improve SH report deletion handling

Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de>

pkg/target/factory/factory.go

@@ -187,7 +187,7 @@ func (f *TargetFactory) CreateLokiTarget(config, parent *target.Config[target.Lo
 				ReportFilter:          createReportFilter(config.Filter),
 			},
 			Host:         config.Config.Host + config.Config.Path,
-			CustomLabels: config.CustomFields,
+			CustomFields: config.CustomFields,
 			Username:     config.Config.Username,
 			Password:     config.Config.Password,
 			HTTPClient:   http.NewClient(config.Config.Certificate, config.Config.SkipTLS),

pkg/target/factory/factory_test.go

@@ -750,12 +750,12 @@ func Test_CustomFields(t *testing.T) {
 		t.Fatalf("expected 12 client created, got %d", len(clients.Clients()))
 	}
 
-	t.Run("Get CustomLabels from Loki", func(t *testing.T) {
+	t.Run("Get CustomFields from Loki", func(t *testing.T) {
 		client := reflect.ValueOf(clients.Client("Loki")).Elem()
 
-		customFields := client.FieldByName("customLabels").MapKeys()
+		customFields := client.FieldByName("customFields").MapKeys()
 		if customFields[0].String() != "field" {
-			t.Errorf("Expected customLabels are added")
+			t.Errorf("Expected customFields are added")
 		}
 	})
 

pkg/target/loki/loki.go

@@ -15,7 +15,7 @@ import (
 type Options struct {
 	target.ClientOptions
 	Host         string
-	CustomLabels map[string]string
+	CustomFields map[string]string
 	Headers      map[string]string
 	HTTPClient   http.Client
 	Username     string
@@ -36,7 +36,7 @@ type entry struct {
 	Line string `json:"line"`
 }
 
-func newLokiStream(result v1alpha2.PolicyReportResult, customLabels map[string]string) stream {
+func newLokiStream(result v1alpha2.PolicyReportResult, customFields map[string]string) stream {
 	timestamp := time.Now()
 	if result.Timestamp.Seconds != 0 {
 		timestamp = time.Unix(result.Timestamp.Seconds, int64(result.Timestamp.Nanos))
@@ -82,7 +82,7 @@ func newLokiStream(result v1alpha2.PolicyReportResult, customLabels map[string]s
 		labels = append(labels, strings.ReplaceAll(property, ".", "_")+"=\""+strings.ReplaceAll(value, "\"", "")+"\"")
 	}
 
-	for label, value := range customLabels {
+	for label, value := range customFields {
 		labels = append(labels, strings.ReplaceAll(label, ".", "_")+"=\""+strings.ReplaceAll(value, "\"", "")+"\"")
 	}
 
@@ -95,7 +95,7 @@ type client struct {
 	target.BaseClient
 	host         string
 	client       http.Client
-	customLabels map[string]string
+	customFields map[string]string
 	headers      map[string]string
 	username     string
 	password     string
@@ -104,14 +104,14 @@ type client struct {
 func (l *client) Send(result v1alpha2.PolicyReportResult) {
 	l.send(payload{
 		Streams: []stream{
-			newLokiStream(result, l.customLabels),
+			newLokiStream(result, l.customFields),
 		},
 	})
 }
 
 func (l *client) BatchSend(_ v1alpha2.ReportInterface, results []v1alpha2.PolicyReportResult) {
 	l.send(payload{Streams: helper.Map(results, func(result v1alpha2.PolicyReportResult) stream {
-		return newLokiStream(result, l.customLabels)
+		return newLokiStream(result, l.customFields)
 	})})
 }
 
@@ -146,7 +146,7 @@ func NewClient(options Options) target.Client {
 		target.NewBaseClient(options.ClientOptions),
 		options.Host,
 		options.HTTPClient,
-		options.CustomLabels,
+		options.CustomFields,
 		options.Headers,
 		options.Username,
 		options.Password,

pkg/target/loki/loki_test.go

@@ -97,7 +97,7 @@ func Test_LokiTarget(t *testing.T) {
 				Name: "Loki",
 			},
 			Host:         "http://localhost:3100/api/prom/push",
-			CustomLabels: map[string]string{"custom": "label"},
+			CustomFields: map[string]string{"custom": "label"},
 			HTTPClient:   testClient{callback, 200},
 			Username:     "username",
 			Password:     "password",
@@ -162,7 +162,7 @@ func Test_LokiTarget(t *testing.T) {
 				Name: "Loki",
 			},
 			Host:         "http://localhost:3100/api/prom/push",
-			CustomLabels: map[string]string{"custom": "label"},
+			CustomFields: map[string]string{"custom": "label"},
 			HTTPClient:   testClient{callback, 200},
 		})
 		client.Send(fixtures.MinimalTargetSendResult)
@@ -173,7 +173,7 @@ func Test_LokiTarget(t *testing.T) {
 				Name: "Loki",
 			},
 			Host:         "http://localhost:3100/api/prom/push",
-			CustomLabels: map[string]string{"custom": "label"},
+			CustomFields: map[string]string{"custom": "label"},
 			HTTPClient:   testClient{},
 		})
 

pkg/target/securityhub/securityhub.go

@@ -137,7 +137,7 @@ func (c *client) BatchSend(polr v1alpha2.ReportInterface, results []v1alpha2.Pol
 		return
 	}
 
