From 67e566dcd24f79738c3757aaa36744949479a248 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Fabianski?= Date: Fri, 20 Dec 2024 16:06:43 +0100 Subject: [PATCH] fix: make full string --- pkg/report/output/dataflow/risks/risks.go | 4 +- pkg/report/schema/datatype/datatype.go | 2 +- pkg/report/schema/schema.go | 10 ++-- .../detectors/customrule/filters/filters.go | 47 ++++++++--------- .../customrule/filters/filters_test.go | 52 +++++++++---------- .../detectors/customrule/types/types.go | 2 +- pkg/scanner/scanner.go | 14 ++--- 7 files changed, 60 insertions(+), 71 deletions(-) diff --git a/pkg/report/output/dataflow/risks/risks.go b/pkg/report/output/dataflow/risks/risks.go index 5d44fca0c..ac95b3459 100644 --- a/pkg/report/output/dataflow/risks/risks.go +++ b/pkg/report/output/dataflow/risks/risks.go @@ -85,7 +85,7 @@ func (holder *Holder) AddRiskPresence(detection detections.Detection) { StartColumnNumber: *detection.Source.StartColumnNumber, EndLineNumber: *detection.Source.EndLineNumber, EndColumnNumber: *detection.Source.EndColumnNumber, - Content: &content, + Content: content, } } else { // parent can be nil @@ -195,7 +195,7 @@ func (holder *Holder) addDatatype( // create datatype source entry if it doesn't exist sourceKey := "undefined_source" if schema.Source != nil { - sourceKey = *schema.Source.Content + sourceKey = schema.Source.Content } if _, exists := line.source[sourceKey]; !exists { diff --git a/pkg/report/schema/datatype/datatype.go b/pkg/report/schema/datatype/datatype.go index d99c03c01..5f0ecb04e 100644 --- a/pkg/report/schema/datatype/datatype.go +++ b/pkg/report/schema/datatype/datatype.go @@ -213,7 +213,7 @@ func dataTypeToSchema[D DataTypable](report detections.ReportDetection, detectio if parent != nil { parentContent := parent.Content() sourceSchema = &schema.Source{ - Content: &parentContent, + Content: parentContent, StartLineNumber: parent.StartLineNumber(), StartColumnNumber: parent.StartColumnNumber(), EndLineNumber: parent.EndLineNumber(), diff --git a/pkg/report/schema/schema.go b/pkg/report/schema/schema.go index ca9354cac..9d99d14d8 100644 --- a/pkg/report/schema/schema.go +++ b/pkg/report/schema/schema.go @@ -33,11 +33,11 @@ type Schema struct { type Source struct { // This is the starting line number, the very beginning of what's used by the custom detection - StartLineNumber int `json:"start_line_number,omitempty" yaml:"start_line_number,omitempty"` - StartColumnNumber int `json:"start_column_number,omitempty" yaml:"start_column_number,omitempty"` - EndLineNumber int `json:"end_line_number,omitempty" yaml:"end_line_number,omitempty"` - EndColumnNumber int `json:"end_column_number,omitempty" yaml:"end_column_number,omitempty"` - Content *string `json:"content,omitempty" yaml:"content,omitempty"` + StartLineNumber int `json:"start_line_number,omitempty" yaml:"start_line_number,omitempty"` + StartColumnNumber int `json:"start_column_number,omitempty" yaml:"start_column_number,omitempty"` + EndLineNumber int `json:"end_line_number,omitempty" yaml:"end_line_number,omitempty"` + EndColumnNumber int `json:"end_column_number,omitempty" yaml:"end_column_number,omitempty"` + Content string `json:"content,omitempty" yaml:"content,omitempty"` } type ReportSchema interface { diff --git a/pkg/scanner/detectors/customrule/filters/filters.go b/pkg/scanner/detectors/customrule/filters/filters.go index a520b8049..670d5c8fb 100644 --- a/pkg/scanner/detectors/customrule/filters/filters.go +++ b/pkg/scanner/detectors/customrule/filters/filters.go @@ -29,10 +29,10 @@ func NewResult(matches ...Match) *Result { type Match struct { variables variableshape.Values datatypeDetections []*detectortypes.Detection - value *string + value string } -func NewMatch(variables variableshape.Values, valueStr *string, datatypeDetections []*detectortypes.Detection) Match { +func NewMatch(variables variableshape.Values, valueStr string, datatypeDetections []*detectortypes.Detection) Match { return Match{variables: variables, value: valueStr, datatypeDetections: datatypeDetections} } @@ -44,7 +44,7 @@ func (match *Match) Variables() variableshape.Values { return match.variables } -func (match *Match) Value() *string { +func (match *Match) Value() string { return match.value } @@ -83,7 +83,7 @@ func (filter *Not) Evaluate( log.Trace().Msgf("filters.Not: %t", result) } - return boolResult(patternVariables, result, nil), nil + return boolResult(patternVariables, result, ""), nil } type Either struct { @@ -130,7 +130,7 @@ func (filter *All) Evaluate( if len(filter.Children) == 0 { log.Trace().Msg("filters.All: true (no children)") - return boolResult(patternVariables, true, nil), nil + return boolResult(patternVariables, true, ""), nil } for i, child := range filter.Children { @@ -168,12 +168,7 @@ func (filter *All) joinMatches(matches, childMatches []Match) []Match { for _, childMatch := range childMatches { if variables, variablesMatch := match.variables.Merge(childMatch.variables); variablesMatch { value := match.Value() - - if value != nil { - *value += *childMatch.Value() - } else { - value = childMatch.Value() - } + value += childMatch.Value() result = append(result, NewMatch( variables, @@ -196,7 +191,7 @@ func (filter *FilenameRegex) Evaluate( detectorContext detectortypes.Context, patternVariables variableshape.Values, ) (*Result, error) { - return boolResult(patternVariables, filter.Regex.MatchString(detectorContext.Filename()), nil), nil + return boolResult(patternVariables, filter.Regex.MatchString(detectorContext.Filename()), ""), nil } type ImportedVariable struct { @@ -232,7 +227,7 @@ func (filter *Rule) Evaluate( if filter.IsDatatypeRule { log.Trace().Msg("filters.Rule: match (datatype)") - return NewResult(NewMatch(patternVariables, nil, detections)), nil + return NewResult(NewMatch(patternVariables, "", detections)), nil } if log.Trace().Enabled() { @@ -285,7 +280,7 @@ func (filter *Rule) Evaluate( for _, detectionMatch := range subResult.matches { if variables, variablesMatch := filter.importVariables(patternVariables, detectionMatch.variables); variablesMatch { matched = true - matches = append(matches, NewMatch(variables, nil, detectionMatch.datatypeDetections)) + matches = append(matches, NewMatch(variables, "", detectionMatch.datatypeDetections)) } } @@ -302,7 +297,7 @@ func (filter *Rule) Evaluate( } if hasPatternVariableMatch { - matches = append(matches, NewMatch(patternVariables, nil, datatypeDetections)) + matches = append(matches, NewMatch(patternVariables, "", datatypeDetections)) } return NewResult(matches...), nil @@ -343,7 +338,7 @@ func (filter *Values) Evaluate( patternVariables variableshape.Values, ) (*Result, error) { node := patternVariables.Node(filter.Variable) - return boolResult(patternVariables, slices.Contains(filter.Values, node.Content()), nil), nil + return boolResult(patternVariables, slices.Contains(filter.Values, node.Content()), ""), nil } type Regex struct { @@ -368,7 +363,7 @@ func (filter *Regex) Evaluate( ) } - return boolResult(patternVariables, result, nil), nil + return boolResult(patternVariables, result, ""), nil } type StringLengthLessThan struct { @@ -386,7 +381,7 @@ func (filter *StringLengthLessThan) Evaluate( return nil, err } - return boolResult(patternVariables, len(value) < filter.Value, nil), nil + return boolResult(patternVariables, len(value) < filter.Value, ""), nil } type StringRegex struct { @@ -423,7 +418,7 @@ func (filter *StringRegex) Evaluate( ) } - return boolResult(patternVariables, result, &value), nil + return boolResult(patternVariables, result, value), nil } type EntropyGreaterThan struct { @@ -462,7 +457,7 @@ func (filter *EntropyGreaterThan) Evaluate( ) } - return boolResult(patternVariables, result, nil), nil + return boolResult(patternVariables, result, ""), nil } type IntegerLessThan struct { @@ -480,7 +475,7 @@ func (filter *IntegerLessThan) Evaluate( return nil, err } - return