fix: Avoided rule duplication using schema connections

Marco Franceschi · Marco Franceschi · commit 251a31f40c67 · 2022-02-23T17:26:40.000-03:00
diff --git a/src/plugins/policyPack/index.ts b/src/plugins/policyPack/index.ts
@@ -11,7 +11,7 @@ import {
   StorageEngine,
 } from '../..'
 import RulesEngine from '../../rules-engine'
-import { Result, Severity } from '../../rules-engine/types'
+import { Result, Rule, Severity } from '../../rules-engine/types'
 import Plugin, { ConfiguredPlugin, PluginManager } from '../types'
 
 export default class PolicyPackPlugin extends Plugin {
@@ -57,7 +57,7 @@ export default class PolicyPackPlugin extends Plugin {
     [policyPackName: string]: {
       engine: Engine
       entity: string
-      rules: any
+      rules: Rule[]
     }
   } = {}
 
diff --git a/src/rules-engine/evaluators/js-evaluator.ts b/src/rules-engine/evaluators/js-evaluator.ts
@@ -17,23 +17,17 @@ export default class JsEvaluator implements RuleEvaluator<JsRule> {
     rule: JsRule,
     data: ResourceData
   ): Promise<RuleFinding> {
+    const { gql, check, resource, ...ruleMetadata } = rule
     const result = rule.check!(data)
       ? RuleResult.MATCHES
       : RuleResult.DOESNT_MATCH
 
     const finding = {
       id: `${rule.id}/${data.resource?.id}`,
-      ruleId: rule.id,
       resourceId: data.resource?.id,
       result: result !== RuleResult.MATCHES ? Result.FAIL : Result.PASS,
-      severity: rule.severity,
-      description: rule.description,
-      title: rule.title,
-      rationale: rule.rationale,
-      audit: rule.audit,
-      remediation: rule.remediation,
-      references: rule.references,
       typename: data.resource?.__typename, // eslint-disable-line no-underscore-dangle
+      rule: ruleMetadata,
     } as RuleFinding
 
     return finding
diff --git a/src/rules-engine/evaluators/json-evaluator.ts b/src/rules-engine/evaluators/json-evaluator.ts
@@ -22,23 +22,17 @@ export default class JsonEvaluator implements RuleEvaluator<JsonRule> {
     rule: JsonRule,
     data: ResourceData
   ): Promise<RuleFinding> {
+    const { gql, conditions, resource, ...ruleMetadata } = rule
     const result = (await this.evaluateCondition(rule.conditions, data))
       ? RuleResult.MATCHES
       : RuleResult.DOESNT_MATCH
 
     const finding = {
       id: `${rule.id}/${data.resource?.id}`,
-      ruleId: rule.id,
       resourceId: data.resource?.id,
       result: result !== RuleResult.MATCHES ? Result.FAIL : Result.PASS,
-      severity: rule.severity,
-      description: rule.description,
-      title: rule.title,
-      rationale: rule.rationale,
-      audit: rule.audit,
-      remediation: rule.remediation,
-      references: rule.references,
       typename: data.resource?.__typename, // eslint-disable-line no-underscore-dangle
+      rule: ruleMetadata,
     } as RuleFinding
 
     return finding
diff --git a/src/rules-engine/evaluators/manual-evaluator.ts b/src/rules-engine/evaluators/manual-evaluator.ts
@@ -9,16 +9,9 @@ export default class ManualEvaluator implements RuleEvaluator<JsonRule> {
   async evaluateSingleResource(rule: Rule): Promise<RuleFinding> {
     return {
       id: `${rule.id}/manual`,
-      ruleId: rule.id,
       result: Result.SKIPPED,
-      severity: rule.severity,
-      description: rule.description,
-      title: rule.title,
-      rationale: rule.rationale,
-      audit: rule.audit,
-      remediation: rule.remediation,
-      references: rule.references,
       typename: 'manual',
+      rule,
     } as RuleFinding
   }
 }
diff --git a/src/rules-engine/index.ts b/src/rules-engine/index.ts
@@ -215,22 +215,25 @@ export default class RulesProvider implements Engine {
       this.entityName
     }Findings]
     }
-    interface baseFinding {
-      id: String! @id
-      ruleId: String! @search(by: [hash, regexp])
-      resourceId: String @search(by: [hash, regexp])
+    type ruleMetadata @key(fields: "id") {
+      id: String! @id @search(by: [hash, regexp])
       severity: String! @search(by: [hash, regexp])
       description: String! @search(by: [hash, regexp])
       title: String @search(by: [hash, regexp])
       audit: String @search(by: [hash, regexp])
       rationale: String @search(by: [hash, regexp])
       remediation: String @search(by: [hash, regexp])
       references: [String] @search(by: [hash, regexp])
+    }
+    interface baseFinding {
+      id: String! @id
+      resourceId: String @search(by: [hash, regexp])
+      rule: ruleMetadata
       result: FindingsResult @search
     }
     type ${this.providerName}${
       this.entityName
-    }Findings implements baseFinding  @key(fields: "id") {
+    }Findings implements baseFinding @key(fields: "id") {
       findings: ${this.providerName}Findings  @hasInverse(field: ${
       this.entityName
     }Findings)
diff --git a/src/rules-engine/types.ts b/src/rules-engine/types.ts
@@ -53,16 +53,8 @@ export interface Rule {
 }
 export interface RuleFinding {
   id: string
-  title: string
-  ruleId: string
   resourceId?: string
   result: Result
-  severity: Severity
-  description: string
-  rationale?: string
-  audit?: string
-  remediation?: string
-  references?: string[]
   typename: string
 }
 
diff --git a/tests/rules-engine.test.ts b/tests/rules-engine.test.ts
@@ -55,28 +55,19 @@ describe('RulesEngine', () => {
   })
 
   it('Should pass preparing the mutations to insert findings data given a RuleFindings array', () => {
-    const ruleId = cuid()
     const resourceId = cuid()
     const data = [
       {
         id: cuid(),
-        ruleId,
         resourceId,
         result: Result.FAIL,
-        severity: Severity.MEDIUM,
         typename: 'querySchemaA',
-        description: '',
-        title: '',
       },
       {
         id: cuid(),
-        ruleId,
         resourceId,
         result: Result.PASS,
-        severity: Severity.LOW,
         typename: 'querySchemaA',
-        description: '',
-        title: '',
       },
     ]
 
