feat: initial merge commit from other branches

Checkmarx · Mar 19, 2023 · 2aa7733 · 2aa7733
commit 2aa7733
Show file tree

Hide file tree

Showing 12 changed files with 1,309 additions and 0 deletions.
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,17 @@
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+
+# Test binary, built with `go test -c`
+*.test
+.idea
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+
+# Dependency directories (remove the comment below to include it)
+vendor/
+
+2ms
diff --git a/LICENSE b/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2023 Checkmarx
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/README.md b/README.md
@@ -0,0 +1,24 @@
+# 2MS
+TODO fill in the gaps
+
+### Command line arguments (wip)
+
+- `--confluence` The URL of the Confluence instance to scan.
+- `--confluence-spaces` A comma-separated list of Confluence spaces to scan.
+- `--confluence-user` confluence username or email
+- `--confluence-token` confluence token
+
+
+## Contributing
+TODO @kaplan
+
+### Run Linter
+```bash
+docker run --rm -v $(pwd):/app -w /app golangci/golangci-lint:v1.52.0 golangci-lint run -v -E gofmt --timeout=5m
+```
+
+### Run Unit Tests
+```bash
+go test ./...
+```
+
diff --git a/cmd/main.go b/cmd/main.go
@@ -0,0 +1,110 @@
+package cmd
+
+import (
+	"fmt"
+	"github.com/checkmarx/2ms/plugins"
+	"github.com/checkmarx/2ms/reporting"
+	"github.com/checkmarx/2ms/wrapper"
+	"strings"
+
+	"github.com/rs/zerolog"
+	"github.com/rs/zerolog/log"
+	"github.com/spf13/cobra"
+)
+
+var rootCmd = &cobra.Command{
+	Use:   "2ms",
+	Short: "2ms Secrets Detection",
+	Run:   runDetection,
+}
+
+func init() {
+	cobra.OnInitialize(initLog)
+	rootCmd.Flags().BoolP("all", "a", true, "scan all plugins")
+
+	// TODO decouple and move to plugin level
+	rootCmd.Flags().StringP("confluence", "", "", "scan confluence url")
+	rootCmd.Flags().StringP("confluence-spaces", "", "", "confluence spaces")
+	rootCmd.Flags().StringP("confluence-user", "", "", "confluence username or email")
+	rootCmd.Flags().StringP("confluence-token", "", "", "confluence token")
+
+	rootCmd.Flags().BoolP("all-rules", "r", true, "use all rules")
+	rootCmd.PersistentFlags().StringP("log-level", "l", "info", "log level (trace, debug, info, warn, error, fatal)")
+}
+
+func initLog() {
+	zerolog.SetGlobalLevel(zerolog.InfoLevel)
+	ll, err := rootCmd.Flags().GetString("log-level")
+	if err != nil {
+		log.Fatal().Msg(err.Error())
+	}
+	switch strings.ToLower(ll) {
+	case "trace":
+		zerolog.SetGlobalLevel(zerolog.TraceLevel)
+	case "debug":
+		zerolog.SetGlobalLevel(zerolog.DebugLevel)
+	case "info":
+		zerolog.SetGlobalLevel(zerolog.InfoLevel)
+	case "warn":
+		zerolog.SetGlobalLevel(zerolog.WarnLevel)
+	case "err", "error":
+		zerolog.SetGlobalLevel(zerolog.ErrorLevel)
+	case "fatal":
+		zerolog.SetGlobalLevel(zerolog.FatalLevel)
+	default:
+		zerolog.SetGlobalLevel(zerolog.InfoLevel)
+	}
+}
+
+func Execute() {
+	if err := rootCmd.Execute(); err != nil {
+		log.Fatal().Msg(err.Error())
+	}
+}
+
+func runDetection(cmd *cobra.Command, args []string) {
+	allRules, err := cmd.Flags().GetBool("all-rules")
