Merge pull request #3 from rafaelMurata/finding-source-mute-samples

feat: Adding API v2 Source Finding Mute sample

Author: Rafael Murata

security-center/snippets/system-test/v2/findings.test.js

@@ -24,11 +24,13 @@ const uuid = require('uuid');
 const organizationId = process.env['GCLOUD_ORGANIZATION'];
 const location = 'global';
 
-describe('Client with SourcesAndFindings V2', async () => {
+describe('Client with sources and findings V2', async () => {
     let data;
     before(async () => {
         // Creates a new client.
         const client = new SecurityCenterClient();
+
+        const [projectId] = await client.getProjectId();
         const [source] = await client
             .createSource({
                 source: {
@@ -62,16 +64,20 @@ describe('Client with SourcesAndFindings V2', async () => {
                 },
             },
         };
+       
         const [finding] = await client.createFinding(createFindingTemplate);
         createFindingTemplate.findingId = 'untouchedFindingId';
         createFindingTemplate.finding.category = 'XSS';
         const [untouchedFinding] = await client
             .createFinding(createFindingTemplate)
             .catch(error => console.error(error));
+        
         data = {
             orgId: organizationId,
             sourceId: sourceId,
             sourceName: source.name,
+            findingId: findingId,
+            projectId: projectId,
             findingName: finding.name,
             untouchedFindingName: untouchedFinding.name,
         };
@@ -106,4 +112,36 @@ describe('Client with SourcesAndFindings V2', async () => {
         assert.notMatch(output, /undefined/);
     });
 
-});
+    it('client can mute a findings V2', () => {
+        const output = exec(`node v2/setMuteFinding.js ${data.orgId} ${data.sourceId} ${data.findingId}`);
+        assert.match(output, new RegExp('MUTED'));
+        assert.match(output, /Mute value for the finding/);
+        assert.notMatch(output, /undefined/);
+    });
+
+    it('client can un mute a findings V2', () => {
+        const output = exec(`node v2/setUnmuteFinding.js ${data.orgId} ${data.sourceId} ${data.findingId}`);
+        assert.match(output, new RegExp('UNMUTED'));
+        assert.match(output, /Unmute a finding/);
+        assert.notMatch(output, /undefined/);
+    });
+
+    it('client can group all findings V2', () => {
+        const output = exec(`node v2/groupFindings.js ${data.orgId} ${data.sourceId}`);
+        assert.isAtLeast(4, output.match(/\n/g).length + 1);
+        assert.notMatch(output, /undefined/);
+    });
+
+    it('client group filtered findings V2', () => {
+        const output = exec(`node v2/groupFindingsWithFilter.js ${data.orgId} ${data.sourceId}`);
+        assert.isAtLeast(4, output.match(/\n/g).length + 1);
+        assert.notMatch(output, /undefined/);
+    });
+
+    it('client can bulk a mute a findings V2', () => {
+        const output = exec(`node v2/bulkMuteFindings.js ${data.orgId} ${data.projectId}`);
+        assert.match(output, /Bulk mute findings completed successfully/);
+        assert.notMatch(output, /undefined/);
+    });
+
+});

