trufflehog/pkg/engine/gcs.go

package engine

import (
	"fmt"

	"google.golang.org/protobuf/proto"
	"google.golang.org/protobuf/types/known/anypb"

	"github.com/trufflesecurity/trufflehog/v3/pkg/context"
	"github.com/trufflesecurity/trufflehog/v3/pkg/pb/sourcespb"
	"github.com/trufflesecurity/trufflehog/v3/pkg/sources"
	"github.com/trufflesecurity/trufflehog/v3/pkg/sources/gcs"
)

// ScanGCS with the provided options.
func (e *Engine) ScanGCS(ctx context.Context, c sources.GCSConfig) error {
	// Project ID is required if using any authenticated access.
	if c.ProjectID == "" && !c.WithoutAuth {
		return fmt.Errorf("project ID is required")
	}

	// If using unauthenticated access, the project ID is not used.
	if c.ProjectID != "" && c.WithoutAuth {
		c.ProjectID = ""
		ctx.Logger().Info("project ID is not used when using unauthenticated access, ignoring provided project ID")
	}

	connection := &sourcespb.GCS{
		ProjectId:      c.ProjectID,
		IncludeBuckets: c.IncludeBuckets,
		ExcludeBuckets: c.ExcludeBuckets,
		IncludeObjects: c.IncludeObjects,
		ExcludeObjects: c.ExcludeObjects,
	}

	// Make sure only one auth method is selected.
	if !isAuthValid(ctx, c, connection) {
		return fmt.Errorf("multiple auth methods selected, please select only one")
	}

	var conn anypb.Any
	err := anypb.MarshalFrom(&conn, connection, proto.MarshalOptions{})
	if err != nil {
		return fmt.Errorf("failed to marshal GCS connection: %w", err)
	}

	sourceName := "trufflehog - gcs"
	sourceID, jobID, _ := e.sourceManager.GetIDs(ctx, sourceName, gcs.SourceType)

	gcsSource := &gcs.Source{}
	if err := gcsSource.Init(ctx, sourceName, jobID, sourceID, true, &conn, int(c.Concurrency)); err != nil {
		return err
	}
	_, err = e.sourceManager.Run(ctx, sourceName, gcsSource)
	return err
}

func isAuthValid(ctx context.Context, c sources.GCSConfig, connection *sourcespb.GCS) bool {
	var isAuthSelected bool

	if c.WithoutAuth {
		isAuthSelected = true
		connection.Credential = &sourcespb.GCS_Unauthenticated{}
	}
	if c.CloudCred {
		if isAuthSelected {
			return false
		}
		isAuthSelected = true
		connection.Credential = &sourcespb.GCS_Adc{}
	}
	if c.ServiceAccount != "" {
		if isAuthSelected {
			return false
		}
		isAuthSelected = true
		connection.Credential = &sourcespb.GCS_ServiceAccountFile{
			ServiceAccountFile: c.ServiceAccount,
		}
	}
	if c.ApiKey != "" {
		if isAuthSelected {
			return false
		}
		isAuthSelected = true
		connection.Credential = &sourcespb.GCS_ApiKey{
			ApiKey: c.ApiKey,
		}
	}
	if !isAuthSelected {
		ctx.Logger().Info("no auth method selected, using unauthenticated")
		connection.Credential = &sourcespb.GCS_Unauthenticated{}
	}

	return true
}
Add gcs scanning integration (#1153) * Setup for GCS scanning. * Update GCS engine w/ projectID req. * Add concurrency field to gcsManager. * add errgroup to gcsManager. * Update gcs manager. * Use defautl ADC. * use ADC.' * Add TOOD. * add log to iterator completion. * use a BinaryReader instead of concrete object for channel type. * initial test for Chunks. * Add tests for chunking objects. * Add concurrency. * update metadata to include content type and acls. * Add object reading code. * Add integration test. * Add entrypoint. * Add removed wg.Wait(). * remove dead code. * remove build. * Remove period from file extension. * remove used. * Add comment. * Setup for GCS scanning. * Update GCS engine w/ projectID req. * Add concurrency field to gcsManager. * add errgroup to gcsManager. * Update gcs manager. * Use defautl ADC. * use ADC.' * Add TOOD. * add log to iterator completion. * use a BinaryReader instead of concrete object for channel type. * initial test for Chunks. * Add tests for chunking objects. * Add concurrency. * update metadata to include content type and acls. * Add object reading code. * Add integration test. * Add entrypoint. * Add removed wg.Wait(). * remove dead code. * remove build. * remove used. * Add file type for objects. * Add check for file type and size. * Add default file size. * Add additinoal auth options and remaining CLI flags. * Handle errors in go routines. * Handle resuming for buckets. * Remove redundant words in comment. * remove ok check on bool check. * remove extra blank line. * Add return if handler handles chunk. * Add comment. * remove extra blank line. * cleanup comment. * Add comment. * move up fxn. * go mod tidy. * Add exclusion to perf testing buckets. * Handle blocking the channel. * remove unused const. * fix tests. * fix tests. * Handle gcs manger options better. * update fxn name. * Remove arg name. * ignore buckets in gcsManager test. * fix test. * propulate gsManagerOpts. * inline err check. * Add readme. * update readme spelling. * fix test. 2023-03-08 01:32:04 +00:00			`package engine`

