fix:[PLG-564] CS-Group CVEs based on app/product in violation info

[ershad-paladin]

Description

• group cves based on product/app for crowdstrike violations instead of showing description for each cve
• Vulnerability url will now deep link to the falcon vulnerability page filtered on the product/app

Problem

Solution

Fixes # (issue if any)

Type of change

Please delete options that are not relevant.

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Chore (no code changes)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update

How Has This Been Tested?

Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also
list any relevant details for your test configuration

• Run the mapper and shipper with the fixes
• verify CVEs are grouped by app in vulnerability info
• verify vulnerability url deep links to the falcon vulnerability page filtered on the product/app

Checklist:

• My code follows the style guidelines of this project
• My commit message/PR follows the contribution guidelines of this project
• I have performed a self-review of my code
• I have commented my code, particularly in hard-to-understand areas
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes

Other Information:

List any documentation updates that are needed for the Wiki

Summary by CodeRabbit

• New Features

  • Updated vulnerability details processing to organize based on product names and URLs.

• Enhancements

  • Added constants for product name versions, normalized product names, and CVE IDs for improved clarity and consistency.

• Improvements

  • Enhanced logging to display the number of policies found for evaluation, aiding in better monitoring and debugging.

• Refactor

  • Unified method for fetching vulnerability details across different modules for consistency and maintainability.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[plyubich]

the location of the file is still in crowdstrike package, needs to be generic

[plyubich]

what are examples of these two values?

[ershad-paladin]

"product_name_normalized": "linux-hwe-6.5",
"product_name_version": "linux-hwe-6.5 6.5.0-28.29~22.04.1"

"product_name_normalized": "Chrome Enterprise",
"product_name_version": "Chrome Enterprise"

[plyubich]

@ershad-paladin you should keep the old rule file as is.

Instead, please create a generic rule file similar to https://github.com/PaladinCloud/CE/blob/master/jobs/pacman-awsrules/src/main/java/com/tmobile/cloud/awsrules/ec2/AssetTypeGroupedVulnerabilitiesRule.java

The only difference between these generic policies is your function "getVulnerabilitiesDetails". In r7 example CVEs are grouped with a single asset entry, whereas in CS CVEs are flattened.

Please revert your previous changes and start by duplicating the above policy and adopting it to CS mapper. CS will the first to use this kind of policy pattern.

Lastly, please adopt your CS mapper to extract only the bare minimum fields that are used by the policy and UI.

[santhosh-challa]

@coderabbitai review

[coderabbitai]

Actions Performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Walkthrough

The recent changes focus on updating vulnerability processing methods and constants within the Pacman project. Key modifications include replacing specific methods for vulnerability details with a generalized method, adding new constants for product details, updating method calls in the VulnerabilityAssessmentPolicy, and enhancing logging in PolicyExecutor to debug policy evaluations.

Changes

File Path	Change Summary
jobs/pacman-awsrules/src/main/java/com/tmobile/cloud/awsrules/utils/PacmanUtils.java	Replaced getQualysVulnerabilitiesDetails with getVulnerabilitiesDetails for organizing vulnerabilities by product names and URLs.
jobs/pacman-awsrules/src/main/java/com/tmobile/cloud/constants/PacmanRuleConstants.java	Added constants PRODUCT_NAME_VERSION, PRODUCT_NAME_NORMALIZED, and CVE_ID.
jobs/pacman-awsrules/src/main/java/com/tmobile/cloud/crowdstrike/VulnerabilityAssessmentPolicy.java	Updated method call from getCrowdstrikeVulnerabilitiesDetails to getVulnerabilitiesDetails.
jobs/pacman-rule-engine-2.0/src/main/java/com/tmobile/pacman/executor/PolicyExecutor.java	Added a debug logging statement to log the number of policies found for evaluation.

In code we trust, with changes we thrive,
A new method dawns, vulnerabilities we drive.
Constants added, to keep us on track,
Logs now whisper, no detail we lack.
Here's to the updates, with a hop and a cheer,
Our code grows stronger, year after year!
🐇✨

Tip

New Features and Improvements

Review Settings

Introduced new personality profiles for code reviews. Users can now select between "Chill" and "Assertive" review tones to tailor feedback styles according to their preferences. The "Assertive" profile posts more comments and nitpicks the code more aggressively, while the "Chill" profile is more relaxed and posts fewer comments.

AST-based Instructions

CodeRabbit offers customizing reviews based on the Abstract Syntax Tree (AST) pattern matching. Read more about AST-based instructions in the documentation.

Community-driven AST-based Rules

We are kicking off a community-driven initiative to create and share AST-based rules. Users can now contribute their AST-based rules to detect security vulnerabilities, code smells, and anti-patterns. Please see the ast-grep-essentials repository for more information.

