation to collaborators Jan 3, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@jaym jaym jaym approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@chris-rock @jaym