feat: Schema Service: Findings and Remediation Functionality - BED-6853

cmd/api/src/api/v2/opengraphschema.go

@@ -31,6 +31,7 @@ type OpenGraphSchemaService interface {
 
 type GraphSchemaExtension struct {
 	Environments []Environment `json:"environments"`
+	Findings     []Finding     `json:"findings"`
 }
 
 type Environment struct {
@@ -39,6 +40,22 @@ type Environment struct {
 	PrincipalKinds  []string `json:"principalKinds"`
 }
 
+type Finding struct {
+	Name             string      `json:"name"`
+	DisplayName      string      `json:"displayName"`
+	SourceKind       string      `json:"sourceKind"`
+	RelationshipKind string      `json:"relationshipKind"`
+	EnvironmentKind  string      `json:"environmentKind"`
+	Remediation      Remediation `json:"remediation"`
+}
+
+type Remediation struct {
+	ShortDescription string `json:"shortDescription"`
+	LongDescription  string `json:"longDescription"`
+	ShortRemediation string `json:"shortRemediation"`
+	LongRemediation  string `json:"longRemediation"`
+}
+
 // TODO: Implement this - skeleton endpoint to simply test the handler.
 func (s Resources) OpenGraphSchemaIngest(response http.ResponseWriter, request *http.Request) {
 	var (

cmd/api/src/config/config.go

@@ -159,7 +159,7 @@ type Configuration struct {
 	EnableAPILogging                bool                      `json:"enable_api_logging"`
 	EnableCypherMutations           bool                      `json:"enable_cypher_mutations"`
 	DisableAnalysis                 bool                      `json:"disable_analysis"`
-	DisableAPIKeys					bool					  `json:"disable_api_keys"`
+	DisableAPIKeys                  bool                      `json:"disable_api_keys"`
 	DisableCypherComplexityLimit    bool                      `json:"disable_cypher_complexity_limit"`
 	DisableIngest                   bool                      `json:"disable_ingest"`
 	DisableMigrations               bool                      `json:"disable_migrations"`

cmd/api/src/config/default.go

@@ -62,7 +62,7 @@ func NewDefaultConfiguration() (Configuration, error) {
 			EnableStartupWaitPeriod:         true,
 			EnableAPILogging:                true,
 			DisableAnalysis:                 false,
-			DisableAPIKeys: 				 false,
+			DisableAPIKeys:                  false,
 			DisableCypherComplexityLimit:    false,
 			DisableIngest:                   false,
 			DisableMigrations:               false,

cmd/api/src/database/graphschema.go

@@ -60,6 +60,7 @@ type OpenGraphSchema interface {
 
 	CreateSchemaRelationshipFinding(ctx context.Context, extensionId int32, relationshipKindId int32, environmentId int32, name string, displayName string) (model.SchemaRelationshipFinding, error)
 	GetSchemaRelationshipFindingById(ctx context.Context, findingId int32) (model.SchemaRelationshipFinding, error)
+	GetSchemaRelationshipFindingByName(ctx context.Context, name string) (model.SchemaRelationshipFinding, error)
 	DeleteSchemaRelationshipFinding(ctx context.Context, findingId int32) error
 
 	CreateRemediation(ctx context.Context, findingId int32, shortDescription string, longDescription string, shortRemediation string, longRemediation string) (model.Remediation, error)
@@ -677,6 +678,23 @@ func (s *BloodhoundDB) GetSchemaRelationshipFindingById(ctx context.Context, fin
 	return finding, nil
 }
 
+// GetSchemaRelationshipFindingByName - retrieves a schema relationship finding by finding name.
+func (s *BloodhoundDB) GetSchemaRelationshipFindingByName(ctx context.Context, name string) (model.SchemaRelationshipFinding, error) {
+	var finding model.SchemaRelationshipFinding
+
+	if result := s.db.WithContext(ctx).Raw(fmt.Sprintf(`
+		SELECT id, schema_extension_id, relationship_kind_id, environment_id, name, display_name, created_at
+		FROM %s WHERE name = ?`,
+		finding.TableName()),
+		name).Scan(&finding); result.Error != nil {
+		return model.SchemaRelationshipFinding{}, CheckError(result)
+	} else if result.RowsAffected == 0 {
+		return model.SchemaRelationshipFinding{}, ErrNotFound
+	}
+
+	return finding, nil
+}
+
 // DeleteSchemaRelationshipFinding - deletes a schema relationship finding by id.
 func (s *BloodhoundDB) DeleteSchemaRelationshipFinding(ctx context.Context, findingId int32) error {
 	var finding model.SchemaRelationshipFinding
@@ -793,6 +811,9 @@ func (s *BloodhoundDB) CreatePrincipalKind(ctx context.Context, environmentId in
 		VALUES (?, ?, NOW())
 		RETURNING environment_id, principal_kind, created_at`,
 		environmentId, principalKind).Scan(&envPrincipalKind); result.Error != nil {
+		if strings.Contains(result.Error.Error(), DuplicateKeyValueErrorString) {
+			return model.SchemaEnvironmentPrincipalKind{}, result.Error
+		}
 		return model.SchemaEnvironmentPrincipalKind{}, CheckError(result)
 	}
 

