Skip to content

Add a ruletype that checks for the presence of a file header #239

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
rdimitrov wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add a ruletype that checks for the presence of a file header #239

rdimitrov wants to merge 1 commit into from

Conversation

@rdimitrov
Copy link
Member

@rdimitrov rdimitrov commented Dec 19, 2024
edited
Loading

The following PR adds a ruletype that checks for the presence of a file header.

It accepts a filter input which is a regex for filtering out files and also the content of the header to check for. Both are required fields.

Example usages:

...
  - type: file_header
    name: enforce-license-header-yml
    def:
      filter: "^.*\\.yml$"
      header: |
        # SPDX-FileCopyrightText: Copyright 2024 The Minder Authors
        # SPDX-License-Identifier: Apache-2.0
  - type: file_header
    name: enforce-license-header-license
    def:
      filter: "LICENSE"
      header: |
        # SPDX-FileCopyrightText: Copyright 2024 The Minder Authors
        # SPDX-License-Identifier: Apache-2.0
...

@rdimitrov rdimitrov requested a review from a team as a code owner December 19, 2024 14:17
@rdimitrov rdimitrov self-assigned this Dec 19, 2024
@rdimitrov
Add a ruletype that checks for the presence of a file header
305ceb2 
Signed-off-by: Radoslav Dimitrov <radoslav@stacklok.com>
evankanderson
evankanderson approved these changes Jan 10, 2025
View reviewed changes
Copy link
Member

@evankanderson evankanderson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few minor questions, but this seems handy. It would be doubly-handy on PRs, but we can add that later.

rule-types/common/file_header.yaml
Comment on lines +34 to +36
The header to check for in the file.

This is the expected content that should be present in the beginning of the file.
Copy link
Member

@evankanderson evankanderson Jan 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you want to support date-matching here, or keep this exact match?

rule-types/common/file_header.yaml
Comment on lines +70 to +73
# Defines the configuration for alerting on the rule
alert:
type: security_advisory
security_advisory: {}
Copy link
Member

@evankanderson evankanderson Jan 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think you want a security advisory for this.

It does seem worthwhile to think about what a remediation rule for this would look like, in the context of broader remediations, but this example seems a bit too limited on its own to recommend a remediation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@JAORMX JAORMX JAORMX approved these changes

@evankanderson evankanderson evankanderson approved these changes

Assignees

@rdimitrov rdimitrov

Labels

hackathon

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@rdimitrov @JAORMX @evankanderson