Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add 1 to start and end line for filesystem cases #243

Merged
merged 5 commits into from
May 28, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ RUN go build -o /app/2ms .
# Runtime image
FROM cgr.dev/chainguard/wolfi-base@sha256:6bc98699de679ce5e9d1d53b9d06b99acde93584bf539690d61ec538916b1e74

RUN apk add --no-cache bash=5.2.21-r1 git=2.44.0-r0 glibc=2.39-r5 glibc-locale-posix=2.39-r5 ld-linux==2.39-r5 libcrypt1=2.39-r5 && git config --global --add safe.directory /repo
RUN apk add --no-cache bash=5.2.21-r1 git=2.45.1-r0 glibc=2.39-r5 glibc-locale-posix=2.39-r5 ld-linux==2.39-r5 libcrypt1=2.39-r5 && git config --global --add safe.directory /repo

COPY --from=builder /app/2ms .

Expand Down
8 changes: 5 additions & 3 deletions cmd/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -108,7 +108,9 @@ func Execute() (int, error) {
return 0, fmt.Errorf("error while defining command for plugin %s: %s", plugin.GetName(), err.Error())
}
subCommand.GroupID = group
subCommand.PreRunE = preRun
subCommand.PreRunE = func(cmd *cobra.Command, args []string) error {
return preRun(plugin.GetName(), cmd, args)
}
subCommand.PostRunE = postRun
rootCmd.AddCommand(subCommand)
}
Expand All @@ -122,7 +124,7 @@ func Execute() (int, error) {
return report.TotalSecretsFound, nil
}

func preRun(cmd *cobra.Command, args []string) error {
func preRun(pluginName string, cmd *cobra.Command, args []string) error {
if err := validateFormat(stdoutFormatVar, reportPathVar); err != nil {
return err
}
Expand All @@ -137,7 +139,7 @@ func preRun(cmd *cobra.Command, args []string) error {
}

channels.WaitGroup.Add(1)
go processItems(engine)
go processItems(engine, pluginName)

channels.WaitGroup.Add(1)
go processSecrets()
Expand Down
4 changes: 2 additions & 2 deletions cmd/workers.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,14 +7,14 @@ import (
"github.com/checkmarx/2ms/engine/extra"
)

func processItems(engine *engine.Engine) {
func processItems(engine *engine.Engine, pluginName string) {
defer channels.WaitGroup.Done()

wgItems := &sync.WaitGroup{}
for item := range channels.Items {
report.TotalItemsScanned++
wgItems.Add(1)
go engine.Detect(item, secretsChan, wgItems)
go engine.Detect(item, secretsChan, wgItems, pluginName)
}
wgItems.Wait()
close(secretsChan)
Expand Down
14 changes: 11 additions & 3 deletions engine/engine.go
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,7 @@ func Init(engineConfig EngineConfig) (*Engine, error) {
}, nil
}

func (e *Engine) Detect(item plugins.ISourceItem, secretsChannel chan *secrets.Secret, wg *sync.WaitGroup) {
func (e *Engine) Detect(item plugins.ISourceItem, secretsChannel chan *secrets.Secret, wg *sync.WaitGroup, pluginName string) {
defer wg.Done()

fragment := detect.Fragment{
Expand All @@ -81,13 +81,21 @@ func (e *Engine) Detect(item plugins.ISourceItem, secretsChannel chan *secrets.S
}
for _, value := range e.detector.Detect(fragment) {
itemId := getFindingId(item, value)
var startLine, endLine int
if pluginName == "filesystem" {
startLine = value.StartLine + 1
endLine = value.EndLine + 1
} else {
startLine = value.StartLine
endLine = value.EndLine
}
secret := &secrets.Secret{
ID: itemId,
Source: item.GetSource(),
RuleID: value.RuleID,
StartLine: value.StartLine,
StartLine: startLine,
StartColumn: value.StartColumn,
EndLine: value.EndLine,
EndLine: endLine,
EndColumn: value.EndColumn,
Value: value.Secret,
}
Expand Down
6 changes: 4 additions & 2 deletions engine/engine_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,8 @@ import (
"github.com/checkmarx/2ms/plugins"
)

var fsPlugin = &plugins.FileSystemPlugin{}

func Test_Init(t *testing.T) {
allRules := *rules.FilterRules([]string{}, []string{}, []string{})
specialRule := rules.HardcodedPassword()
Expand Down Expand Up @@ -77,7 +79,7 @@ func TestDetector(t *testing.T) {
secretsChan := make(chan *secrets.Secret, 1)
wg := &sync.WaitGroup{}
wg.Add(1)
detector.Detect(i, secretsChan, wg)
detector.Detect(i, secretsChan, wg, fsPlugin.GetName())
close(secretsChan)

s := <-secretsChan
Expand Down Expand Up @@ -152,7 +154,7 @@ func TestSecrets(t *testing.T) {
secretsChan := make(chan *secrets.Secret, 1)
wg := &sync.WaitGroup{}
wg.Add(1)
detector.Detect(item{content: &secret.Content}, secretsChan, wg)
detector.Detect(item{content: &secret.Content}, secretsChan, wg, fsPlugin.GetName())
close(secretsChan)

s := <-secretsChan
Expand Down
2 changes: 1 addition & 1 deletion lib/reporting/report_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ JPcHeO7M6FohKgcEHX84koQDN98J/L7pFlSoU7WOl6f8BKavIdeSTPS9qQYWdQuT

results := map[string][]*secrets.Secret{}
report := Report{len(results), 1, results}
secret := &secrets.Secret{Source: "bla", StartLine: 0, StartColumn: 0, EndLine: 0, EndColumn: 0, Value: secretValue}
secret := &secrets.Secret{Source: "bla", StartLine: 1, StartColumn: 0, EndLine: 1, EndColumn: 0, Value: secretValue}
source := "directory\\rawStringAsFile.txt"

report.Results[source] = append(report.Results[source], secret)
Expand Down
2 changes: 2 additions & 0 deletions tests/e2e_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,8 @@ func TestIntegration(t *testing.T) {
})

t.Run("confluence: secrets found with validation", func(t *testing.T) {
t.Skip("Skipping confluence test (confluence page is currently private)")

if err := executable.run("confluence", "https://checkmarx.atlassian.net/wiki", "--spaces", "secrets", "--validate"); err == nil {
t.Error("expected error (secrets found), got nil")
}
Expand Down