			`import (`
			`"fmt"`

			`"google.golang.org/protobuf/proto"`
			`"google.golang.org/protobuf/types/known/anypb"`

			`"github.com/trufflesecurity/trufflehog/v3/pkg/context"`
			`"github.com/trufflesecurity/trufflehog/v3/pkg/pb/sourcespb"`
			`"github.com/trufflesecurity/trufflehog/v3/pkg/sources"`
			`"github.com/trufflesecurity/trufflehog/v3/pkg/sources/gcs"`
			`)`

			`// ScanGCS with the provided options.`
			`func (e *Engine) ScanGCS(ctx context.Context, c sources.GCSConfig) error {`
Add resuming capability to GCS source (#1161) * Add resuming capability to GCS source. * Handle no auth scans. * complete resume logic * Use custom function type. * remove functions. * linter. * fix test. * fix test. * Handle concurrent map writes. * use string as CLI flag for include/exclude. * handle emtpy buckets. * Handle enumeration on initial job run. * Rename stats to attributes. * remove redundant return. * If test fails due to 400, that is fine, it's expected. * Add unauth GCS source type. * comments. * update proto. * Use short flag. * address comments. 2023-03-17 00:53:42 +00:00			`// Project ID is required if using any authenticated access.`
			`if c.ProjectID == "" && !c.WithoutAuth {`
Add gcs scanning integration (#1153) * Setup for GCS scanning. * Update GCS engine w/ projectID req. * Add concurrency field to gcsManager. * add errgroup to gcsManager. * Update gcs manager. * Use defautl ADC. * use ADC.' * Add TOOD. * add log to iterator completion. * use a BinaryReader instead of concrete object for channel type. * initial test for Chunks. * Add tests for chunking objects. * Add concurrency. * update metadata to include content type and acls. * Add object reading code. * Add integration test. * Add entrypoint. * Add removed wg.Wait(). * remove dead code. * remove build. * Remove period from file extension. * remove used. * Add comment. * Setup for GCS scanning. * Update GCS engine w/ projectID req. * Add concurrency field to gcsManager. * add errgroup to gcsManager. * Update gcs manager. * Use defautl ADC. * use ADC.' * Add TOOD. * add log to iterator completion. * use a BinaryReader instead of concrete object for channel type. * initial test for Chunks. * Add tests for chunking objects. * Add concurrency. * update metadata to include content type and acls. * Add object reading code. * Add integration test. * Add entrypoint. * Add removed wg.Wait(). * remove dead code. * remove build. * remove used. * Add file type for objects. * Add check for file type and size. * Add default file size. * Add additinoal auth options and remaining CLI flags. * Handle errors in go routines. * Handle resuming for buckets. * Remove redundant words in comment. * remove ok check on bool check. * remove extra blank line. * Add return if handler handles chunk. * Add comment. * remove extra blank line. * cleanup comment. * Add comment. * move up fxn. * go mod tidy. * Add exclusion to perf testing buckets. * Handle blocking the channel. * remove unused const. * fix tests. * fix tests. * Handle gcs manger options better. * update fxn name. * Remove arg name. * ignore buckets in gcsManager test. * fix test. * propulate gsManagerOpts. * inline err check. * Add readme. * update readme spelling. * fix test. 2023-03-08 01:32:04 +00:00			`return fmt.Errorf("project ID is required")`
			`}`

