diff --git a/.2ms.yml b/.2ms.yml index e82c9692..f76f2f93 100644 --- a/.2ms.yml +++ b/.2ms.yml @@ -94,3 +94,15 @@ ignore-result: - 44912790c892213daa0df821a006e1e1659e6e24 # value used for testing - ac3704513c4ab9bde3fa3539b14152c95ba5698f # value used for testing - ac2d6adbeca8901c1655bcf3e0eac027ca681825 # value used for testing + - cfb06617a386e8c6a6fd25cf2dee18d88dfecbdd # value used for testing + - 33269ddd7e8734ef20906f888fcd4c971d1483bc # value used for testing + - 48b64922d5f628b4d57839f044c63f7000d0f840 # value used for testing + - 38f3e9d8932aa9fc51a6a20295f8f1a95efc7799 # value used for testing + - 1b14f7b1653e85b0c4e4b08b8ba5b508a896d102 # value used for testing + - 8180b128c17dac4e375c712c9f265612ac528824 # value used for testing + - 5b1a634de50b1ecbe1df038e02dbce5487083d54 # value used for testing + - fc9d1484bb5c0c8cdd34b9790ebf90609674bb3d # value used for testing + - af16d5223104c029475f82cd780fd57115ed1e2f # value used for testing + - 91bc1fc92b04c56c5f746d50df5759e39b956146 # value used for testing + - 4d4af54fd6e3e1209094e5838f339b6c95636f79 # value used for testing + - fabcbd067a3bbf3cd5951d03ed4f17918241316a # value used for testing \ No newline at end of file diff --git a/cmd/config.go b/cmd/config.go index ed8cf4aa..cf42c00c 100644 --- a/cmd/config.go +++ b/cmd/config.go @@ -6,7 +6,7 @@ import ( "regexp" "strings" - "github.com/checkmarx/2ms/lib/utils" + "github.com/checkmarx/2ms/v3/lib/utils" "github.com/rs/zerolog" "github.com/rs/zerolog/log" "github.com/spf13/cobra" diff --git a/cmd/main.go b/cmd/main.go index 5d93521f..b9ae6749 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -4,11 +4,11 @@ import ( "fmt" "sync" - "github.com/checkmarx/2ms/engine" - "github.com/checkmarx/2ms/lib/config" - "github.com/checkmarx/2ms/lib/reporting" - "github.com/checkmarx/2ms/lib/secrets" - "github.com/checkmarx/2ms/plugins" + "github.com/checkmarx/2ms/v3/engine" + "github.com/checkmarx/2ms/v3/lib/config" + "github.com/checkmarx/2ms/v3/lib/reporting" + "github.com/checkmarx/2ms/v3/lib/secrets" + "github.com/checkmarx/2ms/v3/plugins" "github.com/rs/zerolog" "github.com/rs/zerolog/log" "github.com/spf13/cobra" diff --git a/cmd/main_test.go b/cmd/main_test.go index 2dfe0d82..7bb7ad37 100644 --- a/cmd/main_test.go +++ b/cmd/main_test.go @@ -2,9 +2,9 @@ package cmd import ( "fmt" - "github.com/checkmarx/2ms/engine" - "github.com/checkmarx/2ms/lib/secrets" - "github.com/checkmarx/2ms/plugins" + "github.com/checkmarx/2ms/v3/engine" + "github.com/checkmarx/2ms/v3/lib/secrets" + "github.com/checkmarx/2ms/v3/plugins" "github.com/stretchr/testify/assert" "sync" "testing" diff --git a/cmd/workers.go b/cmd/workers.go index c0b7a6d8..31e392b4 100644 --- a/cmd/workers.go +++ b/cmd/workers.go @@ -2,11 +2,12 @@ package cmd import ( "context" - "github.com/checkmarx/2ms/engine" - "github.com/checkmarx/2ms/engine/extra" - "github.com/checkmarx/2ms/lib/secrets" - "golang.org/x/sync/errgroup" "sync" + + "github.com/checkmarx/2ms/v3/engine" + "github.com/checkmarx/2ms/v3/engine/extra" + "github.com/checkmarx/2ms/v3/lib/secrets" + "golang.org/x/sync/errgroup" ) func ProcessItems(engineInstance engine.IEngine, pluginName string) { @@ -53,6 +54,20 @@ func ProcessSecrets() { close(CvssScoreWithoutValidationChan) } +func ProcessSecretsWithValidation() { + defer Channels.WaitGroup.Done() + + for secret := range SecretsChan { + Report.TotalSecretsFound++ + SecretsExtrasChan <- secret + ValidationChan <- secret + Report.Results[secret.ID] = append(Report.Results[secret.ID], secret) + } + close(SecretsExtrasChan) + close(ValidationChan) + close(CvssScoreWithoutValidationChan) +} + func ProcessSecretsExtras() { defer Channels.WaitGroup.Done() diff --git a/cmd/workers_test.go b/cmd/workers_test.go index f3f35129..6d912d91 100644 --- a/cmd/workers_test.go +++ b/cmd/workers_test.go @@ -1,10 +1,10 @@ package cmd import ( - "github.com/checkmarx/2ms/engine" - "github.com/checkmarx/2ms/lib/reporting" - "github.com/checkmarx/2ms/lib/secrets" - "github.com/checkmarx/2ms/plugins" + "github.com/checkmarx/2ms/v3/engine" + "github.com/checkmarx/2ms/v3/lib/reporting" + "github.com/checkmarx/2ms/v3/lib/secrets" + "github.com/checkmarx/2ms/v3/plugins" "github.com/stretchr/testify/assert" "sort" "strconv" diff --git a/engine/engine.go b/engine/engine.go index 52786e5a..31c9a677 100644 --- a/engine/engine.go +++ b/engine/engine.go @@ -14,14 +14,14 @@ import ( "sync" "text/tabwriter" - "github.com/checkmarx/2ms/engine/chunk" - "github.com/checkmarx/2ms/engine/linecontent" - "github.com/checkmarx/2ms/engine/rules" - "github.com/checkmarx/2ms/engine/score" - "github.com/checkmarx/2ms/engine/semaphore" - "github.com/checkmarx/2ms/engine/validation" - "github.com/checkmarx/2ms/lib/secrets" - "github.com/checkmarx/2ms/plugins" + "github.com/checkmarx/2ms/v3/engine/chunk" + "github.com/checkmarx/2ms/v3/engine/linecontent" + "github.com/checkmarx/2ms/v3/engine/rules" + "github.com/checkmarx/2ms/v3/engine/score" + "github.com/checkmarx/2ms/v3/engine/semaphore" + "github.com/checkmarx/2ms/v3/engine/validation" + "github.com/checkmarx/2ms/v3/lib/secrets" + "github.com/checkmarx/2ms/v3/plugins" "github.com/rs/zerolog/log" "github.com/spf13/cobra" "github.com/zricethezav/gitleaks/v8/config" diff --git a/engine/engine_mock.go b/engine/engine_mock.go index 049fbed5..bb6e36d9 100644 --- a/engine/engine_mock.go +++ b/engine/engine_mock.go @@ -14,8 +14,8 @@ import ( reflect "reflect" sync "sync" - secrets "github.com/checkmarx/2ms/lib/secrets" - plugins "github.com/checkmarx/2ms/plugins" + secrets "github.com/checkmarx/2ms/v3/lib/secrets" + plugins "github.com/checkmarx/2ms/v3/plugins" gomock "go.uber.org/mock/gomock" ) diff --git a/engine/engine_test.go b/engine/engine_test.go index 8d8f1751..2b1b7039 100644 --- a/engine/engine_test.go +++ b/engine/engine_test.go @@ -10,11 +10,11 @@ import ( "path/filepath" "testing" - "github.com/checkmarx/2ms/engine/chunk" - "github.com/checkmarx/2ms/engine/rules" - "github.com/checkmarx/2ms/engine/semaphore" - "github.com/checkmarx/2ms/lib/secrets" - "github.com/checkmarx/2ms/plugins" + "github.com/checkmarx/2ms/v3/engine/chunk" + "github.com/checkmarx/2ms/v3/engine/rules" + "github.com/checkmarx/2ms/v3/engine/semaphore" + "github.com/checkmarx/2ms/v3/lib/secrets" + "github.com/checkmarx/2ms/v3/plugins" "github.com/rs/zerolog" "github.com/rs/zerolog/log" "github.com/stretchr/testify/assert" diff --git a/engine/extra/extra.go b/engine/extra/extra.go index 638e4855..4d35a69e 100644 --- a/engine/extra/extra.go +++ b/engine/extra/extra.go @@ -7,7 +7,7 @@ import ( "strings" "sync" - "github.com/checkmarx/2ms/lib/secrets" + "github.com/checkmarx/2ms/v3/lib/secrets" ) type addExtraFunc = func(*secrets.Secret) interface{} diff --git a/engine/extra/extra_test.go b/engine/extra/extra_test.go index c4fce11e..a270debe 100644 --- a/engine/extra/extra_test.go +++ b/engine/extra/extra_test.go @@ -3,7 +3,7 @@ package extra import ( "encoding/base64" "fmt" - "github.com/checkmarx/2ms/lib/secrets" + "github.com/checkmarx/2ms/v3/lib/secrets" "github.com/stretchr/testify/assert" "sync" "testing" diff --git a/engine/rules/rule_test.go b/engine/rules/rule_test.go index b58c5543..7a21f1c1 100644 --- a/engine/rules/rule_test.go +++ b/engine/rules/rule_test.go @@ -3,7 +3,7 @@ package rules_test import ( "testing" - "github.com/checkmarx/2ms/engine/rules" + "github.com/checkmarx/2ms/v3/engine/rules" "github.com/zricethezav/gitleaks/v8/config" ) diff --git a/engine/score/score.go b/engine/score/score.go index 8045ff6e..2028e0ce 100644 --- a/engine/score/score.go +++ b/engine/score/score.go @@ -1,8 +1,8 @@ package score import ( - "github.com/checkmarx/2ms/engine/rules" - "github.com/checkmarx/2ms/lib/secrets" + "github.com/checkmarx/2ms/v3/engine/rules" + "github.com/checkmarx/2ms/v3/lib/secrets" "math" ) diff --git a/engine/score/score_test.go b/engine/score/score_test.go index 4515a4a0..2837ab2a 100644 --- a/engine/score/score_test.go +++ b/engine/score/score_test.go @@ -1,10 +1,10 @@ package score_test import ( - . "github.com/checkmarx/2ms/engine" - "github.com/checkmarx/2ms/engine/rules" - "github.com/checkmarx/2ms/engine/score" - "github.com/checkmarx/2ms/lib/secrets" + . "github.com/checkmarx/2ms/v3/engine" + "github.com/checkmarx/2ms/v3/engine/rules" + "github.com/checkmarx/2ms/v3/engine/score" + "github.com/checkmarx/2ms/v3/lib/secrets" "github.com/stretchr/testify/assert" ruleConfig "github.com/zricethezav/gitleaks/v8/cmd/generate/config/rules" "sync" diff --git a/engine/validation/alibaba.go b/engine/validation/alibaba.go index 3a5fb86d..cd6dfffe 100644 --- a/engine/validation/alibaba.go +++ b/engine/validation/alibaba.go @@ -11,7 +11,7 @@ import ( "strings" "time" - "github.com/checkmarx/2ms/lib/secrets" + "github.com/checkmarx/2ms/v3/lib/secrets" "github.com/rs/zerolog/log" ) diff --git a/engine/validation/gcp.go b/engine/validation/gcp.go index df20762c..ac93911c 100644 --- a/engine/validation/gcp.go +++ b/engine/validation/gcp.go @@ -6,7 +6,7 @@ import ( "net/http" "strings" - "github.com/checkmarx/2ms/lib/secrets" + "github.com/checkmarx/2ms/v3/lib/secrets" "github.com/rs/zerolog/log" ) diff --git a/engine/validation/github.go b/engine/validation/github.go index 643ee819..53631979 100644 --- a/engine/validation/github.go +++ b/engine/validation/github.go @@ -4,7 +4,7 @@ import ( "fmt" "net/http" - "github.com/checkmarx/2ms/lib/secrets" + "github.com/checkmarx/2ms/v3/lib/secrets" "github.com/rs/zerolog/log" ) diff --git a/engine/validation/gitlab.go b/engine/validation/gitlab.go index 4cd635e8..a61bc0a7 100644 --- a/engine/validation/gitlab.go +++ b/engine/validation/gitlab.go @@ -6,7 +6,7 @@ import ( "io" "net/http" - "github.com/checkmarx/2ms/lib/secrets" + "github.com/checkmarx/2ms/v3/lib/secrets" "github.com/rs/zerolog/log" ) diff --git a/engine/validation/pairs.go b/engine/validation/pairs.go index 68ed1e0d..54c15701 100644 --- a/engine/validation/pairs.go +++ b/engine/validation/pairs.go @@ -3,7 +3,7 @@ package validation import ( "sync" - "github.com/checkmarx/2ms/lib/secrets" + "github.com/checkmarx/2ms/v3/lib/secrets" ) type