Fixing error when not found yarn.lock or package-lock.json and fixing…

… not ignore multiple paths (#45) * Fixing error when not found yarn.lock or package-lock.json and fixing not ignore multiple paths * Fixing tests
ZupIT · Oct 2, 2020 · d7c1de9 · d7c1de9
1 parent c94d39d
commit d7c1de9
Show file tree

Hide file tree

Showing 21 changed files with 89 additions and 77 deletions.
diff --git a/development-kit/pkg/utils/file/file.go b/development-kit/pkg/utils/file/file.go
@@ -62,18 +62,18 @@ func ReplacePathSeparator(path string) string {
 }
 
 func GetSubPathByExtension(projectPath, subPath, ext string) (finalPath string) {
-	_ = filepath.Walk(setProjectPathWithSubPath(projectPath, subPath),
-		func(walkPath string, info os.FileInfo, err error) error {
-			if err != nil || info.IsDir() || strings.Contains(walkPath, ".horusec") {
-				return err
-			}
+	pathToWalk := setProjectPathWithSubPath(projectPath, subPath)
+	_ = filepath.Walk(pathToWalk, func(walkPath string, info os.FileInfo, err error) error {
+		if err != nil {
+			return err
+		}
 
-			if result := verifyMathAndFormat(projectPath, walkPath, ext); result != "" {
-				finalPath = result
-				return io.EOF
-			}
-			return nil
-		})
+		if result := verifyMathAndFormat(projectPath, walkPath, ext); result != "" {
+			finalPath = result
+			return io.EOF
+		}
+		return nil
+	})
 
 	return finalPath
 }

diff --git a/horusec-cli/internal/controllers/language_detect/language_detect.go b/horusec-cli/internal/controllers/language_detect/language_detect.go
@@ -151,12 +151,7 @@ func (ld *LanguageDetect) checkDefaultPathsToIgnore(path string) bool {
 func (ld *LanguageDetect) checkAdditionalPathsToIgnore(path string) bool {
 	if ld.configs.GetFilesOrPathsToIgnore() != "" {
 		for _, value := range strings.Split(ld.configs.GetFilesOrPathsToIgnore(), ",") {
-			pattern, err := filepath.Abs(value)
-			if err != nil {
-				continue
-			}
-
-			matched, _ := doublestar.Match(pattern, path)
+			matched, _ := doublestar.Match(strings.TrimSpace(value), path)
 			if matched {
 				return true
 			}

diff --git a/horusec-cli/internal/helpers/messages/debug.go b/horusec-cli/internal/helpers/messages/debug.go
@@ -43,4 +43,5 @@ const (
 	MsgDebugFolderOrFileIgnored = "{HORUSEC_CLI} The file ou folder was ignored to send analysis:"
 	// Fired when configs already validate and before start analysis
 	MsgDebugShowConfigs = "{HORUSEC_CLI} The current configuration for this analysis are:"
+	MsgDebugShowWorkdir = "{HORUSEC_CLI} The workdir setup for run in path:"
 )
diff --git a/horusec-cli/internal/helpers/messages/error.go b/horusec-cli/internal/helpers/messages/error.go
@@ -84,7 +84,6 @@ const (
 	MsgErrorYarnLockNotFound = "{HORUSEC_CLI} Error It looks like your project doesn't have a yarn.lock file. " +
 		"If you use Yarn to handle your dependencies, " +
 		"it would be a good idea to commit it so horusec can check for vulnerabilities"
-	MsgErrorYarnProcess      = "{HORUSEC_CLI} Error Yarn returned an error: "
-	MsgErrorDeferFileClose   = "{HORUSEC_CLI} Error defer file close: "
-	MsgErrorGetAbsPathToBind = "{HORUSEC_CLI} Error when parse path to abs in start bind container: "
+	MsgErrorYarnProcess    = "{HORUSEC_CLI} Error Yarn returned an error: "
+	MsgErrorDeferFileClose = "{HORUSEC_CLI} Error defer file close: "
 )
diff --git a/horusec-cli/internal/services/formatters/dotnet/scs/formatter.go b/horusec-cli/internal/services/formatters/dotnet/scs/formatter.go
@@ -144,7 +144,7 @@ func (f *Formatter) getConfigData(projectSubPath string) *dockerEntities.Analysi
 		Image: ImageName,
 		Tag:   ImageTag,
 		CMD: f.AddWorkDirInCmd(ImageCmd,
-			fileUtil.GetSubPathByExtension(f.GetConfigProjectPath(), projectSubPath, "*.csproj")),
+			fileUtil.GetSubPathByExtension(f.GetConfigProjectPath(), projectSubPath, "*.csproj"), tools.SecurityCodeScan),
 		Language: languages.DotNet,
 	}
 }

