Skip to content

Commit

Permalink
Merge branch 'master' into autofix-report
Browse files Browse the repository at this point in the history
  • Loading branch information
@maitrayshah-cb
maitrayshah-cb committed Dec 14, 2022
2 parents 1da6ed1 + 7308743 commit 42ec461
Show file tree
Hide file tree
Showing 11 changed files with 34 additions and 67 deletions.
2 changes: 1 addition & 1 deletion lib/salus.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@
require 'salus/scanner_types'

module Salus
VERSION = '2.25.0'.freeze
VERSION = '2.26.0'.freeze
DEFAULT_REPO_PATH = './repo'.freeze # This is inside the docker container at /home/repo.
DEFAULT_REPORT_FILTER = 'all'.freeze
NONE_REPORT_FILTER = 'none'.freeze
Expand Down
6 changes: 4 additions & 2 deletions lib/salus/scanners/trufflehog.rb
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
require 'digest'
require 'json'
require 'salus/scanners/base'

Expand Down Expand Up @@ -65,9 +66,10 @@ def run
id = parsed_v['DetectorName'] + '-' + parsed_v['DecoderName']
if !exception_ids.include?(id)
filtered_v = {}
filtered_v['Leaked Credential'] = parsed_v['Raw']
raw_credential = parsed_v['Raw']
filtered_v['SHA256 of Leaked Credential'] = Digest::SHA256.hexdigest(raw_credential)
filtered_v['File'] = parsed_v.dig('SourceMetadata', 'Data', 'Filesystem', 'file')
filtered_v['Line Num'] = line_num(filtered_v['File'], filtered_v['Leaked Credential'])
filtered_v['Line Num'] = line_num(filtered_v['File'], raw_credential)
filtered_v['ID'] = id
filtered_v['Verified'] = parsed_v['Verified']
parsed_vulns.push filtered_v
Expand Down
6 changes: 1 addition & 5 deletions lib/sarif/trufflehog_sarif.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,12 +51,8 @@ def parse_issue(issue)
start_column: 1,
uri: issue['File'],
help_url: @uri,
code: issue['Leaked Credential']
code: issue['SHA256 of Leaked Credential']
}
end

def self.snippet_possibly_in_git_diff?(snippet, lines_added)
lines_added.keys.any? { |newline| newline.include?(snippet) }
end
end
end
2 changes: 1 addition & 1 deletion spec/fixtures/integration/expected_report.json
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{
"version": "2.25.0",
"version": "2.26.0",
"passed": true,
"running_time": 0.0,
"scans": {
Expand Down
2 changes: 1 addition & 1 deletion spec/fixtures/processor/local_uri/expected_report.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -254,5 +254,5 @@
}
}
},
"version": "2.25.0"
"version": "2.26.0"
}
2 changes: 1 addition & 1 deletion spec/fixtures/processor/multiple_endpoints/expected_report.json
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{
"version": "2.25.0",
"version": "2.26.0",
"passed": true,
"running_time": 0.0,
"scans": {
Expand Down
2 changes: 1 addition & 1 deletion spec/fixtures/processor/remote_uri/expected_report.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -254,5 +254,5 @@
}
}
},
"version": "2.25.0"
"version": "2.26.0"
}
2 changes: 1 addition & 1 deletion spec/fixtures/sorted_results/sorted_json.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,5 +81,5 @@
}
}
},
"version": "2.25.0"
"version": "2.26.0"
}
2 changes: 1 addition & 1 deletion spec/fixtures/sorted_results/sorted_yaml.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,4 +49,4 @@
col: 1
line: 3
:type: Syntax error
:version: 2.25.0
:version: 2.26.0
28 changes: 13 additions & 15 deletions spec/lib/salus/scanners/trufflehog_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,26 +49,25 @@

report_h = scanner.report.to_h
expect(report_h[:passed]).to eq(false)
expected_log0 = { "Leaked Credential" => "216ce860c78081b83f255cad4d032361677"\
"e4aea87dacecd387e62505e1e4a50dd947b"\
"3ce9166b70d8b9aaa45215c1b512c518b53"\
"84e5067ee7d29011da0efb4",
expected_log0 = { "SHA256 of Leaked Credential" => "2d00fc02b2d554da2a58feb7bac"\
"53673126f5c10f7c0a718e49e63"\
"5c489bf505",
"File" => "logins.txt",
"Line Num" => 2,
"ID" => "FlatIO-PLAIN",
"Verified" => false }
expected_log1 = { "Leaked Credential" => "jdbc:postgresql://localhost:5432/test?user=test"\
"&password=ABCD&loggerLevel=DEBUG&&&"\
"loggerFile=./blah.jsp",
expected_log1 = { "SHA256 of Leaked Credential" => "e364ca3424d2454bc630a574e16"\
"9102b6d6be06189a2038badb969"\
"cf47755abe",
"File" => "url.txt",
"Line Num" => 1,
"ID" => "JDBC-PLAIN",
"Verified" => false }
expected_log2 = { "Leaked Credential" => "jdbc:postgresql://localhost:2345/test?user=test"\
"&password=DCBA&loggerLevel=DEBUG&&&"\
"loggerFile=./blah.jsp",
expected_log2 = { "SHA256 of Leaked Credential" => "8f839fbea674797911361d91124"\
"50478e280b982321c22363ca7a7"\
"4f36a4bbd6",
"File" => "url.txt",
"Line Num" => 2,
"Line Num" => 2,
"ID" => "JDBC-PLAIN",
"Verified" => false }
logs = JSON.parse(report_h[:logs])
Expand All @@ -93,10 +92,9 @@

