feat: sensitiveDataDetection in files like .csv etc added

Author: Psingle20

.gitignore

@@ -11,6 +11,7 @@ yarn-debug.log*
 yarn-error.log*
 lerna-debug.log*
 package-lock.json
+/git-proxy-test
 
 
 # Diagnostic reports (https://nodejs.org/api/report.html)

.husky/commit-msg

@@ -1,4 +1,3 @@
-#!/usr/bin/env sh
-. "$(dirname -- "$0")/_/husky.sh"
+
 
 npx --no -- commitlint --edit ${1} && npm run lint

proxy.config.json

@@ -78,7 +78,7 @@
         "literals": [],
         "patterns": [],
         "providers": {},
-        "ProxyFileTypes" : [".jpg"]
+        "ProxyFileTypes" : [".jpg",".csv",".json",".xlsx"]
         ,
         "aiMlUsage": {
           "enabled": true,

src/proxy/chain.js

@@ -11,13 +11,14 @@ const pushActionChain = [
   proc.push.writePack,
   proc.push.getDiff,
   proc.push.checkForAiMlUsage,
-  proc.push.checkExifJpeg,
-  
+  proc.push.checkExifJpeg,              
+  proc.push.checkSensitiveData,     
   proc.push.clearBareClone,
   proc.push.scanDiff,
   proc.push.blockForAuth,
 ];
 
+
 const pullActionChain = [proc.push.checkRepoInAuthorisedList];
 
 let pluginsInserted = false;

