| skipped 2 lines |
3 | 3 | | import ( |
4 | 4 | | "bytes" |
5 | 5 | | "encoding/json" |
6 | | - | "sort" |
7 | 6 | | |
8 | 7 | | "github.com/bearer/bearer/pkg/classification/db" |
9 | 8 | | "github.com/bearer/bearer/pkg/commands/process/settings" |
| skipped 8 lines |
18 | 17 | | ) |
19 | 18 | | |
20 | 19 | | type Holder struct { |
21 | | - | detectors map[string]detectorHolder // group datatypeHolders by name |
22 | | - | config settings.Config |
23 | | - | isInternal bool |
| 20 | + | detectors map[string]detectorHolder // group detections by detector name |
| 21 | + | config settings.Config |
24 | 22 | | } |
25 | 23 | | |
26 | 24 | | type detectorHolder struct { |
27 | | - | id string |
28 | | - | datatypes map[string]*datatypeHolder // group detectors by detectorName |
| 25 | + | id string |
| 26 | + | files map[string]fileHolder // group detectors by file name |
29 | 27 | | } |
30 | 28 | | |
31 | | - | type datatypeHolder struct { |
32 | | - | name string |
33 | | - | uuid string |
34 | | - | categoryUUID string |
35 | | - | files map[string]map[int]*fileHolder // group files by filename |
| 29 | + | type fileHolder struct { |
| 30 | + | name string |
| 31 | + | lineNumber map[int]lineHolder // group detections by line number |
36 | 32 | | } |
37 | 33 | | |
38 | | - | type fileHolder struct { |
39 | | - | name string |
40 | | - | lineNumber int |
| 34 | + | type lineHolder struct { |
| 35 | + | lineNumber int |
| 36 | + | dataTypeCategory map[string]dataTypeCategoryHolder // group detections by datatype category |
| 37 | + | } |
| 38 | + | |
| 39 | + | type dataTypeCategoryHolder struct { |
| 40 | + | name string |
| 41 | + | isPresence bool |
| 42 | + | dataType map[string]dataTypeHolder |
| 43 | + | } |
| 44 | + | |
| 45 | + | type dataTypeHolder struct { |
41 | 46 | | parent *schema.Parent |
42 | | - | fieldName string |
43 | | - | objectName string |
| 47 | + | content *string |
| 48 | + | fieldName *string |
| 49 | + | objectName *string |
44 | 50 | | subjectName *string |
45 | 51 | | } |
46 | 52 | | |
47 | 53 | | func New(config settings.Config, isInternal bool) *Holder { |
48 | 54 | | return &Holder{ |
49 | | - | detectors: make(map[string]detectorHolder), |
50 | | - | config: config, |
51 | | - | isInternal: isInternal, |
| 55 | + | detectors: make(map[string]detectorHolder), |
| 56 | + | config: config, |
52 | 57 | | } |
53 | 58 | | } |
54 | 59 | | |
55 | 60 | | func (holder *Holder) AddRiskPresence(detection detections.Detection) { |
56 | 61 | | // create entry if it doesn't exist |
57 | 62 | | ruleName := string(detection.DetectorType) |
58 | | - | if _, exists := holder.detectors[ruleName]; !exists { |
59 | | - | holder.detectors[ruleName] = detectorHolder{ |
60 | | - | id: ruleName, |
61 | | - | datatypes: make(map[string]*datatypeHolder), |
62 | | - | } |
63 | | - | } |
64 | | - | |
65 | | - | |
66 | | - | detector := holder.detectors[ruleName] |
67 | | - | |
68 | | - | if _, exists := detector[] |
69 | | - | |
70 | | - | riskLocation := &types.RiskLocation{ |
71 | | - | Filename: detection.Source.Filename, |
72 | | - | LineNumber: *detection.Source.LineNumber, |
73 | | - | } |
74 | | - | |
75 | | - | // add parent information if possible |
| 63 | + | fileName := detection.Source.Filename |
| 64 | + | lineNumber := *detection.Source.LineNumber |
| 65 | + | // can be nil |
76 | 66 | | parent := extractCustomRiskParent(detection.Value) |
77 | | - | if parent != nil { |
78 | | - | riskLocation.Parent = parent |
79 | | - | } |
| 67 | + | var content string |
80 | 68 | | |
81 | 69 | | if detection.DetectorType == detectors.DetectorGitleaks { |
82 | 70 | | value := detection.Value.(map[string]interface{})["description"] |
83 | | - | |
84 | | - | holder.presentRisks[ruleName].Locations = append(holder.presentRisks[ruleName].Locations, types.RiskDetectionLocation{ |
