Skip to content

Commit

Permalink
feat: add ignore remove command (#1221)
Browse files Browse the repository at this point in the history
* feat: add ignore remove command

* feat: update stale fingerprint message
  • Loading branch information
elsapet authored Aug 28, 2023
1 parent e1d001a commit 063492b
Show file tree
Hide file tree
Showing 4 changed files with 125 additions and 37 deletions.
17 changes: 17 additions & 0 deletions docs/_data/bearer_ignore_remove.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
name: ' ignore remove'
synopsis: Remove an ignored fingerprint
usage: ' ignore remove <fingerprint> [flags]'
options:
- name: bearer-ignore-file
default_value: bearer.ignore
usage: Load bearer.ignore file from the specified path.
- name: help
shorthand: h
default_value: "false"
usage: help for remove
example: |-
# Remove an ignored fingerprint from your bearer.ignore file
$ bearer ignore remove <fingerprint>
see_also:
- ' ignore - Manage ignored fingerprints'
aliases:
98 changes: 64 additions & 34 deletions pkg/commands/ignore.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,17 +7,12 @@ import (

"github.com/bearer/bearer/pkg/flag"
"github.com/bearer/bearer/pkg/util/ignore"
"github.com/fatih/color"
"github.com/spf13/cobra"
"github.com/spf13/viper"
)

var migratedIgnoreComment = "migrated from bearer.yml"

var bold = color.New(color.Bold).SprintFunc()
var morePrefix = color.HiBlackString("├─ ")
var lastPrefix = color.HiBlackString("└─ ")

func NewIgnoreCommand() *cobra.Command {
usageTemplate := `
Usage: bearer ignore <command> [flags]
Expand Down Expand Up @@ -51,6 +46,7 @@ Examples:
cmd.AddCommand(
newIgnoreShowCommand(),
newIgnoreAddCommand(),
newIgnoreRemoveCommand(),
newIgnoreMigrateCommand(),
)

Expand Down Expand Up @@ -97,7 +93,7 @@ $ bearer ignore show <fingerprint>`,
if options.IgnoreShowOptions.All {
// show all fingerprints
for fingerprintId, fingerprint := range ignoredFingerprints {
cmd.Print(displayIgnoredEntryTextString(fingerprintId, fingerprint))
cmd.Print(ignore.DisplayIgnoredEntryTextString(fingerprintId, fingerprint))
}
} else {
// show a specific fingerprint
Expand All @@ -107,9 +103,9 @@ $ bearer ignore show <fingerprint>`,
cmd.Printf("Ignored fingerprint '%s' was not found in bearer.ignore file\n", fingerprintId)
return nil
}
cmd.Print(displayIgnoredEntryTextString(fingerprintId, selectedIgnoredFingerprint))
cmd.Print(ignore.DisplayIgnoredEntryTextString(fingerprintId, selectedIgnoredFingerprint))
}
cmd.Print("\n")
cmd.Print("\n\n")
return nil
},
SilenceErrors: false,
Expand Down Expand Up @@ -177,8 +173,8 @@ $ bearer ignore add <fingerprint> --author Mish --comment "Possible false positi
}

cmd.Print("Fingerprint added to bearer.ignore:\n\n")
cmd.Print(displayIgnoredEntryTextString(fingerprintId, ignoredFingerprints[fingerprintId]))
cmd.Print("\n")
cmd.Print(ignore.DisplayIgnoredEntryTextString(fingerprintId, ignoredFingerprints[fingerprintId]))
cmd.Print("\n\n")
return nil
},
SilenceErrors: false,
Expand All @@ -190,6 +186,64 @@ $ bearer ignore add <fingerprint> --author Mish --comment "Possible false positi
return cmd
}

func newIgnoreRemoveCommand() *cobra.Command {
var IgnoreRemoveFlags = &flag.Flags{
IgnoreFlagGroup: flag.NewIgnoreFlagGroup(),
}
cmd := &cobra.Command{
Use: "remove <fingerprint>",
Short: "Remove an ignored fingerprint",
Example: `# Remove an ignored fingerprint from your bearer.ignore file
$ bearer ignore remove <fingerprint>`,
RunE: func(cmd *cobra.Command, args []string) error {
if err := IgnoreRemoveFlags.Bind(cmd); err != nil {
return fmt.Errorf("flag bind error: %w", err)
}

if len(args) == 0 {
return cmd.Help()
}

options, err := IgnoreRemoveFlags.ToOptions(args)
if err != nil {
return fmt.Errorf("flag error: %s", err)
}

ignoredFingerprints, fileExists, err := ignore.GetIgnoredFingerprints(options.IgnoreOptions.BearerIgnoreFile)
if err != nil {
return fmt.Errorf("error retrieving existing ignores: %s", err)
}
if !fileExists {
cmd.Printf("bearer.ignore file not found. Perhaps you need to use --bearer-ignore-file to specify the path to bearer.ignore?\n")
return nil
}

fingerprintId := args[0]
removedFingerprint, ok := ignoredFingerprints[fingerprintId]
if !ok {
cmd.Printf("Ignored fingerprint '%s' was not found in bearer.ignore file\n", fingerprintId)
return nil
}

