validate cron expressions (#59)

Author: tim-thacker-nullify

examples/nullify.yaml

@@ -32,6 +32,7 @@ notifications:
 scheduled_notifications:
   new-findings:
     schedule: "0 0 * * *"
+    timezone: "America/Los_Angeles"
     topics:
       all: true
     targets:

go.mod

@@ -8,8 +8,15 @@ require (
 	gopkg.in/yaml.v3 v3.0.1
 )
 
+require (
+	github.com/kr/pretty v0.3.0 // indirect
+	github.com/rogpeppe/go-internal v1.8.1 // indirect
+	gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
+)
+
 require (
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/robfig/cron/v3 v3.0.1
 	golang.org/x/exp v0.0.0-20231006140011-7918f672742d
 )

go.sum

@@ -1,14 +1,32 @@
+github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
 github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
+github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
+github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
+github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
+github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
+github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/robfig/cron/v3 v3.0.1 h1:WdRxkvbJztn8LMz/QEvLN5sBU+xKpSqwwUO1Pjr4qDs=
+github.com/robfig/cron/v3 v3.0.1/go.mod h1:eQICP3HwyT7UooqI/z+Ov+PtYAWygg1TEWWzGIFLtro=
+github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
+github.com/rogpeppe/go-internal v1.8.1 h1:geMPLpDpQOgVyCg5z5GoRwLHepNdb71NXb67XFkP+Eg=
+github.com/rogpeppe/go-internal v1.8.1/go.mod h1:JeRgkft04UBgHMgCIwADu4Pn6Mtm5d4nPKWu0nJ5d+o=
 github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 golang.org/x/exp v0.0.0-20231006140011-7918f672742d h1:jtJma62tbqLibJ5sFQz8bKtEM8rJBtfilJ2qTU199MI=
 golang.org/x/exp v0.0.0-20231006140011-7918f672742d/go.mod h1:ldy0pHrwJyGW56pPQzzkH36rKxoZW1tw7ZJpeKx+hdo=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
+gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

pkg/models/scheduled_notifications.go

@@ -11,6 +11,7 @@ const (
 
 type ScheduledNotification struct {
 	Schedule string                       `yaml:"schedule,omitempty"`
+	Timezone string                       `yaml:"timezone,omitempty"`
 	Topics   ScheduledNotificationTopics  `yaml:"topics,omitempty"`
 	Targets  ScheduledNotificationTargets `yaml:"targets,omitempty"`
 

pkg/validator/notifications.go

@@ -31,25 +31,5 @@ func ValidateNotifications(config *models.Configuration) bool {
 		}
 	}
 
-	for _, notification := range config.ScheduledNotifications {
-		if notification.Targets.Email == nil {
-			continue
-		}
-
-		if notification.Targets.Email.Address != "" {
-			_, err := mail.ParseAddress(notification.Targets.Email.Address)
-			if err != nil {
-				return false
-			}
-		}
-
-		for _, email := range notification.Targets.Email.Addresses {
-			_, err := mail.ParseAddress(email)
-			if err != nil {
-				return false
-			}
-		}
-	}
-
 	return true
 }

pkg/validator/glob.go renamed to pkg/validator/paths.go

@@ -5,7 +5,7 @@ import (
 	"github.com/nullify-platform/config-file-parser/pkg/models"
 )
 
-func ValidateGlob(config *models.Configuration) bool {
+func ValidatePaths(config *models.Configuration) bool {
 	if config.IgnorePaths == nil {
 		return true
 	}

pkg/validator/glob_test.go renamed to pkg/validator/paths_test.go

@@ -46,7 +46,7 @@ func TestValidGlobs(t *testing.T) {
 		},
 	} {
 		t.Run(scenario.name, func(t *testing.T) {
-			isValid := ValidateGlob(scenario.config)
+			isValid := ValidatePaths(scenario.config)
 			assert.Equalf(t, isValid, scenario.expected, fmt.Sprintf("failed test, globs: %s, len: %d\n", scenario.config.IgnorePaths, len(scenario.config.IgnorePaths)))
 		})
 	}
@@ -90,20 +90,20 @@ ignore_paths: ["*[abc", "*d"]
 func TestParsingAndValidGlobs(t *testing.T) {
 	config1, err := parser.ParseConfiguration([]byte(validGlob))
 	require.NoError(t, err)
-	require.Equal(t, true, ValidateGlob(config1))
+	require.Equal(t, true, ValidatePaths(config1))
 	config2, err := parser.ParseConfiguration([]byte(emptyGlob))
 	require.NoError(t, err)
-	require.Equal(t, true, ValidateGlob(config2))
+	require.Equal(t, true, ValidatePaths(config2))
 	config3, err := parser.ParseConfiguration([]byte(twoValidGlob))
 	require.NoError(t, err)
-	require.Equal(t, true, ValidateGlob(config3))
+	require.Equal(t, true, ValidatePaths(config3))
 	config4, err := parser.ParseConfiguration([]byte(endInvalidGlob))
 	require.NoError(t, err)
-	require.Equal(t, false, ValidateGlob(config4))
+	require.Equal(t, false, ValidatePaths(config4))
 	config5, err := parser.ParseConfiguration([]byte(startInvalidGlob))
 	require.NoError(t, err)
-	require.Equal(t, false, ValidateGlob(config5))
+	require.Equal(t, false, ValidatePaths(config5))
 	config6, err := parser.ParseConfiguration([]byte(invalidGlob))
 	require.NoError(t, err)
-	require.Equal(t, false, ValidateGlob(config6))
+	require.Equal(t, false, ValidatePaths(config6))
 }