85 | | - | RiskLocation: riskLocation, |
86 | | - | Content: value.(string), |
87 | | - | }) |
| 71 | + | content = value.(string) |
88 | 72 | | } else { |
89 | | - | holder.presentRisks[ruleName].Locations = append(holder.presentRisks[ruleName].Locations, types.RiskDetectionLocation{ |
90 | | - | RiskLocation: riskLocation, |
91 | | - | Content: *detection.Source.Text, |
92 | | - | }) |
| 73 | + | content = *detection.Source.Text |
93 | 74 | | } |
| 75 | + | |
| 76 | + | holder.addDatatype(ruleName, &db.DataType{Name: content}, nil, fileName, lineNumber, schema.Schema{Parent: parent}, true) |
94 | 77 | | } |
95 | 78 | | |
96 | 79 | | func (holder *Holder) AddSchema(detection detections.Detection) error { |
| skipped 15 lines |
112 | 95 | | detection.Source.Filename, |
113 | 96 | | *detection.Source.LineNumber, |
114 | 97 | | schema, |
| 98 | + | false, |
115 | 99 | | ) |
116 | 100 | | } |
117 | 101 | | |
| skipped 1 lines |
119 | 103 | | } |
120 | 104 | | |
121 | 105 | | // addDatatype adds detector to hash list and at the same time blocks duplicates |
122 | | - | func (holder *Holder) addDatatype(ruleName string, datatype *db.DataType, subjectName *string, fileName string, lineNumber int, schema schema.Schema) { |
| 106 | + | func (holder *Holder) addDatatype(ruleName string, datatype *db.DataType, subjectName *string, fileName string, lineNumber int, schema schema.Schema, isPresence bool) { |
123 | 107 | | if datatype == nil { |
124 | 108 | | // FIXME: we end up with empty field Name and no datatype with the new code |
125 | 109 | | // Might be related to the bug with the Unique Identifier classification |
| skipped 3 lines |
129 | 113 | | // create detector entry if it doesn't exist |
130 | 114 | | if _, exists := holder.detectors[ruleName]; !exists { |
131 | 115 | | holder.detectors[ruleName] = detectorHolder{ |
132 | | - | id: ruleName, |
133 | | - | datatypes: make(map[string]*datatypeHolder), |
| 116 | + | id: ruleName, |
| 117 | + | files: make(map[string]fileHolder), |
134 | 118 | | } |
135 | 119 | | } |
136 | 120 | | |
137 | 121 | | detector := holder.detectors[ruleName] |
138 | | - | // create datatype entry if it doesn't exist |
139 | | - | if _, exists := detector.datatypes[datatype.Name]; !exists { |
140 | | - | if holder.isInternal { |
141 | | - | detector.datatypes[datatype.Name] = &datatypeHolder{ |
142 | | - | name: datatype.Name, |
143 | | - | uuid: datatype.UUID, |
144 | | - | categoryUUID: datatype.CategoryUUID, |
145 | | - | files: make(map[string]map[int]*fileHolder), |
146 | | - | } |
147 | | - | } else { |
148 | | - | detector.datatypes[datatype.Name] = &datatypeHolder{ |
149 | | - | name: datatype.Name, |
150 | | - | files: make(map[string]map[int]*fileHolder), |
151 | | - | } |
| 122 | + | // create file entry if it doesn't exist |
| 123 | + | if _, exists := detector.files[fileName]; !exists { |
| 124 | + | detector.files[fileName] = fileHolder{ |
| 125 | + | name: fileName, |
| 126 | + | lineNumber: make(map[int]lineHolder), |
152 | 127 | | } |
153 | 128 | | } |
154 | 129 | | |
155 | | - | detectorDatatype := detector.datatypes[datatype.Name] |
156 | | - | // create file entry if it doesn't exist |
157 | | - | if _, exists := detectorDatatype.files[fileName]; !exists { |
158 | | - | detectorDatatype.files[fileName] = make(map[int]*fileHolder, 0) |
| 130 | + | file := detector.files[fileName] |
| 131 | + | // create line number entry if it doesn't exist |
| 132 | + | if _, exists := file.lineNumber[lineNumber]; !exists { |
| 133 | + | file.lineNumber[lineNumber] = lineHolder{ |
| 134 | + | lineNumber: lineNumber, |
| 135 | + | dataTypeCategory: make(map[string]dataTypeCategoryHolder), |
| 136 | + | } |
| 137 | + | } |
| 138 | + | |
| 139 | + | line := file.lineNumber[lineNumber] |
