diff --git a/e2e/rules/rules_test.go b/e2e/rules/rules_test.go index b81364bda..7aec4b52e 100644 --- a/e2e/rules/rules_test.go +++ b/e2e/rules/rules_test.go @@ -17,6 +17,7 @@ func TestSecrets(t *testing.T) { "--scanner=secrets", "--only-rule=gitleaks", "--format=yaml", + "--disable-version-check", "--disable-default-rules", "--exit-code=0", }, diff --git a/internal/commands/artifact/run.go b/internal/commands/artifact/run.go index da068903a..eb934822e 100644 --- a/internal/commands/artifact/run.go +++ b/internal/commands/artifact/run.go @@ -267,8 +267,8 @@ func Run(ctx context.Context, opts flag.Options) (err error) { if opts.RuleOptions.DisableDefaultRules { metaLanguageList = make([]string, 0) } - // deal with no version check here - versionMeta, err := version_check.GetVersionMeta(ctx, metaLanguageList) + + versionMeta, err := version_check.GetScanVersionMeta(ctx, opts, metaLanguageList) if err != nil { log.Debug().Msgf("failed: %s", err) } else { diff --git a/internal/commands/process/settings/rules.go b/internal/commands/process/settings/rules.go index a827f5190..fd2108d90 100644 --- a/internal/commands/process/settings/rules.go +++ b/internal/commands/process/settings/rules.go @@ -49,32 +49,21 @@ func loadRules( externalRuleDirs []string, options flag.RuleOptions, versionMeta *version_check.VersionMeta, - force bool) ( + force bool, +) ( result LoadRulesResult, err error, ) { definitions := make(map[string]RuleDefinition) builtInDefinitions := make(map[string]RuleDefinition) - log.Debug().Msg("Loading rules") - if versionMeta.Rules.Version != nil { result.BearerRulesVersion = *versionMeta.Rules.Version + } - urls := make([]string, 0, len(versionMeta.Rules.Packages)) - for _, value := range versionMeta.Rules.Packages { - log.Debug().Msgf("Added rule package URL %s", value) - urls = append(urls, value) - } + log.Debug().Msg("Loading rules") - err = LoadRuleDefinitionsFromUrls(definitions, urls) - if err != nil { - output.Fatal(fmt.Sprintf("Error loading rules: %s", err)) - // sysexit - } - } else { - log.Debug().Msg("No rule packages found") - } + loadRuleDefinitionsFromRemote(definitions, options, versionMeta) if err := loadRuleDefinitionsFromDir(builtInDefinitions, buildInRulesFs); err != nil { return result, fmt.Errorf("error loading built-in rules: %w", err) @@ -104,6 +93,33 @@ func loadRules( return result, nil } +func loadRuleDefinitionsFromRemote( + definitions map[string]RuleDefinition, + options flag.RuleOptions, + versionMeta *version_check.VersionMeta, +) { + if options.DisableDefaultRules { + return + } + + if versionMeta.Rules.Version == nil { + log.Debug().Msg("No rule packages found") + return + } + + urls := make([]string, 0, len(versionMeta.Rules.Packages)) + for _, value := range versionMeta.Rules.Packages { + log.Debug().Msgf("Added rule package URL %s", value) + urls = append(urls, value) + } + + err := LoadRuleDefinitionsFromUrls(definitions, urls) + if err != nil { + output.Fatal(fmt.Sprintf("Error loading rules: %s", err)) + // sysexit + } +} + func loadRuleDefinitionsFromDir(definitions map[string]RuleDefinition, dir fs.FS) error { loadedDefinitions := make(map[string]RuleDefinition) if err := fs.WalkDir(dir, ".", func(path string, dirEntry fs.DirEntry, err error) error { diff --git a/internal/languages/php/pattern/pattern.go b/internal/languages/php/pattern/pattern.go index de4b854b5..1de6322aa 100644 --- a/internal/languages/php/pattern/pattern.go +++ b/internal/languages/php/pattern/pattern.go @@ -128,6 +128,13 @@ func (*Pattern) IsLeaf(node *tree.Node) bool { return false } +func (*Pattern) AnonymousParentTypes() []string { + return []string{ + "binary_expression", + "unary_op_expression", + } +} + func (*Pattern) LeafContentTypes() []string { return []string{ "encapsed_string", diff --git a/internal/version_check/bearer_version.go b/internal/version_check/bearer_version.go index 94781c846..3bdff69bb 100644 --- a/internal/version_check/bearer_version.go +++ b/internal/version_check/bearer_version.go @@ -9,7 +9,7 @@ import ( "github.com/bearer/bearer/internal/flag" ) -func GetBearerVerionMeta(languages []string) (*VersionMeta, error) { +func GetBearerVersionMeta(languages []string) (*VersionMeta, error) { var meta VersionMeta client := api.New( api.API{ diff --git a/internal/version_check/version_check.go b/internal/version_check/version_check.go index 087d560d8..e8bd664db 100644 --- a/internal/version_check/version_check.go +++ b/internal/version_check/version_check.go @@ -26,8 +26,22 @@ type BinaryVersionMeta struct { Message string } +func GetScanVersionMeta(ctx context.Context, options flag.Options, languages []string) (meta *VersionMeta, err error) { + if options.RuleOptions.DisableDefaultRules && options.GeneralOptions.DisableVersionCheck { + log.Debug().Msg("skipping version API call as check and default rules both disabled") + + return &VersionMeta{ + Binary: BinaryVersionMeta{ + Latest: true, + }, + }, nil + } + + return GetVersionMeta(ctx, languages) +} + func GetVersionMeta(ctx context.Context, languages []string) (meta *VersionMeta, err error) { - meta, err = GetBearerVerionMeta(languages) + meta, err = GetBearerVersionMeta(languages) if err != nil { log.Debug().Msgf("Bearer version API failed: %s", err)