feat: expose scan functionality as an importable package (#279)

Co-authored-by: arturfalcao <[email protected]>
Co-authored-by: LeonardoLordelloFontes <[email protected]>

Author: 3 people

.2ms.yml

@@ -29,3 +29,23 @@ ignore-result:
   - 33a14f1d1e4a1201a3e0062ebf09079fe8c84714 # value used for testing, found at https://github.com/Checkmarx/2ms/commits/d093b7ca36fdacd2f895dd9afd088fad05d77600/cmd/workers_test.go
   - da610673906f695e3e85bda6fc0a916762f01a70 # value used for testing, found at https://github.com/Checkmarx/2ms/commits/d093b7ca36fdacd2f895dd9afd088fad05d77600/cmd/workers_test.go
   - f8da5c56428cf708773be38269932c46aaf44cd4 # value used for testing, found at https://github.com/Checkmarx/2ms/commits/d093b7ca36fdacd2f895dd9afd088fad05d77600/cmd/workers_test.go
+  - 0d49f4953e8c5b2e04cca54d40bd2a91c079926b # value used for testing
+  - 5fb857fa72e8d568e6cfd96119d6b2db87c1e9b2 # value used for testing
+  - 6b92e79146584c6263671b7bcaac79a9c0852465 # value used for testing
+  - 22a792422372ef239494839d11c188258d18abc8 # value used for testing
+  - 29ce1990ca4555a207e77a66ffc26d46575a7911 # value used for testing
+  - 98a2f843609061bba58b69d4d31b70624de299ee # value used for testing
+  - 0188f28d26c2ae3f87df20092ab39c4465d6bbba # value used for testing
+  - 468bdfec08e1660b6ec73d78d15f03c320c68078 # value used for testing
+  - 5586d6fb77d9fa54224604ab158c2ceda4ab0995 # value used for testing
+  - 6403ca0ffb2abf3f1c9f70202474fb8f6564c4d7 # value used for testing
+  - a6fe66dfd9531c5415c1d1fed28b71f13a855a46 # value used for testing
+  - aaf4ba87a3bdbaf9346c0229f404eb86c0e6aabe # value used for testing
+  - b09e3219bca2cbcc4d7bc34f46e394e1f80d6574 # value used for testing
+  - c00a0d0af6bac8b20572bbb3b0b2cbea70476a0d # value used for testing
+  - c94ccae65acb14fdd2b9db7c9119e58875346a3b # value used for testing
+  - d4ac7947e0a7a4b387bf46279daa74e9dbe7f66f # value used for testing
+  - dd2e802e4c3205e57e291a89dfd469946531292b # value used for testing
+  - e475d6cf0a94469ea1717db008936a4e8749fe6a # value used for testing
+  - eed7c634d36422d7276cd8623c149e4c8d874f95 # value used for testing
+  - ff933778f18c92254c15369564b7d359f44018b5 # value used for testing

Dockerfile

@@ -3,7 +3,7 @@
 # and "Missing User Instruction" since 2ms container is stopped after scan
 
 # Builder image
-FROM cgr.dev/chainguard/go@sha256:2453e92671fb693999e65fde99bbd5744b120b7dd70f3f7c7b220e185ec35050 AS builder
+FROM cgr.dev/chainguard/go@sha256:411f37ae52643cf040cfaca740aa78951009f3e7e399eef2ec797c153fe4c892 AS builder
 
 WORKDIR /app
 
@@ -20,7 +20,7 @@ COPY . .
 RUN GOOS=linux GOARCH=amd64 go build -ldflags="-s -w" -a -o /app/2ms .
 
 # Runtime image
-FROM cgr.dev/chainguard/git@sha256:9e3ec4c4f1465ac810a7e4335d458582c43ad4e8dbaf8ab3a74f8f2a7fdffec2
+FROM cgr.dev/chainguard/git@sha256:c893f65bcc5d3de1c327af6db17566139af7663ef89001d536e8370226dcf881
 
 WORKDIR /app
 

cmd/main.go

@@ -66,17 +66,17 @@ var allPlugins = []plugins.IPlugin{
 	&plugins.GitPlugin{},
 }
 
-var channels = plugins.Channels{
+var Channels = plugins.Channels{
 	Items:     make(chan plugins.ISourceItem),
 	Errors:    make(chan error),
 	WaitGroup: &sync.WaitGroup{},
 }
 