-	list, err := c.getFindingsByIDs(context.Background(), polr.GetSource(), toResourceIDFilter(polr, results), "")
+	list, err := c.getFindingsByIDs(context.Background(), polr, toResourceIDFilter(polr, results), "")
 	if err != nil {
 		zap.L().Error(c.Name()+": failed to get findings", zap.Error(err))
 		return
@@ -191,7 +191,7 @@ func (c *client) Sync(ctx context.Context) error {
 	}
 	defer zap.L().Info(c.Name() + ": START SYNC")
 
-	list, err := c.getFindings(ctx, "")
+	list, err := c.getFindings(ctx)
 	if err != nil {
 		zap.L().Error(c.Name()+": failed to get findings", zap.Error(err))
 		return err
@@ -234,11 +234,8 @@ func (c *client) CleanUp(ctx context.Context, report v1alpha2.ReportInterface) {
 	}
 
 	resourceIds := toResourceIDFilter(report, report.GetResults())
-	if len(resourceIds) == 0 {
-		return
-	}
 
-	findings, err := c.getFindingsByIDs(ctx, report.GetSource(), resourceIds, "")
+	findings, err := c.getFindingsByIDs(ctx, report, resourceIds, "")
 	if err != nil {
 		zap.L().Error(c.Name()+": failed to get findings", zap.Error(err))
 		return
@@ -326,15 +323,15 @@ func (c *client) mapOtherDetails(polr v1alpha2.ReportInterface, result v1alpha2.
 	return details
 }
 
-func (c *client) getFindings(ctx context.Context, source string) ([]types.AwsSecurityFinding, error) {
+func (c *client) getFindings(ctx context.Context) ([]types.AwsSecurityFinding, error) {
 	list := make([]types.AwsSecurityFinding, 0)
 
 	var token *string
 
 	for {
 		resp, err := c.hub.GetFindings(ctx, &hub.GetFindingsInput{
 			NextToken: token,
-			Filters:   c.BaseFilter(source),
+			Filters:   c.BaseFilter(nil),
 		})
 		if err != nil {
 			return nil, err
@@ -378,17 +375,16 @@ func (c *client) batchUpdate(ctx context.Context, findings []types.AwsSecurityFi
 	return updated, nil
 }
 
-func (c *client) getFindingsByIDs(ctx context.Context, source string, resources []types.StringFilter, status string) ([]types.AwsSecurityFinding, error) {
+func (c *client) getFindingsByIDs(ctx context.Context, report v1alpha2.ReportInterface, resources []types.StringFilter, status string) ([]types.AwsSecurityFinding, error) {
 	list := make([]types.AwsSecurityFinding, 0)
-	if len(resources) == 0 {
-		return list, nil
-	}
 
 	chunks := helper.ChunkSlice(resources, 20)
 
 	for _, res := range chunks {
-		filter := c.BaseFilter(source)
-		filter.ResourceId = res
+		filter := c.BaseFilter(report)
+		if len(res) > 0 {
+			filter.ResourceId = res
+		}
 
 		if status != "" {
 			filter.WorkflowStatus = []types.StringFilter{
@@ -426,8 +422,13 @@ func (c *client) getFindingsByIDs(ctx context.Context, source string, resources
 	return list, nil
 }
 
-func (c *client) BaseFilter(source string) *types.AwsSecurityFindingFilters {
-	return &types.AwsSecurityFindingFilters{
+func (c *client) BaseFilter(report v1alpha2.ReportInterface) *types.AwsSecurityFindingFilters {
+	source := ""
+	if report != nil {
+		source = report.GetSource()
+	}
+
+	filter := &types.AwsSecurityFindingFilters{
 		ProductArn: []types.StringFilter{
 			{
 				Comparison: types.StringFilterComparisonEquals,
@@ -465,6 +466,18 @@ func (c *client) BaseFilter(source string) *types.AwsSecurityFindingFilters {
 			},
 		},
 	}
+
+	if report != nil {
+		filter.ResourceDetailsOther = []types.MapFilter{
+			{
+				Comparison: types.MapFilterComparisonEquals,
+				Key:        toPointer("Report"),
+				Value:      toPointer(report.GetKey()),
+			},
+		}
+	}
+
+	return filter
 }
 
 func (c *client) Type() target.ClientType {