Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: application level encryption #157

Merged
merged 29 commits into from
Nov 24, 2022
Merged

feat: application level encryption #157

merged 29 commits into from
Nov 24, 2022

Conversation

vjerci
Copy link
Contributor

@vjerci vjerci commented Nov 23, 2022
edited
Loading

Description

This Pr adds verified by, It adds risk type and adds support for rego policies as processor step between detectors and dataflow.
To dataflow report it adds non mandatory field encrypted, and non mandatory field verified by.

example output

data_types:
    - name: Country
      detectors:
        - name: detect_sql_create_public_table
          locations:
            - filename: schema.sql
              line_number: 8
              encrypted: true
              verified_by:
                - detector: detect_encrypted_ruby_class_properties
                  filename: user.rb
                  line_number: 2
        - name: ruby
          locations:
            - filename: user.rb
              line_number: 2
    - name: Date of birth
      detectors:
        - name: detect_sql_create_public_table
          locations:
            - filename: schema.sql
              line_number: 6
              encrypted: true
              verified_by:
                - detector: tanker_encrypted
    - name: Email Address
      detectors:
        - name: detect_sql_create_public_table
          locations:
            - filename: schema.sql
              line_number: 5
              encrypted: true
              verified_by:
                - detector: detect_encrypted_ruby_class_properties
                  filename: user.rb
                  line_number: 2
        - name: ruby
          locations:
            - filename: user.rb
              line_number: 2
    - name: Firstname
      detectors:
        - name: detect_sql_create_public_table
          locations:
            - filename: schema.sql
              line_number: 3
    - name: Lastname
      detectors:
        - name: detect_sql_create_public_table
          locations:
            - filename: schema.sql
              line_number: 4
    - name: Physical Address
      detectors:
        - name: detect_sql_create_public_table
          locations:
            - filename: schema.sql
              line_number: 7
              encrypted: true
              verified_by:
                - detector: detect_encrypted_ruby_class_properties
                  filename: user.rb
                  line_number: 2
        - name: ruby
          locations:
            - filename: user.rb
              line_number: 2
components: []

Related

https://bearer.atlassian.net/browse/AMA-3230
https://bearer.atlassian.net/browse/AMA-3231
https://bearer.atlassian.net/browse/AMA-3232
https://bearer.atlassian.net/browse/AMA-3233
https://bearer.atlassian.net/browse/AMA-3234

Checklist

  • I've added test coverage that shows my fix or feature works as expected.
  • I've updated or added documentation if required.
  • I've included usage information in the description if CLI behavior was updated or added.
  • PR title follows Conventional Commits format

@swarmia
Copy link

swarmia bot commented Nov 23, 2022

✅  Linked to AMA-3158 · use case 2 - Application level encryption missing on {Data Category}
➡️  Part of AMA-2947 · OSS - Curio CLI

cfabianski
cfabianski reviewed Nov 23, 2022
View reviewed changes
Copy link
Collaborator

@cfabianski cfabianski left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking great already! Some comments

integration/flags/.snapshots/TestInitCommand-init Outdated Show resolved Hide resolved
integration/flags/.snapshots/TestInitCommand-init Outdated Show resolved Hide resolved
integration/flags/testdata/verified_by/schema.sql Show resolved Hide resolved
cfabianski
cfabianski reviewed Nov 24, 2022
View reviewed changes
Copy link
Collaborator

@cfabianski cfabianski left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't see the policy using this info. Is that coming in a separate PR?

integration/flags/.snapshots/TestInitCommand-init Outdated Show resolved Hide resolved
integration/flags/.snapshots/TestInitCommand-init Outdated Show resolved Hide resolved
pkg/commands/process/settings/settings.go Outdated Show resolved Hide resolved
pkg/detectors/custom/config/config.go Outdated Show resolved Hide resolved
pkg/detectors/custom/custom.go Outdated Show resolved Hide resolved
pkg/report/output/policies/policies.go Outdated Show resolved Hide resolved
@vjerci
Copy link
Contributor Author

vjerci commented Nov 24, 2022

I don't see the policy using this info. Is that coming in a separate PR?

yeah something is wrong my branches got mixed. fixing it.

@vjerci vjerci merged commit 80b550f into main Nov 24, 2022
@vjerci vjerci deleted the AMA-3158-use-case-2-application-level-encryption-missing-on-data-category branch November 24, 2022 14:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cfabianski cfabianski cfabianski approved these changes

@spdawson spdawson Awaiting requested review from spdawson

@elsapet elsapet Awaiting requested review from elsapet

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@vjerci @cfabianski