trufflehog/pkg/sources/filesystem/filesystem.go

package filesystem

import (
	"fmt"
	"io"
	"io/fs"
	"os"
	"path/filepath"

	diskbufferreader "github.com/bill-rich/disk-buffer-reader"
	"github.com/go-errors/errors"
	log "github.com/sirupsen/logrus"
	"google.golang.org/protobuf/proto"
	"google.golang.org/protobuf/types/known/anypb"

	"github.com/trufflesecurity/trufflehog/v3/pkg/common"
	"github.com/trufflesecurity/trufflehog/v3/pkg/context"
	"github.com/trufflesecurity/trufflehog/v3/pkg/handlers"
	"github.com/trufflesecurity/trufflehog/v3/pkg/pb/source_metadatapb"
	"github.com/trufflesecurity/trufflehog/v3/pkg/pb/sourcespb"
	"github.com/trufflesecurity/trufflehog/v3/pkg/sanitizer"
	"github.com/trufflesecurity/trufflehog/v3/pkg/sources"
)

const (
	// These buffer sizes are mainly driven by our largest credential size, which is GCP @ ~2.25KB.
	// Having a peek size larger than that ensures that we have complete credential coverage in our chunks.
	BufferSize = 10 * 1024 // 10KB
	PeekSize   = 3 * 1024  // 3KB
)

type Source struct {
	name     string
	sourceId int64
	jobId    int64
	verify   bool
	paths    []string
	aCtx     context.Context
	log      *log.Entry
	sources.Progress
}

// Ensure the Source satisfies the interface at compile time
var _ sources.Source = (*Source)(nil)

// Type returns the type of source.
// It is used for matching source types in configuration and job input.
func (s *Source) Type() sourcespb.SourceType {
	return sourcespb.SourceType_SOURCE_TYPE_FILESYSTEM
}

func (s *Source) SourceID() int64 {
	return s.sourceId
}

func (s *Source) JobID() int64 {
	return s.jobId
}

// Init returns an initialized Filesystem source.
func (s *Source) Init(aCtx context.Context, name string, jobId, sourceId int64, verify bool, connection *anypb.Any, _ int) error {
	s.log = log.WithField("source", s.Type()).WithField("name", name)

	s.aCtx = aCtx
	s.name = name
	s.sourceId = sourceId
	s.jobId = jobId
	s.verify = verify

	var conn sourcespb.Filesystem
	if err := anypb.UnmarshalTo(connection, &conn, proto.UnmarshalOptions{}); err != nil {
		return errors.WrapPrefix(err, "error unmarshalling connection", 0)
	}

	s.paths = conn.Directories

	return nil
}

// Chunks emits chunks of bytes over a channel.
func (s *Source) Chunks(ctx context.Context, chunksChan chan *sources.Chunk) error {
	for i, path := range s.paths {
		s.SetProgressComplete(i, len(s.paths), fmt.Sprintf("Path: %s", path), "")

		cleanPath := filepath.Clean(path)
		done := false
		go func() {
			<-ctx.Done()
			done = true
		}()

		err := fs.WalkDir(os.DirFS(cleanPath), ".", func(relativePath string, d fs.DirEntry, err error) error {
			if err != nil {
				return nil
			}

			path := filepath.Join(cleanPath, relativePath)

			fileStat, err := os.Stat(path)
			if err != nil {
				log.WithError(err).Warnf("unable to stat file: %s", path)
				return nil
			}
			if !fileStat.Mode().IsRegular() {
				return nil
			}

			inputFile, err := os.Open(path)
			if err != nil {
				log.Warn(err)
				return nil
			}
			defer inputFile.Close()
			log.WithField("file_path", path).Trace("scanning file")

			reReader, err := diskbufferreader.New(inputFile)
			if err != nil {
				log.WithError(err).Error("Could not create re-readable reader.")
			}
			defer reReader.Close()

