feat: add 1 to start and end line for filesystem cases (#243)

Similarly to [gitleaks](https://github.com/gitleaks/gitleaks/blob/79cac73f7267f4a48f4bc73db11e105a6098a836/detect/directory.go#L72) (whose change was added in [version 8.1.3](https://github.com/gitleaks/gitleaks/releases/tag/v8.1.3)), it is necessary to increment the start and end line for filesystem cases. **Checklist** - [x] I covered my changes with tests. - [x] I Updated the documentation that is affected by my changes: - [ ] Change in the CLI arguments - [ ] Change in the configuration file
Checkmarx · May 28, 2024 · 05dc8d7 · 05dc8d7
1 parent 3cb2094
commit 05dc8d7
Show file tree

Hide file tree

Showing 7 changed files with 26 additions and 12 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -16,7 +16,7 @@ RUN go build -o /app/2ms .
 # Runtime image
 FROM cgr.dev/chainguard/wolfi-base@sha256:6bc98699de679ce5e9d1d53b9d06b99acde93584bf539690d61ec538916b1e74
 
-RUN apk add --no-cache bash=5.2.21-r1 git=2.44.0-r0 glibc=2.39-r5 glibc-locale-posix=2.39-r5 ld-linux==2.39-r5 libcrypt1=2.39-r5 && git config --global --add safe.directory /repo
+RUN apk add --no-cache bash=5.2.21-r1 git=2.45.1-r0 glibc=2.39-r5 glibc-locale-posix=2.39-r5 ld-linux==2.39-r5 libcrypt1=2.39-r5 && git config --global --add safe.directory /repo
 
 COPY --from=builder /app/2ms .
 

diff --git a/cmd/main.go b/cmd/main.go
@@ -108,7 +108,9 @@ func Execute() (int, error) {
 			return 0, fmt.Errorf("error while defining command for plugin %s: %s", plugin.GetName(), err.Error())
 		}
 		subCommand.GroupID = group
-		subCommand.PreRunE = preRun
+		subCommand.PreRunE = func(cmd *cobra.Command, args []string) error {
+			return preRun(plugin.GetName(), cmd, args)
+		}
 		subCommand.PostRunE = postRun
 		rootCmd.AddCommand(subCommand)
 	}
@@ -122,7 +124,7 @@ func Execute() (int, error) {
 	return report.TotalSecretsFound, nil
 }
 
-func preRun(cmd *cobra.Command, args []string) error {
+func preRun(pluginName string, cmd *cobra.Command, args []string) error {
 	if err := validateFormat(stdoutFormatVar, reportPathVar); err != nil {
 		return err
 	}
@@ -137,7 +139,7 @@ func preRun(cmd *cobra.Command, args []string) error {
 	}
 
 	channels.WaitGroup.Add(1)
-	go processItems(engine)
+	go processItems(engine, pluginName)
 
 	channels.WaitGroup.Add(1)
 	go processSecrets()

diff --git a/cmd/workers.go b/cmd/workers.go
@@ -7,14 +7,14 @@ import (
 	"github.com/checkmarx/2ms/engine/extra"
 )
 
-func processItems(engine *engine.Engine) {
+func processItems(engine *engine.Engine, pluginName string) {
 	defer channels.WaitGroup.Done()
 
 	wgItems := &sync.WaitGroup{}
 	for item := range channels.Items {
 		report.TotalItemsScanned++
 		wgItems.Add(1)
-		go engine.Detect(item, secretsChan, wgItems)
+		go engine.Detect(item, secretsChan, wgItems, pluginName)
 	}
 	wgItems.Wait()
 	close(secretsChan)

diff --git a/engine/engine.go b/engine/engine.go
@@ -72,7 +72,7 @@ func Init(engineConfig EngineConfig) (*Engine, error) {
 	}, nil
 }
 
