Skip to content

Commit

Permalink
feat: add values when using more than 1 filter (#1729)
Browse files Browse the repository at this point in the history
* add values when using more than 1 filter

* fix: make full string
  • Loading branch information
cfabianski authored Jan 6, 2025
1 parent 59ea216 commit 76f3aea
Show file tree
Hide file tree
Showing 7 changed files with 63 additions and 66 deletions.
4 changes: 2 additions & 2 deletions pkg/report/output/dataflow/risks/risks.go
Original file line number Diff line number Diff line change
Expand Up @@ -85,7 +85,7 @@ func (holder *Holder) AddRiskPresence(detection detections.Detection) {
StartColumnNumber: *detection.Source.StartColumnNumber,
EndLineNumber: *detection.Source.EndLineNumber,
EndColumnNumber: *detection.Source.EndColumnNumber,
Content: &content,
Content: content,
}
} else {
// parent can be nil
Expand Down Expand Up @@ -195,7 +195,7 @@ func (holder *Holder) addDatatype(
// create datatype source entry if it doesn't exist
sourceKey := "undefined_source"
if schema.Source != nil {
sourceKey = *schema.Source.Content
sourceKey = schema.Source.Content
}

if _, exists := line.source[sourceKey]; !exists {
Expand Down
2 changes: 1 addition & 1 deletion pkg/report/schema/datatype/datatype.go
Original file line number Diff line number Diff line change
Expand Up @@ -213,7 +213,7 @@ func dataTypeToSchema[D DataTypable](report detections.ReportDetection, detectio
if parent != nil {
parentContent := parent.Content()
sourceSchema = &schema.Source{
Content: &parentContent,
Content: parentContent,
StartLineNumber: parent.StartLineNumber(),
StartColumnNumber: parent.StartColumnNumber(),
EndLineNumber: parent.EndLineNumber(),
Expand Down
10 changes: 5 additions & 5 deletions pkg/report/schema/schema.go
Original file line number Diff line number Diff line change
Expand Up @@ -33,11 +33,11 @@ type Schema struct {

type Source struct {
// This is the starting line number, the very beginning of what's used by the custom detection
StartLineNumber int `json:"start_line_number,omitempty" yaml:"start_line_number,omitempty"`
StartColumnNumber int `json:"start_column_number,omitempty" yaml:"start_column_number,omitempty"`
EndLineNumber int `json:"end_line_number,omitempty" yaml:"end_line_number,omitempty"`
EndColumnNumber int `json:"end_column_number,omitempty" yaml:"end_column_number,omitempty"`
Content *string `json:"content,omitempty" yaml:"content,omitempty"`
StartLineNumber int `json:"start_line_number,omitempty" yaml:"start_line_number,omitempty"`
StartColumnNumber int `json:"start_column_number,omitempty" yaml:"start_column_number,omitempty"`
EndLineNumber int `json:"end_line_number,omitempty" yaml:"end_line_number,omitempty"`
EndColumnNumber int `json:"end_column_number,omitempty" yaml:"end_column_number,omitempty"`
Content string `json:"content,omitempty" yaml:"content,omitempty"`
}

type ReportSchema interface {
Expand Down
45 changes: 24 additions & 21 deletions pkg/scanner/detectors/customrule/filters/filters.go
Original file line number Diff line number Diff line change
Expand Up @@ -29,10 +29,10 @@ func NewResult(matches ...Match) *Result {
type Match struct {
variables variableshape.Values
datatypeDetections []*detectortypes.Detection
value *string
value string
}

func NewMatch(variables variableshape.Values, valueStr *string, datatypeDetections []*detectortypes.Detection) Match {
func NewMatch(variables variableshape.Values, valueStr string, datatypeDetections []*detectortypes.Detection) Match {
return Match{variables: variables, value: valueStr, datatypeDetections: datatypeDetections}
}

Expand All @@ -44,7 +44,7 @@ func (match *Match) Variables() variableshape.Values {
return match.variables
}

func (match *Match) Value() *string {
func (match *Match) Value() string {
return match.value
}

Expand Down Expand Up @@ -83,7 +83,7 @@ func (filter *Not) Evaluate(
log.Trace().Msgf("filters.Not: %t", result)
}

return boolResult(patternVariables, result, nil), nil
return boolResult(patternVariables, result, ""), nil
}

type Either struct {
Expand Down Expand Up @@ -130,7 +130,7 @@ func (filter *All) Evaluate(

if len(filter.Children) == 0 {
log.Trace().Msg("filters.All: true (no children)")
return boolResult(patternVariables, true, nil), nil
return boolResult(patternVariables, true, ""), nil
}

for i, child := range filter.Children {
Expand Down Expand Up @@ -167,9 +167,12 @@ func (filter *All) joinMatches(matches, childMatches []Match) []Match {
for _, match := range matches {
for _, childMatch := range childMatches {
if variables, variablesMatch := match.variables.Merge(childMatch.variables); variablesMatch {
value := match.Value()
value += childMatch.Value()

