Merge pull request #3316 from snyk/fix/include-custom-rules-warning

fix: include the custom rules warning if feature flag is not enabled [CFG-1868]
snyk · Jun 13, 2022 · 879e618 · 879e618
2 parents 2603279 + 44e892b
commit 879e618
Show file tree

Hide file tree

Showing 7 changed files with 88 additions and 10 deletions.
diff --git a/src/cli/commands/test/iac/local-execution/rules/rules.ts b/src/cli/commands/test/iac/local-execution/rules/rules.ts
@@ -18,14 +18,19 @@ import { initLocalCache, pull } from '../measurable-methods';
 import { config as userConfig } from '../../../../../../lib/user-config';
 import { CustomError } from '../../../../../../lib/errors';
 import { getErrorStringCode } from '../error-utils';
-import { customRulesMessage } from '../../../../../../lib/formatters/iac-output';
+import {
+  customRulesMessage,
+  customRulesReportMessage,
+} from '../../../../../../lib/formatters/iac-output';
 import { OciRegistry, RemoteOciRegistry } from './oci-registry';
 import { isValidUrl } from '../url-utils';
+import { isFeatureFlagSupportedForOrg } from '../../../../../../lib/feature-flags';
 
 export async function initRules(
   buildOciRegistry: () => OciRegistry,
   iacOrgSettings: IacOrgSettings,
   options: IaCTestFlags,
+  orgPublicId: string,
 ): Promise<RulesOrigin> {
   let customRulesPath: string | undefined;
   let rulesOrigin: RulesOrigin = RulesOrigin.Internal;
@@ -47,7 +52,20 @@ export async function initRules(
     (isOCIRegistryURLProvided || customRulesPath) &&
     !(options.sarif || options.json)
   ) {
-    console.log(`${customRulesMessage}${EOL}`);
+    let userMessage = `${customRulesMessage}${EOL}`;
+
+    if (options.report) {
+      const isCliReportCustomRulesEnabled = await isFeatureFlagSupportedForOrg(
+        'iacShareCliResultsCustomRules',
+        orgPublicId,
+      );
+
+      if (!isCliReportCustomRulesEnabled.ok) {
+        userMessage += `${customRulesReportMessage}${EOL}`;
+      }
+    }
+
+    console.log(userMessage);
   }
 
   if (isOCIRegistryURLProvided && customRulesPath) {

diff --git a/src/cli/commands/test/iac/scan.ts b/src/cli/commands/test/iac/scan.ts
@@ -52,7 +52,12 @@ export async function scan(
   let iacIgnoredIssuesCount = 0;
 
   try {
-    const rulesOrigin = await initRules(buildOciRules, iacOrgSettings, options);
+    const rulesOrigin = await initRules(
+      buildOciRules,
+      iacOrgSettings,
+      options,
+      orgPublicId,
+    );
 
     testSpinner?.start(spinnerMessage);
 

diff --git a/src/lib/formatters/iac-output/index.ts b/src/lib/formatters/iac-output/index.ts
@@ -15,6 +15,7 @@ export {
   spinnerMessage,
   spinnerSuccessMessage,
   customRulesMessage,
+  customRulesReportMessage,
   shouldLogUserMessages,
   formatShareResultsOutput,
   failuresTipOutput,

diff --git a/src/lib/formatters/iac-output/v2/index.ts b/src/lib/formatters/iac-output/v2/index.ts
@@ -6,6 +6,7 @@ export {
   spinnerSuccessMessage,
   shouldLogUserMessages,
   customRulesMessage,
+  customRulesReportMessage,
 } from './user-messages';
 export { formatShareResultsOutput } from './share-results';
 export {

diff --git a/src/lib/formatters/iac-output/v2/user-messages.ts b/src/lib/formatters/iac-output/v2/user-messages.ts
@@ -25,6 +25,13 @@ export const customRulesMessage = colors.info(
   'Using custom rules to generate misconfigurations.',
 );
 
