Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: unique ID for secrets #125

Merged
merged 9 commits into from
Jul 12, 2023
Merged

fix: unique ID for secrets #125

merged 9 commits into from
Jul 12, 2023

Conversation

baruchiro
Copy link
Contributor

@baruchiro baruchiro commented Jul 2, 2023
edited
Loading

BREAKING CHANGES:

  • new hashed ID
  • Description changed to RuleID

Added:

  • --project-name to git plugin
  • --project-name to filesystem plugin

Close #124
Close #109 by implementing #109 (comment)

Baruch Odem added 2 commits July 2, 2023 16:01
fix: secret id and source are the same
03cb1ef 
BREAKING CHANGES: finding ID was changed
rename rule to type
3f62a68
@baruchiro baruchiro linked an issue Jul 2, 2023 that may be closed by this pull request
Secret ID and Source are the same #124
Closed
@github-actions
Copy link

github-actions bot commented Jul 2, 2023
edited
Loading

kics-logo

KICS version: v1.7.0

Category Results
HIGH HIGH 0
MEDIUM MEDIUM 0
LOW LOW 1
INFO INFO 0
TRACE TRACE 0
TOTAL TOTAL 1
Metric Values
Files scanned placeholder 1
Files parsed placeholder 1
Files failed to scan placeholder 0
Total executed queries placeholder 49
Queries failed to execute placeholder 0
Execution time placeholder 1

baruchiro
baruchiro commented Jul 2, 2023
View reviewed changes
secrets/secrets.go Outdated
Comment on lines 95 to 104
secretsChannel <- reporting.Secret{
ID: itemId,
Description: item.Description,
Type: value.Description,
StartLine: value.StartLine,
StartColumn: value.StartColumn,
EndLine: value.EndLine,
EndColumn: value.EndColumn,
Value: value.Secret,
}
Copy link
Contributor Author

@baruchiro baruchiro Jul 2, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Source: item.ID changed to Source: item.Source
Description: value.Description changed to RuleID: value.RuleID

baruchiro
baruchiro commented Jul 2, 2023
View reviewed changes
secrets/secrets.go Outdated
Comment on lines 125 to 129
func getFindingId(item plugins.Item, finding report.Finding) string {
idParts := []string{item.ID, finding.RuleID, finding.Secret}
sha := sha256.Sum256([]byte(strings.Join(idParts, "")))
return fmt.Sprintf("%x", sha)
}
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added finding.RuleID and finding.Secret to the result ID.

@baruchiro baruchiro requested a review from jossef July 2, 2023 13:26
baruchiro
baruchiro commented Jul 3, 2023
View reviewed changes
secrets/secrets.go Outdated Show resolved Hide resolved
baruchiro
baruchiro commented Jul 3, 2023
View reviewed changes
secrets/secrets.go Outdated Show resolved Hide resolved
baruchiro
baruchiro commented Jul 3, 2023
View reviewed changes
secrets/secrets.go Outdated Show resolved Hide resolved
baruchiro
baruchiro commented Jul 3, 2023
View reviewed changes
plugins/paligo.go Outdated Show resolved Hide resolved
baruchiro
baruchiro commented Jul 3, 2023
View reviewed changes
plugins/paligo.go Outdated Show resolved Hide resolved
@baruchiro baruchiro mentioned this pull request Jul 3, 2023
Merged
baruchiro
baruchiro commented Jul 3, 2023
View reviewed changes
plugins/filesystem.go
const flagIgnored = "ignore"
const (
flagFolder = "path"
flagProjectName = "project-name"
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added the --project-name to give the user the option to declare which project we're scanning.

It is needed because we can't get it without the user, maybe the folder is in a CI system and its location is always changing.
On the other hand, we need this option in case the user scans two folders with the same file inside.

github-advanced-security[bot]
github-advanced-security bot found potential problems Jul 3, 2023
View reviewed changes
secrets/secrets.go
return itemId
func getFindingId(item plugins.Item, finding report.Finding) string {
idParts := []string{item.ID, finding.RuleID, finding.Secret}
sha := sha1.Sum([]byte(strings.Join(idParts, "-")))

Check failure

Code scanning / gosec

Use of weak cryptographic primitive

Use of weak cryptographic primitive
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

false positive, since not cryptographic use case

secrets/secrets.go
@@ -1,9 +1,9 @@
package secrets

import (
"crypto/sha1"

Check failure

Code scanning / gosec

Blocklisted import crypto/sha1: weak cryptographic primitive

Blocklisted import crypto/sha1: weak cryptographic primitive
@baruchiro baruchiro changed the title fix: secret id and source are the same fix: unique ID for secrets Jul 9, 2023
jossef
jossef reviewed Jul 9, 2023
View reviewed changes
plugins/git.go Show resolved Hide resolved
plugins/filesystem.go Show resolved Hide resolved
@jossef jossef merged commit 9879b3b into master Jul 12, 2023
@jossef jossef deleted the 124-secret-id-and-source-are-the-same branch July 12, 2023 08:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jossef jossef jossef left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Secret ID and Source are the same
2 participants
@baruchiro @jossef