Add resuming capability to GCS source (#1161) * Add resuming capability to GCS source. * Handle no auth scans. * complete resume logic * Use custom function type. * remove functions. * linter. * fix test. * fix test. * Handle concurrent map writes. * use string as CLI flag for include/exclude. * handle emtpy buckets. * Handle enumeration on initial job run. * Rename stats to attributes. * remove redundant return. * If test fails due to 400, that is fine, it's expected. * Add unauth GCS source type. * comments. * update proto. * Use short flag. * address comments. 2023-03-17 00:53:42 +00:00			`// If using unauthenticated access, the project ID is not used.`
			`if c.ProjectID != "" && c.WithoutAuth {`
			`c.ProjectID = ""`
			`ctx.Logger().Info("project ID is not used when using unauthenticated access, ignoring provided project ID")`
			`}`

Add gcs scanning integration (#1153) * Setup for GCS scanning. * Update GCS engine w/ projectID req. * Add concurrency field to gcsManager. * add errgroup to gcsManager. * Update gcs manager. * Use defautl ADC. * use ADC.' * Add TOOD. * add log to iterator completion. * use a BinaryReader instead of concrete object for channel type. * initial test for Chunks. * Add tests for chunking objects. * Add concurrency. * update metadata to include content type and acls. * Add object reading code. * Add integration test. * Add entrypoint. * Add removed wg.Wait(). * remove dead code. * remove build. * Remove period from file extension. * remove used. * Add comment. * Setup for GCS scanning. * Update GCS engine w/ projectID req. * Add concurrency field to gcsManager. * add errgroup to gcsManager. * Update gcs manager. * Use defautl ADC. * use ADC.' * Add TOOD. * add log to iterator completion. * use a BinaryReader instead of concrete object for channel type. * initial test for Chunks. * Add tests for chunking objects. * Add concurrency. * update metadata to include content type and acls. * Add object reading code. * Add integration test. * Add entrypoint. * Add removed wg.Wait(). * remove dead code. * remove build. * remove used. * Add file type for objects. * Add check for file type and size. * Add default file size. * Add additinoal auth options and remaining CLI flags. * Handle errors in go routines. * Handle resuming for buckets. * Remove redundant words in comment. * remove ok check on bool check. * remove extra blank line. * Add return if handler handles chunk. * Add comment. * remove extra blank line. * cleanup comment. * Add comment. * move up fxn. * go mod tidy. * Add exclusion to perf testing buckets. * Handle blocking the channel. * remove unused const. * fix tests. * fix tests. * Handle gcs manger options better. * update fxn name. * Remove arg name. * ignore buckets in gcsManager test. * fix test. * propulate gsManagerOpts. * inline err check. * Add readme. * update readme spelling. * fix test. 2023-03-08 01:32:04 +00:00			`connection := &sourcespb.GCS{`
			`ProjectId: c.ProjectID,`
			`IncludeBuckets: c.IncludeBuckets,`
			`ExcludeBuckets: c.ExcludeBuckets,`
			`IncludeObjects: c.IncludeObjects,`
			`ExcludeObjects: c.ExcludeObjects,`
			`}`

			`// Make sure only one auth method is selected.`
			`if !isAuthValid(ctx, c, connection) {`
			`return fmt.Errorf("multiple auth methods selected, please select only one")`
			`}`

			`var conn anypb.Any`
			`err := anypb.MarshalFrom(&conn, connection, proto.MarshalOptions{})`
			`if err != nil {`
			`return fmt.Errorf("failed to marshal GCS connection: %w", err)`
			`}`