| 140 | + | // create datatype category entry if it doesn't exist |
| 141 | + | if _, exists := line.dataTypeCategory[datatype.Name]; !exists { |
| 142 | + | line.dataTypeCategory[datatype.Name] = dataTypeCategoryHolder{ |
| 143 | + | name: datatype.Name, |
| 144 | + | isPresence: isPresence, |
| 145 | + | dataType: make(map[string]dataTypeHolder), |
| 146 | + | } |
159 | 147 | | } |
160 | 148 | | |
161 | | - | detectorDatatype.files[fileName][lineNumber] = &fileHolder{ |
162 | | - | name: fileName, |
163 | | - | lineNumber: lineNumber, |
164 | | - | parent: schema.Parent, |
165 | | - | fieldName: schema.FieldName, |
166 | | - | objectName: schema.ObjectName, |
167 | | - | subjectName: subjectName, |
| 149 | + | if isPresence { |
| 150 | + | datatypeCategory := line.dataTypeCategory[datatype.Name] |
| 151 | + | if schema.Parent != nil { |
| 152 | + | datatypeKey := schema.Parent.Content |
| 153 | + | // create datatype if it doesn't exists |
| 154 | + | if _, exists := datatypeCategory.dataType[datatypeKey]; !exists { |
| 155 | + | datatypeCategory.dataType[datatypeKey] = dataTypeHolder{ |
| 156 | + | content: &datatypeKey, |
| 157 | + | } |
| 158 | + | } |
| 159 | + | } |
| 160 | + | } else { |
| 161 | + | datatypeCategory := line.dataTypeCategory[datatype.Name] |
| 162 | + | datatypeKey := schema.FieldName + schema.ObjectName |
| 163 | + | // create datatype if it doesn't exists |
| 164 | + | if _, exists := datatypeCategory.dataType[datatypeKey]; !exists { |
| 165 | + | datatypeCategory.dataType[datatypeKey] = dataTypeHolder{ |
| 166 | + | parent: schema.Parent, |
| 167 | + | fieldName: &schema.FieldName, |
| 168 | + | objectName: &schema.ObjectName, |
| 169 | + | subjectName: subjectName, |
| 170 | + | content: nil, |
| 171 | + | } |
| 172 | + | } |
168 | 173 | | } |
169 | 174 | | } |
170 | 175 | | |
171 | 176 | | func (holder *Holder) ToDataFlow() []interface{} { |
172 | 177 | | data := make([]interface{}, 0) |
173 | 178 | | |
174 | | - | detectors := maputil.ToSortedSlice(holder.detectors) |
| 179 | + | for _, detector := range maputil.ToSortedSlice(holder.detectors) { |
| 180 | + | stored := false |
| 181 | + | if customDetector, isCustomDetector := holder.config.Rules[detector.id]; isCustomDetector { |
| 182 | + | stored = customDetector.Stored |
| 183 | + | } |
175 | 184 | | |
176 | | - | for _, detector := range detectors { |
177 | 185 | | constructedDetector := types.RiskDetector{ |
178 | 186 | | DetectorID: detector.id, |
179 | | - | DataTypes: make([]types.RiskDatatype, 0), |
180 | 187 | | } |
| 188 | + | locations := []types.RiskLocation{} |
181 | 189 | | |
182 | | - | datatypes := maputil.ToSortedSlice(detector.datatypes) |
| 190 | + | for _, file := range maputil.ToSortedSlice(detector.files) { |
183 | 191 | | |
184 | | - | for _, datatype := range datatypes { |
185 | | - | stored := false |
186 | | - | if customDetector, isCustomDetector := holder.config.Rules[detector.id]; isCustomDetector { |
187 | | - | stored = customDetector.Stored |
188 | | - | } |
| 192 | + | for _, line := range maputil.ToSortedSlice(file.lineNumber) { |
| 193 | + | location := types.RiskLocation{ |
| 194 | + | Filename: file.name, |
| 195 | + | LineNumber: line.lineNumber, |
| 196 | + | } |
189 | 197 | | |
190 | | - | constructedDatatype := types.RiskDatatype{ |
191 | | - | Name: datatype.name, |
192 | | - | UUID: datatype.uuid, |
193 | | - | CategoryUUID: datatype.categoryUUID, |
194 | | - | Stored: stored, |
195 | | - | Locations: make([]types.RiskLocation, 0), |
196 | | - | } |
| 198 | + | for _, dataTypeCategory := range maputil.ToSortedSlice(line.dataTypeCategory) { |
| 199 | + | category := types.RiskDatatypeCategory{ |
| 200 | + | Name: dataTypeCategory.name, |
| 201 | + | IsPresence: dataTypeCategory.isPresence, |
| 202 | + | } |