result = append(result, NewMatch(
variables,
nil,
value,
// FIXME: this seems like it will create unnecessary duplicates
append(match.datatypeDetections, childMatch.datatypeDetections...),
))
Expand All @@ -188,7 +191,7 @@ func (filter *FilenameRegex) Evaluate(
detectorContext detectortypes.Context,
patternVariables variableshape.Values,
) (*Result, error) {
return boolResult(patternVariables, filter.Regex.MatchString(detectorContext.Filename()), nil), nil
return boolResult(patternVariables, filter.Regex.MatchString(detectorContext.Filename()), ""), nil
}

type ImportedVariable struct {
Expand Down Expand Up @@ -224,7 +227,7 @@ func (filter *Rule) Evaluate(

if filter.IsDatatypeRule {
log.Trace().Msg("filters.Rule: match (datatype)")
return NewResult(NewMatch(patternVariables, nil, detections)), nil
return NewResult(NewMatch(patternVariables, "", detections)), nil
}

if log.Trace().Enabled() {
Expand Down Expand Up @@ -277,7 +280,7 @@ func (filter *Rule) Evaluate(
for _, detectionMatch := range subResult.matches {
if variables, variablesMatch := filter.importVariables(patternVariables, detectionMatch.variables); variablesMatch {
matched = true
matches = append(matches, NewMatch(variables, nil, detectionMatch.datatypeDetections))
matches = append(matches, NewMatch(variables, "", detectionMatch.datatypeDetections))
}
}

Expand All @@ -294,7 +297,7 @@ func (filter *Rule) Evaluate(
}

if hasPatternVariableMatch {
matches = append(matches, NewMatch(patternVariables, nil, datatypeDetections))
matches = append(matches, NewMatch(patternVariables, "", datatypeDetections))
}

return NewResult(matches...), nil
Expand Down Expand Up @@ -335,7 +338,7 @@ func (filter *Values) Evaluate(
patternVariables variableshape.Values,
) (*Result, error) {
node := patternVariables.Node(filter.Variable)
return boolResult(patternVariables, slices.Contains(filter.Values, node.Content()), nil), nil
return boolResult(patternVariables, slices.Contains(filter.Values, node.Content()), ""), nil
}

type Regex struct {
Expand All @@ -360,7 +363,7 @@ func (filter *Regex) Evaluate(
)
}

return boolResult(patternVariables, result, nil), nil
return boolResult(patternVariables, result, ""), nil
}

type StringLengthLessThan struct {
Expand All @@ -378,7 +381,7 @@ func (filter *StringLengthLessThan) Evaluate(
return nil, err
}

return boolResult(patternVariables, len(value) < filter.Value, nil), nil
return boolResult(patternVariables, len(value) < filter.Value, ""), nil
}

type StringRegex struct {
Expand Down Expand Up @@ -415,7 +418,7 @@ func (filter *StringRegex) Evaluate(
)
}

return boolResult(patternVariables, result, &value), nil
return boolResult(patternVariables, result, value), nil
}

type EntropyGreaterThan struct {
Expand Down Expand Up @@ -454,7 +457,7 @@ func (filter *EntropyGreaterThan) Evaluate(
)
}

return boolResult(patternVariables, result, nil), nil
return boolResult(patternVariables, result, ""), nil
}

type IntegerLessThan struct {
Expand All @@ -472,7 +475,7 @@ func (filter *IntegerLessThan) Evaluate(
return nil, err
}

return boolResult(patternVariables, value < filter.Value, nil), nil
return boolResult(patternVariables, value < filter.Value, ""), nil
}

type IntegerLessThanOrEqual struct {
Expand All @@ -490,7 +493,7 @@ func (filter *IntegerLessThanOrEqual) Evaluate(
return nil, err
}

return boolResult(patternVariables, value <= filter.Value, nil), nil
return boolResult(patternVariables, value <= filter.Value, ""), nil
}

type IntegerGreaterThan struct {
Expand All @@ -508,7 +511,7 @@ func (filter *IntegerGreaterThan) Evaluate(
return nil, err
}

return boolResult(patternVariables, value > filter.Value, nil), nil
return boolResult(patternVariables, value > filter.Value, ""), nil
}

type IntegerGreaterThanOrEqual struct {
Expand All @@ -526,7 +529,7 @@ func (filter *IntegerGreaterThanOrEqual) Evaluate(
return nil, err
}

return boolResult(patternVariables, value >= filter.Value, nil), nil
return boolResult(patternVariables, value >= filter.Value, ""), nil
}

type Unknown struct{}
Expand Down Expand Up @@ -559,11 +562,11 @@ func parseInteger(node *tree.Node) (int, bool, error) {
return value, true, nil
}

func boolResult(patternVariables variableshape.Values, value bool, valueStr *string) *Result {
func boolResult(patternVariables variableshape.Values, value bool, valueStr string) *Result {
return NewResult(boolMatches(patternVariables, value, valueStr)...)
}

func boolMatches(patternVariables variableshape.Values, value bool, valueStr *string) []Match {
func boolMatches(patternVariables variableshape.Values, value bool, valueStr string) []Match {
if value {
return []Match{NewMatch(patternVariables, valueStr, nil)}
} else {
Expand Down
Loading

0 comments on commit 76f3aea

Please sign in to comment.