8000 add a azure rule to detct message queue config by KaiqianYang · Pull Request #948 · windup/windup-rulesets · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

add a azure rule to detct message queue config #948

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to 8000 your account

Merged
merged 5 commits into from
May 22, 2023
Merged

add a azure rule to detct message queue config #948

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
222a344
add a azure rule to detct message queue config
May 11, 2023
79f5b45
Merge branch 'master' into add-asa-mq-config-rule
KaiqianYang May 15, 2023
63077a0
Merge branch 'add-asa-mq-config-rule' of https://github.com/KaiqianYa…
PhilipCattanach May 19, 2023
3fbc9ad
WINDUPRULE-991 Azure message queue config update Kafka technology-tag
PhilipCattanach May 19, 2023
44dabfe
Merge pull request #3 from PhilipCattanach/philipcattanach-add-asa-mq…
KaiqianYang May 22, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
96 changes: 96 additions & 0 deletions rules/rules-reviewed/azure/springboot/spring-boot-to-azure-mq-config.windup.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,96 @@
<?xml version="1.0"?>
<ruleset id="spring-boot-to-azure-mq-config"
xmlns="http://windup.jboss.org/schema/jboss-ruleset"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://windup.jboss.org/schema/jboss-ruleset http://windup.jboss.org/schema/jboss-ruleset/windup-jboss-ruleset.xsd">
<metadata>
<description>
This ruleset identifies message queue connection strings, usernames, or passwords.
</description>
<dependencies>
<addon id="org.jboss.windup.rules,windup-rules-xml,3.0.0.Final" />
</dependencies>
<sourceTechnology id="springboot"/>
<targetTechnology id="azure-spring-apps"/>
<targetTechnology id="azure-appservice"/>
<targetTechnology id="azure-aks"/>
<targetTechnology id="azure-container-apps"/>
<tag>message queue</tag>
</metadata>
<rules>
<rule id="spring-boot-to-azure-mq-config-kafka-01000">
<when>
<filecontent filename="application{*}.{extensions}" pattern="{pattern}"/>
</when>
<perform>
<hint title="Kafka connection string, username or password found in configuration file" category-id="information" effort="0">
<message>
<![CDATA[
The application uses a Kafka connection string or password.

Consider connecting Apache Kafka on Confluent Cloud to Azure Spring Apps using Service Connector
]]>
</message>
<link title="Spring Boot app to Kafka on Confluent Cloud" href="https://learn.microsoft.com/azure/service-connector/tutorial-java-spring-confluent-kafka"/>
<tag>kafka</tag>
</hint>
<technology-tag level="INFORMATIONAL">Kafka Client</technology-tag>
</perform>
<where param="extensions">
<matches pattern="(properties|yaml|yml)"/>
</where>
<where param="pattern">
<matches pattern="kafka\.(.*\.)?(properties\.)?(bootstrap[\.-]servers|sasl\.jaas\.config|schema\.registry)"/>
</where>
</rule>
<!-- Rule for detecting RabbitMQ configurations -->
<rule id="spring-boot-to-azure-mq-config-rabbitmq-01000">
<when>
<filecontent filename="application{*}.{extensions}" pattern="{pattern}"/>
</when>
<perform>
<hint title="RabbitMQ connection string, username or password found in configuration file" category-id="information" effort="0">
<message><![CDATA[
The application uses a RabbitMQ connection string, username, or password.