-var report = reporting.Init()
-var secretsChan = make(chan *secrets.Secret)
-var secretsExtrasChan = make(chan *secrets.Secret)
-var validationChan = make(chan *secrets.Secret)
-var cvssScoreWithoutValidationChan = make(chan *secrets.Secret)
+var Report = reporting.Init()
+var SecretsChan = make(chan *secrets.Secret)
+var SecretsExtrasChan = make(chan *secrets.Secret)
+var ValidationChan = make(chan *secrets.Secret)
+var CvssScoreWithoutValidationChan = make(chan *secrets.Secret)
 
 func Execute() (int, error) {
 	vConfig.SetEnvPrefix(envPrefix)
@@ -104,7 +104,7 @@ func Execute() (int, error) {
 	rootCmd.AddGroup(&cobra.Group{Title: group, ID: group})
 
 	for _, plugin := range allPlugins {
-		subCommand, err := plugin.DefineCommand(channels.Items, channels.Errors)
+		subCommand, err := plugin.DefineCommand(Channels.Items, Channels.Errors)
 		if err != nil {
 			return 0, fmt.Errorf("error while defining command for plugin %s: %s", plugin.GetName(), err.Error())
 		}
@@ -116,13 +116,13 @@ func Execute() (int, error) {
 		rootCmd.AddCommand(subCommand)
 	}
 
-	listenForErrors(channels.Errors)
+	listenForErrors(Channels.Errors)
 
 	if err := rootCmd.Execute(); err != nil {
 		return 0, err
 	}
 
-	return report.TotalSecretsFound, nil
+	return Report.TotalSecretsFound, nil
 }
 
 func preRun(pluginName string, cmd *cobra.Command, args []string) error {
@@ -139,38 +139,38 @@ func preRun(pluginName string, cmd *cobra.Command, args []string) error {
 		return err
 	}
 
-	channels.WaitGroup.Add(1)
-	go processItems(engine, pluginName)
+	Channels.WaitGroup.Add(1)
+	go ProcessItems(engine, pluginName)
 
-	channels.WaitGroup.Add(1)
-	go processSecrets()
+	Channels.WaitGroup.Add(1)
+	go ProcessSecrets()
 
-	channels.WaitGroup.Add(1)
-	go processSecretsExtras()
+	Channels.WaitGroup.Add(1)
+	go ProcessSecretsExtras()
 
 	if validateVar {
-		channels.WaitGroup.Add(1)
-		go processValidationAndScoreWithValidation(engine)
+		Channels.WaitGroup.Add(1)
+		go ProcessValidationAndScoreWithValidation(engine)
 	} else {
-		channels.WaitGroup.Add(1)
-		go processScoreWithoutValidation(engine)
+		Channels.WaitGroup.Add(1)
+		go ProcessScoreWithoutValidation(engine)
 	}
 
 	return nil
 }
 
 func postRun(cmd *cobra.Command, args []string) error {
-	channels.WaitGroup.Wait()
+	Channels.WaitGroup.Wait()
 
 	cfg := config.LoadConfig("2ms", Version)
 
-	if report.TotalItemsScanned > 0 {
-		if err := report.ShowReport(stdoutFormatVar, cfg); err != nil {
+	if Report.TotalItemsScanned > 0 {
+		if err := Report.ShowReport(stdoutFormatVar, cfg); err != nil {
 			return err
 		}
 
 		if len(reportPathVar) > 0 {
-			err := report.WriteFile(reportPathVar, cfg)
+			err := Report.WriteFile(reportPathVar, cfg)
 			if err != nil {
 				return fmt.Errorf("failed to create report file with error: %s", err)
 			}

cmd/main_test.go

@@ -76,23 +76,23 @@ func TestPreRun(t *testing.T) {
 			engineConfigVar = tt.engineConfigVar
 			customRegexRuleVar = tt.customRegexRuleVar
 			validateVar = tt.validateVar
-			channels.Items = make(chan plugins.ISourceItem)
-			channels.Errors = make(chan error)
-			channels.WaitGroup = &sync.WaitGroup{}
-			secretsChan = make(chan *secrets.Secret)
-			secretsExtrasChan = make(chan *secrets.Secret)
-			validationChan = make(chan *secrets.Secret)
-			cvssScoreWithoutValidationChan = make(chan *secrets.Secret)
+			Channels.Items = make(chan plugins.ISourceItem)
+			Channels.Errors = make(chan error)
+			Channels.WaitGroup = &sync.WaitGroup{}
+			SecretsChan = make(chan *secrets.Secret)
+			SecretsExtrasChan = make(chan *secrets.Secret)
+			ValidationChan = make(chan *secrets.Secret)
+			CvssScoreWithoutValidationChan = make(chan *secrets.Secret)
 			err := preRun("mock", nil, nil)
-			close(channels.Items)
-			close(channels.Errors)
-			channels.WaitGroup.Wait()
+			close(Channels.Items)
+			close(Channels.Errors)
+			Channels.WaitGroup.Wait()
 			if tt.expectedErr != nil {
 				assert.Error(t, err)
 				assert.EqualError(t, err, tt.expectedErr.Error())
 			} else {
 				assert.NoError(t, err)
-				assert.Empty(t, channels.Errors)
+				assert.Empty(t, Channels.Errors)
 			}
 		})
 	}

