Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Handle custom detector response and include in extra data #3411

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Handle custom detector response and include in extra data #3411

wants to merge 4 commits into from

Conversation

kashifkhan0771
Copy link
Contributor

@kashifkhan0771 kashifkhan0771 commented Oct 15, 2024
edited
Loading

Description:

This PR handle custom detector response and include it in the ExtraData

Checklist:

  • Tests passing (make test-community)?
  • Lint passing (make lint this requires golangci-lint)?

@kashifkhan0771 kashifkhan0771 requested a review from a team as a code owner October 15, 2024 06:27
@kashifkhan0771 kashifkhan0771 linked an issue Oct 15, 2024 that may be closed by this pull request
Include ExtraData from customDetector http response #3385
Open
@zricethezav
Copy link
Collaborator

@kashifkhan0771 could you take a look at the test failure:

panic: assignment to entry in nil map

goroutine 191 [running]:
github.com/trufflesecurity/trufflehog/v3/pkg/custom_detectors.(*CustomRegexWebhook).createResults(0xc0007f4770, {0x7fd2f8a84330, 0xc0014fc240}, 0xc0014fc330, 0x1, 0xc0014255e0)
	/home/runner/work/trufflehog/trufflehog/pkg/custom_detectors/custom_detectors.go:208 +0xb05
github.com/trufflesecurity/trufflehog/v3/pkg/custom_detectors.(*CustomRegexWebhook).FromData.func1()
	/home/runner/work/trufflehog/trufflehog/pkg/custom_detectors/custom_detectors.go:97 +0x2b
golang.org/x/sync/errgroup.(*Group).Go.func1()
	/home/runner/go/pkg/mod/golang.org/x/sync@v0.8.0/errgroup/errgroup.go:78 +0x50
created by golang.org/x/sync/errgroup.(*Group).Go in goroutine 172
	/home/runner/go/pkg/mod/golang.org/x/sync@v0.8.0/errgroup/errgroup.go:75 +0x96
FAIL	github.com/trufflesecurity/trufflehog/v3/pkg/engine	1.[302](https://github.com/trufflesecurity/trufflehog/actions/runs/11340538845/job/31537134772#step:4:303)s

@kashifkhan0771
Copy link
Contributor Author

@kashifkhan0771 could you take a look at the test failure:
@zricethezav It is fixed now.

mcastorina
mcastorina reviewed Oct 15, 2024
View reviewed changes
pkg/custom_detectors/custom_detectors.go Outdated
Comment on lines 188 to 190
if err != nil {
return fmt.Errorf("failed to read response body: %v", err)
}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks like it's returning an error for the FromData call, is that right? I think that may not be what we want to do for two reasons:

  1. it will break the loop so other configs aren't tested
  2. it seems like it would be a non-determinant error (if those exist in custom detectors), and should maybe set the verification error

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There other parts that also return an error, this is just one example.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think I did that out of habit. I’ve fixed it now, and we’re continuing to the next step instead of returning an error.

pkg/custom_detectors/custom_detectors.go Outdated
Comment on lines 301 to 316
// helper function to handle JSON response
func handleJSONResponse(body []byte) (string, error) {
var respBody interface{}
err := json.Unmarshal(body, &respBody)
if err != nil {
return "", fmt.Errorf("failed to unmarshal JSON: %v", err)
}

// convert JSON map to a formatted string
jsonString, err := json.MarshalIndent(respBody, "", " ")
if err != nil {
return "", fmt.Errorf("failed to marshal JSON: %v", err)
}

return strings.TrimSpace(string(jsonString)), nil
}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why does this function unmarshal then marshal?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, I think I might have over-engineered this, even though @ahrav warned me not to! 😅 I was trying to get the response into a nicely formatted JSON string, but I realize now that it's not really necessary. We can just stick to simple string conversion instead.

abmussani
abmussani reviewed Oct 15, 2024
View reviewed changes
pkg/custom_detectors/custom_detectors.go

// read the Content-Type header and response body
respContentType := resp.Header.Get("Content-Type")
body, err := io.ReadAll(resp.Body)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mcastorina I could not recall where we had a discussion about PII. I remember, we decided not to include PII in extraData. Will this needed to be care here as well ?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's a great point. Custom detector servers are user supplied (or at least user configured), so I don't think PII would be an issue here.. @zricethezav what are your thoughts?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mcastorina mcastorina Awaiting requested review from mcastorina

@abmussani abmussani Awaiting requested review from abmussani

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Include ExtraData from customDetector http response
4 participants
@kashifkhan0771 @zricethezav @mcastorina @abmussani