Report a score for disabled queries

This reports them as skipped. It does this by injecting a query which always reports a skipped score. Doing so allows us to know if an asset didn't run a query that would have because it is skipped
mondoohq · Dec 2, 2024 · 1bc0910 · 1bc0910
1 parent 115c7c2
commit 1bc0910
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 2 deletions.
diff --git a/policy/resolved_policy_builder.go b/policy/resolved_policy_builder.go
@@ -29,6 +29,17 @@ func buildResolvedPolicy(ctx context.Context, bundleMrn string, bundle *Bundle,
 	policyObj := bundleMap.Policies[bundleMrn]
 	frameworkObj := bundleMap.Frameworks[bundleMrn]
 
+	disabledQuery := &explorer.Mquery{
+		Mql: `// Disabled
+		if(false) { return false }`,
+		CodeId: "",
+	}
+	cb, err := disabledQuery.Compile(nil, compilerConf)
+	if err != nil {
+		return nil, err
+	}
+	disabledQuery.CodeId = cb.GetCodeV2().GetId()
+
 	builder := &resolvedPolicyBuilder{
 		bundleMrn:            bundleMrn,
 		bundleMap:            bundleMap,
@@ -43,6 +54,7 @@ func buildResolvedPolicy(ctx context.Context, bundleMrn string, bundle *Bundle,
 		propsCache:           explorer.NewPropsCache(),
 		queryTypes:           map[string]queryType{},
 		now:                  now,
+		disabledQuery:        disabledQuery,
 	}
 
 	builder.gatherGlobalInfoFromPolicy(policyObj)
@@ -224,6 +236,11 @@ type resolvedPolicyBuilder struct {
 	propsCache explorer.PropsCache
 	// now is the time that the resolved policy is being built
 	now time.Time
+	// disabledQuery represents a query that is disabled. We need to inject this for disabled queries
+	// because we want to report a score of U for them. We cannot just insert a reporting job without
+	// a query because there is a bug in the clients that expects those reporting jobs to be connected
+	// to a query that runs
+	disabledQuery *explorer.Mquery
 }
 
 type edgeImpact struct {
@@ -846,7 +863,16 @@ func (b *resolvedPolicyBuilder) addQuery(query *explorer.Mquery) (string, bool)
 	queryType := b.queryTypes[query.Mrn]
 
 	if !canRun(action) {
-		return "", false
+		if !b.anyFilterMatches(query.Filters) {
+			return "", false
+		}
+		// Add node for execution query
+		b.addNode(&rpBuilderExecutionQueryNode{query: b.disabledQuery})
+		// Add node for query
+		b.addNode(&rpBuilderGenericQueryNode{queryMrn: query.Mrn, selectedCodeId: b.disabledQuery.CodeId, queryType: queryType})
+		// Add edge from execution query to query
+		b.addEdge(b.disabledQuery.CodeId, query.Mrn, &explorer.Impact{Scoring: explorer.ScoringSystem_IGNORE_SCORE})
+		return b.disabledQuery.CodeId, true
 	}
 
 	if len(query.Variants) != 0 {

diff --git a/policy/resolver.go b/policy/resolver.go
@@ -33,7 +33,7 @@ const (
 	// This can be updated, e.g., when we change how the report jobs are generated
 	// A change of this string will force an update of all the stored resolved policies
 	RESOLVER_VERSION    = "v2024-08-29"
-	RESOLVER_VERSION_NG = "v2024-11-25"
+	RESOLVER_VERSION_NG = "v2024-12-02"
 )
 
 type AssetMutation struct {