feat: add fips status (#4791)

* chore: add fips status to debug logs * chore: panic if fips enabled in non fips cli * chore: update GAF * chore: add comment and move logic to func
snyk · Aug 11, 2023 · 364c365 · 364c365
1 parent 5f7c202
commit 364c365
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 5 deletions.
diff --git a/cliv2/cmd/cliv2/main.go b/cliv2/cmd/cliv2/main.go
@@ -5,6 +5,7 @@ import (
 	"encoding/hex"
 	"encoding/json"
 	"fmt"
+	"github.com/snyk/go-application-framework/pkg/networking/fips"
 	"io"
 	"net/http"
 	"os"
@@ -367,6 +368,16 @@ func logHeaderAuthorizationInfo(
 	return authorization, oauthEnabled
 }
 
+func getFipsStatus(config configuration.Configuration) string {
+	fipsEnabled := "Disabled"
+	if !fips.IsAvailable() {
+		fipsEnabled = "Not available"
+	} else if config.GetBool(configuration.FIPS_ENABLED) {
+		fipsEnabled = "Enabled"
+	}
+	return fipsEnabled
+}
+
 func writeLogHeader(config configuration.Configuration, networkAccess networking.NetworkAccess) {
 	authorization, oauthEnabled := logHeaderAuthorizationInfo(config, networkAccess)
 
@@ -385,6 +396,8 @@ func writeLogHeader(config configuration.Configuration, networkAccess networking
 		debugLogger.Printf("%-22s %s", name+":", value)
 	}
 
+	fipsEnabled := getFipsStatus(config)
+
 	tablePrint("Version", cliv2.GetFullVersion())
 	tablePrint("Platform", internalOS+" "+runtime.GOARCH)
 	tablePrint("API", config.GetString(configuration.API_URL))
@@ -394,7 +407,8 @@ func writeLogHeader(config configuration.Configuration, networkAccess networking
 	tablePrint("Analytics", analytics)
 	tablePrint("Authorization", authorization)
 	tablePrint("Features", "")
-	tablePrint("  --auth-type=oauth", oauthEnabled)
+	tablePrint("  oauth", oauthEnabled)
+	tablePrint("  fips", fipsEnabled)
 
 }
 
@@ -417,6 +431,12 @@ func MainWithErrorCode() int {
 	initApplicationConfiguration(config)
 	engine = app.CreateAppEngineWithOptions(app.WithZeroLogger(debugLogger), app.WithConfiguration(config))
 
+	if fipsErr := fips.Validate(config); fipsErr != nil {
+		// if fips validation fails, an important assumption is not met,
+		// for example somebody is expecting fips to work, but it doesn't.
+		panic(fipsErr)
+	}
+
 	if noProxyAuth := config.GetBool(basic_workflows.PROXY_NOAUTH); noProxyAuth {
 		config.Set(configuration.PROXY_AUTHENTICATION_MECHANISM, httpauth.StringFromAuthenticationMechanism(httpauth.NoAuth))
 	}

diff --git a/cliv2/go.mod b/cliv2/go.mod
@@ -11,7 +11,7 @@ require (
 	github.com/rs/zerolog v1.29.1
 	github.com/snyk/cli-extension-iac-rules v0.0.0-20230601153200-c572cfce46ce
 	github.com/snyk/cli-extension-sbom v0.0.0-20230608154310-6573cedca977
-	github.com/snyk/go-application-framework v0.0.0-20230809120711-9668d0895eae
+	github.com/snyk/go-application-framework v0.0.0-20230811123618-b8717a995f9b
 	github.com/snyk/go-httpauth v0.0.0-20230512081507-800aedece3cb
 	github.com/snyk/snyk-iac-capture v0.6.0
 	github.com/spf13/cobra v1.7.0

diff --git a/cliv2/go.sum b/cliv2/go.sum
@@ -580,8 +580,8 @@ github.com/snyk/cli-extension-iac-rules v0.0.0-20230601153200-c572cfce46ce h1:Wc
 github.com/snyk/cli-extension-iac-rules v0.0.0-20230601153200-c572cfce46ce/go.mod h1:5/IYYTgf32pST7St4GhS3KNz32WE17Ys+Hdb5Pqxex0=
 github.com/snyk/cli-extension-sbom v0.0.0-20230608154310-6573cedca977 h1:kW8XGQ3hseTP6WbGrO4Q6ssqGejT02hleNzxfWga72E=
 github.com/snyk/cli-extension-sbom v0.0.0-20230608154310-6573cedca977/go.mod h1:O/cjwCbKhJQWyXHPmNbZ7ToQKnhyw0VUp1Qhim3WEcw=
-github.com/snyk/go-application-framework v0.0.0-20230809120711-9668d0895eae h1:hM//1AmIbdSEHHa89mIY1CKCPcOpadsnjenamyfElM4=
-github.com/snyk/go-application-framework v0.0.0-20230809120711-9668d0895eae/go.mod h1:Aun65T/AmzxjZe9jZZBqia6RHwoS7oq8QB2UfQIcPjU=
+github.com/snyk/go-application-framework v0.0.0-20230811123618-b8717a995f9b h1:9NdgwLokZselavLbPIry6Fc1BXC7peA7ryUGPoC4F5U=
+github.com/snyk/go-application-framework v0.0.0-20230811123618-b8717a995f9b/go.mod h1:Aun65T/AmzxjZe9jZZBqia6RHwoS7oq8QB2UfQIcPjU=
 github.com/snyk/go-httpauth v0.0.0-20230512081507-800aedece3cb h1:UwbUBfe1u5MYLhtCNOsFEM98tfEUWqgmaXam/UxU88Q=
 github.com/snyk/go-httpauth v0.0.0-20230512081507-800aedece3cb/go.mod h1:88KbbvGYlmLgee4OcQ19yr0bNpXpOr2kciOthaSzCAg=
 github.com/snyk/policy-engine v0.22.0 h1:od9pduGrXyfWO791X+8M1qmnvWUxaIXh0gBzGKqeseA=
@@ -617,7 +617,6 @@ github.com/subosito/gotenv v1.4.2 h1:X1TuBLAMDFbaTAChgCBLu3DU3UPyELpnF2jjJ2cz/S8
 github.com/subosito/gotenv v1.4.2/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0=
 github.com/tchap/go-patricia/v2 v2.3.1 h1:6rQp39lgIYZ+MHmdEq4xzuk1t7OdC35z/xm0BGhTkes=
 github.com/tchap/go-patricia/v2 v2.3.1/go.mod h1:VZRHKAb53DLaG+nA9EaYYiaEx6YztwDlLElMsnSHD4k=
-github.com/ulikunitz/xz v0.5.10 h1:t92gobL9l3HE202wg3rlk19F6X+JOxl9BBrCCMYEYd8=
 github.com/ulikunitz/xz v0.5.10/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
 github.com/ulikunitz/xz v0.5.11 h1:kpFauv27b6ynzBNT/Xy+1k+fK4WswhN/6PN5WhFAGw8=
 github.com/ulikunitz/xz v0.5.11/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=