search

mondoohq / cnquery

open source, cloud-native, graph-based asset inventory
https://cnquery.io
Other
309 stars 20 forks source link

:bug: `cnspec scan x --record` switch doesn't seem to work properly. #2434

Closed mm-weber closed 4 months ago

mm-weber commented 11 months ago

Describe the bug The --record switch doesn't work properly with cnspec scan and the generated .json file does not include any resources. Using cnspec shell --record works as expected but for checks using asset. Which throws an error (see below).

To Reproduce Steps to reproduce the behavior:

cnspec scan -f ./cnspec-enterprise-policies/policies/ubuntu-22.04.mql.yaml --record ubuntu2204.json

yields a file with the following content:

{
    "assets": [
        {
            "asset": {
                "id": "Ubuntu 22.04.3 LTS",
                "platformIDs": [
                    "//platformid.api.mondoo.app/hostname/manuel-ThinkPad-X1-Carbon-Gen-9",
                    "manuel-ThinkPad-X1-Carbon-Gen-9",
                    "//platformid.api.mondoo.app/runtime/ssh/hostkey/SHA256-xGtXqfHo3E1sW/+N31UP8GNOUDJ5nyQZwrBVMSBklnY",
                    "//platformid.api.mondoo.app/runtime/ssh/hostkey/SHA256-jjbu/JdxlNA7TzE4KjMawdYGIlYvxD2zfmGWsOJvi7o",
                    "//platformid.api.mondoo.app/runtime/ssh/hostkey/SHA256-R6coafTpQJkYDvj78SLcCkW5RTv75DCmgVk0gpLX6s0"
                ],
                "name": "ubuntu",
                "arch": "x86_64",
                "title": "Ubuntu 22.04.3 LTS",
                "family": [
                    "debian",
                    "linux",
                    "unix",
                    "os"
                ],
                "version": "22.04",
                "kind": "baremetal"
            },
            "connections": [
                {
                    "url": "local://",
                    "provider": "go.mondoo.com/cnquery/v9/providers/os",
                    "connector": "local",
                    "version": ""
                }
            ],
            "resources": []
        }
    ]
}

Expected behavior Like when using cnspec shell --record the resources field needs to be populated.

Screenshots or CLI Output Populated resources field:

{
    "assets": [
        {
            "asset": {
                "id": "Ubuntu 22.04.3 LTS",
                "platformIDs": [
                    "//platformid.api.mondoo.app/hostname/manuel-ThinkPad-X1-Carbon-Gen-9"
                ],
                "name": "ubuntu",
                "arch": "x86_64",
                "title": "Ubuntu 22.04.3 LTS",
                "family": [
                    "debian",
                    "linux",
                    "unix",
                    "os"
                ],
                "version": "22.04",
                "kind": "baremetal"
            },
            "connections": [
                {
                    "url": "local://",
                    "provider": "go.mondoo.com/cnquery/v9/providers/os",
                    "connector": "local",
                    "version": ""
                }
            ],
            "resources": [
                {
                    "Resource": "file",
                    "ID": "/etc/rsyslog.conf",
                    "Fields": {
                        "content": {
                            "type": "\u0007",
                            "value": "# /etc/rsyslog.conf configuration file for rsyslog\n#\n# For more information install rsyslog-doc and see\n# /usr/share/doc/rsyslog-doc/html/configuration/index.html\n#\n# Default logging rules can be found in /etc/rsyslog.d/50-default.conf\n\n\n#################\n#### MODULES ####\n#################\n\nmodule(load=\"imuxsock\") # provides support for local system logging\n#module(load=\"immark\")  # provides --MARK-- message capability\n\n# provides UDP syslog reception\n#module(load=\"imudp\")\n#input(type=\"imudp\" port=\"514\")\n\n# provides TCP syslog reception\n#module(load=\"imtcp\")\n#input(type=\"imtcp\" port=\"514\")\n\n# provides kernel logging support and enable non-kernel klog messages\nmodule(load=\"imklog\" permitnonkernelfacility=\"on\")\n\n###########################\n#### GLOBAL DIRECTIVES ####\n###########################\n\n#\n# Use traditional timestamp format.\n# To enable high precision timestamps, comment out the following line.\n#\n$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat\n\n# Filter duplicated messages\n$RepeatedMsgReduction on\n\n#\n# Set the default permissions for all log files.\n#\n$FileOwner syslog\n$FileGroup adm\n$FileCreateMode 0640\n$DirCreateMode 0755\n$Umask 0022\n$PrivDropToUser syslog\n$PrivDropToGroup syslog\n\n#\n# Where to place spool and state files\n#\n$WorkDirectory /var/spool/rsyslog\n\n#\n# Include all config files in /etc/rsyslog.d/\n#\n$IncludeConfig /etc/rsyslog.d/*.conf\n"
                        }
                    }
                },
                {
                    "Resource": "file",
                    "ID": "/var/log/aide/aide.log",
                    "Fields": {
                        "group": {
                            "type": "\u001bgroup",
                            "value": {
                                "Name": "group",
                                "ID": "group/4/adm"
                            }
                        },
                        "path": {
                            "type": "\u0007",
                            "value": "/var/log/aide/aide.log"
                        },
                        "permissions": {
                            "type": "\u001bfile.permissions",
                            "value": {
                                "Name": "file.permissions",
                                "ID": "-rw-r-----"
                            }
                        },
                        "user": {
                            "type": "\u001buser",
                            "value": {
                                "Name": "user",
                                "ID": "user/0/root"
                            }
                        }
                    }
                },
<SNIP>

Desktop (please complete the following information):

OS: Ubuntu 22.04 cnspec: 

cnspec version
cnspec 9.4.0 (76a83f8, 2023-10-27T00:24:13Z

Additional context Add any other context about the problem here.

mm-weber commented 11 months ago

Persists with 9.5.1.

More info:

image

mm-weber commented 11 months ago

Just did a manual recording of the MacOS13 policy. This worked well for all checks but queries using asset.. I think it automatically records and stores the asset information anyway and as soon as you hit asset another time, there's no place where you could store it.

mm-weber commented 11 months ago

Also scanning a .json file with 

cnspec scan mock --use-recording 9.5.1_manual.json

runs into errors:

image

mm-weber commented 4 months ago

Seems fixed