Skip to content

Commit

Permalink
feat: fetch ignored findings from Cloud
Browse files Browse the repository at this point in the history
  • Loading branch information
elsapet committed Aug 18, 2023
1 parent 8997ad4 commit bd9bd08
Show file tree
Hide file tree
Showing 6 changed files with 118 additions and 24 deletions.
5 changes: 5 additions & 0 deletions api/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ type Endpoint struct {
type APIEndpoints struct {
RequestFileUpload Endpoint
ScanFinished Endpoint
FetchIgnores Endpoint
Hello Endpoint
}

Expand All @@ -27,6 +28,10 @@ var Endpoints = APIEndpoints{
HttpMethod: "POST",
Route: "/cloud/scans",
},
FetchIgnores: Endpoint{
HttpMethod: "GET",
Route: "/cloud/ignores",
},
Hello: Endpoint{
HttpMethod: "POST",
Route: "/cloud/hello",
Expand Down
34 changes: 34 additions & 0 deletions api/fetch_ignores.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
package api

import (
"encoding/json"

"github.com/rs/zerolog/log"
)

type CloudIgnoreData struct {
ProjectFound bool `json:"project_found"`
CloudIgnores []string `json:"cloud_ignores"`
}

func (api *API) FetchIgnores(fullname string) (*CloudIgnoreData, error) {
endpoint := Endpoints.FetchIgnores
bytes, err := api.makeRequest(endpoint.Route, endpoint.HttpMethod,
Message{
Type: MessageTypeSuccess,
Data: fullname,
})
if err != nil {
return nil, err
}

var cloudIgnoreData CloudIgnoreData
err = json.Unmarshal(bytes, &cloudIgnoreData)
if err != nil {
return nil, err
}

log.Error().Msgf("Ignores: %#v", cloudIgnoreData)

return &cloudIgnoreData, err
}
36 changes: 36 additions & 0 deletions pkg/commands/artifact/run.go
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ import (

"golang.org/x/exp/maps"

"github.com/bearer/bearer/api"
evalstats "github.com/bearer/bearer/new/detector/evaluator/stats"
"github.com/bearer/bearer/pkg/commands/artifact/scanid"
"github.com/bearer/bearer/pkg/commands/process/filelist"
Expand All @@ -31,10 +32,12 @@ import (
reporthtml "github.com/bearer/bearer/pkg/report/output/html"
"github.com/bearer/bearer/pkg/report/output/privacy"
rdo "github.com/bearer/bearer/pkg/report/output/reviewdog"
"github.com/bearer/bearer/pkg/report/output/saas"
"github.com/bearer/bearer/pkg/report/output/sarif"
"github.com/bearer/bearer/pkg/report/output/security"
"github.com/bearer/bearer/pkg/report/output/stats"
outputtypes "github.com/bearer/bearer/pkg/report/output/types"
"github.com/bearer/bearer/pkg/util/ignore"
"github.com/bearer/bearer/pkg/util/output"
outputhandler "github.com/bearer/bearer/pkg/util/output"

Expand Down Expand Up @@ -218,6 +221,32 @@ func (r *runner) Scan(ctx context.Context, opts flag.Options) ([]files.File, *ba
return fileList.Files, baseBranchFindings, nil
}

func getIgnoredFingerprints(client *api.API, settings settings.Config) (useCloudIgnores bool, cloudIgnores map[string]ignore.IgnoredFingerprint, err error) {
if client != nil && client.Error == nil {
// get ignores from Cloud
vcsInfo, err := saas.GetVCSInfo(settings)
if err != nil {
return useCloudIgnores, cloudIgnores, err
}

useCloudIgnores, cloudIgnores, err := ignore.GetIgnoredFingerprintsFromCloud(client, vcsInfo.FullName)
if err != nil {
return useCloudIgnores, cloudIgnores, err
}
}

if useCloudIgnores {
return useCloudIgnores, cloudIgnores, nil
}

ignoredFingerprints, err := ignore.GetIgnoredFingerprints(&settings.Target)
if err != nil {
return useCloudIgnores, cloudIgnores, err
}

return useCloudIgnores, ignoredFingerprints, nil
}

// Run performs artifact scanning
func Run(ctx context.Context, opts flag.Options) (err error) {
if !opts.Quiet {
Expand All @@ -236,6 +265,13 @@ func Run(ctx context.Context, opts flag.Options) (err error) {
if err != nil {
return err
}
scanSettings.CloudIgnoresUsed, scanSettings.IgnoredFingerprints, err = getIgnoredFingerprints(
opts.GeneralOptions.Client,
scanSettings,
)
if err != nil {
return err
}