delete(ignoredFingerprints, fingerprintId)
if err := writeIgnoreFile(ignoredFingerprints, options.IgnoreOptions.BearerIgnoreFile); err != nil {
return err
}

cmd.Print("Fingerprint successfully removed from bearer.ignore:\n\n")
cmd.Print(ignore.DisplayIgnoredEntryTextString(fingerprintId, removedFingerprint))
cmd.Print("\n\n")
return nil
},
SilenceErrors: false,
SilenceUsage: false,
}
IgnoreRemoveFlags.AddFlags(cmd)
cmd.SetUsageTemplate(fmt.Sprintf(scanTemplate, IgnoreRemoveFlags.Usages(cmd)))

return cmd
}

func newIgnoreMigrateCommand() *cobra.Command {
IgnoreMigrateFlags := &flag.Flags{
IgnoreFlagGroup: flag.NewIgnoreFlagGroup(),
Expand Down Expand Up @@ -284,27 +338,3 @@ func getIgnoredFingerprintsFromConfig(configPath string) (ignoredFingerprintsFro

return ignoredFingerprintsFromConfig, nil
}

func displayIgnoredEntryTextString(fingerprintId string, entry ignore.IgnoredFingerprint) string {
prefix := morePrefix
result := fmt.Sprintf(bold(color.HiBlueString("%s \n")), fingerprintId)

if entry.Author == nil && entry.Comment == nil {
prefix = lastPrefix
}
result += fmt.Sprintf("%sIgnored At: %s\n", prefix, bold(entry.IgnoredAt))

if entry.Author != nil {
if entry.Comment == nil {
prefix = lastPrefix
}

result += fmt.Sprintf("%sAuthor: %s\n", prefix, bold(*entry.Author))
}

if entry.Comment != nil {
result += fmt.Sprintf("%sComment: %s\n", lastPrefix, bold(*entry.Comment))
}

return result
}
17 changes: 14 additions & 3 deletions pkg/report/output/security/security.go
Original file line number Diff line number Diff line change
Expand Up @@ -313,7 +313,7 @@ func fingerprintOutput(fingerprints []string, legacyExcludedFingerprints map[str
output.StdErrLog("\n=====================================\n")
// legacy
if len(legacyExcludedFingerprints) > 0 {
output.StdErrLog("\nNote: exclude_fingerprints is legacy. To use new ignore functionality, run bearer ignore migrate. See https://docs.bearer.com/reference/commands/#ignore_migrate.\n\n")
output.StdErrLog("Note: exclude-fingerprints is being replaced by bearer.ignore. To use the new ignore functionality, run bearer ignore migrate. See https://docs.bearer.com/reference/commands/#ignore_migrate.\n")
}

if len(unusedLegacyFingerprints) > 0 {
Expand All @@ -326,8 +326,19 @@ func fingerprintOutput(fingerprints []string, legacyExcludedFingerprints map[str

if len(unusedFingerprints) > 0 {
output.StdErrLog(fmt.Sprintf("%d ignored fingerprints present in your bearer.ignore file are no longer detected:", len(unusedFingerprints)))
for _, fingerprint := range unusedFingerprints {
output.StdErrLog(fmt.Sprintf(" - %s", fingerprint))
for _, fingerprintId := range unusedFingerprints {
fingerprint, ok := ignoredFingerprints[fingerprintId]
if !ok {
// fingerprint will always be found, but if not let's not blow up the scan
continue
}

if fingerprint.Comment == nil {
output.StdErrLog(fmt.Sprintf(" - %s", fingerprintId))
} else {
output.StdErrLog(fmt.Sprintf(" - %s (%s)", fingerprintId, *fingerprint.Comment))
}
output.StdErrLog(color.HiBlackString("\tTo remove this fingerprint from your bearer.ignore file, run: bearer ignore remove " + fingerprintId))
}
}
output.StdErrLog("\n=====================================")
Expand Down
30 changes: 30 additions & 0 deletions pkg/util/ignore/ignore.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@ import (
"fmt"
"os"
"time"

"github.com/fatih/color"
)

type IgnoredFingerprint struct {
Expand Down Expand Up @@ -46,3 +48,31 @@ func MergeIgnoredFingerprints(fingerprintsToIgnore map[string]IgnoredFingerprint
}
return nil
}

var bold = color.New(color.Bold).SprintFunc()
var morePrefix = color.HiBlackString("├─ ")
var lastPrefix = color.HiBlackString("└─ ")

func DisplayIgnoredEntryTextString(fingerprintId string, entry IgnoredFingerprint) string {
prefix := morePrefix
result := fmt.Sprintf(bold(color.HiBlueString("%s \n")), fingerprintId)

if entry.Author == nil && entry.Comment == nil {
prefix = lastPrefix
}
result += fmt.Sprintf("%sIgnored At: %s", prefix, bold(entry.IgnoredAt))

if entry.Author != nil {
if entry.Comment == nil {
prefix = lastPrefix
}

result += fmt.Sprintf("\n%sAuthor: %s", prefix, bold(*entry.Author))
}

if entry.Comment != nil {
result += fmt.Sprintf("\n%sComment: %s", lastPrefix, bold(*entry.Comment))
}

return result
}

0 comments on commit 063492b

Please sign in to comment.