Add support for api key metadata (#73)

Victor Chen · web-flow · commit c07aa5e3fb96 · 2022-08-01T15:37:30.000-04:00
* Add support for api key metadata

* Test key

* test

* test

* test

* Fix quotes

* Add key

* Revert testing stuff

* PR comments

* Fix tests
diff --git a/go.mod b/go.mod
@@ -7,10 +7,11 @@ require (
 	github.com/golang/mock v1.4.4
 	github.com/google/go-github/v33 v33.0.0
 	github.com/google/uuid v1.3.0
-	github.com/nightfallai/nightfall-go-sdk v1.1.1
+	github.com/nightfallai/nightfall-go-sdk v1.1.5
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/spf13/pflag v1.0.5
 	github.com/stretchr/testify v1.6.1
 	golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99
+	golang.org/x/text v0.3.3
 	gotest.tools v2.2.0+incompatible
 )
diff --git a/go.sum b/go.sum
@@ -115,8 +115,8 @@ github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORN
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
-github.com/nightfallai/nightfall-go-sdk v1.1.1 h1:xx/e4ZP415oHQcJMOCBeU8kxOWiakrjtEEREZHJtE8Q=
-github.com/nightfallai/nightfall-go-sdk v1.1.1/go.mod h1:IQxS8JqhFEGRfnOpaLqv+ZEhQrUKbJgFAQ5qHU3Lcbg=
+github.com/nightfallai/nightfall-go-sdk v1.1.5 h1:QJ6SxZKTqmUDK/Jh2m4I3Dhk1NMJ8ThPX4aZVfnugwA=
+github.com/nightfallai/nightfall-go-sdk v1.1.5/go.mod h1:IQxS8JqhFEGRfnOpaLqv+ZEhQrUKbJgFAQ5qHU3Lcbg=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
@@ -172,7 +172,6 @@ golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=
 golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
 golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.3.0 h1:RM4zey1++hCTbCVQfnWeKs9/IEsaBLA8vTkd0WVtmH4=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -245,6 +244,7 @@ golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fq
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
+golang.org/x/text v0.3.3 h1:cokOdA+Jmi5PJGXLlLllQSgYigAEfHXJAERHVMaCc2k=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -288,7 +288,6 @@ golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roY
 golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
 golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
-golang.org/x/tools v0.0.0-20200825202427-b303f430e36d h1:W07d4xkoAUSNOkOzdzXCdFGxT7o2rW4q8M34tB2i//k=
 golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
diff --git a/internal/clients/nightfall/nightfall.go b/internal/clients/nightfall/nightfall.go
@@ -7,6 +7,7 @@ import (
 	"fmt"
 	"io"
 	"regexp"
+	"strings"
 	"sync"
 	"time"
 	"unicode/utf8"
@@ -17,6 +18,8 @@ import (
 	"github.com/nightfallai/nightfall_code_scanner/internal/clients/diffreviewer"
 	"github.com/nightfallai/nightfall_code_scanner/internal/clients/logger"
 	"github.com/nightfallai/nightfall_code_scanner/internal/nightfallconfig"
+	"golang.org/x/text/cases"
+	"golang.org/x/text/language"
 )
 
 const (
@@ -80,7 +83,7 @@ func getCommentMsg(finding *nf.Finding) string {
 		content = finding.Finding
 	}
 
-	return fmt.Sprintf("Suspicious content detected (%q, type %q)", content, finding.Detector.DisplayName)
+	return fmt.Sprintf("Suspicious content detected (%q, type %s)", content, getDisplayType(finding))
 }
 
 func getCommentTitle(finding *nf.Finding) string {
@@ -90,6 +93,24 @@ func getCommentTitle(finding *nf.Finding) string {
 	return fmt.Sprintf("Detected %s", finding.Detector.DisplayName)
 }
 
+func getDisplayType(finding *nf.Finding) string {
+	displayType := fmt.Sprintf("%q", finding.Detector.DisplayName)
+	// Check if there is additional context to add to the display type
+	if finding.FindingMetadata != nil && finding.FindingMetadata.APIKeyMetadata != nil {
+		apiKeyMd := finding.FindingMetadata.APIKeyMetadata
+		if kind := apiKeyMd.Kind; strings.ToUpper(kind) != "UNSPECIFIED" {
+			if status := apiKeyMd.Status; strings.ToUpper(status) != "UNVERIFIED" {
+				titledStatus := cases.Title(language.English).String(strings.ToLower(status))
+				displayType = fmt.Sprintf("%q (%s %s key)", finding.Detector.DisplayName, titledStatus, kind)
+			} else {
+				titledConfidence := cases.Title(language.English).String(strings.ToLower(finding.Confidence))
+				displayType = fmt.Sprintf("%q (%s %s key)", finding.Detector.DisplayName, titledConfidence, kind)
+			}
+		}
+	}
+	return displayType
+}
+
 // wordSplitter is of type bufio.SplitFunc (https://golang.org/pkg/bufio/#SplitFunc)
 // this function is used to determine how to chunk the reader input into bufio.Scanner.
 // This function will create chunks of input buffer size, but will not chunk in the middle of
diff --git a/internal/clients/nightfall/nightfall_test.go b/internal/clients/nightfall/nightfall_test.go
@@ -14,7 +14,10 @@ import (
 	"github.com/stretchr/testify/assert"
 )
 
