fix: Use full file paths in dataflow report (#175)

* fix: Use full file paths in dataflow report * chore: Rework to avoid passing additional file path argument around
Bearer · Nov 29, 2022 · fd22b9f · fd22b9f
1 parent 4564134
commit fd22b9f
Show file tree

Hide file tree

Showing 2 changed files with 56 additions and 45 deletions.
diff --git a/pkg/report/output/dataflow/components/components.go b/pkg/report/output/dataflow/components/components.go
@@ -1,9 +1,11 @@
 package components
 
 import (
-	"github.com/bearer/curio/pkg/report/output/dataflow/detectiondecoder"
 	"github.com/bearer/curio/pkg/report/output/dataflow/types"
 
+	dependenciesclassification "github.com/bearer/curio/pkg/classification/dependencies"
+	frameworkclassification "github.com/bearer/curio/pkg/classification/frameworks"
+	interfaceclassification "github.com/bearer/curio/pkg/classification/interfaces"
 	"github.com/bearer/curio/pkg/util/classify"
 	"github.com/bearer/curio/pkg/util/maputil"
 )
@@ -36,69 +38,54 @@ func New(isInternal bool) *Holder {
 	}
 }
 
-func (holder *Holder) AddInterface(detection interface{}) error {
-	value, err := detectiondecoder.GetClassifiedInterface(detection)
-	if err != nil {
-		return err
-	}
-
-	if value.Classification == nil {
+func (holder *Holder) AddInterface(classifiedDetection interfaceclassification.ClassifiedInterface) error {
+	if classifiedDetection.Classification == nil {
 		return nil
 	}
 
-	if value.Classification.Decision.State == classify.Valid {
+	if classifiedDetection.Classification.Decision.State == classify.Valid {
 		holder.addComponent(
-			value.Classification.Name(),
-			value.Classification.RecipeUUID,
-			string(value.DetectorType),
-			value.Source.Filename,
-			*value.Source.LineNumber,
+			classifiedDetection.Classification.Name(),
+			classifiedDetection.Classification.RecipeUUID,
+			string(classifiedDetection.DetectorType),
+			classifiedDetection.Source.Filename,
+			*classifiedDetection.Source.LineNumber,
 		)
 	}
 
 	return nil
 }
 
-func (holder *Holder) AddDependency(detection interface{}) error {
-	value, err := detectiondecoder.GetClassifiedDependency(detection)
-	if err != nil {
-		return err
-	}
-
-	if value.Classification == nil {
+func (holder *Holder) AddDependency(classifiedDetection dependenciesclassification.ClassifiedDependency) error {
+	if classifiedDetection.Classification == nil {
 		return nil
 	}
 
-	if value.Classification.Decision.State == classify.Valid {
+	if classifiedDetection.Classification.Decision.State == classify.Valid {
 		holder.addComponent(
-			value.Classification.RecipeName,
-			value.Classification.RecipeUUID,
-			string(value.DetectorType),
-			value.Source.Filename,
-			*value.Source.LineNumber,
+			classifiedDetection.Classification.RecipeName,
+			classifiedDetection.Classification.RecipeUUID,
+			string(classifiedDetection.DetectorType),
+			classifiedDetection.Source.Filename,
+			*classifiedDetection.Source.LineNumber,
 		)
 	}
 
 	return nil
 }
 
-func (holder *Holder) AddFramework(detection interface{}) error {
-	value, err := detectiondecoder.GetClassifiedFramework(detection)
-	if err != nil {
-		return err
-	}
-
-	if value.Classification == nil {
+func (holder *Holder) AddFramework(classifiedDetection frameworkclassification.ClassifiedFramework) error {
+	if classifiedDetection.Classification == nil {
 		return nil
 	}
 
-	if value.Classification.Decision.State == classify.Valid {
+	if classifiedDetection.Classification.Decision.State == classify.Valid {
 		holder.addComponent(
-			value.Classification.RecipeName,
-			value.Classification.RecipeUUID,
-			string(value.DetectorType),
-			value.Source.Filename,
-			*value.Source.LineNumber,
+			classifiedDetection.Classification.RecipeName,
+			classifiedDetection.Classification.RecipeUUID,
+			string(classifiedDetection.DetectorType),
+			classifiedDetection.Source.Filename,
+			*classifiedDetection.Source.LineNumber,
 		)
 	}
 

diff --git a/pkg/report/output/dataflow/dataflow.go b/pkg/report/output/dataflow/dataflow.go
@@ -4,12 +4,14 @@ import (
 	"bytes"
 	"encoding/json"
 	"fmt"
+	"strings"
 
 	"github.com/bearer/curio/pkg/commands/process/settings"
 	"github.com/bearer/curio/pkg/report/customdetectors"
 	"github.com/bearer/curio/pkg/report/detections"
 	"github.com/bearer/curio/pkg/report/output/dataflow/components"
 	"github.com/bearer/curio/pkg/report/output/dataflow/datatypes"
+	"github.com/bearer/curio/pkg/report/output/dataflow/detectiondecoder"
 	"github.com/bearer/curio/pkg/report/output/dataflow/risks"
 
 	"github.com/bearer/curio/pkg/report/output/dataflow/types"
@@ -64,7 +66,8 @@ func GetOutput(input []interface{}, config settings.Config, isInternal bool) (*D
 		}
 
 		// add full path to filename
-		castDetection.Source.Filename = getFullFilename(config.Target, castDetection.Source.Filename)
+		fullFilename := getFullFilename(config.Target, castDetection.Source.Filename)
+		castDetection.Source.Filename = fullFilename
 
 		switch detectionType {
 		case detections.TypeSchemaClassified:
@@ -110,17 +113,35 @@ func GetOutput(input []interface{}, config settings.Config, isInternal bool) (*D
 			}
 
 		case detections.TypeDependencyClassified:
-			err := componentsHolder.AddDependency(detection)
+			classifiedDetection, err := detectiondecoder.GetClassifiedDependency(detection)
+			if err != nil {
+				return nil, err
+			}
+
+			classifiedDetection.Source.Filename = fullFilename
+			err = componentsHolder.AddDependency(classifiedDetection)
 			if err != nil {
 				return nil, err
 			}
 		case detections.TypeInterfaceClassified:
-			err := componentsHolder.AddInterface(detection)
+			classifiedDetection, err := detectiondecoder.GetClassifiedInterface(detection)
+			if err != nil {
+				return nil, err
+			}
+
+			classifiedDetection.Source.Filename = fullFilename
+			err = componentsHolder.AddInterface(classifiedDetection)
 			if err != nil {
 				return nil, err
 			}
 		case detections.TypeFrameworkClassified:
-			err := componentsHolder.AddFramework(detection)
+			classifiedDetection, err := detectiondecoder.GetClassifiedFramework(detection)
+			if err != nil {
+				return nil, err
+			}
+
+			classifiedDetection.Source.Filename = fullFilename
+			err = componentsHolder.AddFramework(classifiedDetection)
 			if err != nil {
 				return nil, err
 			}
@@ -137,11 +158,14 @@ func GetOutput(input []interface{}, config settings.Config, isInternal bool) (*D
 }
 
 func getFullFilename(path string, filename string) string {
+	path = strings.TrimSuffix(path, "/")
+	filename = strings.TrimPrefix(filename, "/")
+
 	if filename == "." {
 		return path
 	}
 
-	if path == "" {
+	if path == "" || path == "." {
 		return filename
 	}