feat: Include classified frameworks in dataflow report (#153)

Sample dataflow YAML Output before: ```yaml datatypes: - name: Email Address detectors: - name: ruby locations: - filename: config/initializers/devise.rb linenumber: 186 risks: [] components: - name: postgresql locations: - detector: gemfile-lock filename: Gemfile.lock linenumber: 151 - name: aws s3 locations: - detector: gemfile-lock filename: Gemfile.lock linenumber: 81 - name: redis locations: - detector: gemfile-lock filename: Gemfile.lock linenumber: 191 - name: aws key management service (kms) locations: - detector: gemfile-lock filename: Gemfile.lock linenumber: 78 ``` Sample dataflow YAML output after: ```yaml datatypes: - name: Email Address detectors: - name: ruby locations: - filename: config/initializers/devise.rb linenumber: 186 risks: [] components: - name: disk locations: - detector: rails filename: config/storage.yml linenumber: 5 - name: postgresql locations: - detector: gemfile-lock filename: Gemfile.lock linenumber: 151 - detector: rails filename: config/database.yml linenumber: 85 - name: aws s3 locations: - detector: gemfile-lock filename: Gemfile.lock linenumber: 81 - detector: rails filename: config/storage.yml linenumber: 16 - name: redis locations: - detector: gemfile-lock filename: Gemfile.lock linenumber: 191 - detector: rails filename: config/environments/production.rb linenumber: 57 - name: aws key management service (kms) locations: - detector: gemfile-lock filename: Gemfile.lock linenumber: 78 ```
Bearer · Nov 22, 2022 · 6a9e591 · 6a9e591
1 parent cf4e966
commit 6a9e591
Show file tree

Hide file tree

Showing 4 changed files with 49 additions and 3 deletions.
diff --git a/pkg/report/output/dataflow/components/components.go b/pkg/report/output/dataflow/components/components.go
@@ -70,6 +70,23 @@ func (holder *Holder) AddDependency(detection interface{}) error {
 	return nil
 }
 
+func (holder *Holder) AddFramework(detection interface{}) error {
+	value, err := detectiondecoder.GetClassifiedFramework(detection)
+	if err != nil {
+		return err
+	}
+
+	if value.Classification == nil {
+		return nil
+	}
+
+	if value.Classification.Decision.State == classify.Valid {
+		holder.addComponent(strings.ToLower(value.Classification.RecipeName), value.Classification.RecipeUUID, string(value.DetectorType), value.Source.Filename, *value.Source.LineNumber)
+	}
+
+	return nil
+}
+
 // addComponent adds component to hash list and at the same time blocks duplicates
 func (holder *Holder) addComponent(componentName string, componentUUID string, detectorName string, fileName string, lineNumber int) {
 	// create component entry if it doesn't exist

diff --git a/pkg/report/output/dataflow/dataflow.go b/pkg/report/output/dataflow/dataflow.go
@@ -20,7 +20,7 @@ type DataFlow struct {
 	Components []types.Component    `json:"components"`
 }
 
-var allowedDetections []detections.DetectionType = []detections.DetectionType{detections.TypeSchemaClassified, detections.TypeCustomClassified, detections.TypeDependencyClassified, detections.TypeInterfaceClassified}
+var allowedDetections []detections.DetectionType = []detections.DetectionType{detections.TypeSchemaClassified, detections.TypeCustomClassified, detections.TypeDependencyClassified, detections.TypeInterfaceClassified, detections.TypeFrameworkClassified}
 
 func GetOutput(input []interface{}, config settings.Config, isInternal bool) (*DataFlow, error) {
 	dataTypesHolder := datatypes.New()
@@ -83,6 +83,11 @@ func GetOutput(input []interface{}, config settings.Config, isInternal bool) (*D
 			if err != nil {
 				return nil, err
 			}
+		case detections.TypeFrameworkClassified:
+			err := componentsHolder.AddFramework(detection)
+			if err != nil {
+				return nil, err
+			}
 		}
 
 	}

diff --git a/pkg/report/output/dataflow/detectiondecoder/dependency_classification.go b/pkg/report/output/dataflow/detectiondecoder/dependency_classification.go
@@ -13,11 +13,11 @@ func GetClassifiedDependency(detection interface{}) (dependenciesclassification.
 	buf := bytes.NewBuffer(nil)
 	err := json.NewEncoder(buf).Encode(detection)
 	if err != nil {
-		return dependenciesclassification.ClassifiedDependency{}, fmt.Errorf("expect detection to have value of type schema %#v", detection)
+		return dependenciesclassification.ClassifiedDependency{}, fmt.Errorf("expect detection to have value of type dependency %#v", detection)
 	}
 	err = json.NewDecoder(buf).Decode(&value)
 	if err != nil {
-		return dependenciesclassification.ClassifiedDependency{}, fmt.Errorf("expect detection to have value of type schema %#v", detection)
+		return dependenciesclassification.ClassifiedDependency{}, fmt.Errorf("expect detection to have value of type dependency %#v", detection)
 	}
 
 	return value, nil

diff --git a/pkg/report/output/dataflow/detectiondecoder/framework_classification.go b/pkg/report/output/dataflow/detectiondecoder/framework_classification.go
@@ -0,0 +1,24 @@
+package detectiondecoder
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+
+	frameworkclassification "github.com/bearer/curio/pkg/classification/frameworks"
+)
+
+func GetClassifiedFramework(detection interface{}) (frameworkclassification.ClassifiedFramework, error) {
+	var value frameworkclassification.ClassifiedFramework
+	buf := bytes.NewBuffer(nil)
+	err := json.NewEncoder(buf).Encode(detection)
+	if err != nil {
+		return frameworkclassification.ClassifiedFramework{}, fmt.Errorf("expect detection to have value of type framework %#v", detection)
+	}
+	err = json.NewDecoder(buf).Decode(&value)
+	if err != nil {
+		return frameworkclassification.ClassifiedFramework{}, fmt.Errorf("expect detection to have value of type framework %#v", detection)
+	}
+
+	return value, nil
+}