			chunkSkel := &sources.Chunk{
				SourceType: s.Type(),
				SourceName: s.name,
				SourceID:   s.SourceID(),
				SourceMetadata: &source_metadatapb.MetaData{
					Data: &source_metadatapb.MetaData_Filesystem{
						Filesystem: &source_metadatapb.Filesystem{
							File: sanitizer.UTF8(path),
						},
					},
				},
				Verify: s.verify,
			}
			if handlers.HandleFile(reReader, chunkSkel, chunksChan) {
				return nil
			}

			if err := reReader.Reset(); err != nil {
				return err
			}
			reReader.Stop()

			for chunkData := range common.ChunkReader(reReader) {
				chunksChan <- &sources.Chunk{
					SourceType: s.Type(),
					SourceName: s.name,
					SourceID:   s.SourceID(),
					Data:       chunkData,
					SourceMetadata: &source_metadatapb.MetaData{
						Data: &source_metadatapb.MetaData_Filesystem{
							Filesystem: &source_metadatapb.Filesystem{
								File: sanitizer.UTF8(path),
							},
						},
					},
					Verify: s.verify,
				}
			}
			return nil
		})

		if err != nil && err != io.EOF {
			return errors.New(err)
		}

		if done {
			return nil
		}

	}
	return nil
}
Initial CLI w/ partially implemented Git source and demo detector (#1) 2022-01-13 20:02:24 +00:00			`package filesystem`

			`import (`
			`"fmt"`
			`"io"`
			`"io/fs"`
			`"os"`
			`"path/filepath"`

Use re-readable reader and common chunker (#703) * Use re-readable reader and common chunker * Linter feedback * Break on error 2022-08-10 22:32:49 +00:00			`diskbufferreader "github.com/bill-rich/disk-buffer-reader"`
Initial CLI w/ partially implemented Git source and demo detector (#1) 2022-01-13 20:02:24 +00:00			`"github.com/go-errors/errors"`
			`log "github.com/sirupsen/logrus"`
[THOG-608] - Fix linter errors. (#701) * Fix linter errors. * Fix gist adding test. * Update test string for mock JSON reply. * Remove if. 2022-08-10 02:20:02 +00:00			`"google.golang.org/protobuf/proto"`
			`"google.golang.org/protobuf/types/known/anypb"`

module v3 2022-02-10 18:54:33 +00:00			`"github.com/trufflesecurity/trufflehog/v3/pkg/common"`
Add common sentry recover library and add into goroutines (#738) * Add common sentry recover library and add into goroutines * fix nits 2022-08-29 18:45:37 +00:00			`"github.com/trufflesecurity/trufflehog/v3/pkg/context"`
Archive decoder (#683) * Archive decoder * Fix reader handling * Seek error handling * Add tests * Fix extra empty chunk * Sync chunk size 2022-08-03 03:36:21 +00:00			`"github.com/trufflesecurity/trufflehog/v3/pkg/handlers"`
module v3 2022-02-10 18:54:33 +00:00			`"github.com/trufflesecurity/trufflehog/v3/pkg/pb/source_metadatapb"`
			`"github.com/trufflesecurity/trufflehog/v3/pkg/pb/sourcespb"`
improvements 2022-02-16 01:38:19 +00:00			`"github.com/trufflesecurity/trufflehog/v3/pkg/sanitizer"`
			`"github.com/trufflesecurity/trufflehog/v3/pkg/sources"`
Initial CLI w/ partially implemented Git source and demo detector (#1) 2022-01-13 20:02:24 +00:00			`)`

			`const (`
			`// These buffer sizes are mainly driven by our largest credential size, which is GCP @ ~2.25KB.`
			`// Having a peek size larger than that ensures that we have complete credential coverage in our chunks.`
[THOG-608] - Fix linter errors. (#701) * Fix linter errors. * Fix gist adding test. * Update test string for mock JSON reply. * Remove if. 2022-08-10 02:20:02 +00:00			`BufferSize = 10 * 1024 // 10KB`
			`PeekSize = 3 * 1024 // 3KB`
Initial CLI w/ partially implemented Git source and demo detector (#1) 2022-01-13 20:02:24 +00:00			`)`

