openai conversion

2024-11-14 00:47:21 +00:00 · 2024-07-30 10:28:16 -07:00 · 2024-07-30 10:28:16 -07:00 · 3d2f442824
commit 3d2f442824
parent e5a588cb32
3 changed files with 88 additions and 28 deletions
--- a/pkg/analyzer/analyzers/openai/openai.go
+++ b/pkg/analyzer/analyzers/openai/openai.go
@ -68,11 +68,16 @@ func convertPermissions(isAdmin bool, perms []permissionData) []analyzers.Permis
 	var permissions []analyzers.Permission

 	if isAdmin {
-		permissions = append(permissions, analyzers.Permission{Value: analyzers.FullAccess})
+		permissions = append(permissions, analyzers.Permission{
+			Type:        FullAccess.ID(),
+			AccessLevel: analyzers.FULL_ACCESS,
+		})
 	} else {
 		for _, perm := range perms {
-			permName := perm.name + ":" + string(perm.status)
-			permissions = append(permissions, analyzers.Permission{Value: permName})
+			permissions = append(permissions, analyzers.Permission{
+				Type:        perm.permission.ID(),
+				AccessLevel: perm.status,
+			})
 		}
 	}

@ -105,9 +110,9 @@ type MeJSON struct {
 }

 type permissionData struct {
-	name      string
-	endpoints []string
-	status    analyzers.PermissionType
+	permission PermissionType
+	endpoints  []string
+	status     analyzers.AccessLevel
 }

 type AnalyzerJSON struct {
@ -259,7 +264,7 @@ func printUserData(meJSON MeJSON) {
 	fmt.Print("\n\n")
 }

-func stringifyPermissionStatus(tests []analyzers.HttpStatusTest) analyzers.PermissionType {
+func stringifyPermissionStatus(tests []analyzers.HttpStatusTest) analyzers.AccessLevel {
 	readStatus := false
 	writeStatus := false
 	errors := false
@ -293,9 +298,9 @@ func getPermissions() []permissionData {
 	for _, scope := range SCOPES {
 		status := stringifyPermissionStatus(scope.Tests)
 		perms = append(perms, permissionData{
-			name:      scope.Name,
-			endpoints: scope.Endpoints,
-			status:    status,
+			permission: scope.Permission,
+			endpoints:  scope.Endpoints,
+			status:     status,
 		})
 	}

@ -310,7 +315,7 @@ func printPermissions(perms []permissionData, show_all bool) {

 	for _, perm := range perms {
 		if show_all || perm.status != analyzers.NONE {
-			t.AppendRow([]interface{}{perm.name, perm.endpoints[0], perm.status})
+			t.AppendRow([]interface{}{perm.permission.String(), perm.endpoints[0], perm.status})

 			for i := 1; i < len(perm.endpoints); i++ {
 				t.AppendRow([]interface{}{"", perm.endpoints[i], perm.status})
--- a/pkg/analyzer/analyzers/openai/scopes.go
+++ b/pkg/analyzer/analyzers/openai/scopes.go
@ -2,10 +2,31 @@ package openai

 import "github.com/trufflesecurity/trufflehog/v3/pkg/analyzer/analyzers"

+type PermissionType int
+
+const (
+	ModelsPermission PermissionType = iota
+	ModelCapabilitiesPermission
+	AssistantsPermission
+	ThreadsPermission
+	FineTuningPermission
+	FilesPermission
+	FullAccess
+)
+
+func (p PermissionType) String() string {
+	return [...]string{"Models", "Model capabilities", "Assistants", "Threads", "Fine-tuning", "Files", "Full Access"}[p]
+}
+
+func (p PermissionType) ID() int {
+	return int(p)
+}
+
 type OpenAIScope struct {
-	Name      string
-	Tests     []analyzers.HttpStatusTest
-	Endpoints []string
+	Permission  PermissionType
+	Tests       []analyzers.HttpStatusTest
+	Endpoints   []string
+	AccessLevel analyzers.AccessLevel
 }

 func (s *OpenAIScope) RunTests(key string) error {
@ -24,49 +45,83 @@ func (s *OpenAIScope) RunTests(key string) error {

