refactor: add snyk config struct

snyk · Nov 26, 2024 · 30168fc · 30168fc
1 parent 5e753b3
commit 30168fc
Show file tree

Hide file tree

Showing 11 changed files with 118 additions and 68 deletions.
diff --git a/internal/commands/snyk/config.go b/internal/commands/snyk/config.go
@@ -0,0 +1,20 @@
+package snyk
+
+import (
+	"os"
+
+	"github.com/snyk/parlay/lib/snyk"
+)
+
+func config() *snyk.Config {
+	c := snyk.DefaultConfig()
+
+	if t := os.Getenv("SNYK_TOKEN"); t != "" {
+		c.APIToken = t
+	}
+	if u := os.Getenv("SNYK_API"); u != "" {
+		c.SnykAPIURL = u
+	}
+
+	return c
+}
diff --git a/internal/commands/snyk/enrich.go b/internal/commands/snyk/enrich.go
@@ -17,6 +17,8 @@ func NewEnrichCommand(logger *zerolog.Logger) *cobra.Command {
 		Short: "Enrich an SBOM with Snyk data",
 		Args:  cobra.ExactArgs(1),
 		Run: func(cmd *cobra.Command, args []string) {
+			conf := config()
+
 			b, err := utils.GetUserInput(args[0], os.Stdin)
 			if err != nil {
 				logger.Fatal().Err(err).Msg("Failed to read input")
@@ -27,7 +29,7 @@ func NewEnrichCommand(logger *zerolog.Logger) *cobra.Command {
 				logger.Fatal().Err(err).Msg("Failed to read SBOM input")
 			}
 
-			snyk.EnrichSBOM(doc, logger)
+			snyk.EnrichSBOM(conf, doc, logger)
 
 			if err := doc.Encode(os.Stdout); err != nil {
 				logger.Fatal().Err(err).Msg("Failed to encode new SBOM")

diff --git a/internal/commands/snyk/packages.go b/internal/commands/snyk/packages.go
@@ -16,6 +16,8 @@ func NewPackageCommand(logger *zerolog.Logger) *cobra.Command {
 		Short: "Return package vulnerabilities from Snyk",
 		Args:  cobra.ExactArgs(1),
 		Run: func(cmd *cobra.Command, args []string) {
+			conf := config()
+
 			purl, err := packageurl.FromString(args[0])
 			if err != nil {
 				logger.Fatal().Err(err).Msg("Failed to parse PackageURL")
@@ -26,23 +28,23 @@ func NewPackageCommand(logger *zerolog.Logger) *cobra.Command {
 				Str("purl", args[0]).
 				Msg("Looking up package vulnerabilities from Snyk")
 
-			auth, err := snyk.AuthFromToken(snyk.APIToken())
+			auth, err := snyk.AuthFromToken(conf.APIToken)
 			if err != nil {
 				logger.
 					Fatal().
 					Err(err).
 					Msg("Failed to get API credentials")
 			}
 
-			orgID, err := snyk.SnykOrgID(auth)
+			orgID, err := snyk.SnykOrgID(conf, auth)
 			if err != nil {
 				logger.
 					Fatal().
 					Err(err).
 					Msg("Failed to look up user info")
 			}
 
-			resp, err := snyk.GetPackageVulnerabilities(&purl, auth, orgID)
+			resp, err := snyk.GetPackageVulnerabilities(conf, &purl, auth, orgID)
 			if err != nil {
 				logger.Fatal().Err(err).Msg("Failed to look up package vulnerabilities")
 			}

diff --git a/lib/snyk/config.go b/lib/snyk/config.go
@@ -0,0 +1,32 @@
+/*
+ * © 2024 Snyk Limited All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package snyk
+
+type Config struct {
+	SnykAdvisorWebURL         string
+	SnykVulnerabilityDBWebURL string
+	SnykAPIURL                string
+	APIToken                  string
+}
+
+func DefaultConfig() *Config {
+	return &Config{
+		SnykAdvisorWebURL:         "https://snyk.io/advisor",
+		SnykVulnerabilityDBWebURL: "https://security.snyk.io",
+		SnykAPIURL:                "https://api.snyk.io",
+	}
+}
diff --git a/lib/snyk/enrich.go b/lib/snyk/enrich.go
@@ -24,12 +24,12 @@ import (
 	"github.com/snyk/parlay/lib/sbom"
 )
 
