add exemptedActions & pinToImmutable as optional params

Author: shubham-stepsecurity

main.go

@@ -128,7 +128,7 @@ func (h Handler) Invoke(ctx context.Context, req []byte) ([]byte, error) {
 				inputYaml = httpRequest.Body
 			}
 
-			fixResponse, err := workflow.SecureWorkflow(httpRequest.QueryStringParameters, nil, false, inputYaml, dynamoDbSvc)
+			fixResponse, err := workflow.SecureWorkflow(httpRequest.QueryStringParameters, inputYaml, dynamoDbSvc)
 
 			if err != nil {
 				response = events.APIGatewayProxyResponse{

remediation/workflow/secureworkflow.go

@@ -13,10 +13,21 @@ const (
 	HardenRunnerActionName        = "Harden Runner"
 )
 
-func SecureWorkflow(queryStringParams map[string]string, exemptedActions []string, pinToImmutable bool, inputYaml string, svc dynamodbiface.DynamoDBAPI) (*permissions.SecureWorkflowReponse, error) {
+func SecureWorkflow(queryStringParams map[string]string, inputYaml string, svc dynamodbiface.DynamoDBAPI, params ...interface{}) (*permissions.SecureWorkflowReponse, error) {
 	pinActions, addHardenRunner, addPermissions, addProjectComment := true, true, true, true
 	pinnedActions, addedHardenRunner, addedPermissions := false, false, false
 	ignoreMissingKBs := false
+	exemptedActions, pinToImmutable := []string{}, false
+	if len(params) > 0 {
+		if v, ok := params[0].([]string); ok {
+			exemptedActions = v
+		}
+	}
+	if len(params) > 1 {
+		if v, ok := params[1].(bool); ok {
+			pinToImmutable = v
+		}
+	}
 
 	if queryStringParams["pinActions"] == "false" {
 		pinActions = false

remediation/workflow/secureworkflow_test.go

@@ -148,7 +148,7 @@ func TestSecureWorkflow(t *testing.T) {
 		}
 		queryParams["addProjectComment"] = "false"
 
-		output, err := SecureWorkflow(queryParams, nil, false, string(input), &mockDynamoDBClient{})
+		output, err := SecureWorkflow(queryParams, string(input), &mockDynamoDBClient{})
 
 		if err != nil {
 			t.Errorf("Error not expected")