-func (e *Engine) Detect(item plugins.ISourceItem, secretsChannel chan *secrets.Secret, wg *sync.WaitGroup) {
+func (e *Engine) Detect(item plugins.ISourceItem, secretsChannel chan *secrets.Secret, wg *sync.WaitGroup, pluginName string) {
 	defer wg.Done()
 
 	fragment := detect.Fragment{
@@ -81,13 +81,21 @@ func (e *Engine) Detect(item plugins.ISourceItem, secretsChannel chan *secrets.S
 	}
 	for _, value := range e.detector.Detect(fragment) {
 		itemId := getFindingId(item, value)
+		var startLine, endLine int
+		if pluginName == "filesystem" {
+			startLine = value.StartLine + 1
+			endLine = value.EndLine + 1
+		} else {
+			startLine = value.StartLine
+			endLine = value.EndLine
+		}
 		secret := &secrets.Secret{
 			ID:          itemId,
 			Source:      item.GetSource(),
 			RuleID:      value.RuleID,
-			StartLine:   value.StartLine,
+			StartLine:   startLine,
 			StartColumn: value.StartColumn,
-			EndLine:     value.EndLine,
+			EndLine:     endLine,
 			EndColumn:   value.EndColumn,
 			Value:       value.Secret,
 		}

diff --git a/engine/engine_test.go b/engine/engine_test.go
@@ -10,6 +10,8 @@ import (
 	"github.com/checkmarx/2ms/plugins"
 )
 
+var fsPlugin = &plugins.FileSystemPlugin{}
+
 func Test_Init(t *testing.T) {
 	allRules := *rules.FilterRules([]string{}, []string{}, []string{})
 	specialRule := rules.HardcodedPassword()
@@ -77,7 +79,7 @@ func TestDetector(t *testing.T) {
 		secretsChan := make(chan *secrets.Secret, 1)
 		wg := &sync.WaitGroup{}
 		wg.Add(1)
-		detector.Detect(i, secretsChan, wg)
+		detector.Detect(i, secretsChan, wg, fsPlugin.GetName())
 		close(secretsChan)
 
 		s := <-secretsChan
@@ -152,7 +154,7 @@ func TestSecrets(t *testing.T) {
 			secretsChan := make(chan *secrets.Secret, 1)
 			wg := &sync.WaitGroup{}
 			wg.Add(1)
-			detector.Detect(item{content: &secret.Content}, secretsChan, wg)
+			detector.Detect(item{content: &secret.Content}, secretsChan, wg, fsPlugin.GetName())
 			close(secretsChan)
 
 			s := <-secretsChan

diff --git a/lib/reporting/report_test.go b/lib/reporting/report_test.go
@@ -30,7 +30,7 @@ JPcHeO7M6FohKgcEHX84koQDN98J/L7pFlSoU7WOl6f8BKavIdeSTPS9qQYWdQuT
 
 	results := map[string][]*secrets.Secret{}
 	report := Report{len(results), 1, results}
-	secret := &secrets.Secret{Source: "bla", StartLine: 0, StartColumn: 0, EndLine: 0, EndColumn: 0, Value: secretValue}
+	secret := &secrets.Secret{Source: "bla", StartLine: 1, StartColumn: 0, EndLine: 1, EndColumn: 0, Value: secretValue}
 	source := "directory\\rawStringAsFile.txt"
 
 	report.Results[source] = append(report.Results[source], secret)

diff --git a/tests/e2e_test.go b/tests/e2e_test.go
@@ -34,6 +34,8 @@ func TestIntegration(t *testing.T) {
 	})
 
 	t.Run("confluence: secrets found with validation", func(t *testing.T) {
+		t.Skip("Skipping confluence test (confluence page is currently private)")
+
 		if err := executable.run("confluence", "https://checkmarx.atlassian.net/wiki", "--spaces", "secrets", "--validate"); err == nil {
 			t.Error("expected error (secrets found), got nil")
 		}