report_h = scanner.report.to_h
expect(report_h[:passed]).to eq(false)
expected_log0 = { "Leaked Credential" => "216ce860c78081b83f255cad4d032361677"\
"e4aea87dacecd387e62505e1e4a50dd947b"\
"3ce9166b70d8b9aaa45215c1b512c518b53"\
"84e5067ee7d29011da0efb4",
expected_log0 = { "SHA256 of Leaked Credential" => "2d00fc02b2d554da2a58feb7"\
"bac53673126f5c10f7c0a718"\
"e49e635c489bf505",
"File" => "logins.txt",
"Line Num" => 2,
"ID" => "FlatIO-PLAIN",
Expand Down
47 changes: 9 additions & 38 deletions spec/lib/sarif/trufflehog_sarif_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,12 +20,9 @@
"artifactLocation" => { "uri" => "logins.txt",
"uriBaseId" => "%SRCROOT%" },
"region" => { "snippet" => { "text" =>
"216ce860c78081b83f255ca"\
"d4d032361677e4aea87dace"\
"cd387e62505e1e4a50dd947"\
"b3ce9166b70d8b9aaa45215"\
"c1b512c518b5384e5067ee7"\
"d29011da0efb4" },
"2d00fc02b2d554da2a58feb7bac"\
"53673126f5c10f7c0a718e49e63"\
"5c489bf505" },
"startColumn" => 1, "startLine" => 2 }
} }],
"message" => { "text" => "Leaked credential detected" },
Expand All @@ -36,10 +33,9 @@
"artifactLocation" => { "uri" => "url.txt",
"uriBaseId" => "%SRCROOT%" },
"region" => { "snippet" => { "text" =>
"jdbc:postgresql://localhost:2345/"\
"test?user=test&password=DCBA&"\
"loggerLevel=DEBUG&&&"\
"loggerFile=./blah.jsp" },
"8f839fbea674797911361d91124"\
"50478e280b982321c22363ca7a7"\
"4f36a4bbd6" },
"startColumn" => 1, "startLine" => 2 }
} }],
"message" => { "text" => "Leaked credential detected" },
Expand All @@ -50,10 +46,9 @@
"artifactLocation" => { "uri" => "url.txt",
"uriBaseId" => "%SRCROOT%" },
"region" => { "snippet" => { "text" =>
"jdbc:postgresql://localhost:5432/"\
"test?user=test&password=ABCD&"\
"loggerLevel=DEBUG&&&"\
"loggerFile=./blah.jsp" },
"e364ca3424d2454bc630a574e16"\
"9102b6d6be06189a2038badb969"\
"cf47755abe" },
"startColumn" => 1, "startLine" => 1 }
} }],
"message" => { "text" => "Leaked credential detected" },
Expand All @@ -74,28 +69,4 @@
end
end
end

describe 'sarif diff' do
context 'git diff support' do
let(:new_lines_in_git_diff) do
git_diff_file = 'spec/fixtures/sarifs/diff/git_diff_10.txt'
git_diff = File.read(git_diff_file)
Sarif::BaseSarif.new_lines_in_git_diff(git_diff)
end

it 'should find code in git diff' do
snippet = 'jdbc:postgresql://localhost:2345/test?user=test&'\
'password=DCBA&loggerLevel=DEBUG&&&loggerFile=./blah.jsp'
r = Sarif::TrufflehogSarif.snippet_possibly_in_git_diff?(snippet, new_lines_in_git_diff)
expect(r).to be true
end

it 'should not find code in git diff if snippet not in git diff' do
snippet = 'jdbc:postgresql://localhost:80/test?user=test&'\
'password=abcd&loggerLevel=DEBUG&&&loggerFile=./blah.jsp'
r = Sarif::TrufflehogSarif.snippet_possibly_in_git_diff?(snippet, new_lines_in_git_diff)
expect(r).to be false
end
end
end
end

0 comments on commit 42ec461

Please sign in to comment.