From 7405ca1d54739fa4dcf797d21f1432577edb0d55 Mon Sep 17 00:00:00 2001 From: henrique-alvelos Date: Fri, 31 Mar 2023 16:13:37 +0100 Subject: [PATCH 1/6] modified: assets/queries/azureResourceManager/website_azure_active_directory_disabled/query.rego modified: assets/queries/openAPI/general/pattern_undefined/query.rego modified: pkg/detector/helper.go --- .../website_azure_active_directory_disabled/query.rego | 2 -- assets/queries/openAPI/general/pattern_undefined/query.rego | 3 +++ pkg/detector/helper.go | 5 +++++ 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/assets/queries/azureResourceManager/website_azure_active_directory_disabled/query.rego b/assets/queries/azureResourceManager/website_azure_active_directory_disabled/query.rego index 95ab22747a4..fb0f6c2e3cb 100644 --- a/assets/queries/azureResourceManager/website_azure_active_directory_disabled/query.rego +++ b/assets/queries/azureResourceManager/website_azure_active_directory_disabled/query.rego @@ -18,7 +18,6 @@ CxPolicy[result] { "issueType": "MissingAttribute", "keyExpectedValue": "resource with type 'Microsoft.Web/sites' should have the 'identity' property defined", "keyActualValue": "resource with type 'Microsoft.Web/sites' doesn't have 'identity' property defined", - "searchLine": common_lib.build_search_line(path, []), } } @@ -37,7 +36,6 @@ CxPolicy[result] { "issueType": "MissingAttribute", "keyExpectedValue": "resource with type 'Microsoft.Web/sites' should have the identity type set to 'SystemAssigned' or 'UserAssigned' and 'userAssignedIdentities' defined", "keyActualValue": "resource with type 'Microsoft.Web/sites' doesn't have the identity type set to 'SystemAssigned' or 'UserAssigned' and 'userAssignedIdentities' defined", - "searchLine": common_lib.build_search_line(path, ["identity"]), } } diff --git a/assets/queries/openAPI/general/pattern_undefined/query.rego b/assets/queries/openAPI/general/pattern_undefined/query.rego index 52761167856..bb753d04708 100644 --- a/assets/queries/openAPI/general/pattern_undefined/query.rego +++ b/assets/queries/openAPI/general/pattern_undefined/query.rego @@ -1,6 +1,7 @@ package Cx import data.generic.openapi as openapi_lib +import data.generic.common as common_lib CxPolicy[result] { doc := input.document[i] @@ -15,6 +16,7 @@ CxPolicy[result] { result := { "documentId": doc.id, "searchKey": sprintf("%s.type", [openapi_lib.concat_path(path)]), + "searchLine": common_lib.build_search_line(path, ["type"]), "issueType": "MissingAttribute", "keyExpectedValue": "'pattern' should be defined", "keyActualValue": "'pattern' is undefined", @@ -34,6 +36,7 @@ CxPolicy[result] { result := { "documentId": doc.id, "searchKey": sprintf("%s.type", [openapi_lib.concat_path(path)]), + "searchLine": common_lib.build_search_line(path, ["type"]), "issueType": "MissingAttribute", "keyExpectedValue": "'pattern' should be defined", "keyActualValue": "'pattern' is undefined", diff --git a/pkg/detector/helper.go b/pkg/detector/helper.go index 298bdbfd467..80e17371e11 100644 --- a/pkg/detector/helper.go +++ b/pkg/detector/helper.go @@ -261,6 +261,9 @@ func (d *DefaultDetectLineResponse) DetectCurrentLine(str1, str2 string, recurse return res, newLines } } + if i == 563 { + fmt.Print("...") + } distances = checkLine(str1, str2, distances, lines[i], i) } @@ -277,6 +280,8 @@ func (d *DefaultDetectLineResponse) DetectCurrentLine(str1, str2 string, recurse } func checkLine(str1, str2 string, distances map[int]int, line string, i int) map[int]int { + regex := regexp.MustCompile(`^[\s]+`) + line = regex.ReplaceAllString(line, "") if str1 != "" && str2 != "" && strings.Contains(line, str1) { restLine := line[strings.Index(line, str1)+len(str1):] if strings.Contains(restLine, str2) { From b14c7373af12c1cedd6254556b97ca8bed8e026c Mon Sep 17 00:00:00 2001 From: henrique-alvelos Date: Fri, 31 Mar 2023 16:14:40 +0100 Subject: [PATCH 2/6] testing --- pkg/detector/detector.