+/**
+ * Message for using custom rules.
+ */
+export const customRulesReportMessage = colors.info(
+  "Please note that your custom rules will not be sent to the Snyk platform, and will not be available on the project's page.",
+);
+
 /**
  * @returns whether or not to include user messages in the output.
  */

diff --git a/test/jest/acceptance/iac/custom-rules.spec.ts b/test/jest/acceptance/iac/custom-rules.spec.ts
@@ -1,4 +1,5 @@
 import { startMockServer } from './helpers';
+import { FakeServer } from '../../../acceptance/fake-server';
 
 jest.setTimeout(50000);
 
@@ -7,11 +8,13 @@ describe('iac test --rules', () => {
     cmd: string,
   ) => Promise<{ stdout: string; stderr: string; exitCode: number }>;
   let teardown: () => void;
+  let server: FakeServer;
 
   beforeAll(async () => {
     const result = await startMockServer();
     run = result.run;
     teardown = result.teardown;
+    server = result.server;
   });
 
   afterAll(async () => teardown());
@@ -85,5 +88,46 @@ describe('iac test --rules', () => {
         'Using custom rules to generate misconfigurations.',
       );
     });
+
+    it('should display a warning message for custom rules not being available on the platform if iacShareCliResultsCustomRules feature flag is not enabled', async () => {
+      server.setFeatureFlag('iacShareCliResultsCustomRules', false);
+
+      const { stdout } = await run(
+        `snyk iac ${testedCommand} --rules=./iac/custom-rules/custom.tar.gz ./iac/terraform/sg_open_ssh.tf`,
+      );
+
+      expect(stdout).toContain(
+        "Please note that your custom rules will not be sent to the Snyk platform, and will not be available on the project's page.",
+      );
+    });
+
+    it('should not display a warning message for custom rules not being available on the platform if iacShareCliResultsCustomRules feature flag is enabled', async () => {
+      server.setFeatureFlag('iacShareCliResultsCustomRules', true);
+
+      const { stdout } = await run(
+        `snyk iac ${testedCommand} --rules=./iac/custom-rules/custom.tar.gz ./iac/terraform/sg_open_ssh.tf`,
+      );
+
+      expect(stdout).not.toContain(
+        "Please note that your custom rules will not be sent to the Snyk platform, and will not be available on the project's page.",
+      );
+    });
+
+    describe.each(['--json', '--sarif'])(
+      'when the %s flag is provided',
+      (testedFormatFlag) => {
+        it('should not display the warning message for the custom rules not being available on the platform', async () => {
+          server.setFeatureFlag('iacShareCliResultsCustomRules', false);
+
+          const { stdout } = await run(
+            `snyk iac ${testedCommand} --rules=./iac/custom-rules/custom.tar.gz ./iac/terraform/sg_open_ssh.tf ${testedFormatFlag}`,
+          );
+
+          expect(stdout).not.toContain(
+            "Please note that your custom rules will not be sent to the Snyk platform, and will not be available on the project's page.",
+          );
+        });
+      },
+    );
   });
 });
diff --git a/test/jest/unit/iac/rules/rules.spec.ts b/test/jest/unit/iac/rules/rules.spec.ts
@@ -49,7 +49,9 @@ describe('initRules', () => {
       };
     };
 
-    await expect(initRules(registryBuilder, settings, options)).rejects.toThrow(
+    await expect(
+      initRules(registryBuilder, settings, options, 'orgPublicId'),
+    ).rejects.toThrow(
       'There was an authentication error. Incorrect credentials provided.',
     );
   });
@@ -59,9 +61,9 @@ describe('initRules', () => {
       rules: 'path/to/rules.tgz',
     };
 
-    await expect(initRules(registryBuilder, settings, options)).rejects.toThrow(
-      'Could not execute custom rules mode',
-    );
+    await expect(
+      initRules(registryBuilder, settings, options, 'orgPublicId'),
+    ).rejects.toThrow('Could not execute custom rules mode');
   });
 
   it('should fail if the user is not entitled to use custom rules', async () => {
@@ -77,8 +79,8 @@ describe('initRules', () => {
       },
     };
 
-    await expect(initRules(registryBuilder, settings, options)).rejects.toThrow(
-      'Missing the iacCustomRulesEntitlement entitlement',
-    );
+    await expect(
+      initRules(registryBuilder, settings, options, 'orgPublicId'),
+    ).rejects.toThrow('Missing the iacCustomRulesEntitlement entitlement');
   });
 });