feat: Reduced mutations payload

Author: mfranceschit

src/plugins/policyPack/index.ts

@@ -321,7 +321,7 @@ export default class PolicyPackPlugin extends Plugin {
         })
 
         // Prepare mutations
-        const mutations = engine.prepareMutations(findings)
+        const mutations = engine.prepareMutations(findings, rules)
 
         // Save connections
         processConnectionsBetweenEntities({

src/rules-engine/data-processors/data-processor.ts

@@ -1,5 +1,5 @@
 import { Entity } from '../../types'
-import { RuleFinding } from '../types'
+import { Rule, RuleFinding } from '../types'
 
 export default interface DataProcessor {
   readonly typenameToFieldMap: { [typeName: string]: string }
@@ -17,5 +17,12 @@ export default interface DataProcessor {
    * @param findings resulted findings during rules execution
    * @returns {Entity[]} Array of generated mutations
    */
-  prepareMutations: (findings: RuleFinding[]) => Entity[]
+  prepareFindingsMutations: (findings: RuleFinding[]) => Entity[]
+
+  /**
+   * Transforms Rules array into a mutation array for GraphQL
+   * @param rules rules metadata
+   * @returns {Entity[]} Array of generated mutations
+   */
+  prepareRulesMetadataMutations: (rules: Rule[]) => Entity[]
 }

src/rules-engine/data-processors/dgraph-data-processor.ts

@@ -1,7 +1,7 @@
 import groupBy from 'lodash/groupBy'
 import isEmpty from 'lodash/isEmpty'
 import { Entity } from '../../types'
-import { RuleFinding } from '../types'
+import { Rule, RuleFinding } from '../types'
 import DataProcessor from './data-processor'
 
 export default class DgraphDataProcessor implements DataProcessor {
@@ -48,7 +48,7 @@ export default class DgraphDataProcessor implements DataProcessor {
 
     type ruleMetadata @key(fields: "id") {
       id: String! @id @search(by: [hash, regexp])
-      severity: String! @search(by: [hash, regexp])
+      severity: String @search(by: [hash, regexp])
       description: String! @search(by: [hash, regexp])
       title: String @search(by: [hash, regexp])
       audit: String @search(by: [hash, regexp])
@@ -185,7 +185,44 @@ export default class DgraphDataProcessor implements DataProcessor {
     return mutations
   }
 
-  prepareMutations = (findings: RuleFinding[] = []): Entity[] => {
+  prepareRulesMetadataMutations = (rules: Rule[] = []): Entity[] => {
+    return [
+      {
+        name: 'ruleMetadata',
+        mutation: `
+mutation($input: [AddruleMetadataInput!]!) {
+addruleMetadata(input: $input, upsert: true) {
+  numUids
+}
+}
+
+`,
+        data: rules.map(
+          ({
+            id,
+            title,
+            description,
+            references,
+            rationale,
+            audit,
+            remediation,
+            severity,
+          }) => ({
+            id,
+            title,
+            description,
+            references,
+            rationale,
+            audit,
+            remediation,
+            severity,
+          })
+        ),
+      },
+    ]
+  }
+
+  prepareFindingsMutations = (findings: RuleFinding[] = []): Entity[] => {
     // Return an empty array if there are no findings
     if (isEmpty(findings)) {
       return []

src/rules-engine/evaluators/js-evaluator.ts

@@ -14,20 +14,20 @@ export default class JsEvaluator implements RuleEvaluator<JsRule> {
   }
 
   async evaluateSingleResource(
-    rule: JsRule,
+    { id, check, severity }: JsRule,
     data: ResourceData
   ): Promise<RuleFinding> {
-    const { gql, check, resource, ...ruleMetadata } = rule
-    const result = rule.check!(data)
-      ? RuleResult.MATCHES
-      : RuleResult.DOESNT_MATCH
+    const result = check!(data) ? RuleResult.MATCHES : RuleResult.DOESNT_MATCH
 