| 203 | + | |
| 204 | + | for _, dataType := range maputil.ToSortedSlice(dataTypeCategory.dataType) { |
| 205 | + | riskDatatype := types.RiskDatatype{ |
| 206 | + | Parent: dataType.parent, |
| 207 | + | SubjectName: dataType.subjectName, |
| 208 | + | Stored: stored, |
| 209 | + | } |
197 | 210 | | |
198 | | - | files := maputil.ToSortedSlice(datatype.files) |
199 | | - | for _, locations := range files { |
200 | | - | sortedLocations := maputil.ToSortedSlice(locations) |
201 | | - | for _, location := range sortedLocations { |
202 | | - | constructedDatatype.Locations = append(constructedDatatype.Locations, types.RiskLocation{ |
203 | | - | Filename: location.name, |
204 | | - | LineNumber: location.lineNumber, |
205 | | - | Parent: location.parent, |
206 | | - | FieldName: location.fieldName, |
207 | | - | ObjectName: location.objectName, |
208 | | - | SubjectName: location.subjectName, |
209 | | - | }) |
| 211 | + | if dataType.content != nil { |
| 212 | + | riskDatatype.Content = *dataType.content |
| 213 | + | } |
| 214 | + | if dataType.fieldName != nil { |
| 215 | + | riskDatatype.FieldName = *dataType.fieldName |
| 216 | + | } |
| 217 | + | if dataType.objectName != nil { |
| 218 | + | riskDatatype.ObjectName = *dataType.objectName |
| 219 | + | } |
| 220 | + | |
| 221 | + | category.DataTypes = append(category.DataTypes, riskDatatype) |
| 222 | + | } |
| 223 | + | |
| 224 | + | location.DataTypeCategories = append(location.DataTypeCategories, category) |
210 | 225 | | } |
| 226 | + | |
| 227 | + | locations = append(locations, location) |
211 | 228 | | } |
212 | | - | constructedDetector.DataTypes = append(constructedDetector.DataTypes, constructedDatatype) |
| 229 | + | |
213 | 230 | | } |
| 231 | + | constructedDetector.Locations = locations |
214 | 232 | | |
215 | 233 | | data = append(data, constructedDetector) |
216 | | - | } |
217 | | - | |
218 | | - | sortedRisks := maputil.ToSortedSlice(holder.presentRisks) |
219 | | - | for _, presentRisk := range sortedRisks { |
220 | | - | sortLocations(presentRisk) |
221 | | - | data = append(data, presentRisk) |
222 | 234 | | } |
223 | 235 | | |
224 | 236 | | return data |
| skipped 19 lines |
244 | 256 | | return &parent |
245 | 257 | | } |
246 | 258 | | |
247 | | - | func sortLocations(risk *types.RiskDetection) { |
248 | | - | sort.Slice(risk.Locations, func(i, j int) bool { |
249 | | - | locationA := risk.Locations[i] |
250 | | - | locationB := risk.Locations[j] |
251 | | - | |
252 | | - | if locationA.Filename < locationB.Filename { |
253 | | - | return true |
254 | | - | } |
255 | | - | if locationA.Filename > locationB.Filename { |
256 | | - | return false |
257 | | - | } |
258 | | - | |
259 | | - | if locationA.LineNumber < locationB.LineNumber { |
260 | | - | return true |
261 | | - | } |
262 | | - | if locationA.LineNumber > locationB.LineNumber { |
263 | | - | return false |
264 | | - | } |
265 | | - | |
266 | | - | if locationA.Parent == nil && locationB.Parent != nil { |
267 | | - | return true |
268 | | - | } |
269 | | - | if locationA.Parent != nil && locationB.Parent == nil { |
270 | | - | return false |
271 | | - | } |
272 | | - | if locationA.Parent != nil { |
273 | | - | if locationA.Parent.LineNumber < locationB.Parent.LineNumber { |
274 | | - | return true |
275 | | - | } |
276 | | - | if locationA.Parent.LineNumber > locationB.Parent.LineNumber { |
277 | | - | return false |
278 | | - | } |
279 | | - | |
280 | | - | if locationA.Parent.Content < locationB.Parent.Content { |
281 | | - | return true |
282 | | - | } |
283 | | - | if locationA.Parent.Content > locationB.Parent.Content { |
284 | | - | return false |
285 | | - | } |
286 | | - | } |
287 | | - | |
288 | | - | return locationA.Content < locationB.Content |
289 | | - | }) |
290 | | - | } |
291 | | - | |