security-center/snippets/system-test/v2/muterule.test.js

@@ -0,0 +1,104 @@
+/*
+ * Copyright 2024 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+const { SecurityCenterClient } = require('@google-cloud/security-center').v2;
+const { assert } = require('chai');
+const { execSync } = require('child_process');
+const exec = cmd => execSync(cmd, { encoding: 'utf8' });
+const { describe, it, before } = require('mocha');
+const uuidv1 = require('uuid').v1;
+
+const organizationId = process.env['GCLOUD_ORGANIZATION'];
+const location = 'global';
+
+describe('Client with mute rule V2', async () => {
+    let data;
+    before(async () => {
+        // Creates a new client.
+        const client = new SecurityCenterClient();
+          
+        // Build the create mute rule request.
+        const muteId = 'muteid-'+uuidv1().replace(/-/g, '').substring(0, 20);
+        const createMuteRuleRequest = {
+        parent:`organizations/${organizationId}/locations/${location}`,
+        muteConfigId:muteId,
+        muteConfig:{
+            name:`organizations/${organizationId}/locations/${location}/muteConfigs/${muteId}`,
+            description: "Mute low-medium IAM grants excluding 'compute' resources",
+            filter:
+                "severity=\"LOW\" OR severity=\"MEDIUM\" AND " +
+                "category=\"Persistence: IAM Anomalous Grant\" AND " +
+                "-resource.type:\"compute\"",
+            type: "STATIC",
+            },
+        };
+
+        const [muteConfigResponse] = await client
+            .createMuteConfig(createMuteRuleRequest)
+            .catch(error => console.error(error));
+
+        const muteConfigId = muteConfigResponse.name.split('/')[5];
+
+        data = {
+            orgId: organizationId,
+            muteConfigId: muteConfigId,
+            muteConfigName: muteConfigResponse.name,
+            untouchedMuteConfigName: "",
+        };
+        console.log('my data %j', data);
+    });
+
+    after(async () => {
+        const client = new SecurityCenterClient();
+
+        const name = `organizations/${organizationId}/locations/${location}/muteConfigs/${data.muteConfigId}`;
+        await client.deleteMuteConfig({name: name}).catch(error => console.error(error));
+    });
+
+    it('client can create mute rule V2', () => {
+        const output = exec(`node v2/createMuteRule.js ${data.orgId}`);
+        assert.match(output, new RegExp(data.orgId));
+        assert.match(output, /New mute rule config created/);
+        assert.notMatch(output, /undefined/);
+    });
+
+    it('client can list all mute rules V2', () => {
+        const output = exec(`node v2/listAllMuteRules.js ${data.orgId}`);
+        assert.match(output, new RegExp(data.orgId));
+        assert.match(output, new RegExp(data.untouchedMuteConfigName));
+        assert.notMatch(output, /undefined/);
+    });
+
+    it('client can get a mute rule V2', () => {
+        const output = exec(`node v2/getMuteRule.js ${data.orgId} ${data.muteConfigId}`);
+        assert.match(output, new RegExp(data.muteConfigName));
+        assert.match(output, /Get mute rule config/);
+        assert.notMatch(output, /undefined/);
+    });
+
+    it('client can update a mute rule V2', () => {
+        const output = exec(`node v2/updateMuteRule.js ${data.orgId} ${data.muteConfigId}`);
+        assert.match(output, /Update mute rule config/);
+        assert.notMatch(output, /undefined/);
+    });
+
+    it('client can delete a mute rule V2', () => {
+        const output = exec(`node v2/deleteMuteRule.js ${data.orgId} ${data.muteConfigId}`);
+        assert.match(output, /Delete mute rule config/);
+        assert.notMatch(output, /undefined/);
+    });
+
+});