			`type Source struct {`
			`name string`
			`sourceId int64`
			`jobId int64`
			`verify bool`
			`paths []string`
			`aCtx context.Context`
			`log *log.Entry`
			`sources.Progress`
			`}`

			`// Ensure the Source satisfies the interface at compile time`
			`var _ sources.Source = (*Source)(nil)`

			`// Type returns the type of source.`
			`// It is used for matching source types in configuration and job input.`
			`func (s *Source) Type() sourcespb.SourceType {`
			`return sourcespb.SourceType_SOURCE_TYPE_FILESYSTEM`
			`}`

			`func (s *Source) SourceID() int64 {`
			`return s.sourceId`
			`}`

			`func (s *Source) JobID() int64 {`
			`return s.jobId`
			`}`

			`// Init returns an initialized Filesystem source.`
[THOG-608] - Fix linter errors. (#701) * Fix linter errors. * Fix gist adding test. * Update test string for mock JSON reply. * Remove if. 2022-08-10 02:20:02 +00:00			`func (s Source) Init(aCtx context.Context, name string, jobId, sourceId int64, verify bool, connection anypb.Any, _ int) error {`
Initial CLI w/ partially implemented Git source and demo detector (#1) 2022-01-13 20:02:24 +00:00			`s.log = log.WithField("source", s.Type()).WithField("name", name)`

			`s.aCtx = aCtx`
			`s.name = name`
			`s.sourceId = sourceId`
			`s.jobId = jobId`
			`s.verify = verify`

			`var conn sourcespb.Filesystem`
[THOG-608] - Fix linter errors. (#701) * Fix linter errors. * Fix gist adding test. * Update test string for mock JSON reply. * Remove if. 2022-08-10 02:20:02 +00:00			`if err := anypb.UnmarshalTo(connection, &conn, proto.UnmarshalOptions{}); err != nil {`
			`return errors.WrapPrefix(err, "error unmarshalling connection", 0)`
Initial CLI w/ partially implemented Git source and demo detector (#1) 2022-01-13 20:02:24 +00:00			`}`

			`s.paths = conn.Directories`

			`return nil`
			`}`

			`// Chunks emits chunks of bytes over a channel.`
			`func (s Source) Chunks(ctx context.Context, chunksChan chan sources.Chunk) error {`
			`for i, path := range s.paths {`
Add placeholder for encoded resume info in SetProgressComplete 2022-03-23 21:50:23 +00:00			`s.SetProgressComplete(i, len(s.paths), fmt.Sprintf("Path: %s", path), "")`
Initial CLI w/ partially implemented Git source and demo detector (#1) 2022-01-13 20:02:24 +00:00
			`cleanPath := filepath.Clean(path)`
			`done := false`
			`go func() {`
			`<-ctx.Done()`
			`done = true`
			`}()`

			`err := fs.WalkDir(os.DirFS(cleanPath), ".", func(relativePath string, d fs.DirEntry, err error) error {`
			`if err != nil {`
			`return nil`
			`}`

			`path := filepath.Join(cleanPath, relativePath)`

Log error and skip file when stat fails (#296) 2022-04-06 01:58:05 +00:00			`fileStat, err := os.Stat(path)`
			`if err != nil {`
			`log.WithError(err).Warnf("unable to stat file: %s", path)`
Actually skip file (#299) 2022-04-06 16:48:40 +00:00			`return nil`
Log error and skip file when stat fails (#296) 2022-04-06 01:58:05 +00:00			`}`
Only scan regular files (#87) * Only scan regular files * Remove IsDirectory func 2022-03-16 23:04:10 +00:00			`if !fileStat.Mode().IsRegular() {`
Initial CLI w/ partially implemented Git source and demo detector (#1) 2022-01-13 20:02:24 +00:00			`return nil`
			`}`

