fix: change binary plugin to return val policy expr can understand

mitre · Nov 7, 2024 · 39de368 · 39de368
1 parent 83d05c0
commit 39de368
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 9 deletions.
diff --git a/hipcheck/src/policy/config_to_policy.rs b/hipcheck/src/policy/config_to_policy.rs
@@ -173,7 +173,7 @@ fn parse_binary(
 		// Cap the weight at 65,533
 		let weight = binary.weight.try_into().unwrap_or(u16::MAX);
 		let threshold = binary.binary_file_threshold;
-		let expression = format!("(eq {} (count $))", threshold);
+		let expression = format!("(lte $ {})", threshold);
 
 		// Add the plugin
 		let plugin = PolicyPlugin::new(

diff --git a/hipcheck/src/policy/test_example.kdl b/hipcheck/src/policy/test_example.kdl
@@ -19,7 +19,7 @@ analyze {
 
     category "practices" weight=1 {
         analysis "mitre/activity" policy="(lte $ 71)" weight=1
-        analysis "mitre/binary" policy="(eq 0 (count $))" weight=1
+        analysis "mitre/binary" policy="(lte $ 0)" weight=1
         analysis "mitre/fuzz" policy="(eq #t $)" weight=1
         analysis "mitre/identity" policy="(lte $ 0.2)" weight=1
         analysis "mitre/review" policy="(lte $ 0.05)" weight=1

diff --git a/plugins/binary/src/main.rs b/plugins/binary/src/main.rs
@@ -7,7 +7,10 @@ mod fs;
 use crate::binary_detector::{detect_binary_files, BinaryFileDetector};
 
 use clap::Parser;
-use hipcheck_sdk::{prelude::*, types::Target};
+use hipcheck_sdk::{
+	prelude::*,
+	types::{LocalGitRepo, Target},
+};
 use pathbuf::pathbuf;
 use serde::Deserialize;
 
@@ -46,19 +49,25 @@ impl TryFrom<RawConfig> for Config {
 	}
 }
 
-#[query(default)]
-async fn binary(engine: &mut PluginEngine, value: Target) -> Result<Vec<PathBuf>> {
+#[query]
+async fn files(_engine: &mut PluginEngine, value: LocalGitRepo) -> Result<Vec<PathBuf>> {
 	let bfd = DETECTOR.get().ok_or(Error::UnspecifiedQueryState)?;
-	let repo = pathbuf![&value.local.path];
+	let repo = pathbuf![&value.path];
 	let out: Vec<PathBuf> = detect_binary_files(&repo)
 		.map_err(|_| Error::UnspecifiedQueryState)?
 		.into_iter()
 		.filter(|f| bfd.is_likely_binary_file(f))
 		.collect();
-	out.iter().for_each(|f| {
+	Ok(out)
+}
+
+#[query(default)]
+async fn binary(engine: &mut PluginEngine, value: Target) -> Result<usize> {
+	let paths = files(engine, value.local).await?;
+	paths.iter().for_each(|f| {
 		engine.record_concern(format!("Found binary file at '{}'", f.to_string_lossy()))
 	});
-	Ok(out)
+	Ok(paths.len())
 }
 
 #[derive(Clone, Debug, Default)]
@@ -103,7 +112,7 @@ impl Plugin for BinaryPlugin {
 			// If no policy vars, we have no default expr
 			Some(None) => Ok("".to_owned()),
 			// Use policy config vars to construct a default expr
-			Some(Some(policy_conf)) => Ok(format!("(lte (count $) {})", policy_conf)),
+			Some(Some(policy_conf)) => Ok(format!("(lte $ {})", policy_conf)),
 		}
 	}