feat: ast 43120 changed Revoked to Invalid validationStatus in all re…

…ports (#242) Changed validationStatus in all reports, from Revoked to Invalid, to better reflect the validation performed with secrets found **Checklist** - [x] I covered my changes with tests. - [x] I Updated the documentation that is affected by my changes: - [ ] Change in the CLI arguments - [ ] Change in the configuration file
Checkmarx · May 17, 2024 · 3cb2094 · 3cb2094
1 parent 172fd05
commit 3cb2094
Show file tree

Hide file tree

Showing 10 changed files with 404 additions and 404 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -16,7 +16,7 @@ RUN go build -o /app/2ms .
 # Runtime image
 FROM cgr.dev/chainguard/wolfi-base@sha256:6bc98699de679ce5e9d1d53b9d06b99acde93584bf539690d61ec538916b1e74
 
-RUN apk add --no-cache bash=5.2.21-r1 git=2.44.0-r0 glibc=2.39-r2 glibc-locale-posix=2.39-r2 ld-linux==2.39-r2 libcrypt1=2.39-r2 && git config --global --add safe.directory /repo
+RUN apk add --no-cache bash=5.2.21-r1 git=2.44.0-r0 glibc=2.39-r5 glibc-locale-posix=2.39-r5 ld-linux==2.39-r5 libcrypt1=2.39-r5 && git config --global --add safe.directory /repo
 
 COPY --from=builder /app/2ms .
 

diff --git a/README.md b/README.md
diff --git a/cmd/main.go b/cmd/main.go
@@ -95,7 +95,7 @@ func Execute() (int, error) {
 	rootCmd.PersistentFlags().StringSliceVar(&engineConfigVar.SpecialList, specialRulesFlagName, []string{}, "special (non-default) rules to apply.\nThis list is not affected by the --rule and --ignore-rule flags.")
 	rootCmd.PersistentFlags().Var(&ignoreOnExitVar, ignoreOnExitFlagName, "defines which kind of non-zero exits code should be ignored\naccepts: all, results, errors, none\nexample: if 'results' is set, only engine errors will make 2ms exit code different from 0")
 	rootCmd.PersistentFlags().IntVar(&engineConfigVar.MaxTargetMegabytes, maxTargetMegabytesFlagName, 0, "files larger than this will be skipped.\nOmit or set to 0 to disable this check.")
-	rootCmd.PersistentFlags().BoolVar(&validateVar, validate, false, "trigger additional validation to check if discovered secrets are active or revoked")
+	rootCmd.PersistentFlags().BoolVar(&validateVar, validate, false, "trigger additional validation to check if discovered secrets are valid or invalid")
 
 	rootCmd.AddCommand(engine.GetRulesCommand(&engineConfigVar))
 

diff --git a/engine/validation/alibaba.go b/engine/validation/alibaba.go
@@ -78,7 +78,7 @@ func alibabaRequest(accessKey, secretKey string) (secrets.ValidationResult, erro
 	// If the access key is invalid, the response will be 404
 	// If the secret key is invalid, the response will be 400 along with other signautre Errors
 	if resp.StatusCode == http.StatusNotFound || resp.StatusCode == http.StatusBadRequest {
-		return secrets.RevokedResult, nil
+		return secrets.InvalidResult, nil
 	}
 
 	if resp.StatusCode == http.StatusOK {

diff --git a/engine/validation/gcp.go b/engine/validation/gcp.go
@@ -51,7 +51,7 @@ func checkGCPErrorResponse(resp *http.Response) (secrets.ValidationResult, strin
 	}
 
 	if resp.StatusCode != http.StatusForbidden {
-		return secrets.RevokedResult, "", nil
+		return secrets.InvalidResult, "", nil
 	}
 
 	bodyBytes, err := io.ReadAll(resp.Body)

diff --git a/engine/validation/github.go b/engine/validation/github.go
@@ -21,5 +21,5 @@ func validateGithub(s *secrets.Secret) (secrets.ValidationResult, string) {
 	if resp.StatusCode == http.StatusOK {
 		return secrets.ValidResult, ""
 	}
-	return secrets.RevokedResult, ""
+	return secrets.InvalidResult, ""
 }
diff --git a/engine/validation/gitlab.go b/engine/validation/gitlab.go
@@ -39,5 +39,5 @@ func validateGitlab(s *secrets.Secret) (secrets.ValidationResult, string) {
 
 		return secrets.ValidResult, user.WebURL
 	}
-	return secrets.RevokedResult, ""
+	return secrets.InvalidResult, ""
 }
diff --git a/go.mod b/go.mod
@@ -1,6 +1,6 @@
 module github.com/checkmarx/2ms
 
-go 1.22.2
+go 1.22.3
 
 require (
 	github.com/bwmarrin/discordgo v0.27.1

diff --git a/lib/secrets/secret.go b/lib/secrets/secret.go
@@ -4,7 +4,7 @@ type ValidationResult string
 
 const (
 	ValidResult   ValidationResult = "Valid"
-	RevokedResult ValidationResult = "Revoked"
+	InvalidResult ValidationResult = "Invalid"
 	UnknownResult ValidationResult = "Unknown"
 )
 
@@ -26,7 +26,7 @@ func (v ValidationResult) CompareTo(other ValidationResult) compared {
 	if other == UnknownResult {
 		return first
 	}
-	if v == RevokedResult {
+	if v == InvalidResult {
 		return second
 	}
 	return first

diff --git a/lib/secrets/secret_test.go b/lib/secrets/secret_test.go
@@ -18,10 +18,10 @@ func TestValidationResultCompareTo(t *testing.T) {
 			message: "Valid should be equal to Valid",
 		},
 		{
-			first:   RevokedResult,
+			first:   InvalidResult,
 			second:  ValidResult,
 			want:    second,
-			message: "Valid should be greater than Revoked",
+			message: "Valid should be greater than Invalid",
 		},
 		{
 			first:   ValidResult,
@@ -31,9 +31,9 @@ func TestValidationResultCompareTo(t *testing.T) {
 		},
 		{
 			first:   UnknownResult,
-			second:  RevokedResult,
+			second:  InvalidResult,
 			want:    second,
-			message: "Revoked should be greater than Unknown",
+			message: "Invalid should be greater than Unknown",
 		},
 	}