boolResult(patternVariables, value < filter.Value, nil), nil + return boolResult(patternVariables, value < filter.Value, ""), nil } type IntegerLessThanOrEqual struct { @@ -498,7 +493,7 @@ func (filter *IntegerLessThanOrEqual) Evaluate( return nil, err } - return boolResult(patternVariables, value <= filter.Value, nil), nil + return boolResult(patternVariables, value <= filter.Value, ""), nil } type IntegerGreaterThan struct { @@ -516,7 +511,7 @@ func (filter *IntegerGreaterThan) Evaluate( return nil, err } - return boolResult(patternVariables, value > filter.Value, nil), nil + return boolResult(patternVariables, value > filter.Value, ""), nil } type IntegerGreaterThanOrEqual struct { @@ -534,7 +529,7 @@ func (filter *IntegerGreaterThanOrEqual) Evaluate( return nil, err } - return boolResult(patternVariables, value >= filter.Value, nil), nil + return boolResult(patternVariables, value >= filter.Value, ""), nil } type Unknown struct{} @@ -567,11 +562,11 @@ func parseInteger(node *tree.Node) (int, bool, error) { return value, true, nil } -func boolResult(patternVariables variableshape.Values, value bool, valueStr *string) *Result { +func boolResult(patternVariables variableshape.Values, value bool, valueStr string) *Result { return NewResult(boolMatches(patternVariables, value, valueStr)...) } -func boolMatches(patternVariables variableshape.Values, value bool, valueStr *string) []Match { +func boolMatches(patternVariables variableshape.Values, value bool, valueStr string) []Match { if value { return []Match{NewMatch(patternVariables, valueStr, nil)} } else { diff --git a/pkg/scanner/detectors/customrule/filters/filters_test.go b/pkg/scanner/detectors/customrule/filters/filters_test.go index 377ebbaa5..72cbb3fb4 100644 --- a/pkg/scanner/detectors/customrule/filters/filters_test.go +++ b/pkg/scanner/detectors/customrule/filters/filters_test.go @@ -69,7 +69,7 @@ var _ = Describe("Not", func() { When("the child filter has a match", func() { BeforeEach(func(ctx SpecContext) { filter = &filters.Not{ - Child: &MockFilter{result: filters.NewResult(filters.NewMatch(nil, nil, nil))}, + Child: &MockFilter{result: filters.NewResult(filters.NewMatch(nil, "", nil))}, } }) @@ -87,7 +87,7 @@ var _ = Describe("Not", func() { It("returns a result with a match using the pattern variables", func(ctx SpecContext) { Expect(filter.Evaluate(defaultDetectorContext, patternVariables)).To(Equal( - filters.NewResult(filters.NewMatch(patternVariables, nil, nil)), + filters.NewResult(filters.NewMatch(patternVariables, "", nil)), )) }) }) @@ -110,9 +110,9 @@ var _ = Describe("Either", func() { patternVariables := []*tree.Node{{ID: 42}} When("there are child filter matches", func() { - match1 := filters.NewMatch([]*tree.Node{{ID: 1}}, nil, nil) - match2 := filters.NewMatch([]*tree.Node{{ID: 2}}, nil, nil) - match3 := filters.NewMatch([]*tree.Node{{ID: 3}}, nil, nil) + match1 := filters.NewMatch([]*tree.Node{{ID: 1}}, "", nil) + match2 := filters.NewMatch([]*tree.Node{{ID: 2}}, "", nil) + match3 := filters.NewMatch([]*tree.Node{{ID: 3}}, "", nil) BeforeEach(func(ctx SpecContext) { filter = &filters.Either{ @@ -193,12 +193,12 @@ var _ = Describe("All", func() { nodes = parseNodes(ctx, []string{"n1", "n2", "n3", "n4", "n5", "n6", "n7", "n8"}) patternVariables = []*tree.Node{nodes[0], nil, nil, nil} - match1 = filters.NewMatch([]*tree.Node{nodes[0], nil, nil, nil}, nil, []*detectortypes.Detection{datatype1}) - match2 = filters.NewMatch([]*tree.Node{nil, nodes[2], nodes[4], nil}, nil, []*detectortypes.Detection{datatype2}) - match3 = filters.NewMatch([]*tree.Node{nil, nodes[3], nodes[5], nil}, nil, []*detectortypes.Detection{datatype3}) - match4 = filters.NewMatch([]*tree.Node{nodes[0], nodes[3], nil, nodes[6]}, nil, []*detectortypes.Detection{datatype4}) - match5 = filters.NewMatch([]*tree.Node{nodes[0], nodes[3], nil, nodes[7]}, nil, []*detectortypes.Detection{datatype5}) - discordantMatch = filters.NewMatch([]*tree.Node{nodes[1], nil, nil, nil}, nil, []*detectortypes.Detection{discordantDatatype}) + match1 = filters.NewMatch([]*tree.Node{nodes[0], nil, nil, nil}, "", []*detectortypes.Detection{datatype1}) + match2 = filters.NewMatch([]*tree.Node{nil, nodes[2], nodes[4], nil}, "", []*detectortypes.Detection{datatype2}) + match3 = filters.NewMatch([]*tree.Node{nil, nodes[3], nodes[5], nil}, "", []*detectortypes.Detection{datatype3}) + match4 = filters.NewMatch([]*tree.Node{nodes[0], nodes[3], nil, nodes[6]}, "", []*detectortypes.Detection{datatype4}) + match5 = filters.NewMatch([]*tree.Node{nodes[0], nodes[3], nil, nodes[7]}, "", []*detectortypes.Detection{datatype5}) + discordantMatch = filters.NewMatch([]*tree.Node{nodes[1], nil, nil, nil}, "", []*detectortypes.Detection{discordantDatatype}) }) When("there is a single child filter with matches", func() { @@ -238,12 +238,12 @@ var _ = Describe("All", func() { Expect(result.Matches()).To(ContainElements( filters.NewMatch( []*tree.Node{nodes[0], nodes[3], nodes[5], nodes[6]}, - nil, + "", []*detectortypes.Detection{datatype1, datatype3, datatype4}, ), filters.NewMatch( []*tree.Node{nodes[0], nodes[3], nodes[5], nodes[7]}, - nil, + "", []*detectortypes.Detection{datatype1, datatype3, datatype5}, ), )) @@ -291,7 +291,7 @@ var _ = Describe("All", func() { It("returns a result with a single match using the pattern variables", func(ctx SpecContext) { Expect(filter.Evaluate(defaultDetectorContext, patternVariables)).To(Equal( - filters.NewResult(filters.NewMatch(patternVariables, nil, nil)), + filters.NewResult(filters.NewMatch(patternVariables, "", nil)), )) }) }) @@ -308,7 +308,7 @@ var _ = Describe("FilenameRegex", func() { It("returns a result with a match using the pattern variables", func(ctx SpecContext) { Expect(filter.Evaluate(defaultDetectorContext, patternVariables)).To(Equal( - filters.NewResult(filters.NewMatch(patternVariables, nil, nil)), + filters.NewResult(filters.NewMatch(patternVariables, "", nil)), )) }) }) @@ -343,7 +343,7 @@ var _ = Describe("Values", func() { It("returns a result with a match using the pattern variables", func(ctx SpecContext) { Expect(filter.Evaluate(defaultDetectorContext, patternVariables)).To(Equal( - filters.NewResult(filters.NewMatch(patternVariables, nil, nil)), + filters.NewResult(filters.NewMatch(patternVariables, "", nil)), )) }) }) @@ -375,7 +375,7 @@ var _ = Describe("Regex", func() { It("returns a result with a match using the pattern variables", func(ctx SpecContext) { Expect(filter.Evaluate(defaultDetectorContext, patternVariables)).To(Equal( - filters.NewResult(filters.NewMatch(patternVariables, nil, nil)), + filters.NewResult(filters.NewMatch(patternVariables, "", nil)), )) }) }) @@ -409,7 +409,7 @@ var _ = Describe("StringLengthLessThan", func() { It("returns a result with a match using the pattern variables", func(ctx SpecContext) { Expect(filter.Evaluate(detectorContext, patternVariables)).To(Equal( - filters.NewResult(filters.NewMatch(patternVariables, nil, nil)), + filters.NewResult(filters.NewMatch(patternVariables, "", nil)), )) }) }) @@ -454,7 +454,7 @@ var _ = Describe("StringRegex", func() { It("returns a result with a match using the pattern variables", func(ctx SpecContext) { Expect(filter.Evaluate(detectorContext, patternVariables)).To(Equal( - filters.NewResult(filters.NewMatch(patternVariables, pointers.String("foo"), nil)), + filters.NewResult(filters.NewMatch(patternVariables, "foo", nil)), )) }) }) @@ -500,7 +500,7 @@ var _ = Describe("EntropyGreaterThan", func() { It("returns a result with a match using the pattern variables", func(ctx SpecContext) { Expect(filter.Evaluate(detectorContext, patternVariables)).To(Equal( - filters.NewResult(filters.NewMatch(patternVariables, nil, nil)), + filters.NewResult(filters.NewMatch(patternVariables, "", nil)), )) }) }) @@ -543,7 +543,7 @@ var _ = Describe("IntegerLessThan", func() { It("returns a result with a match using the pattern variables", func(ctx