Add custom detectors configuration parsing (#927)

* Add custom_detectors proto * Generate proto code * Create custom_detectors package Also create protoyaml package to test YAML unmarshalling the configuration. * Simplify custom_detectors proto by removing connection * Generate proto code * Update custom_detectors parsing tests
trufflesecurity · Nov 21, 2022 · 4409210 · 4409210
1 parent 054e98d
commit 4409210
Show file tree

Hide file tree

Showing 8 changed files with 912 additions and 0 deletions.
diff --git a/go.mod b/go.mod
@@ -61,6 +61,7 @@ require (
 	google.golang.org/protobuf v1.28.1
 	gopkg.in/alecthomas/kingpin.v2 v2.2.6
 	gopkg.in/h2non/gock.v1 v1.1.2
+	sigs.k8s.io/yaml v1.3.0
 )
 
 require (
@@ -143,5 +144,6 @@ require (
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/grpc v1.50.1 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
diff --git a/go.sum b/go.sum
@@ -861,3 +861,5 @@ honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
+sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo=
+sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8=
diff --git a/pkg/custom_detectors/custom_detectors_test.go b/pkg/custom_detectors/custom_detectors_test.go
@@ -0,0 +1,68 @@
+package custom_detectors
+
+import (
+	"strings"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/trufflesecurity/trufflehog/v3/pkg/pb/custom_detectorspb"
+	"github.com/trufflesecurity/trufflehog/v3/pkg/protoyaml"
+)
+
+const testCustomRegexYaml = `name: Internal bi tool
+keywords:
+- secret_v1_
+- pat_v2_
+regex:
+  id_pat_example: ([a-zA-Z0-9]{32})
+  secret_pat_example: ([a-zA-Z0-9]{32})
+verify:
+- endpoint: http://localhost:8000/{id_pat_example}
+  unsafe: true
+  headers:
+  - 'Authorization: Bearer {secret_pat_example.0}'
+  successRanges:
+  - 200-250
+  - '288'`
+
+// Helper function to test equality to the data in testCustomRegexYaml.
+func assertExpected(t *testing.T, got *custom_detectorspb.CustomRegex) {
+	assert.Equal(t, "Internal bi tool", got.Name)
+	assert.Equal(t, []string{"secret_v1_", "pat_v2_"}, got.Keywords)
+	assert.Equal(t, map[string]string{
+		"id_pat_example":     "([a-zA-Z0-9]{32})",
+		"secret_pat_example": "([a-zA-Z0-9]{32})",
+	}, got.Regex)
+	assert.Equal(t, 1, len(got.Verify))
+	assert.Equal(t, "http://localhost:8000/{id_pat_example}", got.Verify[0].Endpoint)
+	assert.Equal(t, true, got.Verify[0].Unsafe)
+	assert.Equal(t, []string{"Authorization: Bearer {secret_pat_example.0}"}, got.Verify[0].Headers)
+	assert.Equal(t, []string{"200-250", "288"}, got.Verify[0].SuccessRanges)
+}
+
+func TestCustomRegexParsing(t *testing.T) {
+	var message custom_detectorspb.CustomRegex
+
+	assert.NoError(t, protoyaml.UnmarshalStrict([]byte(testCustomRegexYaml), &message))
+	assertExpected(t, &message)
+}
+
+func TestCustomDetectorsParsing(t *testing.T) {
+	var testYamlConfig string
+	// Build a config file using testCustomRegexYaml.
+	{
+		var lines []string
+		for i, line := range strings.Split(testCustomRegexYaml, "\n") {
+			if i == 0 {
+				lines = append(lines, line)
+				continue
+			}
+			lines = append(lines, "  "+line)
+		}
+		testYamlConfig = "detectors:\n- " + strings.Join(lines, "\n")
+	}
+
+	var messages custom_detectorspb.CustomDetectors
+	assert.NoError(t, protoyaml.UnmarshalStrict([]byte(testYamlConfig), &messages))
+	assertExpected(t, messages.Detectors[0])
+}