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pkg/detector/detector.go b/pkg/detector/detector.go index bca5ecc0a36..491322fdd6f 100644 --- a/pkg/detector/detector.go +++ b/pkg/detector/detector.go @@ -1,6 +1,8 @@ package detector import ( + "fmt" + "github.com/Checkmarx/kics/pkg/model" "github.com/rs/zerolog" ) @@ -41,6 +43,9 @@ func (d *DetectLine) Add(detector kindDetectLine, kind model.FileKind) *DetectLi // DetectLine will use the correct kindDetectLine according to the files kind // if file kind is not in detectors default detect line is called func (d *DetectLine) DetectLine(file *model.FileMetadata, searchKey string, logWithFields *zerolog.Logger) model.VulnerabilityLines { + if searchKey == "resources.name={{[parameters('siteName')]}}" { + fmt.Print("---") + } if det, ok := d.detectors[file.Kind]; ok { return det.DetectLine(file, searchKey, d.outputLines, logWithFields) } From c2e36b9072e7cc2ef1323b513bb996d18aea43ac Mon Sep 17 00:00:00 2001 From: cx-henriqueAlvelos Date: Fri, 31 Mar 2023 17:15:22 +0100 Subject: [PATCH 3/6] Added regex to change spaces/tabs to void --- .../website_azure_active_directory_disabled/query.rego | 2 ++ pkg/detector/detector.go | 5 ----- pkg/detector/helper.go | 3 --- 3 files changed, 2 insertions(+), 8 deletions(-) diff --git a/assets/queries/azureResourceManager/website_azure_active_directory_disabled/query.rego b/assets/queries/azureResourceManager/website_azure_active_directory_disabled/query.rego index fb0f6c2e3cb..95ab22747a4 100644 --- a/assets/queries/azureResourceManager/website_azure_active_directory_disabled/query.rego +++ b/assets/queries/azureResourceManager/website_azure_active_directory_disabled/query.rego @@ -18,6 +18,7 @@ CxPolicy[result] { "issueType": "MissingAttribute", "keyExpectedValue": "resource with type 'Microsoft.Web/sites' should have the 'identity' property defined", "keyActualValue": "resource with type 'Microsoft.Web/sites' doesn't have 'identity' property defined", + "searchLine": common_lib.build_search_line(path, []), } } @@ -36,6 +37,7 @@ CxPolicy[result] { "issueType": "MissingAttribute", "keyExpectedValue": "resource with type 'Microsoft.Web/sites' should have the identity type set to 'SystemAssigned' or 'UserAssigned' and 'userAssignedIdentities' defined", "keyActualValue": "resource with type 'Microsoft.Web/sites' doesn't have the identity type set to 'SystemAssigned' or 'UserAssigned' and 'userAssignedIdentities' defined", + "searchLine": common_lib.build_search_line(path, ["identity"]), } } diff --git a/pkg/detector/detector.go b/pkg/detector/detector.go index 491322fdd6f..bca5ecc0a36 100644 --- a/pkg/detector/detector.go +++ b/pkg/detector/detector.go @@ -1,8 +1,6 @@ package detector import ( - "fmt" - "github.com/Checkmarx/kics/pkg/model" "github.com/rs/zerolog" ) @@ -43,9 +41,6 @@ func (d *DetectLine) Add(detector kindDetectLine, kind model.FileKind) *DetectLi // DetectLine will use the correct kindDetectLine according to the files kind // if file kind is not in detectors default detect line is called func (d *DetectLine) DetectLine(file *model.FileMetadata, searchKey string, logWithFields *zerolog.Logger) model.VulnerabilityLines { - if searchKey == "resources.name={{[parameters('siteName')]}}" { - fmt.Print("---") - } if det, ok := d.detectors[file.Kind]; ok { return det.DetectLine(file, searchKey, d.outputLines, logWithFields) } diff --git a/pkg/detector/helper.go b/pkg/detector/helper.go index 80e17371e11..ab14185ff6c 100644 --- a/pkg/detector/helper.go +++ b/pkg/detector/helper.go @@ -261,9 +261,6 @@ func (d *DefaultDetectLineResponse) DetectCurrentLine(str1, str2 string, recurse return res, newLines } } - if i == 563 { - fmt.Print("...") - } distances = checkLine(str1, str2, distances, lines[i], i) } From b8d2c067990c12cc2dedea66e80c1e658beec694 Mon Sep 17 00:00:00 2001 From: cx-henriqueAlvelos Date: Fri, 7 Apr 2023 12:47:12 +0100 Subject: [PATCH 4/6] Unit Test --- pkg/detector/helper_test.go | 66 +++++++++++++++++++++++++++++++++++++ 1 file changed, 66 insertions(+) diff --git a/pkg/detector/helper_test.go b/pkg/detector/helper_test.go index 1e37adc140e..c38290f38f5 100644 --- a/pkg/detector/helper_test.go +++ b/pkg/detector/helper_test.go @@ -509,3 +509,69 @@ func TestDefaultDetectLineResponse_checkResolvedFile(t *testing.T) { }) } } + +func TestDetectCurrentLine(t *testing.T) { + type fields struct { + defaultDetectLineResponse *DefaultDetectLineResponse + } + + type args struct { + lines []string + str1 string + str2 string + } + + type want struct { + defaultDetectLineResponse *DefaultDetectLineResponse + } + + tests := []struct { + name string + fields fields + args args + want want + }{ + { + name: "test_checkLines", + args: args{ + lines: []string{ + " \"type\": \"string\"", + " \"type\": \"array\"", + }, + str1: "\"type\"", + str2: "", + }, + fields: fields{ + &DefaultDetectLineResponse{ + CurrentLine: 0, + IsBreak: false, + FoundAtLeastOne: false, + ResolvedFile: "", + ResolvedFiles: map[string]model.ResolvedFileSplit{}, + }, + }, + want: want{ + &DefaultDetectLineResponse{ + CurrentLine: 0, + IsBreak: false, + FoundAtLeastOne: false, + ResolvedFile: "", + ResolvedFiles: map[string]model.ResolvedFileSplit{}, + }, + }, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + d := tt.fields.defaultDetectLineResponse + + d, _ = d.DetectCurrentLine(tt.args.str1, tt.args.str2, 0, tt.args.lines) + + if d.CurrentLine != tt.want.defaultDetectLineResponse.CurrentLine { + t.Errorf("DetectCurrentLine() = %v, want %v", d.CurrentLine, tt.want.defaultDetectLineResponse.CurrentLine) + } + }) + } + +} From 3570ad2c8ab29b87f52893b341989cfd112dc205 Mon Sep 17 00:00:00 2001 From: cx-henriqueAlvelos Date: Fri, 7 Apr 2023 14:49:23 +0100 Subject: [PATCH 5/6] Regex simplified --- pkg/detector/helper.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/detector/helper.go b/pkg/detector/helper.go index ab14185ff6c..8ed3fa6a81f 100644 --- a/pkg/detector/helper.go +++ b/pkg/detector/helper.go @@ -277,7 +277,7 @@ func (d *DefaultDetectLineResponse) DetectCurrentLine(str1, str2 string, recurse } func checkLine(str1, str2 string, distances map[int]int, line string, i int) map[int]int { - regex := regexp.MustCompile(`^[\s]+`) + regex := regexp.MustCompile(`^\s+`) line = regex.ReplaceAllString(line, "") if str1 != "" && str2 != "" && strings.Contains(line, str1) { restLine := line[strings.Index(line, str1)+len(str1):] From f556cf7f5ae729ff1fdc4b35a11fad1b5166b4bf Mon Sep 17 00:00:00 2001 From: cx-henriqueAlvelos Date: Wed, 3 May 2023 11:47:32 +0100 Subject: [PATCH 6/6] new comment --- pkg/detector/helper.go | 1 + 1 file changed, 1 insertion(+) diff --git a/pkg/detector/helper.go b/pkg/detector/helper.go index 8ed3fa6a81f..08b4c19e986 100644 --- a/pkg/detector/helper.go +++ b/pkg/detector/helper.go @@ -277,6 +277,7 @@ func (d *DefaultDetectLineResponse) DetectCurrentLine(str1, str2 string, recurse } func checkLine(str1, str2 string, distances map[int]int, line string, i int) map[int]int { + // Tackle initial spaces that were inducing wrong results regex := regexp.MustCompile(`^\s+`) line = regex.ReplaceAllString(line, "") if str1 != "" && str2 != "" && strings.Contains(line, str1) {