     const finding = {
-      id: `${rule.id}/${data.resource?.id}`,
+      id: `${id}/${data.resource?.id}`,
       resourceId: data.resource?.id,
       result: result !== RuleResult.MATCHES ? Result.FAIL : Result.PASS,
       typename: data.resource?.__typename, // eslint-disable-line no-underscore-dangle
-      rule: ruleMetadata,
+      rule: {
+        id,
+        severity,
+      },
     } as RuleFinding
     return finding
   }

src/rules-engine/evaluators/json-evaluator.ts

@@ -20,20 +20,22 @@ export default class JsonEvaluator implements RuleEvaluator<JsonRule> {
   }
 
   async evaluateSingleResource(
-    rule: JsonRule,
+    { id, conditions, severity }: JsonRule,
     data: ResourceData
   ): Promise<RuleFinding> {
-    const { gql, conditions, resource, ...ruleMetadata } = rule
-    const result = (await this.evaluateCondition(rule.conditions, data))
+    const result = (await this.evaluateCondition(conditions, data))
       ? RuleResult.MATCHES
       : RuleResult.DOESNT_MATCH
 
     const finding = {
-      id: `${rule.id}/${data.resource?.id}`,
+      id: `${id}/${data.resource?.id}`,
       resourceId: data.resource?.id,
       result: result !== RuleResult.MATCHES ? Result.FAIL : Result.PASS,
       typename: data.resource?.__typename, // eslint-disable-line no-underscore-dangle
-      rule: ruleMetadata,
+      rule: {
+        id,
+        severity,
+      },
     } as RuleFinding
     return finding
   }

src/rules-engine/evaluators/manual-evaluator.ts

@@ -6,12 +6,15 @@ export default class ManualEvaluator implements RuleEvaluator<JsonRule> {
     return !('gql' in rule) && !('conditions' in rule) && !('resource' in rule)
   }
 
-  async evaluateSingleResource(rule: Rule): Promise<RuleFinding> {
+  async evaluateSingleResource({ id, severity }: Rule): Promise<RuleFinding> {
     return {
-      id: `${rule.id}/manual`,
+      id: `${id}/manual`,
       result: Result.SKIPPED,
       typename: 'manual',
-      rule,
+      rule: {
+        id,
+        severity,
+      },
     } as RuleFinding
   }
 }

src/rules-engine/index.ts

@@ -135,6 +135,8 @@ export default class RulesProvider implements Engine {
     return res
   }
 
-  prepareMutations = (findings: RuleFinding[]): Entity[] =>
-    this.dataProcessor.prepareMutations(findings)
+  prepareMutations = (findings: RuleFinding[], rules: Rule[]): Entity[] => [
+    ...this.dataProcessor.prepareRulesMetadataMutations(rules),
+    ...this.dataProcessor.prepareFindingsMutations(findings),
+  ]
 }

src/rules-engine/types.ts

@@ -89,7 +89,8 @@ export interface Engine {
   /**
    * Transforms RuleFinding array into a mutation array for GraphQL
    * @param findings resulted findings during rules execution
+   * @param rules rules metadata
    * @returns {Entity[]} Array of generated mutations
    */
-  prepareMutations: (findings: RuleFinding[]) => Entity[]
+  prepareMutations: (findings: RuleFinding[], rules: Rule[]) => Entity[]
 }

tests/rules-engine.test.ts

@@ -38,7 +38,7 @@ describe('RulesEngine', () => {
       ManualEvaluatorMock.manualRule as Rule,
       undefined
     )
-    const [mutations] = rulesEngine.prepareMutations(findings)
+    const [mutations] = rulesEngine.prepareMutations(findings, [])
 
     expect(findings.length).toBe(1)
     expect(mutations).toBeDefined()
@@ -66,7 +66,7 @@ describe('RulesEngine', () => {
   it('Should return empty mutations array given an empty findings array', () => {
     const data = []
 
-    const entities = rulesEngine.prepareMutations(data)
+    const entities = rulesEngine.prepareMutations(data, [])
 
     expect(entities).toBeDefined()
     expect(entities.length).toBe(0)