Skip to content

Commit

Permalink
Add string values
Browse files Browse the repository at this point in the history
  • Loading branch information
@cfabianski
cfabianski committed Nov 6, 2024
1 parent 9092b05 commit e4bc8a3
Show file tree
Hide file tree
Showing 10 changed files with 84 additions and 58 deletions.
1 change: 0 additions & 1 deletion .tool-versions
View file

This file was deleted.

20 changes: 14 additions & 6 deletions pkg/detectors/openapi/v3yaml/v3yml.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,6 @@ import (
"github.com/bearer/bearer/pkg/parser"
"github.com/bearer/bearer/pkg/parser/nodeid"
reporttypes "github.com/bearer/bearer/pkg/report"
"github.com/bearer/bearer/pkg/report/operations/operationshelper"
"github.com/bearer/bearer/pkg/report/schema/schemahelper"
"github.com/bearer/bearer/pkg/util/file"
"github.com/smacker/go-tree-sitter/yaml"
Expand Down Expand Up @@ -60,11 +59,20 @@ func ProcessFile(idGenerator nodeid.Generator, file *file.FileInfo, report repor
return false, err
}

foundPaths := make(map[parser.Node]*operationshelper.Operation)
err = yamlparser.AnnotatePaths(tree, foundPaths)
if err != nil {
return false, err
}
// foundPaths := make(map[parser.Node]*operationshelper.Operation)
// err = yamlparser.AnnotatePaths(tree, foundPaths)
// if err != nil {
// return false, err
// }

// fmt.Printf("FOUND PATHS %#v")
// for i, path := range foundPaths {
// fmt.Printf("\nContent%s", i.Content())
// fmt.Printf("\nSource %#v", path.Source)
// fmt.Printf("\nPath %s", path.Value.Path)
// fmt.Printf("\nType %s", path.Value.Type)
// fmt.Printf("\nURLs %s", path.Value.Urls)
// }

reportadder.AddSchema(file, report, foundSchemas, idGenerator)

Expand Down
4 changes: 2 additions & 2 deletions pkg/detectors/typescript/typescript.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,8 +30,8 @@ var (
index: (string) @key) @node
(variable_declarator
name: (object_pattern (shorthand_property_identifier_pattern) @key @node)
value: (member_expression) @object)
name: (_) @key @node
value: (_) @object)
`)
)

Expand Down
2 changes: 1 addition & 1 deletion pkg/report/output/output.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ func GetData(
}

// add dataflow to data
if err = GetDataflow(data, report, config, config.Report.Report != flag.ReportDataFlow); err != nil {
if err = GetDataflow(data, report, config, true); err != nil {
return data, err
}

Expand Down
2 changes: 1 addition & 1 deletion pkg/report/writer/detectors.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,10 @@ package writer
import (
"fmt"
"io"
"log"

classification "github.com/bearer/bearer/pkg/classification"
classificationschema "github.com/bearer/bearer/pkg/classification/schema"
"github.com/rs/zerolog/log"
zerolog "github.com/rs/zerolog/log"

"github.com/bearer/bearer/pkg/parser"
Expand Down
1 change: 1 addition & 0 deletions pkg/scanner/detectors/customrule/customrule.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -108,6 +108,7 @@ func (detector *Detector) DetectAt(
Pattern: pattern.Pattern,
Datatypes: match.DatatypeDetections(),
Variables: match.Variables(),
Value: match.Value(),
})
}

Expand Down
51 changes: 30 additions & 21 deletions pkg/scanner/detectors/customrule/filters/filters.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,10 +29,11 @@ func NewResult(matches ...Match) *Result {
type Match struct {
variables variableshape.Values
datatypeDetections []*detectortypes.Detection
value *string
}

func NewMatch(variables variableshape.Values, datatypeDetections []*detectortypes.Detection) Match {
return Match{variables: variables, datatypeDetections: datatypeDetections}
func NewMatch(variables variableshape.Values, valueStr *string, datatypeDetections []*detectortypes.Detection) Match {
return Match{variables: variables, value: valueStr, datatypeDetections: datatypeDetections}
}

func (result *Result) Matches() []Match {
Expand All @@ -43,6 +44,10 @@ func (match *Match) Variables() variableshape.Values {
return match.variables
}

func (match *Match) Value() *string {
return match.value
}

func (match *Match) DatatypeDetections() []*detectortypes.Detection {
return match.datatypeDetections
}
Expand Down Expand Up @@ -78,7 +83,7 @@ func (filter *Not) Evaluate(
log.Trace().Msgf("filters.Not: %t", result)
}

return boolResult(patternVariables, result), nil
return boolResult(patternVariables, result, nil), nil
}

type Either struct {
Expand Down Expand Up @@ -125,7 +130,7 @@ func (filter *All) Evaluate(

if len(filter.Children) == 0 {
log.Trace().Msg("filters.All: true (no children)")
return boolResult(patternVariables, true), nil
return boolResult(patternVariables, true, nil), nil
}