-func EnrichSBOM(doc *sbom.SBOMDocument, logger *zerolog.Logger) *sbom.SBOMDocument {
+func EnrichSBOM(conf *Config, doc *sbom.SBOMDocument, logger *zerolog.Logger) *sbom.SBOMDocument {
 	switch bom := doc.BOM.(type) {
 	case *cdx.BOM:
-		enrichCycloneDX(bom, logger)
+		enrichCycloneDX(conf, bom, logger)
 	case *spdx.Document:
-		enrichSPDX(bom, logger)
+		enrichSPDX(conf, bom, logger)
 	}
 
 	return doc

diff --git a/lib/snyk/enrich_cyclonedx.go b/lib/snyk/enrich_cyclonedx.go
@@ -31,15 +31,15 @@ import (
 	"github.com/snyk/parlay/snyk/issues"
 )
 
-type cdxEnricher = func(*cdx.Component, *packageurl.PackageURL)
+type cdxEnricher = func(*Config, *cdx.Component, *packageurl.PackageURL)
 
 var cdxEnrichers = []cdxEnricher{
 	enrichCDXSnykAdvisorData,
 	enrichCDXSnykVulnerabilityDBData,
 }
 
-func enrichCDXSnykVulnerabilityDBData(component *cdx.Component, purl *packageurl.PackageURL) {
-	url := SnykVulnURL(purl)
+func enrichCDXSnykVulnerabilityDBData(conf *Config, component *cdx.Component, purl *packageurl.PackageURL) {
+	url := SnykVulnURL(conf, purl)
 	if url != "" {
 		ext := cdx.ExternalReference{
 			URL:     url,
@@ -54,8 +54,8 @@ func enrichCDXSnykVulnerabilityDBData(component *cdx.Component, purl *packageurl
 	}
 }
 
-func enrichCDXSnykAdvisorData(component *cdx.Component, purl *packageurl.PackageURL) {
-	url := SnykAdvisorURL(purl)
+func enrichCDXSnykAdvisorData(conf *Config, component *cdx.Component, purl *packageurl.PackageURL) {
+	url := SnykAdvisorURL(conf, purl)
 	if url != "" {
 		ext := cdx.ExternalReference{
 			URL:     url,
@@ -70,14 +70,14 @@ func enrichCDXSnykAdvisorData(component *cdx.Component, purl *packageurl.Package
 	}
 }
 
-func enrichCycloneDX(bom *cdx.BOM, logger *zerolog.Logger) *cdx.BOM {
-	auth, err := AuthFromToken(APIToken())
+func enrichCycloneDX(conf *Config, bom *cdx.BOM, logger *zerolog.Logger) *cdx.BOM {
+	auth, err := AuthFromToken(conf.APIToken)
 	if err != nil {
 		logger.Fatal().Err(err).Msg("Failed to authenticate")
 		return nil
 	}
 
-	orgID, err := SnykOrgID(auth)
+	orgID, err := SnykOrgID(conf, auth)
 	if err != nil {
 		logger.Error().Err(err).Msg("Failed to infer preferred Snyk organization")
 		return nil
@@ -105,9 +105,9 @@ func enrichCycloneDX(bom *cdx.BOM, logger *zerolog.Logger) *cdx.BOM {
 				return
 			}
 			for _, enrichFunc := range cdxEnrichers {
-				enrichFunc(component, &purl)
+				enrichFunc(conf, component, &purl)
 			}
-			resp, err := GetPackageVulnerabilities(&purl, auth, orgID)
+			resp, err := GetPackageVulnerabilities(conf, &purl, auth, orgID)
 			if err != nil {
 				l.Err(err).
 					Str("purl", purl.ToString()).
@@ -206,7 +206,7 @@ func enrichCycloneDX(bom *cdx.BOM, logger *zerolog.Logger) *cdx.BOM {
 					for _, sev := range *issue.Attributes.Severities {
 						source := cdx.Source{
 							Name: "Snyk",
-							URL:  "https://security.snyk.io",
+							URL:  snykVulnDBServer,
 						}
 						if sev.Score != nil {
 							score := float64(*sev.Score)

diff --git a/lib/snyk/enrich_spdx.go b/lib/snyk/enrich_spdx.go
@@ -32,19 +32,15 @@ import (
 	"github.com/snyk/parlay/snyk/issues"
 )
 