pkg/validator/scheduled_notifications.go

@@ -0,0 +1,75 @@
+package validator
+
+import (
+	"fmt"
+	"net/mail"
+	"time"
+
+	"github.com/nullify-platform/config-file-parser/pkg/models"
+	"github.com/robfig/cron/v3"
+)
+
+func ValidateScheduledNotifications(config *models.Configuration) bool {
+	if config.ScheduledNotifications == nil {
+		return true
+	}
+
+	for _, notification := range config.ScheduledNotifications {
+		if !validateScheduledNotificationSchedule(notification.Schedule, notification.Timezone) {
+			return false
+		}
+
+		if !validateScheduledNotificationEmails(notification) {
+			return false
+		}
+	}
+
+	return true
+}
+
+// validateScheduledNotificationSchedule return true if provided schedule is a valid cron expression.
+// The cron expression can also only trigger at most once per hour.
+func validateScheduledNotificationSchedule(schedule string, timezone string) bool {
+	spec := "TZ=" + timezone + " " + schedule
+
+	if timezone == "" {
+		spec = "TZ=UTC " + schedule
+	}
+
+	p := cron.NewParser(cron.Minute | cron.Hour | cron.Dom | cron.Month | cron.Dow | cron.Descriptor)
+
+	// TODO this function panics with the following input "TZ=UTC"
+	cronSchedule, err := p.Parse(spec)
+	if err != nil {
+		fmt.Printf("failed to parse cron expression: %s", err.Error())
+		return false
+	}
+
+	// check if the cron expression triggers more often than once per hour
+	start := cronSchedule.Next(time.Now())
+	finish := cronSchedule.Next(start)
+
+	return finish.Sub(start) >= time.Hour
+}
+
+func validateScheduledNotificationEmails(notification models.ScheduledNotification) bool {
+	if notification.Targets.Email == nil {
+		return true
+	}
+
+	if notification.Targets.Email.Address != "" {
+		_, err := mail.ParseAddress(notification.Targets.Email.Address)
+		if err != nil {
+			return false
+		}
+	}
+
+	for _, email := range notification.Targets.Email.Addresses {
+		_, err := mail.ParseAddress(email)
+		if err != nil {
+			return false
+		}
+	}
+
+	return true
+}

pkg/validator/scheduled_notifications_test.go

@@ -0,0 +1,58 @@
+package validator
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/nullify-platform/config-file-parser/pkg/models"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestValidateScheduledNotifications(t *testing.T) {
+	for _, scenario := range []struct {
+		name     string
+		config   *models.Configuration
+		expected bool
+	}{
+		{
+			name:     "empty config",
+			config:   &models.Configuration{},
+			expected: true,
+		},
+		{
+			name: "empty scheduled notifications",
+			config: &models.Configuration{
+				ScheduledNotifications: map[string]models.ScheduledNotification{},
+			},
+			expected: true,
+		},
+		{
+			name: "cron expression triggers every 59 minutes",
+			config: &models.Configuration{
+				ScheduledNotifications: map[string]models.ScheduledNotification{
+					"test": {
+						Schedule: "*/59 * * * *",
+					},
+				},
+			},
+			expected: false,
+		},
+		{
+			name: "cron expression triggers every hour",
+			config: &models.Configuration{
+				ScheduledNotifications: map[string]models.ScheduledNotification{
+					"test": {
+						Schedule: "0 * * * *",
+					},
+				},
+			},
+			expected: true,
+		},
+	} {
+		t.Run(scenario.name, func(t *testing.T) {
+			isValid := ValidateScheduledNotifications(scenario.config)
+			assert.Equalf(t, scenario.expected, isValid, fmt.Sprintf("failed test: %s\n", scenario.name))
+		})
+	}
+}

pkg/validator/validate.go

@@ -6,5 +6,8 @@ import (
 
 // ValidateConfig return true if provided configuration is valid
 func ValidateConfig(config *models.Configuration) bool {
-	return ValidateSeverityThreshold(config) && ValidateNotifications(config) && ValidateGlob(config)
+	return ValidateSeverityThreshold(config) &&
+		ValidateNotifications(config) &&
+		ValidateScheduledNotifications(config) &&
+		ValidatePaths(config)
 }