Merge pull request #285 from iriusrisk/feature/OPT-934

smaneroiriusrisk · web-flow · commit d0db759ba8c5 · 2023-08-21T14:13:36.000+02:00
[feature/OPT-934] to [feature/OPT-792]
diff --git a/startleft/startleft/cli/cli.py b/startleft/startleft/cli/cli.py
@@ -78,7 +78,8 @@ def cli(log_level, verbose):
     configure_logging(verbose, log_level)
 
 
-def parse_iac(iac_type, mapping_file, output_file, project_name, project_id, iac_files):
+def parse_iac(iac_type, default_mapping_file, custom_mapping_file, output_file, project_name, project_id,
+              iac_files):
     """
     Parses IaC source files into Open Threat Model
     """
@@ -87,10 +88,13 @@ def parse_iac(iac_type, mapping_file, output_file, project_name, project_id, iac
     for iac_file in iac_files:
         iac_data.append(get_byte_data(iac_file))
 
-    mapping_data = [get_byte_data(mapping_file)]
+    mapping_data_list = [get_byte_data(default_mapping_file)]
+
+    if custom_mapping_file:
+        mapping_data_list.append(get_byte_data(custom_mapping_file))
 
     processor = provider_resolver.get_processor(IacType(iac_type.upper()), project_id, project_name, iac_data,
-                                                mapping_data)
+                                                mapping_data_list)
     otm = processor.process()
 
     get_otm_as_file(otm, output_file)
@@ -141,45 +145,38 @@ def parse_etm(etm_type, default_mapping_file, custom_mapping_file, output_file,
               help=IAC_TYPE_DESC,
               cls=Exclusion,
               mandatory=True,
-              mutually_exclusion=['diagram_type', 'etm_type', 'default_mapping_file', 'custom_mapping_file'])
+              mutually_exclusion=['diagram_type', 'etm_type'])
 @click.option(DIAGRAM_TYPE_NAME, DIAGRAM_TYPE_SHORTNAME,
               type=click.Choice(DIAGRAM_TYPE_SUPPORTED, case_sensitive=False),
               help=DIAGRAM_TYPE_DESC,
               cls=Exclusion,
               mandatory=True,
-              mutually_exclusion=['iac_type', 'etm_type', 'mapping_file'])
+              mutually_exclusion=['iac_type', 'etm_type'])
 @click.option(ETM_TYPE_NAME, ETM_TYPE_SHORTNAME,
               type=click.Choice(ETM_TYPE_SUPPORTED, case_sensitive=False),
               help=ETM_TYPE_DESC,
               cls=Exclusion,
               mandatory=True,
-              mutually_exclusion=['diagram_type', 'iac_type', 'mapping_file'])
-@click.option(MAPPING_FILE_NAME, MAPPING_FILE_SHORTNAME,
-              help=MAPPING_FILE_DESC,
-              cls=Exclusion,
-              mandatory=True,
-              mutually_exclusion=['default_mapping_file', 'custom_mapping_file', 'diagram_type', 'etm_type'])
+              mutually_exclusion=['diagram_type', 'iac_type'])
 @click.option(DEFAULT_MAPPING_FILE_NAME, DEFAULT_MAPPING_FILE_SHORTNAME,
               help=DEFAULT_MAPPING_FILE_DESC,
               cls=Exclusion,
-              mandatory=True,
-              mutually_exclusion=['mapping_file', 'iac_type'])
+              required=True)
 @click.option(CUSTOM_MAPPING_FILE_NAME, CUSTOM_MAPPING_FILE_SHORTNAME,
               help=CUSTOM_MAPPING_FILE_DESC,
-              cls=Exclusion,
-              mutually_exclusion=['mapping_file', 'iac_type'])
+              cls=Exclusion)
 @click.option(OUTPUT_FILE_NAME, OUTPUT_FILE_SHORTNAME, default=OUTPUT_FILE, help=OUTPUT_FILE_DESC)
 @click.option(PROJECT_NAME_NAME, PROJECT_NAME_SHORTNAME, required=True, help=PROJECT_NAME_DESC)
 @click.option(PROJECT_ID_NAME, PROJECT_ID_SHORTNAME, required=True, help=PROJECT_ID_DESC)
 @click.argument(SOURCE_FILE_NAME, required=True, nargs=-1)
-def parse_any(iac_type, diagram_type, etm_type, mapping_file, default_mapping_file, custom_mapping_file,
+def parse_any(iac_type, diagram_type, etm_type, default_mapping_file, custom_mapping_file,
               output_file, project_name, project_id, source_file):
     """
     Parses source files into Open Threat Model
     """
     logger.info("Parsing source files into OTM")
     if iac_type is not None:
-        parse_iac(iac_type, mapping_file, output_file, project_name, project_id, source_file)
+        parse_iac(iac_type, default_mapping_file, custom_mapping_file, output_file, project_name, project_id, source_file)
     elif diagram_type is not None:
         parse_diagram(diagram_type, default_mapping_file, custom_mapping_file, output_file, project_name,
                       project_id, source_file)
diff --git a/startleft/startleft/messages.py b/startleft/startleft/messages.py
@@ -41,10 +41,6 @@
 ETM_MAPPING_FILE_NAME = '--etm-mapping-file'
 ETM_MAPPING_FILE_DESC = 'External Threat Model mapping file to validate.'
 