cmd/workers.go

@@ -1,60 +1,58 @@
 package cmd
 
 import (
-	"github.com/checkmarx/2ms/lib/secrets"
-	"sync"
-
 	"github.com/checkmarx/2ms/engine"
 	"github.com/checkmarx/2ms/engine/extra"
+	"github.com/checkmarx/2ms/lib/secrets"
+	"sync"
 )
 
-func processItems(engine *engine.Engine, pluginName string) {
-	defer channels.WaitGroup.Done()
-
+func ProcessItems(engine *engine.Engine, pluginName string) {
+	defer Channels.WaitGroup.Done()
 	wgItems := &sync.WaitGroup{}
-	for item := range channels.Items {
-		report.TotalItemsScanned++
+	for item := range Channels.Items {
+		Report.TotalItemsScanned++
 		wgItems.Add(1)
-		go engine.Detect(item, secretsChan, wgItems, pluginName, channels.Errors)
+		go engine.Detect(item, SecretsChan, wgItems, pluginName, Channels.Errors)
 	}
 	wgItems.Wait()
-	close(secretsChan)
+	close(SecretsChan)
 }
 
-func processSecrets() {
-	defer channels.WaitGroup.Done()
+func ProcessSecrets() {
+	defer Channels.WaitGroup.Done()
 
-	for secret := range secretsChan {
-		report.TotalSecretsFound++
-		secretsExtrasChan <- secret
+	for secret := range SecretsChan {
+		Report.TotalSecretsFound++
+		SecretsExtrasChan <- secret
 		if validateVar {
-			validationChan <- secret
+			ValidationChan <- secret
 		} else {
-			cvssScoreWithoutValidationChan <- secret
+			CvssScoreWithoutValidationChan <- secret
 		}
-		report.Results[secret.ID] = append(report.Results[secret.ID], secret)
+		Report.Results[secret.ID] = append(Report.Results[secret.ID], secret)
 	}
-	close(secretsExtrasChan)
-	close(validationChan)
-	close(cvssScoreWithoutValidationChan)
+	close(SecretsExtrasChan)
+	close(ValidationChan)
+	close(CvssScoreWithoutValidationChan)
 }
 
-func processSecretsExtras() {
-	defer channels.WaitGroup.Done()
+func ProcessSecretsExtras() {
+	defer Channels.WaitGroup.Done()
 
 	wgExtras := &sync.WaitGroup{}
-	for secret := range secretsExtrasChan {
+	for secret := range SecretsExtrasChan {
 		wgExtras.Add(1)
 		go extra.AddExtraToSecret(secret, wgExtras)
 	}
 	wgExtras.Wait()
 }
 
-func processValidationAndScoreWithValidation(engine *engine.Engine) {
-	defer channels.WaitGroup.Done()
+func ProcessValidationAndScoreWithValidation(engine *engine.Engine) {
+	defer Channels.WaitGroup.Done()
 
 	wgValidation := &sync.WaitGroup{}
-	for secret := range validationChan {
+	for secret := range ValidationChan {
 		wgValidation.Add(2)
 		go func(secret *secrets.Secret, wg *sync.WaitGroup) {
 			engine.RegisterForValidation(secret, wg)
@@ -66,11 +64,11 @@ func processValidationAndScoreWithValidation(engine *engine.Engine) {
 	engine.Validate()
 }
 
-func processScoreWithoutValidation(engine *engine.Engine) {
-	defer channels.WaitGroup.Done()
+func ProcessScoreWithoutValidation(engine *engine.Engine) {
+	defer Channels.WaitGroup.Done()
 
 	wgScore := &sync.WaitGroup{}
-	for secret := range cvssScoreWithoutValidationChan {
+	for secret := range CvssScoreWithoutValidationChan {
 		wgScore.Add(1)
 		go engine.Score(secret, false, wgScore)
 	}