New Static Analysis Tools

We are continually expanding our support for static analysis tools. We have added support for biome, hadolint, and ast-grep. Update the settings in your .coderabbit.yaml file or head over to the settings page to enable or disable the tools you want to use.

Tone Settings

Users can now customize CodeRabbit to review code in the style of their favorite characters or personalities. Here are some of our favorite examples:

• Mr. T: "You must talk like Mr. T in all your code reviews. I pity the fool who doesn't!"
• Pirate: "Arr, matey! Ye must talk like a pirate in all yer code reviews. Yarrr!"
• Snarky: "You must be snarky in all your code reviews. Snark, snark, snark!"

Revamped Settings Page

We have redesigned the settings page for a more intuitive layout, enabling users to find and adjust settings quickly. This change was long overdue; it not only improves the user experience but also allows our development team to add more settings in the future with ease. Going forward, the changes to .coderabbit.yaml will be reflected in the settings page, and vice versa.

Miscellaneous

• Turn off free summarization: You can switch off free summarization of PRs opened by users not on a paid plan using the enable_free_tier setting.
• Knowledge-base scope: You can now set the scope of the knowledge base to either the repository (local) or the organization (global) level using the knowledge_base setting. In addition, you can specify Jira project keys and Linear team keys to limit the knowledge base scope for those integrations.
• High-level summary placement: You can now customize the location of the high-level summary in the PR description using the high_level_summary_placeholder setting (default @coderabbitai summary).
• Revamped request changes workflow: You can now configure CodeRabbit to auto-approve or request changes on PRs based on the review feedback using the request_changes_workflow setting.

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai generate interesting stats about this repository and render them as a table.
  • @coderabbitai show all the console.log statements in this repository.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger a review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

Outside diff range and nitpick comments (1)

jobs/pacman-awsrules/src/main/java/com/tmobile/cloud/awsrules/utils/PacmanUtils.java (1)

Line range hint 186-186: Use TLS version 1.2 for better security.

- sc = SSLContext.getInstance("SSL");
+ sc = SSLContext.getInstance("TLSv1.2");

This change ensures the use of a more secure version of TLS, mitigating risks associated with older versions.

Review Details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between f63f0a7 and c74b228.

Files selected for processing (4)

• jobs/pacman-awsrules/src/main/java/com/tmobile/cloud/awsrules/utils/PacmanUtils.java (1 hunks)
• jobs/pacman-awsrules/src/main/java/com/tmobile/cloud/constants/PacmanRuleConstants.java (1 hunks)
• jobs/pacman-awsrules/src/main/java/com/tmobile/cloud/crowdstrike/VulnerabilityAssessmentPolicy.java (1 hunks)
• jobs/pacman-rule-engine-2.0/src/main/java/com/tmobile/pacman/executor/PolicyExecutor.java (1 hunks)

Files skipped from review due to trivial changes (1)

• jobs/pacman-awsrules/src/main/java/com/tmobile/cloud/constants/PacmanRuleConstants.java

Additional comments not posted (2)

jobs/pacman-awsrules/src/main/java/com/tmobile/cloud/crowdstrike/VulnerabilityAssessmentPolicy.java (1)

55-55: Change in method call aligns with PR objectives to generalize vulnerability handling.

jobs/pacman-rule-engine-2.0/src/main/java/com/tmobile/pacman/executor/PolicyExecutor.java (1)

148-148: Added debug logging statement enhances visibility into policy evaluation process.

[coderabbitai]

Refactor method to improve maintainability and reduce complexity.

public static String getVulnerabilitiesDetails(JsonArray vulnerabilities) {
    ObjectMapper objectMapper = new ObjectMapper();
    Map<String, VulnerabilityInfo> productVulnerabilities = new HashMap<>();
    vulnerabilities.forEach(vuln -> {
        JsonObject source = vuln.getAsJsonObject().get(PacmanRuleConstants.SOURCE).getAsJsonObject();
        String cveId = source.get(CVE_ID).getAsString();
        String cveUrl = NIST_VULN_DETAILS_URL + cveId;
        CveDetails cveDetails = new CveDetails(cveId, cveUrl);
        source.get("apps").getAsJsonArray().forEach(appElement -> {
            JsonObject app = appElement.getAsJsonObject();
            String productName = app.get(PRODUCT_NAME_VERSION).getAsString();
            productVulnerabilities.computeIfAbsent(productName, k -> new VulnerabilityInfo(productName, source.get(PacmanSdkConstants.VULNERABILITY_URL).getAsString() + "'" + app.get(PRODUCT_NAME_NORMALIZED).getAsString() + "'"))
                                   .getCveList().add(cveDetails);
        });
    });
    try {
        return objectMapper.writeValueAsString(productVulnerabilities.values());
    } catch (JsonProcessingException e) {
        throw new RuleExecutionFailedExeption(e.getMessage());
    }
}

This refactoring uses Java 8 features to streamline the method, making it more readable and maintainable.