-MAPPING_FILE_NAME = '--mapping-file'
-MAPPING_FILE_SHORTNAME = '-m'
-MAPPING_FILE_DESC = 'Mapping file to parse the IaC file.'
-
 DEFAULT_MAPPING_FILE_NAME = '--default-mapping-file'
 DEFAULT_MAPPING_FILE_SHORTNAME = '-d'
 DEFAULT_MAPPING_FILE_DESC = 'Default mapping file to parse the diagram file.'
diff --git a/startleft/tests/unit/cli/parse/diagram/test_unit_cli_parse_diagram.py b/startleft/tests/unit/cli/parse/diagram/test_unit_cli_parse_diagram.py
@@ -81,5 +81,5 @@ def test_parse_diagram_mutually_exclusion_error(self):
             assert result.exit_code == 2
 
             assert result.stdout.__contains__("Error: Invalid arguments: diagram_type is incompatible with:")
-            assert result.stdout.__contains__("mapping_file")
+            assert result.stdout.__contains__("etm_type")
             assert result.stdout.__contains__("iac_type")
diff --git a/startleft/tests/unit/cli/parse/diagram/test_unit_cli_parse_lucid.py b/startleft/tests/unit/cli/parse/diagram/test_unit_cli_parse_lucid.py
@@ -92,7 +92,6 @@ def test_lucid_parse_successful_with_custom_mapping_file(self, mock, caplog, inp
             mock.assert_called_once()
 
     @mark.parametrize('processor_type_option, processor_type_name, mapping_file_option, mapping_file', [
-        ('', '', '--mapping-file', TESTING_LUCID_DEFAULT_VALID_MAPPING_FILENAME),
         ('--iac-type', 'TERRAFORM', '', '')
     ])
     def test_lucid_parse_incompatible_parameters_error(self, processor_type_option, processor_type_name,
@@ -127,5 +126,5 @@ def test_lucid_parse_incompatible_parameters_error(self, processor_type_option,
             assert result.exit_code == 2
 
             assert result.stdout.__contains__("Error: Invalid arguments: diagram_type is incompatible with:")
-            assert result.stdout.__contains__("mapping_file")
+            assert result.stdout.__contains__("etm_type")
             assert result.stdout.__contains__("iac_type")
diff --git a/startleft/tests/unit/cli/parse/etm/test_unit_cli_parse_etm.py b/startleft/tests/unit/cli/parse/etm/test_unit_cli_parse_etm.py
@@ -89,7 +89,6 @@ def test_etm_parse_successful_with_custom_mapping_file(self, mock, caplog):
             mock.assert_called_once()
 
     @mark.parametrize('processor_type_option, processor_type_name, mapping_file_option, mapping_file', [
-        ('', '', '--mapping-file', TESTING_MTMT_DEFAULT_VALID_MAPPING_FILENAME),
         ('--diagram-type', 'VISIO', '', ''),
         ('--iac-type', 'TERRAFORM', '', ''),
     ])
@@ -126,7 +125,6 @@ def test_etm_parse_incompatible_parameters_error(self, processor_type_option, pr
             assert result.exit_code == 2
 
             assert result.stdout.__contains__("Error: Invalid arguments: etm_type is incompatible with:")
-            assert result.stdout.__contains__("mapping_file")
             assert result.stdout.__contains__("iac_type")
             assert result.stdout.__contains__("diagram_type")
 