			`inputFile, err := os.Open(path)`
			`if err != nil {`
			`log.Warn(err)`
			`return nil`
			`}`
			`defer inputFile.Close()`
Ignore URIs where the password is redacted (#842) Only `*`s in the password is a redacted basic auth URI. 2022-10-11 21:18:52 +00:00			`log.WithField("file_path", path).Trace("scanning file")`
Initial CLI w/ partially implemented Git source and demo detector (#1) 2022-01-13 20:02:24 +00:00
Use re-readable reader and common chunker (#703) * Use re-readable reader and common chunker * Linter feedback * Break on error 2022-08-10 22:32:49 +00:00			`reReader, err := diskbufferreader.New(inputFile)`
			`if err != nil {`
			`log.WithError(err).Error("Could not create re-readable reader.")`
			`}`
			`defer reReader.Close()`

Archive decoder (#683) * Archive decoder * Fix reader handling * Seek error handling * Add tests * Fix extra empty chunk * Sync chunk size 2022-08-03 03:36:21 +00:00			`chunkSkel := &sources.Chunk{`
			`SourceType: s.Type(),`
			`SourceName: s.name,`
			`SourceID: s.SourceID(),`
			`SourceMetadata: &source_metadatapb.MetaData{`
			`Data: &source_metadatapb.MetaData_Filesystem{`
			`Filesystem: &source_metadatapb.Filesystem{`
			`File: sanitizer.UTF8(path),`
			`},`
			`},`
			`},`
			`Verify: s.verify,`
			`}`
Use re-readable reader and common chunker (#703) * Use re-readable reader and common chunker * Linter feedback * Break on error 2022-08-10 22:32:49 +00:00			`if handlers.HandleFile(reReader, chunkSkel, chunksChan) {`
Archive decoder (#683) * Archive decoder * Fix reader handling * Seek error handling * Add tests * Fix extra empty chunk * Sync chunk size 2022-08-03 03:36:21 +00:00			`return nil`
			`}`

Use re-readable reader and common chunker (#703) * Use re-readable reader and common chunker * Linter feedback * Break on error 2022-08-10 22:32:49 +00:00			`if err := reReader.Reset(); err != nil {`
Archive decoder (#683) * Archive decoder * Fix reader handling * Seek error handling * Add tests * Fix extra empty chunk * Sync chunk size 2022-08-03 03:36:21 +00:00			`return err`
			`}`
Use re-readable reader and common chunker (#703) * Use re-readable reader and common chunker * Linter feedback * Break on error 2022-08-10 22:32:49 +00:00			`reReader.Stop()`

Use correct reader in filesystem source (#756) 2022-08-30 17:24:52 +00:00			`for chunkData := range common.ChunkReader(reReader) {`
Use re-readable reader and common chunker (#703) * Use re-readable reader and common chunker * Linter feedback * Break on error 2022-08-10 22:32:49 +00:00			`chunksChan <- &sources.Chunk{`
			`SourceType: s.Type(),`
			`SourceName: s.name,`
			`SourceID: s.SourceID(),`
			`Data: chunkData,`
			`SourceMetadata: &source_metadatapb.MetaData{`
			`Data: &source_metadatapb.MetaData_Filesystem{`
			`Filesystem: &source_metadatapb.Filesystem{`
			`File: sanitizer.UTF8(path),`
Initial CLI w/ partially implemented Git source and demo detector (#1) 2022-01-13 20:02:24 +00:00			`},`
			`},`
Use re-readable reader and common chunker (#703) * Use re-readable reader and common chunker * Linter feedback * Break on error 2022-08-10 22:32:49 +00:00			`},`
			`Verify: s.verify,`
Initial CLI w/ partially implemented Git source and demo detector (#1) 2022-01-13 20:02:24 +00:00			`}`
			`}`
Use re-readable reader and common chunker (#703) * Use re-readable reader and common chunker * Linter feedback * Break on error 2022-08-10 22:32:49 +00:00			`return nil`
Initial CLI w/ partially implemented Git source and demo detector (#1) 2022-01-13 20:02:24 +00:00			`})`

			`if err != nil && err != io.EOF {`
			`return errors.New(err)`
			`}`

			`if done {`
			`return nil`
			`}`

			`}`
			`return nil`
			`}`