pairsByRuleId map[string][]*secrets.Secret diff --git a/engine/validation/validator.go b/engine/validation/validator.go index ae8e8a18..4edd91cb 100644 --- a/engine/validation/validator.go +++ b/engine/validation/validator.go @@ -3,8 +3,8 @@ package validation import ( "sync" - "github.com/checkmarx/2ms/engine/extra" - "github.com/checkmarx/2ms/lib/secrets" + "github.com/checkmarx/2ms/v3/engine/extra" + "github.com/checkmarx/2ms/v3/lib/secrets" ) type validationFunc = func(*secrets.Secret) (secrets.ValidationResult, string) diff --git a/go.mod b/go.mod index 1ed47316..bf0b6f6a 100644 --- a/go.mod +++ b/go.mod @@ -1,4 +1,4 @@ -module github.com/checkmarx/2ms +module github.com/checkmarx/2ms/v3 go 1.23.6 diff --git a/lib/reporting/report.go b/lib/reporting/report.go index 5e46f5fa..8af6dcb4 100644 --- a/lib/reporting/report.go +++ b/lib/reporting/report.go @@ -5,8 +5,8 @@ import ( "path/filepath" "strings" - "github.com/checkmarx/2ms/lib/config" - "github.com/checkmarx/2ms/lib/secrets" + "github.com/checkmarx/2ms/v3/lib/config" + "github.com/checkmarx/2ms/v3/lib/secrets" "github.com/rs/zerolog/log" ) diff --git a/lib/reporting/report_test.go b/lib/reporting/report_test.go index 38a8fd7e..b487f082 100644 --- a/lib/reporting/report_test.go +++ b/lib/reporting/report_test.go @@ -9,8 +9,8 @@ import ( "strings" "testing" - "github.com/checkmarx/2ms/lib/config" - "github.com/checkmarx/2ms/lib/secrets" + "github.com/checkmarx/2ms/v3/lib/config" + "github.com/checkmarx/2ms/v3/lib/secrets" "github.com/rs/zerolog" "github.com/stretchr/testify/assert" "gopkg.in/yaml.v3" diff --git a/lib/reporting/sarif.go b/lib/reporting/sarif.go index 1a9b8025..7a2e2891 100644 --- a/lib/reporting/sarif.go +++ b/lib/reporting/sarif.go @@ -5,8 +5,8 @@ import ( "fmt" "strings" - "github.com/checkmarx/2ms/lib/config" - "github.com/checkmarx/2ms/lib/secrets" + "github.com/checkmarx/2ms/v3/lib/config" + "github.com/checkmarx/2ms/v3/lib/secrets" ) func writeSarif(report *Report, cfg *config.Config) (string, error) { diff --git a/lib/utils/flags_test.go b/lib/utils/flags_test.go index 5efd71e2..faa6b82b 100644 --- a/lib/utils/flags_test.go +++ b/lib/utils/flags_test.go @@ -6,7 +6,7 @@ import ( "strings" "testing" - "github.com/checkmarx/2ms/lib/utils" + "github.com/checkmarx/2ms/v3/lib/utils" "github.com/spf13/cobra" "github.com/spf13/viper" "github.com/stretchr/testify/assert" diff --git a/main.go b/main.go index 3366ffb5..11f4bd4f 100644 --- a/main.go +++ b/main.go @@ -4,8 +4,8 @@ import ( "os" "os/signal" - "github.com/checkmarx/2ms/cmd" - "github.com/checkmarx/2ms/lib/utils" + "github.com/checkmarx/2ms/v3/cmd" + "github.com/checkmarx/2ms/v3/lib/utils" "github.com/rs/zerolog" "github.com/rs/zerolog/log" ) diff --git a/pkg/scan.go b/pkg/scan.go index 7d00b213..bb5cb9c2 100644 --- a/pkg/scan.go +++ b/pkg/scan.go @@ -3,16 +3,18 @@ package scanner import ( "errors" "fmt" - "github.com/checkmarx/2ms/lib/reporting" "sync" - "github.com/checkmarx/2ms/cmd" - "github.com/checkmarx/2ms/engine" + "github.com/checkmarx/2ms/v3/lib/reporting" + + "github.com/checkmarx/2ms/v3/cmd" + "github.com/checkmarx/2ms/v3/engine" ) type ScanConfig struct { IgnoreResultIds []string IgnoreRules []string + WithValidation bool } type scanner struct{} @@ -24,10 +26,10 @@ func NewScanner() Scanner { func (s *scanner) Scan(scanItems []ScanItem, scanConfig ScanConfig) (*reporting.Report, error) { itemsCh := cmd.Channels.Items errorsCh := cmd.Channels.Errors + bufferedErrors := make(chan error, len(scanItems)+1) wg := &sync.WaitGroup{} - // listener for errors - bufferedErrors := make(chan error, len(scanItems)+1) + // Error listener go func() { for err := range errorsCh { if err != nil { @@ -37,56 +39,60 @@ func (s *scanner) Scan(scanItems []ScanItem, scanConfig ScanConfig) (*reporting. close(bufferedErrors) }() - // Initialize engine configuration - engineConfig := engine.EngineConfig{IgnoredIds: scanConfig.IgnoreResultIds, IgnoreList: scanConfig.IgnoreRules} + // Initialize engine + engineConfig := engine.EngineConfig{ + IgnoredIds: scanConfig.IgnoreResultIds, + IgnoreList: scanConfig.IgnoreRules, + } engineInstance, err := engine.Init(engineConfig) if err != nil { return &reporting.Report{}, fmt.Errorf("error initializing engine: %w", err) } - // Start processing items - cmd.Channels.WaitGroup.Add(1) - go cmd.ProcessItems(engineInstance, "custom") - - // Start processing secrets - cmd.Channels.WaitGroup.Add(1) - go cmd.ProcessSecrets() - - // Start processing secrets extras - cmd.Channels.WaitGroup.Add(1) - go cmd.ProcessSecretsExtras() - - // Start validation and scoring - cmd.Channels.WaitGroup.Add(1) - go cmd.ProcessScoreWithoutValidation(engineInstance) + // Start processing pipeline + startPipeline(engineInstance, scanConfig.WithValidation) - // send items to be scanned - for _, scanItem := range scanItems { + // Send scan items + for _, item := range scanItems { wg.Add(1) - go func(item ScanItem) { + go func(si ScanItem) { defer wg.Done() - itemsCh <- item - }(scanItem) + itemsCh <- si + }(item) } wg.Wait() close(itemsCh) - cmd.Channels.WaitGroup.Wait() + // Wait for all processing + cmd.Channels.WaitGroup.Wait() close(errorsCh) + + // Collect errors var errs []error for err = range bufferedErrors { - if err != nil { - errs = append(errs, err) - } + errs = append(errs, err) } - if len(errs) > 0 { return &reporting.Report{}, fmt.Errorf("error(s) processing scan items:\n%w", errors.Join(errs...)) } - // Finalize and generate report - report := cmd.Report - return report, nil + return cmd.Report, nil +} + +func startPipeline(engineInstance engine.IEngine, withValidation bool) { + cmd.Channels.WaitGroup.Add(4) + + go cmd.ProcessItems(engineInstance, "custom") + + if withValidation { + go cmd.ProcessSecretsWithValidation() + go cmd.ProcessValidationAndScoreWithValidation(engineInstance) + } else { + go cmd.ProcessSecrets() + go cmd.ProcessScoreWithoutValidation(engineInstance) + } + + go cmd.ProcessSecretsExtras() } func (s *scanner) ScanDynamic(itemsIn <-chan ScanItem, scanConfig ScanConfig) (*reporting.Report, error) { diff --git a/pkg/scan_test.go b/pkg/scan_test.go index 191f9ce0..73919836 100644 --- a/pkg/scan_test.go +++ b/pkg/scan_test.go @@ -7,11 +7,11 @@ import ( "sync" "testing" - "github.com/checkmarx/2ms/cmd" - "github.com/checkmarx/2ms/lib/reporting" - "github.com/checkmarx/2ms/lib/secrets" - "github.com/checkmarx/2ms/lib/utils" - "github.com/checkmarx/2ms/plugins" + "github.com/checkmarx/2ms/v3/cmd" + "github.com/checkmarx/2ms/v3/lib/reporting" + "github.com/checkmarx/2ms/v3/lib/secrets" + "github.com/checkmarx/2ms/v3/lib/utils" + "github.com/checkmarx/2ms/v3/plugins" "github.com/stretchr/testify/assert" ) @@ -19,6 +19,7 @@ const ( githubPatPath = "testData/secrets/github-pat.txt" jwtPath = "testData/secrets/jwt.txt" expectedReportPath = "testData/expectedReport.json" + expectedReportWithValidationPath = "testData/expectedReportWithValidation.json" expectedReportResultsIgnoredResultsPath = "testData/expectedReportWithIgnoredResults.json" expectedReportResultsIgnoredRulePath = "testData/expectedReportWithIgnoredRule.json" ) @@ -563,3 +564,71 @@ func TestScanDynamic(t *testing.T) { assert.Equal(t, &reporting.Report{Results: map[string][]*secrets.Secret{}}, actualReport) }) } + +func TestScanWithValidation(t *testing.T) { + t.Run("Successful Scan with Multiple Items", func(t *testing.T) { + cmd.Report = reporting.Init() + cmd.SecretsChan = make(chan *secrets.Secret) + cmd.SecretsExtrasChan = make(chan *secrets.Secret) + cmd.ValidationChan = make(chan *secrets.Secret) + cmd.CvssScoreWithoutValidationChan = make(chan *secrets.Secret) + cmd.Channels.Items = make(chan plugins.ISourceItem) + cmd.Channels.Errors = make(chan error) + + githubPatBytes, err := os.ReadFile(githubPatPath) + assert.NoError(t, err, "failed to read github-pat file") + githubPatContent := string(githubPatBytes) + + jwtBytes, err := os.ReadFile(jwtPath) + assert.NoError(t, err, "failed to read jwt file") + jwtContent := string(jwtBytes) + + emptyContent := "" + emptyMockPath := "mockPath" + + scanItems := []ScanItem{ + { + Content: &githubPatContent, + ID: fmt.Sprintf("mock-%s", githubPatPath), + Source: githubPatPath, + }, + { + Content: &emptyContent, + ID: fmt.Sprintf("mock-%s", emptyMockPath), + Source: emptyMockPath, + }, + { + Content: &jwtContent, + ID: fmt.Sprintf("mock-%s", jwtPath), + Source: jwtPath, + }, + } + + testScanner := NewScanner() + actualReport, err := testScanner.Scan(scanItems, ScanConfig{WithValidation: true}) + assert.NoError(t, err, "scanner encountered an error") + + expectedReportBytes, err := os.ReadFile(expectedReportWithValidationPath) + assert.NoError(t, err, "failed to read expected report file") + + var expectedReport, actualReportMap map[string]interface{} + + err = json.Unmarshal(expectedReportBytes, &expectedReport) + assert.NoError(t, err, "failed to unmarshal expected report JSON") + + // Marshal actual report and unmarshal back into a map. + actualReportBytes, err := json.Marshal(actualReport) + assert.NoError(t, err, "failed to marshal actual report to JSON") + err = json.Unmarshal(actualReportBytes, &actualReportMap) + assert.NoError(t, err, "failed to unmarshal actual report JSON") + + // Normalize both expected and actual maps. + normalizedExpectedReport, err := utils.NormalizeReportData(expectedReport) + assert.NoError(t, err, "Failed to normalize actual report") + + normalizedActualReport, err := utils.NormalizeReportData(actualReportMap) + assert.NoError(t, err, "Failed to normalize actual report") + + assert.EqualValues(t, normalizedExpectedReport, normalizedActualReport) + }) +} diff --git a/pkg/scanner.go b/pkg/scanner.go index 9c273781..142212af 100644 --- a/pkg/scanner.go +++ b/pkg/scanner.go @@ -1,8 +1,8 @@ package scanner import ( - "github.com/checkmarx/2ms/lib/reporting" - "github.com/checkmarx/2ms/plugins" + "github.com/checkmarx/2ms/v3/lib/reporting" + "github.com/checkmarx/2ms/v3/plugins" ) type ScanItem struct { diff --git