diff --git a/startleft/tests/unit/cli/parse/iac/test_unit_cli_iac_error_codes.py b/startleft/tests/unit/cli/parse/iac/test_unit_cli_iac_error_codes.py
@@ -31,7 +31,7 @@ def test_loadingiacfilerror_code(self, mock_load_source_data):
                 # a valid IaC type
                 '--iac-type', TESTING_IAC_TYPE,
                 #   and a valid mapping file
-                '--mapping-file', TESTING_IAC_FILE,
+                '--default-mapping-file', TESTING_IAC_FILE,
                 #   and a valid project name
                 '--project-name', "project-name",
                 #   and a valid project id
@@ -62,7 +62,7 @@ def test_iacfilenotvaliderror_code(self, mock_load_source_data):
                 # a valid IaC type
                 '--iac-type', TESTING_IAC_TYPE,
                 #   and a valid mapping file
-                '--mapping-file', TESTING_IAC_FILE,
+                '--default-mapping-file', TESTING_IAC_FILE,
                 #   and a valid project name
                 '--project-name', "project-name",
                 #   and a valid project id
@@ -93,7 +93,7 @@ def test_loadingmappingfileerror_code(self, mock_load_source_data):
                 # a valid IaC type
                 '--iac-type', TESTING_IAC_TYPE,
                 #   and a valid mapping file
-                '--mapping-file', TESTING_IAC_FILE,
+                '--default-mapping-file', TESTING_IAC_FILE,
                 #   and a valid project name
                 '--project-name', "project-name",
                 #   and a valid project id
@@ -124,7 +124,7 @@ def test_otmbuildingerror_code(self, mock_load_source_data):
                 # a valid IaC type
                 '--iac-type', TESTING_IAC_TYPE,
                 #   and a valid mapping file
-                '--mapping-file', TESTING_IAC_FILE,
+                '--default-mapping-file', TESTING_IAC_FILE,
                 #   and a valid project name
                 '--project-name', "project-name",
                 #   and a valid project id
@@ -156,7 +156,7 @@ def test_otmgenerationerror_code(self, mock_load_source_data):
                 # a valid IaC type
                 '--iac-type', TESTING_IAC_TYPE,
                 #   and a valid mapping file
-                '--mapping-file', TESTING_IAC_FILE,
+                '--default-mapping-file', TESTING_IAC_FILE,
                 #   and a valid project name
                 '--project-name', "project-name",
                 #   and a valid project id
diff --git a/startleft/tests/unit/cli/parse/iac/test_unit_cli_parse_iac.py b/startleft/tests/unit/cli/parse/iac/test_unit_cli_parse_iac.py
@@ -30,7 +30,7 @@ def test_parse_cloudformation_file_ok(self, mock, caplog):
                 # a valid IaC type
                 '--iac-type', TESTING_IAC_TYPE,
                 #   and a valid mapping file
-                '--mapping-file', TESTING_MAPPING_FILE,
+                '--default-mapping-file', TESTING_MAPPING_FILE,
                 #   and a valid project name
                 '--project-name', "project-name",
                 #   and a valid project id
@@ -63,7 +63,7 @@ def test_parse_cloudformation_mutually_exclusion_error(self):
                 # a valid Diagram type
                 '--diagram-type', "VISIO",
                 #   and a valid mapping file
-                '--mapping-file', TESTING_MAPPING_FILE,
+                '--default-mapping-file', TESTING_MAPPING_FILE,
                 #   and a valid project name
                 '--project-name', "project-name",
                 #   and a valid project id
@@ -80,6 +80,5 @@ def test_parse_cloudformation_mutually_exclusion_error(self):
             assert result.exit_code == 2
 