Consider using Azure Event Grid/Azure Event Hubs/Azure Service Bus or Apache Kafka on Confluent Cloud and connect it with Service Connector
]]></message>
<link title="Service connection in Azure Spring Apps" href="https://learn.microsoft.com/azure/service-connector/quickstart-portal-spring-cloud-connection"/>
<tag>RabbitMQ Client</tag>
</hint>
<technology-tag level="INFORMATIONAL">RabbitMQ Client</technology-tag>
</perform>
<where param="extensions">
<matches pattern="(properties|yaml|yml)"/>
</where>
<where param="pattern">
<matches pattern="rabbitmq\.(.*\.)?(addresses|host|virtual-host|username|password)"/>
</where>
</rule>

<!-- Rule for detecting Artemis configurations -->
<rule id="spring-boot-to-azure-mq-config-artemis-01000">
<when>
<filecontent filename="application{*}.{extensions}" pattern="{pattern}"/>
</when>
<perform>
<hint title="ActiveMQ Artemis connection string, username or password found in configuration file" category-id="information" effort="0">
<message><![CDATA[
The application uses an ActiveMQ Artemis connection string, username, or password.

Consider using Azure Event Grid/Azure Event Hubs/Azure Service Bus or Apache Kafka on Confluent Cloud and connect it with Service Connector
]]></message>
<link title="Service connection in Azure Spring Apps" href="https://learn.microsoft.com/azure/service-connector/quickstart-portal-spring-cloud-connection"/>
<tag>ActiveMQ</tag>
</hint>
<technology-tag level="INFORMATIONAL">ActiveMQ</technology-tag>
</perform>
<where param="extensions">
<matches pattern="(properties|yaml|yml)"/>
</where>
<where param="pattern">
<matches pattern="artemis\.(broker-url|user|password)"/>
</where>
</rule>
</rules>
</ruleset>
2 changes: 2 additions & 0 deletions ...ed/azure/springboot/tests/data/spring-boot-to-azure-mq-config/application-prod.properties
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
spring.kafka.properties.schema.registry.url=http://localhost:8081
spring.rabbitmq.password=rabbit-pass
2 changes: 2 additions & 0 deletions ...eviewed/azure/springboot/tests/data/spring-boot-to-azure-mq-config/application.properties
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
spring.kafka.bootstrap-servers=localhost:9092
spring.artemis.user=artemis-user
1 change: 1 addition & 0 deletions ...ules-reviewed/azure/springboot/tests/data/spring-boot-to-azure-mq-config/application.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
spring.kafka.properties.sasl.jaas.config: org.apache.kafka.common.security.plain.PlainLoginModule required username="user" password="pass";
46 changes: 46 additions & 0 deletions rules/rules-reviewed/azure/springboot/tests/spring-boot-to-azure-mq-config.windup.test.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
<?xml version="1.0"?>
<ruletest id="spring-boot-to-azure-mq-config-test" xmlns="http://windup.jboss.org/schema/jboss-ruleset" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://windup.jboss.org/schema/jboss-ruleset http://windup.jboss.org/schema/jboss-ruleset/windup-jboss-ruleset.xsd">
<testDataPath>data/spring-boot-to-azure-mq-config</testDataPath>
<rulePath>../spring-boot-to-azure-mq-config.windup.xml</rulePath>
<ruleset>
<rules>
<rule id="spring-boot-to-azure-mq-config-kafka-test-01000">
<when>
<not>
<iterable-filter size="3">
<hint-exists message="The application uses a Kafka connection string or password"/>
</iterable-filter>
</not>
</when>
<perform>
<fail message="mq-config-kafka hint was not found!"/>
</perform>
</rule>
<rule id="spring-boot-to-azure-mq-config-rabbitmq-test-01000">
<when>
<not>
<iterable-filter size="1">
<hint-exists message="The application uses a RabbitMQ connection string, username, or password"/>
</iterable-filter>
</not>
</when>
<perform>
<fail message="mq-config-rabbitmq hint was not found!"/>
</perform>
</rule>
<rule id="spring-boot-to-azure-mq-config-artemis-test-01000">
<when>
<not>
<iterable-filter size="1">
<hint-exists message="The application uses an ActiveMQ Artemis connection string, username, or password"/>
</iterable-filter>
</not>
</when>
<perform>
<fail message="mq-config-artemis hint was not found!"/>
</perform>
</rule>
</rules>
</ruleset>
</ruletest>
0