src/proxy/processors/push-action/checkSensitiveData.js

@@ -0,0 +1,171 @@
+const fs = require('fs');
+const csv = require('csv-parser');
+const XLSX = require('xlsx');
+const path = require('path');
+const Step = require('../../actions').Step;
+const config = require('../../../config');
+
+// const { exec: getDiffExec } = require('./getDiff');
+// Function to check for sensitive data patterns
+const commitConfig = config.getCommitConfig();
+const checkForSensitiveData = (cell) => {
+    const sensitivePatterns = [
+        /\d{3}-\d{2}-\d{4}/, // Social Security Number (SSN)
+        /\b\d{16}\b/, // Credit card numbers
+        /\b\d{5}-\d{4}\b/, // ZIP+4 codes
+        // Add more patterns as needed
+    ];
+    return sensitivePatterns.some(pattern => {
+        if (pattern.test(String(cell))) {
+            console.log(`\x1b[31mDetected sensitive data: ${cell}\x1b[0m`); // Log the detected sensitive data in red
+            return true;
+        }
+        return false;
+    });
+};
+// Function to process CSV files
+const processCSV = async (filePath) => {
+    return new Promise((resolve, reject) => {
+        let sensitiveDataFound = false;
+        fs.createReadStream(filePath)
+            .pipe(csv())
+            .on('data', (row) => {
+                for (const [key, value] of Object.entries(row)) {
+                    if (checkForSensitiveData(value)) {
+                        console.log(`\x1b[33mSensitive data found in CSV: ${key}: ${value}\x1b[0m`); // Log in yellow
+                        sensitiveDataFound = true;
+                    }
+                }
+            })
+            .on('end', () => {
+                if (!sensitiveDataFound) {
+                    console.log('No sensitive data found in CSV.');
+                }
+                resolve(sensitiveDataFound); // Resolve with the flag indicating if sensitive data was found
+            })
+            .on('error', (err) => {
+                console.error(`Error reading CSV file: ${err.message}`);
+                reject(err); // Reject the promise on error
+            });
+    });
+};
+// Function to process XLSX files
+const processXLSX = async (filePath) => {
+    return new Promise((resolve, reject) => {
+        let sensitiveDataFound = false;
+        try {
+            const workbook = XLSX.readFile(filePath);
+            const sheetName = workbook.SheetNames[0];
+            const sheet = workbook.Sheets[sheetName];
+            const jsonData = XLSX.utils.sheet_to_json(sheet);
+            jsonData.forEach((row) => {
+                for (const [key, value] of Object.entries(row)) {
+                    if (checkForSensitiveData(value)) {
+                        console.log(`\x1b[33mSensitive data found in XLSX: ${key}: ${value}\x1b[0m`); // Log in yellow
+                        sensitiveDataFound = true;
+                    }
+                }
+            });
+            if (!sensitiveDataFound) {
+                console.log('No sensitive data found in XLSX.');
+            }
+            resolve(sensitiveDataFound); // Resolve with the flag indicating if sensitive data was found
+        } catch (error) {
+            console.error(`Error reading XLSX file: ${error.message}`);
+            reject(error); // Reject the promise on error
+        }
+    });
+};
+// Function to check for sensitive data in .log and .json files
+const checkLogJsonFiles = async (filePath) => {
+    return new Promise((resolve, reject) => {
+        let sensitiveDataFound = false;
+        fs.readFile(filePath, 'utf8', (err, data) => {
+            if (err) {
+                console.error(`Error reading file ${filePath}: ${err.message}`);
+                return reject(err);
+            }
+            if (checkForSensitiveData(data)) {
+                console.log(`\x1b[Sensitive data found in ${filePath}\x1b[0m`);
+                sensitiveDataFound = true;
+            }
+            resolve(sensitiveDataFound);
+        });
+    });
+};
+// Function to parse the file based on its extension
+const parseFile = async (filePath) => {
+  
+    const ext = path.extname(filePath).toLowerCase();
+    const FilestoCheck = commitConfig.diff.block.proxyFileTypes;
+    if(!FilestoCheck.includes(ext)){
+      
+        console.log(`${ext} should be included in CommitConfig for proxy Check!`);
+        return false;
+    }
+    
+    switch (ext) {
+        case '.csv':
+            return await processCSV(filePath);
+        case '.xlsx':
+            return await processXLSX(filePath);
+        case '.log':
+            return await checkLogJsonFiles(filePath);
+        case '.json':
+            return await checkLogJsonFiles(filePath);
+        default:
+            // Skip unsupported file types without logging
+            return false; // Indicate that no sensitive data was found for unsupported types
+    }
+};
+// Async exec function to handle actions
+// Function to parse file paths from git diff content
+const extractFilePathsFromDiff = (diffContent) => {
+    const filePaths = [];
+    const lines = diffContent.split('\n');
+    
+    lines.forEach(line => {
+        const match = line.match(/^diff --git a\/(.+?) b\/(.+?)$/);
+        if (match) {
+            filePaths.push(match[1]); // Extract the file path from "a/" in the diff line
+        }
+    });
+    
+    return filePaths;
+};
+
+const exec = async (req, action) => {
+    const diffStep = action.steps.find((s) => s.stepName === 'diff');
+    const step = new Step('checksensitiveData');
+
+    if (diffStep && diffStep.content) {
+        console.log('Diff content:', diffStep.content);
+
+        // Use the parsing function to get file paths
+        const filePaths = extractFilePathsFromDiff(diffStep.content);
+
+        if (filePaths.length > 0) {
+            // Check for sensitive data in all files
+            const sensitiveDataFound = await Promise.all(filePaths.map(parseFile));
+            const anySensitiveDataDetected = sensitiveDataFound.some(found => found);
+
+            if (anySensitiveDataDetected) {
+                step.blocked= true;
+                step.error = true;
+                step.errorMessage = 'Your push has been blocked due to sensitive data detection.';
+                console.log(step.errorMessage);
+            }
+        } else {
+            console.log('No file paths provided in the diff step.');
+        }
+    } else {
+        console.log('No diff content available.');
+    }
+    action.addStep(step);
+    return action; // Returning action for testing purposes
+};
+
+
+
+exec.displayName = 'logFileChanges.exec';
+exports.exec = exec;

src/proxy/processors/push-action/getDiff.js

@@ -2,6 +2,7 @@ const Step = require('../../actions').Step;
 const simpleGit = require('simple-git')
 
 
+
 const exec = async (req, action) => {
   const step = new Step('diff');
 

src/proxy/processors/push-action/index.js

@@ -13,3 +13,4 @@ exports.checkUserPushPermission = require('./checkUserPushPermission').exec;
 exports.clearBareClone = require('./clearBareClone').exec;
 exports.checkForAiMlUsage = require('./checkForAiMlUsage').exec;
 exports.checkExifJpeg = require('./checkExifJpeg').exec;
+exports.checkSensitiveData = require('./checkSensitiveData').exec;

