From 9b3cde986ab167d81fff802c55db90f313766554 Mon Sep 17 00:00:00 2001
From: gotbadger <p.j.h@hey.com>
Date: Thu, 29 Feb 2024 11:23:44 +0000
Subject: [PATCH] docs(rules): show documentation for built in gitleaks rule

---
 docs/.eleventy.js                             |  7 +++++++
 docs/_data/rules.js                           |  8 +++++++-
 docs/reference/rule-pages.njk                 | 19 ++++++++++++++++++-
 docs/rules.csv.njk                            |  2 +-
 .../third_party/gitleaks/secret_detection.yml |  3 ++-
 5 files changed, 35 insertions(+), 4 deletions(-)

diff --git a/docs/.eleventy.js b/docs/.eleventy.js
index 6c27d79e5..991b713c7 100644
--- a/docs/.eleventy.js
+++ b/docs/.eleventy.js
@@ -116,6 +116,13 @@ module.exports = function (eleventyConfig) {
     arr.sort((a, b) => (a.metadata.id > b.metadata.id ? 1 : -1))
     return arr
   })
+  eleventyConfig.addFilter("removeGitleaks", (arr) => {
+    return arr.filter(
+      (value) => {
+        value.metadata.id == "gitleaks"
+      }
+    )
+  })
   eleventyConfig.addFilter("setAttribute", (obj, key, value) => {
     obj[key] = value
     return obj
diff --git a/docs/_data/rules.js b/docs/_data/rules.js
index da06e1382..cf55977ed 100644
--- a/docs/_data/rules.js
+++ b/docs/_data/rules.js
@@ -8,6 +8,7 @@ const gitly = require("gitly")
 const source = "bearer/bearer-rules"
 const rulesPath = "_tmp/rules-data"
 const excludeDirectories = [".github", "scripts"]
+const gitleaksInternalRule = "../internal/commands/process/settings/built_in_rules/third_party/gitleaks/secret_detection.yml"
 
 const counts = {
   languages: {},
@@ -77,6 +78,8 @@ async function fetchRelease() {
 async function fetchData(location) {
   const rules = []
   const dirs = await readdir(location)
+  const gitleaks = await fetchFile(gitleaksInternalRule, "/")
+  rules.push(gitleaks)
   // ex: looping through rules [ruby, gitleaks, sql]
   dirs.forEach(async (dir) => {
     const dirPath = path.join(location, dir)
@@ -147,7 +150,10 @@ async function fetchFile(location, breadcrumb) {
       lang = subdir[subdir.length - 3]
     }
 
-    updateCounts(lang, framework, out.metadata.id)
+    if(subdir && lang){
+      updateCounts(lang, framework, out.metadata.id)
+    }
+
     if (out.metadata.cwe_id) {
       out.metadata.cwe_id.forEach((i) => {
         if (cweList[i] && cweList[i].owasp) {
diff --git a/docs/reference/rule-pages.njk b/docs/reference/rule-pages.njk
index cdc2544e4..d70abb72c 100644
--- a/docs/reference/rule-pages.njk
+++ b/docs/reference/rule-pages.njk
@@ -26,7 +26,11 @@ eleventyComputed:
   {% endif %}
   <li>
     <strong>Source:</strong>
+    {% if rule.metadata.id == "gitleaks" %}
+    N/A
+    {% else %}
     <a class="text-main dark:text-main-300 hover:underline" href="https://github.com/bearer/bearer-rules/blob/main/rules/{{rule.location}}.yml">{{rule.name}}.yml</a>
+    {% endif %}
   </li>
 </ul>
 {% renderTemplate 'liquid,md',
@@ -60,7 +64,7 @@ rule.metadata %}
       </ul>
     {% endif %}
   {% endif %}
-
+  {% if rule.metadata.id != "gitleaks" %}
   {% renderTemplate "liquid,md",
   rule.metadata %}
   ## Configuration
@@ -75,3 +79,16 @@ rule.metadata %}
   bearer scan /path/to/your-project/ --only-rule={{id}}
   ```
 {% endrenderTemplate %}
+{% else %}
+  {% renderTemplate "liquid,md",
+  rule.metadata %}
+  ## Configuration
+
+  This is a built in rule that represents findings from the secrets scanner.
+
+  To enable this during a scan, use the following flag
+  ```shell
+  bearer scan /path/to/your-project/ --scanner=secrets,sast
+  ```
+{% endrenderTemplate %}
+{% endif %}
diff --git a/docs/rules.csv.njk b/docs/rules.csv.njk
index 10d2c2409..f286b8053 100644
--- a/docs/rules.csv.njk
+++ b/docs/rules.csv.njk
@@ -5,5 +5,5 @@ layout: false
 ---
 
 Language; Rule Title; Rule ID; Framework; CWE; Doc
-{% for rule in rules.rules | sortById %}{{ rule.languages | join(", ")}}; {{ rule.metadata.description | safe }}; {{ rule.metadata.id }} ;{{ rule.framework }}; {{ rule.metadata.cwe_id | join(", ")}}; {{ rule.metadata.documentation_url }}
+{% for rule in rules.rules | sortById | removeGitleaks %}{{ rule.languages | join(", ")}}; {{ rule.metadata.description | safe }}; {{ rule.metadata.id }} ;{{ rule.framework }}; {{ rule.metadata.cwe_id | join(", ")}}; {{ rule.metadata.documentation_url }}
 {% endfor %}
\ No newline at end of file
diff --git a/internal/commands/process/settings/built_in_rules/third_party/gitleaks/secret_detection.yml b/internal/commands/process/settings/built_in_rules/third_party/gitleaks/secret_detection.yml
index 2bc8914f6..6954f3f10 100644
--- a/internal/commands/process/settings/built_in_rules/third_party/gitleaks/secret_detection.yml
+++ b/internal/commands/process/settings/built_in_rules/third_party/gitleaks/secret_detection.yml
@@ -6,7 +6,7 @@ metadata:
   remediation_message: |
     ## Description
 
-    Hard-coding secrets in a project opens them up to leakage. This rule checks for common secret types such as keys, tokens, and passwords using the popular Gitleaks library and ensures they aren't hard-coded.
+    Hard-coding secrets in a project opens them up to leakage. This rule checks for common secret types such as keys, tokens, and passwords using the popular Gitleaks library and ensures they aren't hard-coded. This rule is part of the secrets scanner and language agnostic.
 
     ## Remediations
 
@@ -17,3 +17,4 @@ metadata:
   cwe_id:
     - 798
   id: gitleaks
+  documentation_url: https://docs.bearer.com/reference/rules/gitleaks