Skip to content

Commit

Permalink
bugfix: repo filter & define processSignatures with casting
Browse files Browse the repository at this point in the history
  • Loading branch information
rumenvasilev committed Sep 20, 2023
1 parent cc954a2 commit d4d4a28
Show file tree
Hide file tree
Showing 3 changed files with 78 additions and 42 deletions.
14 changes: 9 additions & 5 deletions internal/core/gh_worker.go
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,8 @@ import (
"github.com/rumenvasilev/rvsecret/internal/util"
)

const retrievedRepo string = " Retrieved repository %s"

func ghWorker(sess *Session, tid int, wg *sync.WaitGroup, ch chan *github.Organization, log *log.Logger) {
ctx := context.Background()
for {
Expand Down Expand Up @@ -53,14 +55,16 @@ func processRequest(ctx context.Context, org *github.Organization, tid int, sess
sess.State.Stats.IncrementRepositoriesTotal()

// Only a subset of repos
if sess.GithubUserRepos != nil && isFilteredRepo(repo.Name, sess.GithubUserRepos) {
log.Debug(" Retrieved repository %s", repo.FullName)
// Add the repo to the sess to be scanned
sess.AddRepository(repo)
if sess.GithubUserRepos != nil {
if isFilteredRepo(repo.Name, sess.GithubUserRepos) {
log.Debug(retrievedRepo, repo.FullName)
// Add the repo to the sess to be scanned
sess.AddRepository(repo)
}
continue
}

log.Debug(" Retrieved repository %s", repo.FullName)
log.Debug(retrievedRepo, repo.FullName)
// If we are not doing any filtering and simply grabbing all available repos we add the repos
// to the session to be scanned
sess.AddRepository(repo)
Expand Down
11 changes: 7 additions & 4 deletions internal/core/github.go
Original file line number Diff line number Diff line change
Expand Up @@ -136,16 +136,19 @@ func GatherGithubRepositoriesFromOwner(sess *Session) error {
for _, repo := range allRepos {
// Increment the total number of repos found, regardless if we are cloning them
sess.State.Stats.IncrementRepositoriesTotal()
if sess.GithubUserRepos != nil && isFilteredRepo(repo.Name, sess.GithubUserRepos) {
log.Debug(retrievedRepoFromUser, repo.FullName, repo.Owner)
// Add the repo to the sess to be scanned
sess.AddRepository(repo)
if sess.GithubUserRepos != nil {
if isFilteredRepo(repo.Name, sess.GithubUserRepos) {
log.Debug(retrievedRepoFromUser, repo.FullName, repo.Owner)
// Add the repo to the sess to be scanned
sess.AddRepository(repo)
}
continue
}
log.Debug(retrievedRepoFromUser, repo.FullName, repo.Owner)

// If we are not doing any filtering and simply grabbing all available repos we add the repos
// to the session to be scanned
log.Debug("Adding repo %s", repo.Name)
sess.AddRepository(repo)
}
return nil
Expand Down
95 changes: 62 additions & 33 deletions internal/core/signatures/signatures.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,15 @@ const (
PartContent = "content" // the content of the file
)

type signatureKind int

const (
_ signatureKind = iota
simpleKind
patternKind
safeFunctionKind
)

// WARNING, GLOBAL VAR!
// Signatures holds a list of all signatures used during the session
var Signatures []Signature
Expand Down Expand Up @@ -152,48 +161,27 @@ func Load(filePath string, mLevel int) ([]Signature, string, error) { // TODO we
var SimpleSignatures []SimpleSignature
var PatternSignatures []PatternSignature
for _, curSig := range c.SimpleSignatures {
if curSig.Enable > 0 && curSig.ConfidenceLevel >= mLevel {
SimpleSignatures = append(SimpleSignatures, SimpleSignature{
comment: curSig.Comment,
description: curSig.Description,
match: curSig.Match,
part: getPart(curSig),
signatureid: curSig.SignatureID,
enable: curSig.Enable,
entropy: curSig.Entropy,
confidenceLevel: curSig.ConfidenceLevel,
})
res, ok := processSignatures(curSig, mLevel, simpleKind).(SimpleSignature)
if res == (SimpleSignature{}) || !ok {
continue
}
SimpleSignatures = append(SimpleSignatures, res)
}

for _, curSig := range c.PatternSignatures {
if curSig.Enable > 0 && curSig.ConfidenceLevel >= mLevel {
PatternSignatures = append(PatternSignatures, PatternSignature{
match: regexp.MustCompile(curSig.Match),
comment: curSig.Comment,
description: curSig.Description,
part: getPart(curSig),
signatureid: curSig.SignatureID,
enable: curSig.Enable,
entropy: curSig.Entropy,
confidenceLevel: curSig.ConfidenceLevel,
})
res, ok := processSignatures(curSig, mLevel, patternKind).(PatternSignature)
if res == (PatternSignature{}) || !ok {
continue
}
PatternSignatures = append(PatternSignatures, res)
}

for _, curSig := range c.SafeFunctionSignatures {
if curSig.Enable > 0 && curSig.ConfidenceLevel >= mLevel {
SafeFunctionSignatures = append(SafeFunctionSignatures, SafeFunctionSignature{
match: regexp.MustCompile(curSig.Match),
comment: curSig.Comment,
description: curSig.Description,
part: getPart(curSig),
signatureid: curSig.SignatureID,
enable: curSig.Enable,
entropy: curSig.Entropy,
confidenceLevel: curSig.ConfidenceLevel,
})
res, ok := processSignatures(curSig, mLevel, safeFunctionKind).(SafeFunctionSignature)
if res == (SafeFunctionSignature{}) || !ok {
continue
}
SafeFunctionSignatures = append(SafeFunctionSignatures, res)
}

idx := len(PatternSignatures) + len(SimpleSignatures)
Expand All @@ -215,6 +203,47 @@ func Load(filePath string, mLevel int) ([]Signature, string, error) { // TODO we
return Signatures, signaturesVersion, nil
}

func processSignatures(curSig SignatureDef, mLevel int, kind signatureKind) interface{} {
if curSig.Enable > 0 && curSig.ConfidenceLevel >= mLevel {
switch kind {
case simpleKind:
return SimpleSignature{
match: curSig.Match,
comment: curSig.Comment,
description: curSig.Description,
part: getPart(curSig),
signatureid: curSig.SignatureID,
enable: curSig.Enable,
entropy: curSig.Entropy,
confidenceLevel: curSig.ConfidenceLevel,
}
case patternKind:
return PatternSignature{
match: regexp.MustCompile(curSig.Match),
comment: curSig.Comment,
description: curSig.Description,
part: getPart(curSig),
signatureid: curSig.SignatureID,
enable: curSig.Enable,
entropy: curSig.Entropy,
confidenceLevel: curSig.ConfidenceLevel,
}
case safeFunctionKind:
return SafeFunctionSignature{
match: regexp.MustCompile(curSig.Match),
comment: curSig.Comment,
description: curSig.Description,
part: getPart(curSig),
signatureid: curSig.SignatureID,
enable: curSig.Enable,
entropy: curSig.Entropy,
confidenceLevel: curSig.ConfidenceLevel,
}
}
}
return nil
}

func getPart(sigDef SignatureDef) string {
switch strings.ToLower(sigDef.Part) {
case "partpath":
Expand Down

0 comments on commit d4d4a28

Please sign in to comment.