diff --git a/horusec-cli/internal/services/formatters/golang/gosec/formatter.go b/horusec-cli/internal/services/formatters/golang/gosec/formatter.go
@@ -136,7 +136,7 @@ func (f *Formatter) getAnalysisData(projectSubPath string) *dockerEntities.Analy
 	return &dockerEntities.AnalysisData{
 		Image:    ImageName,
 		Tag:      ImageTag,
-		CMD:      f.AddWorkDirInCmd(ImageCmd, projectSubPath),
+		CMD:      f.AddWorkDirInCmd(ImageCmd, projectSubPath, tools.GoSec),
 		Language: languages.Go,
 	}
 }
diff --git a/horusec-cli/internal/services/formatters/hcl/formatter.go b/horusec-cli/internal/services/formatters/hcl/formatter.go
@@ -63,7 +63,7 @@ func (f *Formatter) getConfigData(projectSubPath string) *dockerEntities.Analysi
 	return &dockerEntities.AnalysisData{
 		Image:    ImageName,
 		Tag:      ImageTag,
-		CMD:      f.AddWorkDirInCmd(ImageCmd, projectSubPath),
+		CMD:      f.AddWorkDirInCmd(ImageCmd, projectSubPath, tools.TfSec),
 		Language: languages.HCL,
 	}
 }

diff --git a/horusec-cli/internal/services/formatters/java/horusecjava/formatter.go b/horusec-cli/internal/services/formatters/java/horusecjava/formatter.go
@@ -63,7 +63,7 @@ func (f *Formatter) getImageTagCmd(projectSubPath string) *dockerEntities.Analys
 	return &dockerEntities.AnalysisData{
 		Image:    ImageName,
 		Tag:      ImageTag,
-		CMD:      f.AddWorkDirInCmd(ImageCmd, projectSubPath),
+		CMD:      f.AddWorkDirInCmd(ImageCmd, projectSubPath, tools.HorusecJava),
 		Language: languages.Java,
 	}
 }

diff --git a/horusec-cli/internal/services/formatters/java/spotbugs/formatter.go b/horusec-cli/internal/services/formatters/java/spotbugs/formatter.go
@@ -218,7 +218,7 @@ func (f *Formatter) getImageTagCmd(projectSubPath string) *dockerEntities.Analys
 	return &dockerEntities.AnalysisData{
 		Image:    ImageName,
 		Tag:      ImageTag,
-		CMD:      f.AddWorkDirInCmd(ImageCmd, projectSubPath),
+		CMD:      f.AddWorkDirInCmd(ImageCmd, projectSubPath, tools.SpotBugs),
 		Language: languages.Java,
 	}
 }

diff --git a/horusec-cli/internal/services/formatters/javascript/npmaudit/formatter.go b/horusec-cli/internal/services/formatters/javascript/npmaudit/formatter.go
@@ -176,10 +176,22 @@ func isModuleInScannerText(isFoundModule bool, module, scannerText string) bool
 
