Add fake misconfiguration scanner and wire it up for runtime_scan

.families.yaml

@@ -76,3 +76,12 @@ exploits:
   scanners_config:
     exploit_db:
       base_url: "http://localhost:1326"
+
+misconfiguration:
+  enabled: true
+  scanners_list:
+    - "fake"
+  inputs:
+    - input: "./"
+      input_type: "rootfs"
+  scanners_configs: {}

cli/cmd/root.go

@@ -34,6 +34,7 @@ import (
 	"github.com/openclarity/vmclarity/cli/pkg/mount"
 	"github.com/openclarity/vmclarity/shared/pkg/families"
 	"github.com/openclarity/vmclarity/shared/pkg/families/exploits"
+	misconfigurationTypes "github.com/openclarity/vmclarity/shared/pkg/families/misconfiguration/types"
 	"github.com/openclarity/vmclarity/shared/pkg/families/results"
 	"github.com/openclarity/vmclarity/shared/pkg/families/sbom"
 	"github.com/openclarity/vmclarity/shared/pkg/families/secrets"
@@ -350,6 +351,15 @@ func setMountPointsForFamiliesInput(mountPoints []string, familiesConfig *famili
 				InputType: string(kubeclarityutils.ROOTFS),
 			})
 		}
+		if familiesConfig.Misconfiguration.Enabled {
+			familiesConfig.Misconfiguration.Inputs = append(
+				familiesConfig.Misconfiguration.Inputs,
+				misconfigurationTypes.Input{
+					Input:     mountDir,
+					InputType: string(kubeclarityutils.ROOTFS),
+				},
+			)
+		}
 	}
 	return familiesConfig
 }

runtime_scan/pkg/scanner/job_managment.go

@@ -36,6 +36,7 @@ import (
 	familiesExploits "github.com/openclarity/vmclarity/shared/pkg/families/exploits"
 	exploitsCommon "github.com/openclarity/vmclarity/shared/pkg/families/exploits/common"
 	exploitdbConfig "github.com/openclarity/vmclarity/shared/pkg/families/exploits/exploitdb/config"
+	misconfigurationTypes "github.com/openclarity/vmclarity/shared/pkg/families/misconfiguration/types"
 	familiesSbom "github.com/openclarity/vmclarity/shared/pkg/families/sbom"
 	"github.com/openclarity/vmclarity/shared/pkg/families/secrets"
 	"github.com/openclarity/vmclarity/shared/pkg/families/secrets/common"
@@ -384,10 +385,11 @@ func (s *Scanner) runJob(ctx context.Context, data *scanData) (types.Job, error)
 
 func (s *Scanner) generateFamiliesConfigurationYaml() (string, error) {
 	famConfig := families.Config{
-		SBOM:            userSBOMConfigToFamiliesSbomConfig(s.scanConfig.ScanFamiliesConfig.Sbom),
-		Vulnerabilities: userVulnConfigToFamiliesVulnConfig(s.scanConfig.ScanFamiliesConfig.Vulnerabilities),
-		Secrets:         userSecretsConfigToFamiliesSecretsConfig(s.scanConfig.ScanFamiliesConfig.Secrets, s.config.GitleaksBinaryPath),
-		Exploits:        userExploitsConfigToFamiliesExploitsConfig(s.scanConfig.ScanFamiliesConfig.Exploits, s.config.ExploitsDBAddress),
+		SBOM:             userSBOMConfigToFamiliesSbomConfig(s.scanConfig.ScanFamiliesConfig.Sbom),
+		Vulnerabilities:  userVulnConfigToFamiliesVulnConfig(s.scanConfig.ScanFamiliesConfig.Vulnerabilities),
+		Secrets:          userSecretsConfigToFamiliesSecretsConfig(s.scanConfig.ScanFamiliesConfig.Secrets, s.config.GitleaksBinaryPath),
+		Exploits:         userExploitsConfigToFamiliesExploitsConfig(s.scanConfig.ScanFamiliesConfig.Exploits, s.config.ExploitsDBAddress),
+		Misconfiguration: userMisconfigurationConfigToFamiliesMisconfigurationConfig(s.scanConfig.ScanFamiliesConfig.Misconfigurations),
 		// TODO(sambetts) Configure other families once we've got the known working ones working e2e
 	}
 
@@ -438,6 +440,21 @@ func userSBOMConfigToFamiliesSbomConfig(sbomConfig *models.SBOMConfig) familiesS
 	}
 }
 
