Improved ReportService

[kickroot]

I've done some minor refactoring and changed the ReportService interface:

https://github.com/openraven/magpie/blob/b1f29aea678fdf323489057b171799dc7f089615/magpie-core/src/main/java/io/openraven/magpie/core/cspm/services/ReportService.java#L5

Same data (+ new) in a wrapper object.

Tasking:

1. Fill out the ScanResults object in PolicyAnalyzerServiceImpl
2. You'll need to collect all the unscanned rules from their various sources (there are 3 possible reason's why a rule was ignored).
3. In the final report, add a section at the end of each policy listing rules that weren't scanned along with their reason.

Please use the existing full_reporting branch.

[stefansjfw]

Should + private Map<Rule, IgnoredReason> ignored = Map.of(); be in ScanResult rather than PolicyContext ? Makes more sense logically. E.g. MISSING_ASSET("Asset table not found"), is only usable after/during scan run.

[stefansjfw]

Should + private Map<Rule, IgnoredReason> ignored = Map.of(); be in ScanResult rather than PolicyContext ? Makes more sense logically. E.g. MISSING_ASSET("Asset table not found"), is only usable after/during scan run.

Never mind, I see now that it was there at first, but you moved it later on :)

[kickroot]

Correct! I moved it because we needed missing assets on a per-policy basis and I assumed putting it in the PolicyContext was the easiest way to do that. If you want to make it Map<Policy, Map<Rule, IgnoredReason>> or whatever you could do that as well.

[stefansjfw]

I was thinking of something like

Map<Policy, List<Violation>> violations;
Map<Policy, IgnoredReason> ignoredPolicies; // policy enabled flag set to false
Edit:
Map<Policy, Map<Rule, IgnoredReason>> ignoredRules;

in ScanResults?

It's not perfect this way either.. But at least everything is encapsulated in ScanResults

[belosh59]

Already Done