+	if err != nil {
+		log.Fatal().Msg(err.Error())
+	}
+
+	// Get desired plugins content
+	plugins := plugins.NewPlugins()
+
+	//allPlugins, _ := cmd.Flags().GetBool("all")
+
+	confluenceUrl, _ := cmd.Flags().GetString("confluence")
+
+	// TODO move to confluence file NewPlugin
+	if confluenceUrl != "" {
+		confluenceUser, _ := cmd.Flags().GetString("confluence-user")
+		// confluenceSpaces, _ := cmd.Flags().GetString("confluence-spaces")
+		confluenceToken, _ := cmd.Flags().GetString("confluence-token")
+
+		if !strings.HasPrefix("https://", confluenceUrl) && !strings.HasPrefix("http://", confluenceUrl) {
+			confluenceUrl = fmt.Sprintf("https://%v", confluenceUrl)
+		}
+		confluenceUrl = strings.TrimRight(confluenceUrl, "/")
+		plugins.AddPlugin("confluence", confluenceUrl, confluenceUser, confluenceToken)
+	}
+
+	contents, err := plugins.RunPlugins()
+	if err != nil {
+		log.Fatal().Msg(err.Error())
+	}
+
+	report := reporting.Report{}
+	report.Results = make(map[string][]reporting.Secret)
+
+	// Run with default configuration
+	if allRules {
+		wrap := wrapper.NewWrapper()
+
+		for _, c := range contents {
+			secrets := wrap.Detect(c.Content)
+			report.Results[c.OriginalUrl] = append(report.Results[c.OriginalUrl], secrets...)
+		}
+		report.TotalItemsScanned = len(contents)
+	}
+	reporting.ShowReport(report)
+}
diff --git a/go.mod b/go.mod
@@ -0,0 +1,43 @@
+module github.com/checkmarx/2ms
+
+go 1.20
+
+require (
+	github.com/rs/zerolog v1.29.0
+	github.com/spf13/cobra v1.6.1
+	github.com/zricethezav/gitleaks/v8 v8.16.1
+)
+
+require (
+	github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect
+	github.com/charmbracelet/lipgloss v0.7.1 // indirect
+	github.com/fatih/semgroup v1.2.0 // indirect
+	github.com/fsnotify/fsnotify v1.6.0 // indirect
+	github.com/gitleaks/go-gitdiff v0.8.0 // indirect
+	github.com/h2non/filetype v1.1.3 // indirect
+	github.com/hashicorp/hcl v1.0.0 // indirect
+	github.com/inconshreveable/mousetrap v1.1.0 // indirect
+	github.com/lucasb-eyer/go-colorful v1.2.0 // indirect
+	github.com/lucasjones/reggen v0.0.0-20200904144131-37ba4fa293bb // indirect
+	github.com/magiconair/properties v1.8.7 // indirect
+	github.com/mattn/go-colorable v0.1.13 // indirect
+	github.com/mattn/go-isatty v0.0.17 // indirect
+	github.com/mattn/go-runewidth v0.0.14 // indirect
+	github.com/mitchellh/mapstructure v1.5.0 // indirect
+	github.com/muesli/reflow v0.3.0 // indirect
+	github.com/muesli/termenv v0.15.1 // indirect
+	github.com/pelletier/go-toml/v2 v2.0.7 // indirect
+	github.com/petar-dambovaliev/aho-corasick v0.0.0-20211021192214-5ab2d9280aa9 // indirect
+	github.com/rivo/uniseg v0.4.4 // indirect
+	github.com/spf13/afero v1.9.5 // indirect
+	github.com/spf13/cast v1.5.0 // indirect
+	github.com/spf13/jwalterweatherman v1.1.0 // indirect
+	github.com/spf13/pflag v1.0.5 // indirect
+	github.com/spf13/viper v1.15.0 // indirect
+	github.com/subosito/gotenv v1.4.2 // indirect
+	golang.org/x/sync v0.1.0 // indirect
+	golang.org/x/sys v0.6.0 // indirect
+	golang.org/x/text v0.8.0 // indirect
+	gopkg.in/ini.v1 v1.67.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+)