Refactor SourceManager to remove Enrollment (#1740) * Refactor SourceManager to remove Enrollment Initializing the Source will be the responsibility of the caller. The SourceManager exposes a GetIDs method for getting a source and job ID. * Update tests * Update engine usage * Update apiClient interface to have one GetIDs method * Update SourceManager usage in engine 2023-09-12 23:58:38 +00:00			`sourceName := "trufflehog - gcs"`
Add a SourceType constant to all source packages (#1768) 2023-09-13 00:23:25 +00:00			`sourceID, jobID, _ := e.sourceManager.GetIDs(ctx, sourceName, gcs.SourceType)`
Refactor SourceManager to remove Enrollment (#1740) * Refactor SourceManager to remove Enrollment Initializing the Source will be the responsibility of the caller. The SourceManager exposes a GetIDs method for getting a source and job ID. * Update tests * Update engine usage * Update apiClient interface to have one GetIDs method * Update SourceManager usage in engine 2023-09-12 23:58:38 +00:00
			`gcsSource := &gcs.Source{}`
Update Source interface to use SourceID and JobID types (#1774) The previous implementation used int64 for both, which can be mixed up easily. Using distinct types adds a layer of type safety checked by the compiler. 2023-09-14 18:28:24 +00:00			`if err := gcsSource.Init(ctx, sourceName, jobID, sourceID, true, &conn, int(c.Concurrency)); err != nil {`
Use SourceManager in engine (#1586) * Add SourceManager to Engine struct * Update Engine methods to use the SourceManager * Fix GCS test The original was testing that `Init()` errors weren't surfaced in `Finish()`, but the `SourceManager` changed that behavior. * JobProgress race fixes * Add contextual values * Remove unused code * Add debug logs * Rename WithConcurrency to WithConcurrentSources * Always forward chunks to the output chunks channel 2023-08-03 18:36:30 +00:00			`return err`
Add gcs scanning integration (#1153) * Setup for GCS scanning. * Update GCS engine w/ projectID req. * Add concurrency field to gcsManager. * add errgroup to gcsManager. * Update gcs manager. * Use defautl ADC. * use ADC.' * Add TOOD. * add log to iterator completion. * use a BinaryReader instead of concrete object for channel type. * initial test for Chunks. * Add tests for chunking objects. * Add concurrency. * update metadata to include content type and acls. * Add object reading code. * Add integration test. * Add entrypoint. * Add removed wg.Wait(). * remove dead code. * remove build. * Remove period from file extension. * remove used. * Add comment. * Setup for GCS scanning. * Update GCS engine w/ projectID req. * Add concurrency field to gcsManager. * add errgroup to gcsManager. * Update gcs manager. * Use defautl ADC. * use ADC.' * Add TOOD. * add log to iterator completion. * use a BinaryReader instead of concrete object for channel type. * initial test for Chunks. * Add tests for chunking objects. * Add concurrency. * update metadata to include content type and acls. * Add object reading code. * Add integration test. * Add entrypoint. * Add removed wg.Wait(). * remove dead code. * remove build. * remove used. * Add file type for objects. * Add check for file type and size. * Add default file size. * Add additinoal auth options and remaining CLI flags. * Handle errors in go routines. * Handle resuming for buckets. * Remove redundant words in comment. * remove ok check on bool check. * remove extra blank line. * Add return if handler handles chunk. * Add comment. * remove extra blank line. * cleanup comment. * Add comment. * move up fxn. * go mod tidy. * Add exclusion to perf testing buckets. * Handle blocking the channel. * remove unused const. * fix tests. * fix tests. * Handle gcs manger options better. * update fxn name. * Remove arg name. * ignore buckets in gcsManager test. * fix test. * propulate gsManagerOpts. * inline err check. * Add readme. * update readme spelling. * fix test. 2023-03-08 01:32:04 +00:00			`}`
Refactor SourceManager to remove Enrollment (#1740) * Refactor SourceManager to remove Enrollment Initializing the Source will be the responsibility of the caller. The SourceManager exposes a GetIDs method for getting a source and job ID. * Update tests * Update engine usage * Update apiClient interface to have one GetIDs method * Update SourceManager usage in engine 2023-09-12 23:58:38 +00:00			`_, err = e.sourceManager.Run(ctx, sourceName, gcsSource)`
Use SourceManager in engine (#1586) * Add SourceManager to Engine struct * Update Engine methods to use the SourceManager * Fix GCS test The original was testing that `Init()` errors weren't surfaced in `Finish()`, but the `SourceManager` changed that behavior. * JobProgress race fixes * Add contextual values * Remove unused code * Add debug logs * Rename WithConcurrency to WithConcurrentSources * Always forward chunks to the output chunks channel 2023-08-03 18:36:30 +00:00			`return err`
Add gcs scanning integration (#1153) * Setup for GCS scanning. * Update GCS engine w/ projectID req. * Add concurrency field to gcsManager. * add errgroup to gcsManager. * Update gcs manager. * Use defautl ADC. * use ADC.' * Add TOOD. * add log to iterator completion. * use a BinaryReader instead of concrete object for channel type. * initial test for Chunks. * Add tests for chunking objects. * Add concurrency. * update metadata to include content type and acls. * Add object reading code. * Add integration test. * Add entrypoint. * Add removed wg.Wait(). * remove dead code. * remove build. * Remove period from file extension. * remove used. * Add comment. * Setup for GCS scanning. * Update GCS engine w/ projectID req. * Add concurrency field to gcsManager. * add errgroup to gcsManager. * Update gcs manager. * Use defautl ADC. * use ADC.' * Add TOOD. * add log to iterator completion. * use a BinaryReader instead of concrete object for channel type. * initial test for Chunks. * Add tests for chunking objects. * Add concurrency. * update metadata to include content type and acls. * Add object reading code. * Add integration test. * Add entrypoint. * Add removed wg.Wait(). * remove dead code. * remove build. * remove used. * Add file type for objects. * Add check for file type and size. * Add default file size. * Add additinoal auth options and remaining CLI flags. * Handle errors in go routines. * Handle resuming for buckets. * Remove redundant words in comment. * remove ok check on bool check. * remove extra blank line. * Add return if handler handles chunk. * Add comment. * remove extra blank line. * cleanup comment. * Add comment. * move up fxn. * go mod tidy. * Add exclusion to perf testing buckets. * Handle blocking the channel. * remove unused const. * fix tests. * fix tests. * Handle gcs manger options better. * update fxn name. * Remove arg name. * ignore buckets in gcsManager test. * fix test. * propulate gsManagerOpts. * inline err check. * Add readme. * update readme spelling. * fix test. 2023-03-08 01:32:04 +00:00			`}`

