diff --git a/main.go b/main.go index af354d0f..8e4a8131 100644 --- a/main.go +++ b/main.go @@ -128,7 +128,7 @@ func (h Handler) Invoke(ctx context.Context, req []byte) ([]byte, error) { inputYaml = httpRequest.Body } - fixResponse, err := workflow.SecureWorkflow(httpRequest.QueryStringParameters, nil, false, inputYaml, dynamoDbSvc) + fixResponse, err := workflow.SecureWorkflow(httpRequest.QueryStringParameters, inputYaml, dynamoDbSvc) if err != nil { response = events.APIGatewayProxyResponse{ diff --git a/remediation/workflow/secureworkflow.go b/remediation/workflow/secureworkflow.go index f51ab0b1..f6246b4f 100644 --- a/remediation/workflow/secureworkflow.go +++ b/remediation/workflow/secureworkflow.go @@ -13,10 +13,21 @@ const ( HardenRunnerActionName = "Harden Runner" ) -func SecureWorkflow(queryStringParams map[string]string, exemptedActions []string, pinToImmutable bool, inputYaml string, svc dynamodbiface.DynamoDBAPI) (*permissions.SecureWorkflowReponse, error) { +func SecureWorkflow(queryStringParams map[string]string, inputYaml string, svc dynamodbiface.DynamoDBAPI, params ...interface{}) (*permissions.SecureWorkflowReponse, error) { pinActions, addHardenRunner, addPermissions, addProjectComment := true, true, true, true pinnedActions, addedHardenRunner, addedPermissions := false, false, false ignoreMissingKBs := false + exemptedActions, pinToImmutable := []string{}, false + if len(params) > 0 { + if v, ok := params[0].([]string); ok { + exemptedActions = v + } + } + if len(params) > 1 { + if v, ok := params[1].(bool); ok { + pinToImmutable = v + } + } if queryStringParams["pinActions"] == "false" { pinActions = false diff --git a/remediation/workflow/secureworkflow_test.go b/remediation/workflow/secureworkflow_test.go index 38dce607..9b5baa8b 100644 --- a/remediation/workflow/secureworkflow_test.go +++ b/remediation/workflow/secureworkflow_test.go @@ -148,7 +148,7 @@ func TestSecureWorkflow(t *testing.T) { } queryParams["addProjectComment"] = "false" - output, err := SecureWorkflow(queryParams, nil, false, string(input), &mockDynamoDBClient{}) + output, err := SecureWorkflow(queryParams, string(input), &mockDynamoDBClient{}) if err != nil { t.Errorf("Error not expected")