cmd/api/src/database/upsert_schema_environment.go

@@ -31,7 +31,7 @@ func (s *BloodhoundDB) UpsertSchemaEnvironmentWithPrincipalKinds(ctx context.Con
 		SchemaExtensionId: schemaExtensionId,
 	}
 
-	envKind, err := s.validateAndTranslateEnvironmentKind(ctx, environmentKind)
+	envKindID, err := s.validateAndTranslateEnvironmentKind(ctx, environmentKind)
 	if err != nil {
 		return err
 	}
@@ -46,7 +46,7 @@ func (s *BloodhoundDB) UpsertSchemaEnvironmentWithPrincipalKinds(ctx context.Con
 		return err
 	}
 
-	environment.EnvironmentKindId = int32(envKind.ID)
+	environment.EnvironmentKindId = envKindID
 	environment.SourceKindId = sourceKindID
 
 	envID, err := s.replaceSchemaEnvironment(ctx, environment)
@@ -62,13 +62,13 @@ func (s *BloodhoundDB) UpsertSchemaEnvironmentWithPrincipalKinds(ctx context.Con
 }
 
 // validateAndTranslateEnvironmentKind validates that the environment kind exists in the kinds table.
-func (s *BloodhoundDB) validateAndTranslateEnvironmentKind(ctx context.Context, environmentKindName string) (model.Kind, error) {
+func (s *BloodhoundDB) validateAndTranslateEnvironmentKind(ctx context.Context, environmentKindName string) (int32, error) {
 	if envKind, err := s.GetKindByName(ctx, environmentKindName); err != nil && !errors.Is(err, ErrNotFound) {
-		return model.Kind{}, fmt.Errorf("error retrieving environment kind '%s': %w", environmentKindName, err)
+		return 0, fmt.Errorf("error retrieving environment kind '%s': %w", environmentKindName, err)
 	} else if errors.Is(err, ErrNotFound) {
-		return model.Kind{}, fmt.Errorf("environment kind '%s' not found", environmentKindName)
+		return 0, fmt.Errorf("environment kind '%s' not found", environmentKindName)
 	} else {
-		return envKind, nil
+		return envKind.ID, nil
 	}
 }
 

cmd/api/src/database/upsert_schema_extension.go

@@ -26,14 +26,40 @@ type EnvironmentInput struct {
 	PrincipalKinds      []string
 }
 
-func (s *BloodhoundDB) UpsertGraphSchemaExtension(ctx context.Context, extensionID int32, environments []EnvironmentInput) error {
+type FindingInput struct {
+	Name                 string
+	DisplayName          string
+	RelationshipKindName string
+	EnvironmentKindName  string
+	SourceKindName       string
+	RemediationInput     RemediationInput
+}
+
+type RemediationInput struct {
+	ShortDescription string
+	LongDescription  string
+	ShortRemediation string
+	LongRemediation  string
+}
+
+func (s *BloodhoundDB) UpsertGraphSchemaExtension(ctx context.Context, extensionID int32, environments []EnvironmentInput, findings []FindingInput) error {
 	return s.Transaction(ctx, func(tx *BloodhoundDB) error {
 		for _, env := range environments {
 			if err := tx.UpsertSchemaEnvironmentWithPrincipalKinds(ctx, extensionID, env.EnvironmentKindName, env.SourceKindName, env.PrincipalKinds); err != nil {
 				return fmt.Errorf("failed to upsert environment with principal kinds: %w", err)
 			}
 		}
 
+		for _, finding := range findings {
+			if schemaFinding, err := tx.UpsertFinding(ctx, extensionID, finding.SourceKindName, finding.RelationshipKindName, finding.EnvironmentKindName, finding.Name, finding.DisplayName); err != nil {
+				return fmt.Errorf("failed to upsert finding: %w", err)
+			} else {
+				if err := tx.UpsertRemediation(ctx, schemaFinding.ID, finding.RemediationInput.ShortDescription, finding.RemediationInput.LongDescription, finding.RemediationInput.ShortRemediation, finding.RemediationInput.LongRemediation); err != nil {
+					return fmt.Errorf("failed to upsert remediation: %w", err)
+				}
+			}
+		}
+
 		return nil
 	})
 }