			`func isAuthValid(ctx context.Context, c sources.GCSConfig, connection *sourcespb.GCS) bool {`
			`var isAuthSelected bool`

			`if c.WithoutAuth {`
			`isAuthSelected = true`
			`connection.Credential = &sourcespb.GCS_Unauthenticated{}`
			`}`
			`if c.CloudCred {`
			`if isAuthSelected {`
			`return false`
			`}`
			`isAuthSelected = true`
			`connection.Credential = &sourcespb.GCS_Adc{}`
			`}`
			`if c.ServiceAccount != "" {`
			`if isAuthSelected {`
			`return false`
			`}`
			`isAuthSelected = true`
add support for json service account and service account file. (#1185) 2023-03-16 20:04:36 +00:00			`connection.Credential = &sourcespb.GCS_ServiceAccountFile{`
			`ServiceAccountFile: c.ServiceAccount,`
Add gcs scanning integration (#1153) * Setup for GCS scanning. * Update GCS engine w/ projectID req. * Add concurrency field to gcsManager. * add errgroup to gcsManager. * Update gcs manager. * Use defautl ADC. * use ADC.' * Add TOOD. * add log to iterator completion. * use a BinaryReader instead of concrete object for channel type. * initial test for Chunks. * Add tests for chunking objects. * Add concurrency. * update metadata to include content type and acls. * Add object reading code. * Add integration test. * Add entrypoint. * Add removed wg.Wait(). * remove dead code. * remove build. * Remove period from file extension. * remove used. * Add comment. * Setup for GCS scanning. * Update GCS engine w/ projectID req. * Add concurrency field to gcsManager. * add errgroup to gcsManager. * Update gcs manager. * Use defautl ADC. * use ADC.' * Add TOOD. * add log to iterator completion. * use a BinaryReader instead of concrete object for channel type. * initial test for Chunks. * Add tests for chunking objects. * Add concurrency. * update metadata to include content type and acls. * Add object reading code. * Add integration test. * Add entrypoint. * Add removed wg.Wait(). * remove dead code. * remove build. * remove used. * Add file type for objects. * Add check for file type and size. * Add default file size. * Add additinoal auth options and remaining CLI flags. * Handle errors in go routines. * Handle resuming for buckets. * Remove redundant words in comment. * remove ok check on bool check. * remove extra blank line. * Add return if handler handles chunk. * Add comment. * remove extra blank line. * cleanup comment. * Add comment. * move up fxn. * go mod tidy. * Add exclusion to perf testing buckets. * Handle blocking the channel. * remove unused const. * fix tests. * fix tests. * Handle gcs manger options better. * update fxn name. * Remove arg name. * ignore buckets in gcsManager test. * fix test. * propulate gsManagerOpts. * inline err check. * Add readme. * update readme spelling. * fix test. 2023-03-08 01:32:04 +00:00			`}`
			`}`
			`if c.ApiKey != "" {`
			`if isAuthSelected {`
			`return false`
			`}`
			`isAuthSelected = true`
			`connection.Credential = &sourcespb.GCS_ApiKey{`
			`ApiKey: c.ApiKey,`
			`}`
			`}`
			`if !isAuthSelected {`
			`ctx.Logger().Info("no auth method selected, using unauthenticated")`
			`connection.Credential = &sourcespb.GCS_Unauthenticated{}`
			`}`

			`return true`
			`}`