Skip to content

Commit

Permalink
add simple regex support
Browse files Browse the repository at this point in the history
  • Loading branch information
noboruma committed Jul 2, 2024
1 parent dc4a601 commit 9eb668c
Show file tree
Hide file tree
Showing 4 changed files with 139 additions and 190 deletions.
20 changes: 13 additions & 7 deletions main.go
Original file line number Diff line number Diff line change
Expand Up @@ -25,9 +25,11 @@ package main
// ------------------------------------------------------------------------------

import (
"context"
"flag"
"fmt"
"os"
"os/signal"
"path"
"runtime"
"strconv"
Expand All @@ -38,6 +40,7 @@ import (
"github.com/deepfence/SecretScanner/scan"
"github.com/deepfence/SecretScanner/server"
"github.com/deepfence/SecretScanner/signature"
"github.com/deepfence/golang_deepfence_sdk/utils/tasks"
"github.com/deepfence/match-scanner/pkg/config"
log "github.com/sirupsen/logrus"
)
Expand All @@ -61,7 +64,7 @@ type SecretsWriter interface {
AddSecret(output.SecretFound)
}

func runOnce(filters config.Filters, format string) {
func runOnce(ctx context.Context, filters config.Filters, format string) {
var result SecretsWriter
var err error
node_type := ""
Expand Down Expand Up @@ -95,7 +98,11 @@ func runOnce(filters config.Filters, format string) {
}
}

scan.Scan(nil, nodeType, filters, "", node_id, "", func(sf output.SecretFound, s string) {
scanCtx := tasks.ScanContext{
Context: ctx,
}

scan.Scan(&scanCtx, nodeType, filters, "", node_id, "", func(sf output.SecretFound, s string) {
result.AddSecret(sf)
})

Expand Down Expand Up @@ -165,22 +172,21 @@ func main() {
// Process and store the read signatures
signature.ProcessSignatures(session.Config.Signatures)

// Build Hyperscan database for fast scanning
signature.BuildRegexes()

flag.Parse()

if *core.GetSession().Options.Debug {
log.SetLevel(log.DebugLevel)
}

ctx, _ := signal.NotifyContext(context.Background(), os.Interrupt)

if *socketPath != "" {
err := server.RunServer(*socketPath, PLUGIN_NAME)
err := server.RunServer(ctx, *socketPath, PLUGIN_NAME)
if err != nil {
log.Fatal("main: failed to serve: %v", err)
}
} else {
extCfg := config.Config2Filter(core.GetSession().ExtractorConfig)
runOnce(extCfg, *core.GetSession().Options.OutFormat)
runOnce(ctx, extCfg, *core.GetSession().Options.OutFormat)
}
}
21 changes: 16 additions & 5 deletions scan/scanner.go
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
package scan

import (
"context"
"fmt"
"io"
"path/filepath"
"sync"

"github.com/deepfence/SecretScanner/output"
"github.com/deepfence/SecretScanner/signature"
Expand Down Expand Up @@ -38,11 +38,17 @@ func ScanTypeString(st ScanType) string {

func scanFile(contents io.ReadSeeker, relPath, fileName, fileExtension, layer string, numSecrets *uint, matchedRuleSet map[uint]uint) ([]output.SecretFound, error) {

simpleSecrets, err := signature.MatchSimpleSignatures(contents, relPath, fileName, fileExtension, layer, numSecrets, matchedRuleSet)
if err != nil {
return nil, err
}

secrets, err := signature.MatchPatternSignatures(contents, relPath, fileName, fileExtension, layer, numSecrets, matchedRuleSet)
if err != nil {
return nil, err
}
return secrets, nil

return append(simpleSecrets, secrets...), nil
}

func Scan(ctx *tasks.ScanContext,
Expand Down Expand Up @@ -72,17 +78,18 @@ func Scan(ctx *tasks.ScanContext,
// results has to be 1 element max
// to avoid overwriting the buffer entries
results := make(chan []output.SecretFound)
defer close(results)

wg := sync.WaitGroup{}
wg.Add(1)
go func() {
defer wg.Done()
for malwares := range results {
for _, malware := range malwares {
outputFn(malware, scanID)
}
}
}()

genscan.ApplyScan(context.Background(), extract, func(f extractor.ExtractedFile) {
genscan.ApplyScan(ctx.Context, extract, func(f extractor.ExtractedFile) {
if ctx != nil {
err := ctx.Checkpoint("scan_phase")
if err != nil {
Expand All @@ -98,5 +105,9 @@ func Scan(ctx *tasks.ScanContext,

results <- m
})

close(results)
wg.Wait()

return nil
}
28 changes: 9 additions & 19 deletions server/grpc.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,7 @@ import (
"context"
"fmt"
"net"
"os"
"os/signal"
"sync"
"syscall"

"github.com/deepfence/SecretScanner/jobs"
pb "github.com/deepfence/agent-plugins-grpc/srcgo"
Expand Down Expand Up @@ -70,37 +67,30 @@ func (s *gRPCServer) FindSecretInfo(c context.Context, r *pb.FindRequest) (*pb.F
return &pb.FindResult{}, nil
}

func RunServer(socket_path string, plugin_name string) error {

sigs := make(chan os.Signal, 1)
done := make(chan bool, 1)

signal.Notify(sigs, syscall.SIGINT, syscall.SIGTERM)
func RunServer(ctx context.Context, socket_path string, plugin_name string) error {

lis, err := net.Listen("unix", fmt.Sprintf("%s", socket_path))
if err != nil {
return err
}
s := grpc.NewServer()

go func() {
<-sigs
s.GracefulStop()
done <- true
}()

jobs.ScanMap = sync.Map{}

impl := &gRPCServer{socket_path: socket_path, plugin_name: plugin_name}
pb.RegisterAgentPluginServer(s, impl)
pb.RegisterSecretScannerServer(s, impl)
pb.RegisterScannersServer(s, impl)
log.Infof("main: server listening at %v", lis.Addr())
if err := s.Serve(lis); err != nil {
return err
}
go func() {
if err := s.Serve(lis); err != nil {
log.Errorf("server: %v", err)
}
}()

<-ctx.Done()
s.GracefulStop()

<-done
log.Infof("main: exiting gracefully")
return nil
}
Loading

0 comments on commit 9eb668c

Please sign in to comment.