-const (
-	snykVulnerabilityDB_URI = "https://security.snyk.io"
-)
-
-type spdxEnricher = func(*spdx_2_3.Package, *packageurl.PackageURL)
+type spdxEnricher = func(*Config, *spdx_2_3.Package, *packageurl.PackageURL)
 
 var spdxEnrichers = []spdxEnricher{
 	enrichSPDXSnykAdvisorData,
 	enrichSPDXSnykVulnerabilityDBData,
 }
 
-func enrichSPDXSnykAdvisorData(component *spdx_2_3.Package, purl *packageurl.PackageURL) {
-	url := SnykAdvisorURL(purl)
+func enrichSPDXSnykAdvisorData(conf *Config, component *spdx_2_3.Package, purl *packageurl.PackageURL) {
+	url := SnykAdvisorURL(conf, purl)
 	if url != "" {
 		ext := &spdx_2_3.PackageExternalReference{
 			Locator:            url,
@@ -60,8 +56,8 @@ func enrichSPDXSnykAdvisorData(component *spdx_2_3.Package, purl *packageurl.Pac
 	}
 }
 
-func enrichSPDXSnykVulnerabilityDBData(component *spdx_2_3.Package, purl *packageurl.PackageURL) {
-	url := SnykVulnURL(purl)
+func enrichSPDXSnykVulnerabilityDBData(conf *Config, component *spdx_2_3.Package, purl *packageurl.PackageURL) {
+	url := SnykVulnURL(conf, purl)
 	if url != "" {
 		ext := &spdx_2_3.PackageExternalReference{
 			Locator:            url,
@@ -77,16 +73,16 @@ func enrichSPDXSnykVulnerabilityDBData(component *spdx_2_3.Package, purl *packag
 	}
 }
 
-func enrichSPDX(bom *spdx.Document, logger *zerolog.Logger) *spdx.Document {
-	auth, err := AuthFromToken(APIToken())
+func enrichSPDX(conf *Config, bom *spdx.Document, logger *zerolog.Logger) *spdx.Document {
+	auth, err := AuthFromToken(conf.APIToken)
 	if err != nil {
 		logger.Fatal().
 			Err(err).
 			Msg("Failed to authenticate")
 		return nil
 	}
 
-	orgID, err := SnykOrgID(auth)
+	orgID, err := SnykOrgID(conf, auth)
 	if err != nil {
 		logger.Fatal().
 			Err(err).
@@ -114,9 +110,9 @@ func enrichSPDX(bom *spdx.Document, logger *zerolog.Logger) *spdx.Document {
 				return
 			}
 			for _, enrichFn := range spdxEnrichers {
-				enrichFn(pkg, purl)
+				enrichFn(conf, pkg, purl)
 			}
-			resp, err := GetPackageVulnerabilities(purl, auth, orgID)
+			resp, err := GetPackageVulnerabilities(conf, purl, auth, orgID)
 			if err != nil {
 				l.Err(err).
 					Str("purl", purl.ToString()).
@@ -154,9 +150,8 @@ func enrichSPDX(bom *spdx.Document, logger *zerolog.Logger) *spdx.Document {
 				RefType:  spdx.SecurityAdvisory,
 				Locator: fmt.Sprintf(
 					"%s/vuln/%s",
-					snykVulnerabilityDB_URI,
-					url.PathEscape(*issue.Id),
-				),
+					conf.SnykVulnerabilityDBWebURL,
+					url.PathEscape(*issue.Id)),
 			}
 
 			if issue.Attributes.Title != nil {