security-center/snippets/v2/bulkMuteFindings.js

@@ -0,0 +1,67 @@
+/*
+ * Copyright 2024 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+'use strict';
+
+/**
+ *   Kicks off a long-running operation (LRO) to bulk mute findings for a parent based on a filter.
+ *   The parent can be either an organization, folder, or project. The findings
+ *   matched by the filter will be muted after the LRO is done.
+ */
+function main(organizationId, projectId, location = 'global') {
+  // [START securitycenter_bulk_mute_v2]
+  // Imports the Google Cloud client library.
+  const { SecurityCenterClient } = require('@google-cloud/security-center').v2;
+
+  // Create a Security Center client
+  const client = new SecurityCenterClient();
+
+   /**
+   *  Required. The parent, at which bulk action needs to be applied. If no
+   *  location is specified, findings are updated in global. The following list
+   *  shows some examples:
+   *  `organizations/[organization_id]`
+   *  `organizations/[organization_id]/locations/[location_id]`
+   *  `folders/[folder_id]`
+   *  `folders/[folder_id]/locations/[location_id]`
+   *  `projects/[project_id]`
+   *  `projects/[project_id]/locations/[location_id]`
+   */
+  const parent = `organizations/${organizationId}/locations/${location}`;
+
+  // muteRule: Expression that identifies findings that should be muted.
+  // Can also refer to an organization/ folder.
+  // eg: "resource.project_display_name=\"PROJECT_ID\""
+  const filter = `resource.project_display_name="${projectId}"`;
+
+  // Build the request.
+  const bulkMuteFindingRequest = {
+    parent,
+    filter
+  };
+
+  async function callBulkMuteFindings() {
+
+    // Call the API.
+    const [operation] = await client.bulkMuteFindings(bulkMuteFindingRequest);
+    const [response] = await operation.promise();
+    console.log('Bulk mute findings completed successfully: %j', response);
+  }
+  
+  callBulkMuteFindings();
+  // [END securitycenter_bulk_mute_v2]
+}
+
+main(...process.argv.slice(2));

security-center/snippets/v2/createFinding.js

@@ -82,5 +82,4 @@ function main(organizationId, sourceId, location = 'global', category = 'LOW_RIS
   // [END securitycenter_create_finding_v2]
 }
 
-main(...process.argv.slice(2));
-
+main(...process.argv.slice(2));

security-center/snippets/v2/createMuteRule.js

@@ -0,0 +1,77 @@
+/*
+ * Copyright 2024 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+'use strict';
+
+/**
+ * Creates a mute configuration in a project under a given location.
+ */
+function main(organizationId, location = 'global') {
+  // [START securitycenter_create_mute_config_v2]
+  // Imports the Google Cloud client library.
+  const { SecurityCenterClient } = require('@google-cloud/security-center').v2;
+  const uuidv1 = require('uuid').v1;
+
+  // Create a Security Center client
+  const client = new SecurityCenterClient();
+
+  /**
+   *  Required. Resource name of the new mute configs's parent. Its format is
+   *  "organizations/[organization_id]/locations/[location_id]",
+   *  "folders/[folder_id]/locations/[location_id]", or
+   *  "projects/[project_id]/locations/[location_id]".
+   */
+  const parent = `organizations/${organizationId}/locations/${location}`;
+
+  /**
+   *  Required. Unique identifier provided by the client within the parent scope.
+   *  It must consist of only lowercase letters, numbers, and hyphens, must start
+   *  with a letter, must end with either a letter or a number, and must be 63
+   *  characters or less.
+   */
+  const muteConfigId = 'muteid-'+uuidv1().replace(/-/g, '').substring(0, 20);
+
+  const name = `${parent}/muteConfigs/${muteConfigId}`;
+
+  // Build the muteRuleConfig object.
+  const muteConfig = {
+    name:name,
+    description: "Mute low-medium IAM grants excluding 'compute' resources",
+    filter:
+      "severity=\"LOW\" OR severity=\"MEDIUM\" AND " +
+      "category=\"Persistence: IAM Anomalous Grant\" AND " +
+      "-resource.type:\"compute\"",
+    type: "STATIC",
+  };
+
+  // Build the create mute rule request.
+  const createMuteRuleRequest = {
+    parent,
+    muteConfig,
+    muteConfigId,
+  };
+
+  async function createMuteRuleConfig() {
+
+    // Call the API.
+    const [muteConfig] = await client.createMuteConfig(createMuteRuleRequest);
+    console.log('New mute rule config created: %j', muteConfig);
+  }
+  
+  createMuteRuleConfig();
+  // [END securitycenter_create_mute_config_v2]
+}
+
+main(...process.argv.slice(2));

security-center/snippets/v2/createSource.js

@@ -54,7 +54,7 @@ function main(organizationId) {
   }
 
   createSource();
-  // [END securitycenter_create_source]
+  // [END securitycenter_create_source_v2]
 }
 
-main(...process.argv.slice(2));
+main(...process.argv.slice(2));