Skip to content

Commit

Permalink
docs(rules): show documentation for built in gitleaks rule
Browse files Browse the repository at this point in the history
  • Loading branch information
gotbadger committed Feb 29, 2024
1 parent 572151f commit 9b3cde9
Show file tree
Hide file tree
Showing 5 changed files with 35 additions and 4 deletions.
7 changes: 7 additions & 0 deletions docs/.eleventy.js
Original file line number Diff line number Diff line change
Expand Up @@ -116,6 +116,13 @@ module.exports = function (eleventyConfig) {
arr.sort((a, b) => (a.metadata.id > b.metadata.id ? 1 : -1))
return arr
})
eleventyConfig.addFilter("removeGitleaks", (arr) => {
return arr.filter(
(value) => {
value.metadata.id == "gitleaks"
}
)
})
eleventyConfig.addFilter("setAttribute", (obj, key, value) => {
obj[key] = value
return obj
Expand Down
8 changes: 7 additions & 1 deletion docs/_data/rules.js
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ const gitly = require("gitly")
const source = "bearer/bearer-rules"
const rulesPath = "_tmp/rules-data"
const excludeDirectories = [".github", "scripts"]
const gitleaksInternalRule = "../internal/commands/process/settings/built_in_rules/third_party/gitleaks/secret_detection.yml"

const counts = {
languages: {},
Expand Down Expand Up @@ -77,6 +78,8 @@ async function fetchRelease() {
async function fetchData(location) {
const rules = []
const dirs = await readdir(location)
const gitleaks = await fetchFile(gitleaksInternalRule, "/")
rules.push(gitleaks)
// ex: looping through rules [ruby, gitleaks, sql]
dirs.forEach(async (dir) => {
const dirPath = path.join(location, dir)
Expand Down Expand Up @@ -147,7 +150,10 @@ async function fetchFile(location, breadcrumb) {
lang = subdir[subdir.length - 3]
}

updateCounts(lang, framework, out.metadata.id)
if(subdir && lang){
updateCounts(lang, framework, out.metadata.id)
}

if (out.metadata.cwe_id) {
out.metadata.cwe_id.forEach((i) => {
if (cweList[i] && cweList[i].owasp) {
Expand Down
19 changes: 18 additions & 1 deletion docs/reference/rule-pages.njk
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,11 @@ eleventyComputed:
{% endif %}
<li>
<strong>Source:</strong>
{% if rule.metadata.id == "gitleaks" %}
N/A
{% else %}
<a class="text-main dark:text-main-300 hover:underline" href="https://github.com/bearer/bearer-rules/blob/main/rules/{{rule.location}}.yml">{{rule.name}}.yml</a>
{% endif %}
</li>
</ul>
{% renderTemplate 'liquid,md',
Expand Down Expand Up @@ -60,7 +64,7 @@ rule.metadata %}
</ul>
{% endif %}
{% endif %}

{% if rule.metadata.id != "gitleaks" %}
{% renderTemplate "liquid,md",
rule.metadata %}
## Configuration
Expand All @@ -75,3 +79,16 @@ rule.metadata %}
bearer scan /path/to/your-project/ --only-rule={{id}}
```
{% endrenderTemplate %}
{% else %}
{% renderTemplate "liquid,md",
rule.metadata %}
## Configuration

This is a built in rule that represents findings from the secrets scanner.

To enable this during a scan, use the following flag
```shell
bearer scan /path/to/your-project/ --scanner=secrets,sast
```
{% endrenderTemplate %}
{% endif %}
2 changes: 1 addition & 1 deletion docs/rules.csv.njk
Original file line number Diff line number Diff line change
Expand Up @@ -5,5 +5,5 @@ layout: false
---

Language; Rule Title; Rule ID; Framework; CWE; Doc
{% for rule in rules.rules | sortById %}{{ rule.languages | join(", ")}}; {{ rule.metadata.description | safe }}; {{ rule.metadata.id }} ;{{ rule.framework }}; {{ rule.metadata.cwe_id | join(", ")}}; {{ rule.metadata.documentation_url }}
{% for rule in rules.rules | sortById | removeGitleaks %}{{ rule.languages | join(", ")}}; {{ rule.metadata.description | safe }}; {{ rule.metadata.id }} ;{{ rule.framework }}; {{ rule.metadata.cwe_id | join(", ")}}; {{ rule.metadata.documentation_url }}
{% endfor %}
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ metadata:
remediation_message: |
## Description
Hard-coding secrets in a project opens them up to leakage. This rule checks for common secret types such as keys, tokens, and passwords using the popular Gitleaks library and ensures they aren't hard-coded.
Hard-coding secrets in a project opens them up to leakage. This rule checks for common secret types such as keys, tokens, and passwords using the popular Gitleaks library and ensures they aren't hard-coded. This rule is part of the secrets scanner and language agnostic.
## Remediations
Expand All @@ -17,3 +17,4 @@ metadata:
cwe_id:
- 798
id: gitleaks
documentation_url: https://docs.bearer.com/reference/rules/gitleaks

0 comments on commit 9b3cde9

Please sign in to comment.