 func (f *Formatter) getConfigDataNpm(projectSubPath string) *dockerEntities.AnalysisData {
 	return &dockerEntities.AnalysisData{
-		Image: ImageName,
-		Tag:   ImageTag,
-		CMD: f.AddWorkDirInCmd(ImageCmd,
-			fileUtil.GetSubPathByExtension(f.GetConfigProjectPath(), projectSubPath, "package-lock.json")),
+		Image:    ImageName,
+		Tag:      ImageTag,
+		CMD:      f.getConfigCMD(projectSubPath),
 		Language: languages.Javascript,
 	}
 }
+
+func (f *Formatter) getConfigCMD(projectSubPath string) string {
+	projectPath := f.GetConfigProjectPath()
+	newProjectSubPath := fileUtil.GetSubPathByExtension(projectPath, projectSubPath, "package-lock.json")
+	if newProjectSubPath != "" {
+		return f.AddWorkDirInCmd(ImageCmd, newProjectSubPath, tools.NpmAudit)
+	}
+	newProjectSubPath = fileUtil.GetSubPathByExtension(projectPath, projectSubPath, "yarn.lock")
+	if newProjectSubPath != "" {
+		return f.AddWorkDirInCmd(ImageCmd, newProjectSubPath, tools.NpmAudit)
+	}
+	return f.AddWorkDirInCmd(ImageCmd, projectSubPath, tools.NpmAudit)
+}
diff --git a/horusec-cli/internal/services/formatters/javascript/yarnaudit/formatter.go b/horusec-cli/internal/services/formatters/javascript/yarnaudit/formatter.go
@@ -204,10 +204,22 @@ func (f *Formatter) mapPossibleExistingNames(module, version string) []string {
 
 func (f *Formatter) getConfigDataYarn(projectSubPath string) *dockerEntities.AnalysisData {
 	return &dockerEntities.AnalysisData{
-		Image: npmaudit.ImageName,
-		Tag:   npmaudit.ImageTag,
-		CMD: f.AddWorkDirInCmd(ImageCmd,
-			fileUtil.GetSubPathByExtension(f.GetConfigProjectPath(), projectSubPath, "yarn.lock")),
+		Image:    npmaudit.ImageName,
+		Tag:      npmaudit.ImageTag,
+		CMD:      f.getConfigCMD(projectSubPath),
 		Language: languages.Javascript,
 	}
 }
+
+func (f *Formatter) getConfigCMD(projectSubPath string) string {
+	projectPath := f.GetConfigProjectPath()
+	newProjectSubPath := fileUtil.GetSubPathByExtension(projectPath, projectSubPath, "yarn.lock")
+	if newProjectSubPath != "" {
+		return f.AddWorkDirInCmd(ImageCmd, newProjectSubPath, tools.YarnAudit)
+	}
+	newProjectSubPath = fileUtil.GetSubPathByExtension(projectPath, projectSubPath, "package-lock.json")
+	if newProjectSubPath != "" {
+		return f.AddWorkDirInCmd(ImageCmd, newProjectSubPath, tools.YarnAudit)
+	}
+	return f.AddWorkDirInCmd(ImageCmd, projectSubPath, tools.YarnAudit)
+}
diff --git a/horusec-cli/internal/services/formatters/kotlin/horuseckotlin/formatter.go b/horusec-cli/internal/services/formatters/kotlin/horuseckotlin/formatter.go
@@ -63,7 +63,7 @@ func (f *Formatter) getImageTagCmd(projectSubPath string) *dockerEntities.Analys
 	return &dockerEntities.AnalysisData{
 		Image:    ImageName,
 		Tag:      ImageTag,
-		CMD:      f.AddWorkDirInCmd(ImageCmd, projectSubPath),
+		CMD:      f.AddWorkDirInCmd(ImageCmd, projectSubPath, tools.HorusecKotlin),
 		Language: languages.Kotlin,
 	}
 }