for i, child := range filter.Children {
Expand Down Expand Up @@ -164,6 +169,7 @@ func (filter *All) joinMatches(matches, childMatches []Match) []Match {
if variables, variablesMatch := match.variables.Merge(childMatch.variables); variablesMatch {
result = append(result, NewMatch(
variables,
nil,
// FIXME: this seems like it will create unnecessary duplicates
append(match.datatypeDetections, childMatch.datatypeDetections...),
))
Expand All @@ -182,7 +188,7 @@ func (filter *FilenameRegex) Evaluate(
detectorContext detectortypes.Context,
patternVariables variableshape.Values,
) (*Result, error) {
return boolResult(patternVariables, filter.Regex.MatchString(detectorContext.Filename())), nil
return boolResult(patternVariables, filter.Regex.MatchString(detectorContext.Filename()), nil), nil
}

type ImportedVariable struct {
Expand Down Expand Up @@ -218,7 +224,7 @@ func (filter *Rule) Evaluate(

if filter.IsDatatypeRule {
log.Trace().Msg("filters.Rule: match (datatype)")
return NewResult(NewMatch(patternVariables, detections)), nil
return NewResult(NewMatch(patternVariables, nil, detections)), nil
}

if log.Trace().Enabled() {
Expand Down Expand Up @@ -271,7 +277,7 @@ func (filter *Rule) Evaluate(
for _, detectionMatch := range subResult.matches {
if variables, variablesMatch := filter.importVariables(patternVariables, detectionMatch.variables); variablesMatch {
matched = true
matches = append(matches, NewMatch(variables, detectionMatch.datatypeDetections))
matches = append(matches, NewMatch(variables, nil, detectionMatch.datatypeDetections))
}
}

Expand All @@ -288,7 +294,7 @@ func (filter *Rule) Evaluate(
}

if hasPatternVariableMatch {
matches = append(matches, NewMatch(patternVariables, datatypeDetections))
matches = append(matches, NewMatch(patternVariables, nil, datatypeDetections))
}

return NewResult(matches...), nil
Expand Down Expand Up @@ -329,7 +335,7 @@ func (filter *Values) Evaluate(
patternVariables variableshape.Values,
) (*Result, error) {
node := patternVariables.Node(filter.Variable)
return boolResult(patternVariables, slices.Contains(filter.Values, node.Content())), nil
return boolResult(patternVariables, slices.Contains(filter.Values, node.Content()), nil), nil
}

type Regex struct {
Expand All @@ -354,7 +360,7 @@ func (filter *Regex) Evaluate(
)
}

return boolResult(patternVariables, result), nil
return boolResult(patternVariables, result, nil), nil
}

type StringLengthLessThan struct {
Expand All @@ -372,7 +378,7 @@ func (filter *StringLengthLessThan) Evaluate(
return nil, err
}

return boolResult(patternVariables, len(value) < filter.Value), nil
return boolResult(patternVariables, len(value) < filter.Value, nil), nil
}

type StringRegex struct {
Expand Down Expand Up @@ -409,7 +415,10 @@ func (filter *StringRegex) Evaluate(
)
}

return boolResult(patternVariables, result), nil
// bar, _ := url.PrepareURLValue(value)
// log.Debug().Msgf("filters %s -> %s", value, bar)

return boolResult(patternVariables, result, &value), nil
}

type EntropyGreaterThan struct {
Expand Down Expand Up @@ -448,7 +457,7 @@ func (filter *EntropyGreaterThan) Evaluate(
)
}

return boolResult(patternVariables, result), nil
return boolResult(patternVariables, result, nil), nil
}

type IntegerLessThan struct {
Expand All @@ -466,7 +475,7 @@ func (filter *IntegerLessThan) Evaluate(
return nil, err
}

return boolResult(patternVariables, value < filter.Value), nil
return boolResult(patternVariables, value < filter.Value, nil), nil
}

type IntegerLessThanOrEqual struct {
Expand All @@ -484,7 +493,7 @@ func (filter *IntegerLessThanOrEqual) Evaluate(
return nil, err
}

return boolResult(patternVariables, value <= filter.Value), nil
return boolResult(patternVariables, value <= filter.Value, nil), nil
}

type IntegerGreaterThan struct {
Expand All @@ -502,7 +511,7 @@ func (filter *IntegerGreaterThan) Evaluate(
return nil, err
}

return boolResult(patternVariables, value > filter.Value), nil
return boolResult(patternVariables, value > filter.Value, nil), nil
}

type IntegerGreaterThanOrEqual struct {
Expand All @@ -520,7 +529,7 @@ func (filter *IntegerGreaterThanOrEqual) Evaluate(
return nil, err
}

return boolResult(patternVariables, value >= filter.Value), nil
return boolResult(patternVariables, value >= filter.Value, nil), nil
}

type Unknown struct{}
Expand Down Expand Up @@ -553,13 +562,13 @@ func parseInteger(node *tree.Node) (int, bool, error) {
return value, true, nil
}

func boolResult(patternVariables variableshape.Values, value bool) *Result {
return NewResult(boolMatches(patternVariables, value)...)
func boolResult(patternVariables variableshape.Values, value bool, valueStr *string) *Result {
return NewResult(boolMatches(patternVariables, value, valueStr)...)
}

func boolMatches(patternVariables variableshape.Values, value bool) []Match {
func boolMatches(patternVariables variableshape.Values, value bool, valueStr *string) []Match {
if value {
return []Match{NewMatch(patternVariables, nil)}
return []Match{NewMatch(patternVariables, valueStr, nil)}
} else {
return nil
}
Expand Down
Loading

0 comments on commit e4bc8a3

Please sign in to comment.