-var blurredCreditCard = "49*****************"
+var (
+	blurredCreditCard = "49*****************"
+	blurredAPIKey     = "yr**************************************"
+)
 
 type mockNightfall struct {
 	scanFn func(context.Context, *nf.ScanTextRequest) (*nf.ScanTextResponse, error)
@@ -215,6 +218,99 @@ func TestReviewDiffDetectionRuleUUID(t *testing.T) {
 	assert.Equal(t, expectedComments, comments, "Received incorrect response from ReviewDiff")
 }
 
+func TestReviewDiffHasFindingMetadata(t *testing.T) {
+	mockAPIClient := &mockNightfall{}
+	client := Client{
+		APIClient:         mockAPIClient,
+		DetectionRules:    testDetectionRules,
+		MaxNumberRoutines: 1,
+	}
+
+	numLines := 20
+	numFiles := 50
+	numScanReq := ((numLines * numFiles) + maxItemsForAPIReq - 1) / maxItemsForAPIReq
+	filePath := "test/data"
+	lineNum := 0
+	content := fmt.Sprintf("this has a api key %s", exampleAPIKey)
+
+	lines := make([]*diffreviewer.Line, numLines)
+	for i := range lines {
+		lines[i] = &diffreviewer.Line{
+			LnumNew: lineNum,
+			Content: content,
+		}
+	}
+
+	input := make([]*diffreviewer.FileDiff, numFiles)
+	for i := range input {
+		h := &diffreviewer.Hunk{
+			Lines: lines,
+		}
+		input[i] = &diffreviewer.FileDiff{
+			Hunks:   []*diffreviewer.Hunk{h},
+			PathNew: filePath,
+		}
+	}
+
+	c := diffreviewer.Comment{
+		FilePath:   filePath,
+		LineNumber: lineNum,
+		Body:       fmt.Sprintf("Suspicious content detected (%q, type %q (%s %s key))", blurredAPIKey, "API_KEY", "Active", "Stripe"),
+		Title:      fmt.Sprintf("Detected API_KEY"),
+	}
+	expectedComments := []*diffreviewer.Comment{&c, &c, &c}
+
+	scanResp := &nf.ScanTextResponse{
+		Findings: [][]*nf.Finding{
+			{},
+			{
+				{
+					Finding:         exampleAPIKey,
+					RedactedFinding: blurredAPIKey,
+					Detector: nf.DetectorMetadata{
+						DisplayName:  "API_KEY",
+						DetectorUUID: "2136e3c9-feb0-4aea-8d3e-a767afabf501",
+					},
+					Confidence: string(nf.ConfidencePossible),
+					FindingMetadata: &nf.FindingMetadata{APIKeyMetadata: &nf.APIKeyMetadata{
+						Status: "ACTIVE",
+						Kind:   "Stripe",
+					}},
+				},
+			},
+		},
+	}
+
+	totalItems := make([]string, numLines*numFiles)
+	for i := 0; i < numLines*numFiles; i++ {
+		totalItems[i] = content
+	}
+
+	var callCount int
+	expectedRequests := make([]*nf.ScanTextRequest, 0, numScanReq)
+	for i := 0; i < numScanReq; i++ {
+		startIndex := i * maxItemsForAPIReq
+		var endIndex int
+		if len(totalItems) < startIndex+maxItemsForAPIReq {
+			endIndex = len(totalItems)
+		} else {
+			endIndex = startIndex + maxItemsForAPIReq
+		}
+
+		expectedScanReq := client.buildScanRequest(totalItems[startIndex:endIndex])
+		expectedRequests = append(expectedRequests, expectedScanReq)
+		mockAPIClient.scanFn = func(ctx context.Context, request *nf.ScanTextRequest) (*nf.ScanTextResponse, error) {
+			assert.Equal(t, expectedRequests[callCount], request, "request object did not match")
+			callCount++
+			return scanResp, nil
+		}
+	}
+
+	comments, err := client.ReviewDiff(context.Background(), githublogger.NewDefaultGithubLogger(), input)
+	assert.NoError(t, err, "Received error from ReviewDiff")
+	assert.Equal(t, expectedComments, comments, "Received incorrect response from ReviewDiff")
+}
+
 func TestScanPaths(t *testing.T) {
 	client := Client{
 		DetectionRules: testDetectionRules,