test/CheckSensitive.test.js

@@ -0,0 +1,101 @@
+// const path = require('path');
+const { exec } = require('../src/proxy/processors/push-action/checkSensitiveData.js'); // Adjust path as necessary
+const sinon = require('sinon');
+const {Action}=require('../src/proxy/actions/Action.js')
+const {Step}=require('../src/proxy/actions/Step.js')
+
+
+describe('Sensitive Data Detection', () => {
+    let logStub;
+
+    beforeEach(() => {
+        logStub = sinon.stub(console, 'log'); // Stub console.log before each test
+    });
+
+    afterEach(() => {
+        logStub.restore(); // Restore console.log after each test
+    });
+
+    const createDiffContent = (filePaths) => {
+        // Format file paths in diff format
+        return filePaths.map(filePath => `diff --git a/${filePath} b/${filePath}`).join('\n');
+    };
+// make sure the file types are added in proxyfiletypes in proxy.config.json
+    it('should detect sensitive data in CSV file and block execution', async () => {
+        const action = new Action('action_id', 'push', 'create', Date.now(), 'owner/repo');
+        const step = new Step('diff');
+
+        // Create diff content simulating sensitive data in CSV
+        step.setContent(createDiffContent(['test/test_data/sensitive_data.csv']));
+        action.addStep(step)
+     
+        await exec(null, action);
+        sinon.assert.calledWith(logStub, sinon.match(/Your push has been blocked due to sensitive data detection/));
+    });
+
+    it('should detect sensitive data in XLSX file and block execution', async () => {
+        const action = new Action('action_id', 'push', 'create', Date.now(), 'owner/repo');
+        const step = new Step('diff');
+        step.setContent(createDiffContent(['test/test_data/sensitive_data2.xlsx']));
+        action.addStep(step);
+       
+        await exec(null, action);
+        sinon.assert.calledWith(logStub, sinon.match(/Your push has been blocked due to sensitive data detection/));
+    });
+
+    it('should detect sensitive data in a log file and block execution', async () => {
+      
+        const action = new Action('action_id', 'push', 'create', Date.now(), 'owner/repo');
+        const step = new Step('diff');
+        step.setContent(createDiffContent(['test/test_data/sensitive_data3.log']));
+        action.addStep(step);
+        await exec(null, action);
+        sinon.assert.calledWith(logStub, sinon.match(/Your push has been blocked due to sensitive data detection/));
+    });
+
+    it('should detect sensitive data in a JSON file and block execution', async () => {
+       
+       
+        const action = new Action('action_id', 'push', 'create', Date.now(), 'owner/repo');
+        const step = new Step('diff');
+        step.setContent(createDiffContent(['test/test_data/sensitive_data4.json']));
+        action.addStep(step);
+        await exec(null, action);
+        sinon.assert.calledWith(logStub, sinon.match(/Your push has been blocked due to sensitive data detection/));
+    });
+
+    it('should allow execution if no sensitive data is found', async () => {
+       
+      
+        const action = new Action('action_id', 'push', 'create', Date.now(), 'owner/repo');
+        const step = new Step('diff');
+        step.setContent(createDiffContent(['test_data/no_sensitive_data.txt']));
+        action.addStep(step);
+        await exec(null, action);
+        sinon.assert.neverCalledWith(logStub, sinon.match(/Your push has been blocked due to sensitive data detection/));
+    });
+
+    it('should allow execution for an empty file', async () => {
+       
+      
+        const action = new Action('action_id', 'push', 'create', Date.now(), 'owner/repo');
+        const step = new Step('diff');
+        step.setContent(createDiffContent(['test_data/empty_file.txt']));
+        action.addStep(step);
+        await exec(null, action);
+        sinon.assert.neverCalledWith(logStub, sinon.match(/Your push has been blocked due to sensitive data detection/));
+    });
+
+    it('should handle file-not-found scenario gracefully', async () => {
+        
+        const action = new Action('action_id', 'push', 'create', Date.now(), 'owner/repo');
+        const step = new Step('diff');
+        step.setContent(createDiffContent(['test_data/non_existent_file.txt']));
+        action.addStep(step);
+        try {
+            await exec(null, action);
+        } catch (error) {
+            sinon.assert.match(error.message, /ENOENT: no such file or directory/);
+        }
+    });
+});

test/CreateExcel.js

@@ -0,0 +1,19 @@
+const XLSX = require('xlsx');
+const fs = require('fs');
+const path = require('path');
+// Example data with sensitive information
+const data = [
+    { Name: "John Doe", SSN: "123-45-6789", Email: "[email protected]" },
+    { Name: "Jane Smith", SSN: "987-65-4321", Email: "[email protected]" }
+];
+const worksheet = XLSX.utils.json_to_sheet(data);
+const workbook = XLSX.utils.book_new();
+XLSX.utils.book_append_sheet(workbook, worksheet, "SensitiveData");
+// Create the path to the test_data directory
+const testDataPath = path.join(__dirname, 'test_data'); // Ensure this points to the correct directory
+// Create the test_data directory if it doesn't exist
+if (!fs.existsSync(testDataPath)){
+    fs.mkdirSync(testDataPath, { recursive: true }); // Using recursive to ensure all directories are created
+}
+// Write the Excel file to the test_data directory
+XLSX.writeFile(workbook, path.join(testDataPath, 'sensitive_data2.xlsx'));