+func userMisconfigurationConfigToFamiliesMisconfigurationConfig(misconfigurationConfig *models.MisconfigurationsConfig) misconfigurationTypes.Config {
+	if misconfigurationConfig == nil || misconfigurationConfig.Enabled == nil || !*misconfigurationConfig.Enabled {
+		return misconfigurationTypes.Config{}
+	}
+	return misconfigurationTypes.Config{
+		Enabled: true,
+		// TODO(sambetts) This choice should come from the user's configuration
+		ScannersList:   []string{"fake"},
+		Inputs:         nil, // rootfs directory will be determined by the CLI after mount.
+		ScannersConfig: misconfigurationTypes.ScannersConfig{
+			// TODO(sambetts) Add scanner configurations here as we add them like Lynis
+		},
+	}
+}
+
 func userVulnConfigToFamiliesVulnConfig(vulnerabilitiesConfig *models.VulnerabilitiesConfig) familiesVulnerabilities.Config {
 	if vulnerabilitiesConfig == nil || vulnerabilitiesConfig.Enabled == nil || !*vulnerabilitiesConfig.Enabled {
 		return familiesVulnerabilities.Config{}

shared/pkg/families/misconfiguration/fake/scanner.go

@@ -0,0 +1,115 @@
+// Copyright © 2023 Cisco Systems, Inc. and its affiliates.
+// All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package fake
+
+import (
+	log "github.com/sirupsen/logrus"
+
+	"github.com/openclarity/kubeclarity/shared/pkg/job_manager"
+	kubeclarityUtils "github.com/openclarity/kubeclarity/shared/pkg/utils"
+
+	misconfigurationTypes "github.com/openclarity/vmclarity/shared/pkg/families/misconfiguration/types"
+)
+
+const ScannerName = "fake"
+
+type Scanner struct {
+	name       string
+	logger     *log.Entry
+	resultChan chan job_manager.Result
+}
+
+func New(_ job_manager.IsConfig, logger *log.Entry, resultChan chan job_manager.Result) job_manager.Job {
+	return &Scanner{
+		name:       ScannerName,
+		logger:     logger.Dup().WithField("scanner", ScannerName),
+		resultChan: resultChan,
+	}
+}
+
+func (a *Scanner) Run(sourceType kubeclarityUtils.SourceType, userInput string) error {
+	go func() {
+		retResults := misconfigurationTypes.ScannerResult{
+			ScannerName:       ScannerName,
+			Misconfigurations: createFakeMisconfigurationReport(),
+		}
+
+		a.sendResults(retResults, nil)
+	}()
+
+	return nil
+}
+
+func createFakeMisconfigurationReport() []misconfigurationTypes.Misconfiguration {
+	return []misconfigurationTypes.Misconfiguration{
+		{
+			ScannedPath: "/fake",
+
+			TestCategory:    "FAKE",
+			TestID:          "Test1",
+			TestDescription: "Fake test number 1",
+
+			Message:     "Fake test number 1 failed",
+			Severity:    misconfigurationTypes.HighSeverity,
+			Remediation: "fix the thing number 1",
+		},
+		{
+			ScannedPath: "/fake",
+
+			TestCategory:    "FAKE",
+			TestID:          "Test2",
+			TestDescription: "Fake test number 2",
+
+			Message:     "Fake test number 2 failed",
+			Severity:    misconfigurationTypes.LowSeverity,
+			Remediation: "fix the thing number 2",
+		},
+		{
+			ScannedPath: "/fake",
+
+			TestCategory:    "FAKE",
+			TestID:          "Test3",
+			TestDescription: "Fake test number 3",
+
+			Message:     "Fake test number 3 failed",
+			Severity:    misconfigurationTypes.MediumSeverity,
+			Remediation: "fix the thing number 3",
+		},
+		{
+			ScannedPath: "/fake",
+
+			TestCategory:    "FAKE",
+			TestID:          "Test4",
+			TestDescription: "Fake test number 4",
+
+			Message:     "Fake test number 4 failed",
+			Severity:    misconfigurationTypes.HighSeverity,
+			Remediation: "fix the thing number 4",
+		},
+	}
+}
+
+func (a *Scanner) sendResults(results misconfigurationTypes.ScannerResult, err error) {
+	if err != nil {
+		a.logger.Error(err)
+		results.Error = err
+	}
+	select {
+	case a.resultChan <- results:
+	default:
+		a.logger.Error("Failed to send results on channel")
+	}
+}

shared/pkg/families/misconfiguration/job/job.go

@@ -17,10 +17,13 @@ package job
 
 import (
 	"github.com/openclarity/kubeclarity/shared/pkg/job_manager"
+
+	"github.com/openclarity/vmclarity/shared/pkg/families/misconfiguration/fake"
 )
 
 var Factory = job_manager.NewJobFactory()
 
 func init() {
+	Factory.Register(fake.ScannerName, fake.New)
 	// TODO(sambetts) add factories here when we add scanners
 }