diff --git a/horusec-cli/internal/services/formatters/leaks/gitleaks/formatter.go b/horusec-cli/internal/services/formatters/leaks/gitleaks/formatter.go
@@ -121,7 +121,7 @@ func (f *Formatter) gitLeaksImageTagCmd(projectSubPath string) *dockerEntities.A
 	return &dockerEntities.AnalysisData{
 		Image:    ImageName,
 		Tag:      ImageTag,
-		CMD:      f.AddWorkDirInCmd(ImageCmd, projectSubPath),
+		CMD:      f.AddWorkDirInCmd(ImageCmd, projectSubPath, tools.GitLeaks),
 		Language: languages.Leaks,
 	}
 }

diff --git a/horusec-cli/internal/services/formatters/leaks/horusecleaks/formatter.go b/horusec-cli/internal/services/formatters/leaks/horusecleaks/formatter.go
@@ -63,7 +63,7 @@ func (f *Formatter) getImageTagCmd(projectSubPath string) *dockerEntities.Analys
 	return &dockerEntities.AnalysisData{
 		Image:    ImageName,
 		Tag:      ImageTag,
-		CMD:      f.AddWorkDirInCmd(ImageCmd, projectSubPath),
+		CMD:      f.AddWorkDirInCmd(ImageCmd, projectSubPath, tools.HorusecLeaks),
 		Language: languages.Leaks,
 	}
 }

diff --git a/horusec-cli/internal/services/formatters/python/bandit/formatter.go b/horusec-cli/internal/services/formatters/python/bandit/formatter.go
@@ -66,7 +66,7 @@ func (f *Formatter) getAnalysisData(projectSubPath string) *dockerEntities.Analy
 	return &dockerEntities.AnalysisData{
 		Image:    ImageName,
 		Tag:      ImageTag,
-		CMD:      f.AddWorkDirInCmd(ImageCmd, projectSubPath),
+		CMD:      f.AddWorkDirInCmd(ImageCmd, projectSubPath, tools.Bandit),
 		Language: languages.Python,
 	}
 }

diff --git a/horusec-cli/internal/services/formatters/python/safety/formatter.go b/horusec-cli/internal/services/formatters/python/safety/formatter.go
@@ -71,7 +71,7 @@ func (f *Formatter) getAnalysisData(projectSubPath string) *dockerEntities.Analy
 		Image: ImageName,
 		Tag:   ImageTag,
 		CMD: f.AddWorkDirInCmd(ImageCmd,
-			fileUtil.GetSubPathByExtension(f.GetConfigProjectPath(), projectSubPath, "requirements.txt")),
+			fileUtil.GetSubPathByExtension(f.GetConfigProjectPath(), projectSubPath, "requirements.txt"), tools.Safety),
 		Language: languages.Python,
 	}
 }

diff --git a/horusec-cli/internal/services/formatters/ruby/brakeman/formatter.go b/horusec-cli/internal/services/formatters/ruby/brakeman/formatter.go
@@ -128,7 +128,7 @@ func (f *Formatter) getConfigData(projectSubPath string) *dockerEntities.Analysi
 	return &dockerEntities.AnalysisData{
 		Image:    ImageName,
 		Tag:      ImageTag,
-		CMD:      f.AddWorkDirInCmd(ImageCmd, projectSubPath),
+		CMD:      f.AddWorkDirInCmd(ImageCmd, projectSubPath, tools.Brakeman),
 		Language: languages.Ruby,
 	}
 }

diff --git a/horusec-cli/internal/services/formatters/service.go b/horusec-cli/internal/services/formatters/service.go
@@ -16,6 +16,7 @@ package formatters
 
 import (
 	"fmt"
+	"github.com/ZupIT/horusec/development-kit/pkg/utils/file"
 	"strings"
 