a/pkg/testData/expectedReportWithValidation.json b/pkg/testData/expectedReportWithValidation.json new file mode 100644 index 00000000..bbe2f3d6 --- /dev/null +++ b/pkg/testData/expectedReportWithValidation.json @@ -0,0 +1,118 @@ +{ + "results": { + "40483a2b07fa3beaf234d1a0b5d0931d7b7ae9f7": [ + { + "cvssScore": 5.2, + "endColumn": 103, + "endLine": 1, + "id": "40483a2b07fa3beaf234d1a0b5d0931d7b7ae9f7", + "lineContent": "\n Text_Example = ghp_CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC", + "ruleDescription": "Uncovered a GitHub Personal Access Token, potentially leading to unauthorized repository access and sensitive content exposure.", + "ruleId": "github-pat", + "source": "testData/secrets/github-pat.txt", + "startColumn": 64, + "startLine": 1, + "validationStatus": "Invalid", + "value": "ghp_CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC" + } + ], + "6949272451f77dc4a38d5f35d583cf56023cd2c1": [ + { + "cvssScore": 5.2, + "endColumn": 51, + "endLine": 0, + "id": "6949272451f77dc4a38d5f35d583cf56023cd2c1", + "lineContent": "TextExampleghp_AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATextExampleghp_BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBTextExample", + "ruleDescription": "Uncovered a GitHub Personal Access Token, potentially leading to unauthorized repository access and sensitive content exposure.", + "ruleId": "github-pat", + "source": "testData/secrets/github-pat.txt", + "startColumn": 12, + "startLine": 0, + "validationStatus": "Invalid", + "value": "ghp_AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" + } + ], + "a0cd293e6e122a1c7384d5a56781e39ba350c54b": [ + { + "cvssScore": 8.2, + "endColumn": 232, + "endLine": 0, + "extraDetails": { + "secretDetails": { + "name": "mockName2", + "sub": "mockSub2" + } + }, + "id": "a0cd293e6e122a1c7384d5a56781e39ba350c54b", + "lineContent": "TextExample eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJtb2NrU3ViMSIsIm5hbWUiOiJtb2NrTmFtZTEifQ.dummysignature1 TextExample eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJtb2NrU3ViMiIsIm5hbWUiOiJtb2NrTmFtZTIifQ.dummysignature2 TextExample", + "ruleDescription": "Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.", + "ruleId": "jwt", + "source": "testData/secrets/jwt.txt", + "startColumn": 129, + "startLine": 0, + "validationStatus": "Unknown", + "value": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJtb2NrU3ViMiIsIm5hbWUiOiJtb2NrTmFtZTIifQ.dummysignature2" + }, + { + "cvssScore": 8.2, + "endColumn": 167, + "endLine": 1, + "extraDetails": { + "secretDetails": { + "name": "mockName2", + "sub": "mockSub2" + } + }, + "id": "a0cd293e6e122a1c7384d5a56781e39ba350c54b", + "lineContent": "\n Text_Example = eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJtb2NrU3ViMiIsIm5hbWUiOiJtb2NrTmFtZTIifQ.dummysignature2", + "ruleDescription": "Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.", + "ruleId": "jwt", + "source": "testData/secrets/jwt.txt", + "startColumn": 64, + "startLine": 1, + "validationStatus": "Unknown", + "value": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJtb2NrU3ViMiIsIm5hbWUiOiJtb2NrTmFtZTIifQ.dummysignature2" + } + ], + "f29abe9eacc233a8e5e9c7762bca48589d9c76a2": [ + { + "cvssScore": 8.2, + "endColumn": 116, + "endLine": 0, + "extraDetails": { + "secretDetails": { + "name": "mockName1", + "sub": "mockSub1" + } + }, + "id": "f29abe9eacc233a8e5e9c7762bca48589d9c76a2", + "lineContent": "TextExample eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJtb2NrU3ViMSIsIm5hbWUiOiJtb2NrTmFtZTEifQ.dummysignature1 TextExample eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJtb2NrU3ViMiIsIm5hbWUiOiJtb2NrTmFtZTIifQ.dummysignature2 TextExample", + "ruleDescription": "Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.", + "ruleId": "jwt", + "source": "testData/secrets/jwt.txt", + "startColumn": 13, + "startLine": 0, + "validationStatus": "Unknown", + "value": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJtb2NrU3ViMSIsIm5hbWUiOiJtb2NrTmFtZTEifQ.dummysignature1" + } + ], + "fc17c755f40062dcb3f16eb6299f9afc7eccbc56": [ + { + "cvssScore": 5.2, + "endColumn": 102, + "endLine": 0, + "id": "fc17c755f40062dcb3f16eb6299f9afc7eccbc56", + "lineContent": "TextExampleghp_AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATextExampleghp_BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBTextExample", + "ruleDescription": "Uncovered a GitHub Personal Access Token, potentially leading to unauthorized repository access and sensitive content exposure.", + "ruleId": "github-pat", + "source": "testData/secrets/github-pat.txt", + "startColumn": 63, + "startLine": 0, + "validationStatus": "Invalid", + "value": "ghp_BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB" + } + ] + }, + "totalItemsScanned": 3, + "totalSecretsFound": 6 +} diff --git a/plugins/confluence.go b/plugins/confluence.go index 308f6fd1..5fbe04dd 100644 --- a/plugins/confluence.go +++ b/plugins/confluence.go @@ -7,7 +7,7 @@ import ( "strings" "sync" - "github.com/checkmarx/2ms/lib/utils" + "github.com/checkmarx/2ms/v3/lib/utils" "github.com/rs/zerolog/log" "github.com/spf13/cobra" diff --git a/plugins/git.go b/plugins/git.go index 9e0bede8..363e0747 100644 --- a/plugins/git.go +++ b/plugins/git.go @@ -6,7 +6,7 @@ import ( "strings" "sync" - "github.com/checkmarx/2ms/lib/utils" + "github.com/checkmarx/2ms/v3/lib/utils" "github.com/gitleaks/go-gitdiff/gitdiff" "github.com/rs/zerolog/log" "github.com/spf13/cobra" diff --git a/plugins/paligo.go b/plugins/paligo.go index 1849aca0..651f94f7 100644 --- a/plugins/paligo.go +++ b/plugins/paligo.go @@ -10,7 +10,7 @@ import ( "sync" "time" - "github.com/checkmarx/2ms/lib/utils" + "github.com/checkmarx/2ms/v3/lib/utils" "github.com/rs/zerolog/log" "github.com/spf13/cobra" "golang.org/x/time/rate" diff --git a/tests/e2e.go b/tests/e2e.go index 7af45f1f..c7264fd8 100644 --- a/tests/e2e.go +++ b/tests/e2e.go @@ -11,7 +11,7 @@ import ( "path" "runtime" - "github.com/checkmarx/2ms/lib/reporting" + "github.com/checkmarx/2ms/v3/lib/reporting" ) type cli struct { @@ -21,7 +21,7 @@ type cli struct { func createCLI(outputDir string) (cli, error) { executable := path.Join(outputDir, "2ms") - lib, err := build.Import("github.com/checkmarx/2ms", "", build.FindOnly) + lib, err := build.Import("github.com/checkmarx/2ms/v3", "", build.FindOnly) if err != nil { return cli{}, fmt.Errorf("failed to import 2ms: %s", err) } diff --git a/tests/e2e_test.go b/tests/e2e_test.go index ee8d14ec..dec7f43d 100644 --- a/tests/e2e_test.go +++ b/tests/e2e_test.go @@ -5,7 +5,7 @@ import ( "os" "testing" - "github.com/checkmarx/2ms/lib/utils" + "github.com/checkmarx/2ms/v3/lib/utils" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require"