 var SCOPES = []OpenAIScope{
 	{
-		Name: "Models",
+		Permission: ModelsPermission,
 		Tests: []analyzers.HttpStatusTest{
 			{URL: BASE_URL + "/v1/models", Method: "GET", Valid: []int{200}, Invalid: []int{403}, Type: analyzers.READ, Status: analyzers.PermissionStatus{}},
 		},
-		Endpoints: []string{"/v1/models"},
+		Endpoints:   []string{"/v1/models"},
+		AccessLevel: analyzers.READ,
 	},
 	{
-		Name: "Model capabilities",
+		Permission: ModelCapabilitiesPermission,
 		Tests: []analyzers.HttpStatusTest{
 			{URL: BASE_URL + "/v1/images/generations", Method: "POST", Payload: POST_PAYLOAD, Valid: []int{400}, Invalid: []int{401}, Type: analyzers.WRITE, Status: analyzers.PermissionStatus{}},
 		},
-		Endpoints: []string{"/v1/audio", "/v1/chat/completions", "/v1/embeddings", "/v1/images", "/v1/moderations"},
+		Endpoints:   []string{"/v1/audio", "/v1/chat/completions", "/v1/embeddings", "/v1/images", "/v1/moderations"},
+		AccessLevel: analyzers.WRITE,
 	},
 	{
-		Name: "Assistants",
+		Permission: AssistantsPermission,
 		Tests: []analyzers.HttpStatusTest{
 			{URL: BASE_URL + "/v1/assistants", Method: "GET", Valid: []int{400}, Invalid: []int{401}, Type: analyzers.READ, Status: analyzers.PermissionStatus{}},
+		},
+		Endpoints:   []string{"/v1/assistants"},
+		AccessLevel: analyzers.READ,
+	},
+	{
+		Permission: AssistantsPermission,
+		Tests: []analyzers.HttpStatusTest{
 			{URL: BASE_URL + "/v1/assistants", Method: "POST", Payload: POST_PAYLOAD, Valid: []int{400}, Invalid: []int{401}, Type: analyzers.WRITE, Status: analyzers.PermissionStatus{}},
 		},
-		Endpoints: []string{"/v1/assistants"},
+		Endpoints:   []string{"/v1/assistants"},
+		AccessLevel: analyzers.WRITE,
 	},
 	{
-		Name: "Threads",
+		Permission: ThreadsPermission,
 		Tests: []analyzers.HttpStatusTest{
 			{URL: BASE_URL + "/v1/threads/1", Method: "GET", Valid: []int{400}, Invalid: []int{401}, Type: analyzers.READ, Status: analyzers.PermissionStatus{}},
+		},
+		Endpoints:   []string{"/v1/threads"},
+		AccessLevel: analyzers.READ,
+	},
+	{
+		Permission: ThreadsPermission,
+		Tests: []analyzers.HttpStatusTest{
 			{URL: BASE_URL + "/v1/threads", Method: "POST", Payload: POST_PAYLOAD, Valid: []int{400}, Invalid: []int{401}, Type: analyzers.WRITE, Status: analyzers.PermissionStatus{}},
 		},
-		Endpoints: []string{"/v1/threads"},
+		Endpoints:   []string{"/v1/threads"},
+		AccessLevel: analyzers.WRITE,
 	},
 	{
-		Name: "Fine-tuning",
+		Permission: FineTuningPermission,
 		Tests: []analyzers.HttpStatusTest{
 			{URL: BASE_URL + "/v1/fine_tuning/jobs", Method: "GET", Valid: []int{200}, Invalid: []int{401}, Type: analyzers.READ, Status: analyzers.PermissionStatus{}},
-			{URL: BASE_URL + "/v1/fine_tuning/jobs", Method: "POST", Payload: POST_PAYLOAD, Valid: []int{400}, Invalid: []int{401}, Type: analyzers.WRITE, Status: analyzers.PermissionStatus{}},
 		},
-		Endpoints: []string{"/v1/fine_tuning"},
+		Endpoints:   []string{"/v1/fine_tuning"},
+		AccessLevel: analyzers.READ,
 	},
 	{
-		Name: "Files",
+		Permission: FineTuningPermission,
+		Tests: []analyzers.HttpStatusTest{
+			{URL: BASE_URL + "/v1/fine_tuning/jobs", Method: "POST", Payload: POST_PAYLOAD, Valid: []int{400}, Invalid: []int{401}, Type: analyzers.WRITE, Status: analyzers.PermissionStatus{}},
+		},
+		Endpoints:   []string{"/v1/fine_tuning"},
+		AccessLevel: analyzers.WRITE,
+	},
+	{
+		Permission: FilesPermission,
 		Tests: []analyzers.HttpStatusTest{
 			{URL: BASE_URL + "/v1/files", Method: "GET", Valid: []int{200}, Invalid: []int{401}, Type: analyzers.READ, Status: analyzers.PermissionStatus{}},
+		},
+		Endpoints:   []string{"/v1/files"},
+		AccessLevel: analyzers.READ,
+	},
+	{
+		Permission: FilesPermission,
+		Tests: []analyzers.HttpStatusTest{
 			{URL: BASE_URL + "/v1/files", Method: "POST", Payload: POST_PAYLOAD, Valid: []int{415}, Invalid: []int{401}, Type: analyzers.WRITE, Status: analyzers.PermissionStatus{}},
 		},
-		Endpoints: []string{"/v1/files"},
+		Endpoints:   []string{"/v1/files"},
+		AccessLevel: analyzers.WRITE,
 	},
 }
--- a/pkg/analyzer/analyzers/sendgrid/scopes.go
+++ b/pkg/analyzer/analyzers/sendgrid/scopes.go
@ -11,7 +11,7 @@ type SendgridScope struct {
 	SubCategory    string
 	Prefixes       []string // Prefixes for the scope
 	Permissions    []string
-	PermissionType analyzers.PermissionType
+	PermissionType analyzers.AccessLevel
 }

 func (s *SendgridScope) AddPermission(permission string) {