 	"github.com/ZupIT/horusec/development-kit/pkg/entities/horusec"
@@ -35,7 +36,7 @@ type IService interface {
 	ExecuteContainer(data *dockerEntities.AnalysisData) (output string, err error)
 	GetAnalysisIDErrorMessage(tool tools.Tool, output string) string
 	GetCommitAuthor(line, filePath string) (commitAuthor horusec.CommitAuthor)
-	AddWorkDirInCmd(cmd string, projectSubPath string) string
+	AddWorkDirInCmd(cmd string, projectSubPath string, tool tools.Tool) string
 	GetConfigProjectPath() string
 	GetAnalysis() *horusec.Analysis
 	SetLanguageIsFinished()
@@ -80,11 +81,12 @@ func (s *Service) GetCommitAuthor(line, filePath string) (commitAuthor horusec.C
 }
 
 func (s *Service) GetConfigProjectPath() string {
-	return s.config.ProjectPath
+	return file.ReplacePathSeparator(fmt.Sprintf("%s/%s/%s", s.config.ProjectPath, ".horusec", s.analysis.ID.String()))
 }
 
-func (s *Service) AddWorkDirInCmd(cmd, projectSubPath string) string {
+func (s *Service) AddWorkDirInCmd(cmd, projectSubPath string, tool tools.Tool) string {
 	if projectSubPath != "" {
+		logger.LogDebugWithLevel(messages.MsgDebugShowWorkdir, logger.DebugLevel, tool.ToString(), projectSubPath)
 		return strings.ReplaceAll(cmd, "{{WORK_DIR}}", fmt.Sprintf("cd %s", projectSubPath))
 	}
 

diff --git a/horusec-cli/internal/services/formatters/service_mock.go b/horusec-cli/internal/services/formatters/service_mock.go
@@ -16,7 +16,6 @@ package formatters
 
 import (
 	"github.com/ZupIT/horusec/development-kit/pkg/entities/horusec"
-	"github.com/ZupIT/horusec/development-kit/pkg/enums/languages"
 	"github.com/ZupIT/horusec/development-kit/pkg/enums/tools"
 	utilsMock "github.com/ZupIT/horusec/development-kit/pkg/utils/mock"
 	dockerEntities "github.com/ZupIT/horusec/horusec-cli/internal/entities/docker"
@@ -27,61 +26,53 @@ type Mock struct {
 	mock.Mock
 }
 
-func (m *Mock) ExecuteContainer(config *dockerEntities.AnalysisData) (output string, err error) {
+func (m *Mock) LogDebugWithReplace(msg string, tool tools.Tool) {
+	_ = m.MethodCalled("LogDebugWithReplace")
+}
+func (m *Mock) GetAnalysisID() string {
+	args := m.MethodCalled("GetAnalysisID")
+	return args.Get(0).(string)
+}
+func (m *Mock) SetAnalysisError(err error) {
+	_ = m.MethodCalled("SetAnalysisError")
+}
+func (m *Mock) ExecuteContainer(data *dockerEntities.AnalysisData) (output string, err error) {
 	args := m.MethodCalled("ExecuteContainer")
-	return args.Get(0).(string), utilsMock.ReturnNilOrError(args, 1)
+	return args.Get(0).(string), utilsMock.ReturnNilOrError(args, 0)
 }
-
 func (m *Mock) GetAnalysisIDErrorMessage(tool tools.Tool, output string) string {
 	args := m.MethodCalled("GetAnalysisIDErrorMessage")
 	return args.Get(0).(string)
 }
-
-func (m *Mock) GetCommitAuthor(line, filePath string) horusec.CommitAuthor {
+func (m *Mock) GetCommitAuthor(line, filePath string) (commitAuthor horusec.CommitAuthor) {
 	args := m.MethodCalled("GetCommitAuthor")
 	return args.Get(0).(horusec.CommitAuthor)
 }
-
-func (m *Mock) GetConfigProjectPath() string {
-	args := m.MethodCalled("GetCommitAuthor")
-	return args.Get(0).(string)
-}
-
-func (m *Mock) AddWorkDirInCmd(cmd string, language languages.Language) string {
+func (m *Mock) AddWorkDirInCmd(cmd string, projectSubPath string, tool tools.Tool) string {
 	args := m.MethodCalled("AddWorkDirInCmd")
 	return args.Get(0).(string)
 }
-
-func (m *Mock) LogDebugWithReplace(msg string, tool tools.Tool) {
-	_ = m.MethodCalled("LogDebugWithReplace")
-}
-
-func (m *Mock) GetAnalysisID() string {
-	args := m.MethodCalled("GetAnalysisID")
+func (m *Mock) GetConfigProjectPath() string {
+	args := m.MethodCalled("GetConfigProjectPath")
 	return args.Get(0).(string)
 }
-
-func (m *Mock) SetAnalysisError(err error) {
-	_ = m.MethodCalled("SetAnalysisError")
-}
-
 func (m *Mock) GetAnalysis() *horusec.Analysis {
-	args := m.MethodCalled("GetAnalysisID")
+	args := m.MethodCalled("GetAnalysis")
 	return args.Get(0).(*horusec.Analysis)
 }
-
-func (m *Mock) SetLanguageIsFinished(language languages.Language) {
+func (m *Mock) SetLanguageIsFinished() {
 	_ = m.MethodCalled("SetLanguageIsFinished")
 }
-
 func (m *Mock) LogAnalysisError(err error, tool tools.Tool, projectSubPath string) {
 	_ = m.MethodCalled("LogAnalysisError")
 }
-
 func (m *Mock) SetMonitor(monitor *horusec.Monitor) {
 	_ = m.MethodCalled("SetMonitor")
 }
-
+func (m *Mock) RemoveSrcFolderFromPath(filepath string) string {
+	args := m.MethodCalled("RemoveSrcFolderFromPath")
+	return args.Get(0).(string)
+}
 func (m *Mock) GetCodeWithMaxCharacters(code string, column int) string {
 	args := m.MethodCalled("GetCodeWithMaxCharacters")
 	return args.Get(0).(string)