             assert result.stdout.__contains__("Error: Invalid arguments: iac_type is incompatible with:")
-            assert result.stdout.__contains__("default_mapping_file")
-            assert result.stdout.__contains__("custom_mapping_file")
+            assert result.stdout.__contains__("etm_type")
             assert result.stdout.__contains__("diagram_type")
diff --git a/tests/integration/cli/parse/iac/cloudformation/test_cli_parse_iac_cloudformation.py b/tests/integration/cli/parse/iac/cloudformation/test_cli_parse_iac_cloudformation.py
@@ -38,7 +38,7 @@ def test_parse_cloudformation_file_ok(self):
                 # a valid IaC type
                 '--iac-type', "CLOUDFORMATION",
                 #   and a valid mapping file
-                '--mapping-file', CLOUDFORMATION_MAPPING,
+                '--default-mapping-file', CLOUDFORMATION_MAPPING,
                 #   and a valid project name
                 '--project-name', "project-name",
                 #   and a valid project id
@@ -71,7 +71,7 @@ def test_parse_cloudformation_unknown_resources(self):
                 # a valid IaC type
                 '--iac-type', "CLOUDFORMATION",
                 #   and a valid mapping file
-                '--mapping-file', CLOUDFORMATION_MAPPING,
+                '--default-mapping-file', CLOUDFORMATION_MAPPING,
                 #   and a valid project name
                 '--project-name', "project-name",
                 #   and a valid project id
@@ -105,7 +105,7 @@ def test_parse_cloudformation_invalid_file(self, filename):
                 # a valid IaC type
                 '--iac-type', "CLOUDFORMATION",
                 #   and a valid mapping file
-                '--mapping-file', CLOUDFORMATION_MAPPING,
+                '--default-mapping-file', CLOUDFORMATION_MAPPING,
                 #   and a valid project name
                 '--project-name', "project-name",
                 #   and a valid project id
@@ -135,7 +135,7 @@ def test_parse_cloudformation_invalid_mapping_file(self, mapping_file):
                 # a valid IaC type
                 '--iac-type', "CLOUDFORMATION",
                 #   and a valid mapping file
-                '--mapping-file', mapping_file,
+                '--default-mapping-file', mapping_file,
                 #   and a valid project name
                 '--project-name', "project-name",
                 #   and a valid project id
diff --git a/tests/integration/cli/parse/iac/terraform/test_cli_parse_iac_terraform.py b/tests/integration/cli/parse/iac/terraform/test_cli_parse_iac_terraform.py
@@ -38,7 +38,7 @@ def test_parse_terraform_file_ok(self):
                 # a valid IaC type
                 '--iac-type', "TERRAFORM",
                 #   and a valid mapping terraform file
-                '--mapping-file', TERRAFORM_VALID_MAPPING_FILENAME,
+                '--default-mapping-file', TERRAFORM_VALID_MAPPING_FILENAME,
                 #   and a valid project name
                 '--project-name', "test_parse_terraform_file_ok",
                 #   and a valid project id
@@ -71,7 +71,7 @@ def test_parse_terraform_unknown_resources(self):
                 # a valid IaC type
                 '--iac-type', "TERRAFORM",
                 #   and a valid mapping terraform file
-                '--mapping-file', TERRAFORM_VALID_MAPPING_FILENAME,
+                '--default-mapping-file', TERRAFORM_VALID_MAPPING_FILENAME,
                 #   and a valid project name
                 '--project-name', "project-name",
                 #   and a valid project id
@@ -104,7 +104,7 @@ def test_parse_terraform_unknown_module(self):
                 # a valid IaC type
                 '--iac-type', "TERRAFORM",
                 #   and a valid mapping terraform file
-                '--mapping-file', TERRAFORM_VALID_MAPPING_FILENAME,
+                '--default-mapping-file', TERRAFORM_VALID_MAPPING_FILENAME,
                 #   and a valid project name
                 '--project-name', "project-name",
                 #   and a valid project id
@@ -138,7 +138,7 @@ def test_parse_terraform_invalid_file(self, filename):
                 # a valid IaC type
                 '--iac-type', "TERRAFORM",
                 #   and a valid mapping terraform file
-                '--mapping-file', TERRAFORM_VALID_MAPPING_FILENAME,
+                '--default-mapping-file', TERRAFORM_VALID_MAPPING_FILENAME,
                 #   and a valid project name
                 '--project-name', "project-name",
                 #   and a valid project id
@@ -168,7 +168,7 @@ def test_parse_terraform_invalid_mapping_file(self, mapping_file):
                 # a valid IaC type
                 '--iac-type', "TERRAFORM",
                 #   and a valid mapping terraform file
-                '--mapping-file', mapping_file,
+                '--default-mapping-file', mapping_file,
                 #   and a valid project name
                 '--project-name', "project-name",
                 #   and a valid project id
