Skip to content

Commit

Permalink
add exemptedActions & pinToImmutable as optional params
Browse files Browse the repository at this point in the history
  • Loading branch information
shubham-stepsecurity committed Jan 31, 2025
1 parent a1871e2 commit 38df01f
Show file tree
Hide file tree
Showing 3 changed files with 14 additions and 3 deletions.
2 changes: 1 addition & 1 deletion main.go
Original file line number Diff line number Diff line change
Expand Up @@ -128,7 +128,7 @@ func (h Handler) Invoke(ctx context.Context, req []byte) ([]byte, error) {
inputYaml = httpRequest.Body
}

fixResponse, err := workflow.SecureWorkflow(httpRequest.QueryStringParameters, nil, false, inputYaml, dynamoDbSvc)
fixResponse, err := workflow.SecureWorkflow(httpRequest.QueryStringParameters, inputYaml, dynamoDbSvc)

if err != nil {
response = events.APIGatewayProxyResponse{
Expand Down
13 changes: 12 additions & 1 deletion remediation/workflow/secureworkflow.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,10 +13,21 @@ const (
HardenRunnerActionName = "Harden Runner"
)

func SecureWorkflow(queryStringParams map[string]string, exemptedActions []string, pinToImmutable bool, inputYaml string, svc dynamodbiface.DynamoDBAPI) (*permissions.SecureWorkflowReponse, error) {
func SecureWorkflow(queryStringParams map[string]string, inputYaml string, svc dynamodbiface.DynamoDBAPI, params ...interface{}) (*permissions.SecureWorkflowReponse, error) {
pinActions, addHardenRunner, addPermissions, addProjectComment := true, true, true, true
pinnedActions, addedHardenRunner, addedPermissions := false, false, false
ignoreMissingKBs := false
exemptedActions, pinToImmutable := []string{}, false
if len(params) > 0 {
if v, ok := params[0].([]string); ok {
exemptedActions = v
}

Check warning on line 24 in remediation/workflow/secureworkflow.go

View check run for this annotation

Codecov / codecov/patch

remediation/workflow/secureworkflow.go#L22-L24

Added lines #L22 - L24 were not covered by tests
}
if len(params) > 1 {
if v, ok := params[1].(bool); ok {
pinToImmutable = v
}

Check warning on line 29 in remediation/workflow/secureworkflow.go

View check run for this annotation

Codecov / codecov/patch

remediation/workflow/secureworkflow.go#L27-L29

Added lines #L27 - L29 were not covered by tests
}

if queryStringParams["pinActions"] == "false" {
pinActions = false
Expand Down
2 changes: 1 addition & 1 deletion remediation/workflow/secureworkflow_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -148,7 +148,7 @@ func TestSecureWorkflow(t *testing.T) {
}
queryParams["addProjectComment"] = "false"

output, err := SecureWorkflow(queryParams, nil, false, string(input), &mockDynamoDBClient{})
output, err := SecureWorkflow(queryParams, string(input), &mockDynamoDBClient{})

if err != nil {
t.Errorf("Error not expected")
Expand Down

0 comments on commit 38df01f

Please sign in to comment.