diff --git a/horusec-cli/internal/services/formatters/service_test.go b/horusec-cli/internal/services/formatters/service_test.go
@@ -77,7 +77,7 @@ func TestGetConfigProjectPath(t *testing.T) {
 		result := monitorController.GetConfigProjectPath()
 
 		assert.NotEmpty(t, result)
-		assert.Equal(t, "test", result)
+		assert.Equal(t, "test/.horusec/00000000-0000-0000-0000-000000000000", result)
 	})
 }
 
@@ -89,7 +89,7 @@ func TestAddWorkDirInCmd(t *testing.T) {
 
 		monitorController := NewFormatterService(&horusec.Analysis{}, &docker.Mock{}, cliConfig, &horusec.Monitor{})
 
-		result := monitorController.AddWorkDirInCmd("test", "C#")
+		result := monitorController.AddWorkDirInCmd("test", "C#", tools.SecurityCodeScan)
 
 		assert.NotEmpty(t, result)
 	})
@@ -100,7 +100,7 @@ func TestAddWorkDirInCmd(t *testing.T) {
 
 		monitorController := NewFormatterService(&horusec.Analysis{}, &docker.Mock{}, cliConfig, &horusec.Monitor{})
 
-		result := monitorController.AddWorkDirInCmd("test", "C#")
+		result := monitorController.AddWorkDirInCmd("test", "C#", tools.SecurityCodeScan)
 
 		assert.NotEmpty(t, result)
 	})

diff --git a/horusec-config.json b/horusec-config.json
@@ -7,7 +7,7 @@
   "horusecCliPrintOutputType": "text",
   "horusecCliJsonOutputFilepath": "",
   "horusecCliTypesOfVulnerabilitiesToIgnore": "",
-  "horusecCliFilesOrPathsToIgnore": "development-kit/pkg/engines/examples, deployments/dockerfiles/gitleaks/rules.toml, _test.go, _mock.go, README.md, development-kit/pkg/enums/engine/advisories",
+  "horusecCliFilesOrPathsToIgnore": "**/examples/**, **/*.toml, **/*_test.go, **/*_mock.go, **/*README.md, development-kit/pkg/enums/engine/advisories/**",
   "horusecCliReturnErrorIfFoundVulnerability": false,
   "horusecCliProjectPath": "./",
   "horusecCliWorkDir": {