SpecContext) { Expect(filter.Evaluate(defaultDetectorContext, patternVariables)).To(Equal( - filters.NewResult(filters.NewMatch(patternVariables, nil, nil)), + filters.NewResult(filters.NewMatch(patternVariables, "", nil)), )) }) }) @@ -586,7 +586,7 @@ var _ = Describe("IntegerLessThanOrEqual", func() { It("returns a result with a match using the pattern variables", func(ctx SpecContext) { Expect(filter.Evaluate(defaultDetectorContext, patternVariables)).To(Equal( - filters.NewResult(filters.NewMatch(patternVariables, nil, nil)), + filters.NewResult(filters.NewMatch(patternVariables, "", nil)), )) }) @@ -598,7 +598,7 @@ var _ = Describe("IntegerLessThanOrEqual", func() { It("returns a result with a match using the pattern variables", func(ctx SpecContext) { Expect(filter.Evaluate(defaultDetectorContext, patternVariables)).To(Equal( - filters.NewResult(filters.NewMatch(patternVariables, nil, nil)), + filters.NewResult(filters.NewMatch(patternVariables, "", nil)), )) }) }) @@ -641,7 +641,7 @@ var _ = Describe("IntegerGreaterThan", func() { It("returns a result with a match using the pattern variables", func(ctx SpecContext) { Expect(filter.Evaluate(defaultDetectorContext, patternVariables)).To(Equal( - filters.NewResult(filters.NewMatch(patternVariables, nil, nil)), + filters.NewResult(filters.NewMatch(patternVariables, "", nil)), )) }) }) @@ -684,7 +684,7 @@ var _ = Describe("IntegerGreaterThanOrEqual", func() { It("returns a result with a match using the pattern variables", func(ctx SpecContext) { Expect(filter.Evaluate(defaultDetectorContext, patternVariables)).To(Equal( - filters.NewResult(filters.NewMatch(patternVariables, nil, nil)), + filters.NewResult(filters.NewMatch(patternVariables, "", nil)), )) }) }) @@ -696,7 +696,7 @@ var _ = Describe("IntegerGreaterThanOrEqual", func() { It("returns a result with a match using the pattern variables", func(ctx SpecContext) { Expect(filter.Evaluate(defaultDetectorContext, patternVariables)).To(Equal( - filters.NewResult(filters.NewMatch(patternVariables, nil, nil)), + filters.NewResult(filters.NewMatch(patternVariables, "", nil)), )) }) }) diff --git a/pkg/scanner/detectors/customrule/types/types.go b/pkg/scanner/detectors/customrule/types/types.go index 5a0fc77ac..f2de5b998 100644 --- a/pkg/scanner/detectors/customrule/types/types.go +++ b/pkg/scanner/detectors/customrule/types/types.go @@ -9,5 +9,5 @@ type Data struct { Pattern string Datatypes []*detectortypes.Detection Variables variableshape.Values - Value *string + Value string } diff --git a/pkg/scanner/scanner.go b/pkg/scanner/scanner.go index b5e584ccd..2ec161a36 100644 --- a/pkg/scanner/scanner.go +++ b/pkg/scanner/scanner.go @@ -83,7 +83,7 @@ func (scanner *Scanner) Scan( EndLineNumber: detection.MatchNode.ContentEnd.Line, StartColumnNumber: detection.MatchNode.ContentStart.Column, EndColumnNumber: detection.MatchNode.ContentEnd.Column, - Content: &value, + Content: value, }) } @@ -92,12 +92,6 @@ func (scanner *Scanner) Scan( data := detection.Data.(customruletypes.Data) if len(data.Datatypes) == 0 { - var value = "" - - if data.Value != nil { - value = *data.Value - } - report.AddDetection(reportdetections.TypeCustomRisk, detectorType, source.New( @@ -107,14 +101,14 @@ func (scanner *Scanner) Scan( detection.MatchNode.ContentStart.Column, detection.MatchNode.ContentEnd.Line, detection.MatchNode.ContentEnd.Column, - value, + data.Value, ), reportschema.Source{ StartLineNumber: detection.MatchNode.ContentStart.Line, EndLineNumber: detection.MatchNode.ContentEnd.Line, StartColumnNumber: detection.MatchNode.ContentStart.Column, EndColumnNumber: detection.MatchNode.ContentEnd.Column, - Content: &value, + Content: data.Value, }) } @@ -170,7 +164,7 @@ func reportDatatypeDetection( EndLineNumber: detection.MatchNode.ContentEnd.Line, StartColumnNumber: detection.MatchNode.ContentStart.Column, EndColumnNumber: detection.MatchNode.ContentEnd.Column, - Content: &detectionContent, + Content: detectionContent, }, }, )