ctx, cancel := context.WithTimeout(ctx, scanSettings.Worker.Timeout)
defer cancel()
Expand Down
29 changes: 12 additions & 17 deletions pkg/commands/process/settings/settings.go
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,7 @@ type Config struct {
Scan flag.ScanOptions `mapstructure:"scan" json:"scan" yaml:"scan"`
Report flag.ReportOptions `mapstructure:"report" json:"report" yaml:"report"`
IgnoredFingerprints map[string]ignore.IgnoredFingerprint `mapstructure:"ignored_fingerprints" json:"ignored_fingerprints" yaml:"ignored_fingerprints"`
CloudIgnoresUsed bool `mapstructure:"cloud_ignores_used" json:"cloud_ignores_used" yaml:"cloud_ignores_used"`
Policies map[string]*Policy `mapstructure:"policies" json:"policies" yaml:"policies"`
Target string `mapstructure:"target" json:"target" yaml:"target"`
Rules map[string]*Rule `mapstructure:"rules" json:"rules" yaml:"rules"`
Expand Down Expand Up @@ -311,24 +312,18 @@ func FromOptions(opts flag.Options, foundLanguages []string) (Config, error) {
}
}

ignoredFingerprints, err := ignore.GetIgnoredFingerprints(&opts.ScanOptions.Target)
if err != nil {
return Config{}, err
}

config := Config{
Client: opts.Client,
Worker: workerOptions,
Scan: opts.ScanOptions,
Report: opts.ReportOptions,
IgnoredFingerprints: ignoredFingerprints,
NoColor: opts.GeneralOptions.NoColor || opts.ReportOptions.Output != "",
DebugProfile: opts.GeneralOptions.DebugProfile,
Policies: policies,
Rules: result.Rules,
BuiltInRules: result.BuiltInRules,
CacheUsed: result.CacheUsed,
BearerRulesVersion: result.BearerRulesVersion,
Client: opts.Client,
Worker: workerOptions,
Scan: opts.ScanOptions,
Report: opts.ReportOptions,
NoColor: opts.GeneralOptions.NoColor || opts.ReportOptions.Output != "",
DebugProfile: opts.GeneralOptions.DebugProfile,
Policies: policies,
Rules: result.Rules,
BuiltInRules: result.BuiltInRules,
CacheUsed: result.CacheUsed,
BearerRulesVersion: result.BearerRulesVersion,
}

if config.Scan.DiffBaseBranch != "" {
Expand Down
23 changes: 16 additions & 7 deletions pkg/report/output/saas/saas.go
Original file line number Diff line number Diff line change
Expand Up @@ -49,30 +49,39 @@ func GetReport(config settings.Config, securityOutput *types.Output[security.Out
}, nil
}

func getMeta(config settings.Config) (*saas.Meta, error) {
sha, err := getSha(config.Scan.Target)
func GetVCSInfo(config settings.Config) (*vcsurl.VCS, error) {
gitRemote, err := getRemote(config.Scan.Target)
if err != nil {
return nil, err
}

currentBranch, err := getCurrentBranch(config.Scan.Target)
info, err := vcsurl.Parse(*gitRemote)
if err != nil {
log.Debug().Msgf("couldn't parse origin url %s", err)
return nil, err
}

defaultBranch, err := getDefaultBranch(config.Scan.Target)
return info, nil
}

func getMeta(config settings.Config) (*saas.Meta, error) {
sha, err := getSha(config.Scan.Target)
if err != nil {
return nil, err
}

gitRemote, err := getRemote(config.Scan.Target)
currentBranch, err := getCurrentBranch(config.Scan.Target)
if err != nil {
return nil, err
}

info, err := vcsurl.Parse(*gitRemote)
defaultBranch, err := getDefaultBranch(config.Scan.Target)
if err != nil {
return nil, err
}

info, err := GetVCSInfo(config)
if err != nil {
log.Debug().Msgf("couldn't parse origin url %s", err)
return nil, err
}

Expand Down
15 changes: 15 additions & 0 deletions pkg/util/ignore/ignore.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@ import (
"os"
"path/filepath"
"time"

"github.com/bearer/bearer/api"
)

type IgnoredFingerprint struct {
Expand All @@ -31,6 +33,19 @@ func GetIgnoredFingerprints(target *string) (ignoredFingerprints map[string]Igno
return fingerprints, nil
}

func GetIgnoredFingerprintsFromCloud(client *api.API, fullname string) (useCloudIgnores bool, ignoredFingerprints map[string]IgnoredFingerprint, err error) {
data, err := client.FetchIgnores(fullname)
if err != nil {
return useCloudIgnores, ignoredFingerprints, err
}

ignoredFingerprints = make(map[string]IgnoredFingerprint)
for _, fingerprint := range data.CloudIgnores {
ignoredFingerprints[fingerprint] = IgnoredFingerprint{}
}
return data.ProjectFound, ignoredFingerprints, nil
}

func AddToIgnoreFile(fingerprintsToIgnore map[string]IgnoredFingerprint, force bool) error {
var existingIgnoredFingerprints map[string]IgnoredFingerprint
if _, err := os.Stat("./bearer.ignore"); err != nil {
Expand Down

0 comments on commit bd9bd08

Please sign in to comment.