feat(api): Vulnerability Exceptions v2 Service

Signed-off-by: Darren Murray <[email protected]>
lacework · Jan 7, 2022 · 1587a1f · 1587a1f
1 parent 7f05f44
commit 1587a1f
Show file tree

Hide file tree

Showing 8 changed files with 1,164 additions and 21 deletions.
diff --git a/api/_examples/vulnerability-exceptions/main.go b/api/_examples/vulnerability-exceptions/main.go
@@ -0,0 +1,72 @@
+package main
+
+import (
+	"fmt"
+	"log"
+	"os"
+	"time"
+
+	"github.com/lacework/go-sdk/api"
+)
+
+func main() {
+	lacework, err := api.NewClient(os.Getenv("LW_ACCOUNT"),
+		api.WithSubaccount(os.Getenv("LW_SUBACCOUNT")),
+		api.WithApiKeys(os.Getenv("LW_API_KEY"), os.Getenv("LW_API_SECRET")),
+		api.WithApiV2(),
+	)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	res, err := lacework.V2.VulnerabilityExceptions.List()
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	for _, exception := range res.Data {
+		support := "Unsupported"
+		switch exception.ExceptionType {
+		case api.VulnerabilityExceptionTypeHost.String():
+			support = "Supported"
+		case api.VulnerabilityExceptionTypeContainer.String():
+			support = "Supported"
+		}
+
+		// Output: GUID:VULN_EXCEPTION_TYPE:[Supported|Unsupported]
+		fmt.Printf("%s:%s:%s\n", exception.Guid, exception.ExceptionType, support)
+	}
+
+	exception := api.VulnerabilityExceptionConfig{
+		Type:            api.VulnerabilityExceptionTypeHost,
+		Description:     "This is a vuln exception",
+		ExceptionReason: api.VulnerabilityExceptionReasonCompensatingControls,
+		Severities:      api.VulnerabilityExceptionSeverities{api.VulnerabilityExceptionSeverityCritical},
+		Fixable:         true,
+		Package:         []api.VulnerabilityExceptionPackage{{Name: "PackageOne", Version: "1.0.0"}},
+		ResourceScope: api.VulnerabilityExceptionContainerResourceScope{
+			ImageTag: []string{"MyImage"},
+		},
+		ExpiryTime: time.Now().AddDate(0, 1, 0),
+	}
+
+	myVulnException := api.NewVulnerabilityException("MyVulnException",
+		exception,
+	)
+
+	response, err := lacework.V2.VulnerabilityExceptions.Create(myVulnException)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	// Output: Vulnerability Exception created: GUID
+	fmt.Printf("Vulnerability Exception created: %s", response.Data.Guid)
+
+	err = lacework.V2.VulnerabilityExceptions.Delete(response.Data.Guid)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	// Output: Vulnerability Exception deleted: GUID
+	fmt.Printf("Vulnerability Exception deleted: %s", response.Data.Guid)
+}
diff --git a/api/api.go b/api/api.go
@@ -116,6 +116,9 @@ const (
 	apiV2TeamMembers         = "v2/TeamMembers"
 	apiV2TeamMembersFromGUID = "v2/TeamMembers/%s"
 	apiV2TeamMembersSearch   = "v2/TeamMembers/search"
+
+	apiV2VulnerabilityExceptions        = "v2/VulnerabilityExceptions"
+	apiV2VulnerabilityExceptionFromGUID = "v2/VulnerabilityExceptions/%s"
 )
 
 // WithApiV2 configures the client to use the API version 2 (/api/v2)

diff --git a/api/schemas.go b/api/schemas.go
@@ -33,8 +33,9 @@ const (
 	ContainerRegistries
 	CloudAccounts
 	ResourceGroups
-	TeamMembers
 	ReportRules
+	TeamMembers
+	VulnerabilityExceptions
 )
 
 func (svc *SchemasService) GetService(schemaName integrationSchema) V2Service {

diff --git a/api/v2.go b/api/v2.go
@@ -24,19 +24,20 @@ type V2Endpoints struct {
 	client *Client
 
 	// Every schema must have its own service
-	UserProfile         *UserProfileService
-	AlertChannels       *AlertChannelsService
-	AlertRules          *AlertRulesService
-	ReportRules         *ReportRulesService
-	CloudAccounts       *CloudAccountsService
-	ContainerRegistries *ContainerRegistriesService
-	ResourceGroups      *ResourceGroupsService
-	AgentAccessTokens   *AgentAccessTokensService
-	Query               *QueryService
-	Policy              *PolicyService
-	Schemas             *SchemasService
-	Datasources         *DatasourcesService
-	TeamMembers         *TeamMembersService
+	UserProfile             *UserProfileService
+	AlertChannels           *AlertChannelsService
+	AlertRules              *AlertRulesService
+	ReportRules             *ReportRulesService
+	CloudAccounts           *CloudAccountsService
+	ContainerRegistries     *ContainerRegistriesService
+	ResourceGroups          *ResourceGroupsService
+	AgentAccessTokens       *AgentAccessTokensService
+	Query                   *QueryService
+	Policy                  *PolicyService
+	Schemas                 *SchemasService
+	Datasources             *DatasourcesService
+	TeamMembers             *TeamMembersService
+	VulnerabilityExceptions *VulnerabilityExceptionsService
 }
 
 func NewV2Endpoints(c *Client) *V2Endpoints {
@@ -54,16 +55,18 @@ func NewV2Endpoints(c *Client) *V2Endpoints {
 		&SchemasService{c, map[integrationSchema]V2Service{}},
 		&DatasourcesService{c},
 		&TeamMembersService{c},
+		&VulnerabilityExceptionsService{c},
 	}
 
 	v2.Schemas.Services = map[integrationSchema]V2Service{
-		AlertChannels:       &AlertChannelsService{c},
-		AlertRules:          &AlertRulesService{c},
-		CloudAccounts:       &CloudAccountsService{c},
-		ContainerRegistries: &ContainerRegistriesService{c},
-		ResourceGroups:      &ResourceGroupsService{c},
-		TeamMembers:         &TeamMembersService{c},
-		ReportRules:         &ReportRulesService{c},
+		AlertChannels:           &AlertChannelsService{c},
+		AlertRules:              &AlertRulesService{c},
+		CloudAccounts:           &CloudAccountsService{c},
+		ContainerRegistries:     &ContainerRegistriesService{c},
+		ResourceGroups:          &ResourceGroupsService{c},
+		TeamMembers:             &TeamMembersService{c},
+		ReportRules:             &ReportRulesService{c},
+		VulnerabilityExceptions: &VulnerabilityExceptionsService{c},
 	}
 	return v2
 }