Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(terraform): Add hyphen and non-ASCII support for domain names in credential extraction #6108

Merged
merged 8 commits into from
Feb 23, 2024
Merged

feat(terraform): Add hyphen and non-ASCII support for domain names in credential extraction #6108

merged 8 commits into from
Feb 23, 2024

Conversation

adam-carruthers
Copy link
Contributor

@adam-carruthers adam-carruthers commented Feb 12, 2024
edited
Loading

Description

Related issues

Related PRs

Checklist

  • I've read the guidelines for contributing to this repository.
  • I've followed the conventions in the PR title.
  • I've added tests that prove my fix is effective or that my feature works.
  • I've updated the documentation with the relevant information (if needed).
  • I've added usage information (if the PR introduces new options) - NA
  • I've included a "before" and "after" example to the description (if the PR is a user interface change). - NA

simar7
simar7 reviewed Feb 14, 2024
View reviewed changes
pkg/iac/scanners/terraform/parser/resolvers/registry.go Outdated
Comment on lines 139 to 161
func getPrivateRegistryTokenFromEnvVars(hostname string) (string, error) {
token := ""
asciiHostname, err := idna.ToASCII(hostname)
if err != nil {
return "", fmt.Errorf("Could not convert hostname %s to a punycode encoded ASCII string so cannot find token for this registry", hostname)
} else {
envVar := fmt.Sprintf("TF_TOKEN_%s", strings.ReplaceAll(asciiHostname, ".", "_"))
token = os.Getenv(envVar)

// Dashes in the hostname can optionally be converted to double underscores
if token == "" {
envVar = strings.ReplaceAll(envVar, "-", "__")
token = os.Getenv(envVar)
}

if token == "" {
return "", fmt.Errorf("No token was found for the registry at %s", hostname)
} else {
return token, nil
}
}
}

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How about if we drop the trailing else?

Suggested change
func getPrivateRegistryTokenFromEnvVars(hostname string) (string, error) {
token := ""
asciiHostname, err := idna.ToASCII(hostname)
if err != nil {
return "", fmt.Errorf("Could not convert hostname %s to a punycode encoded ASCII string so cannot find token for this registry", hostname)
} else {
envVar := fmt.Sprintf("TF_TOKEN_%s", strings.ReplaceAll(asciiHostname, ".", "_"))
token = os.Getenv(envVar)
// Dashes in the hostname can optionally be converted to double underscores
if token == "" {
envVar = strings.ReplaceAll(envVar, "-", "__")
token = os.Getenv(envVar)
}
if token == "" {
return "", fmt.Errorf("No token was found for the registry at %s", hostname)
} else {
return token, nil
}
}
}
func getPrivateRegistryTokenFromEnvVars(hostname string) (string, error) {
token := ""
asciiHostname, err := idna.ToASCII(hostname)
if err != nil {
return "", fmt.Errorf("Could not convert hostname %s to a punycode encoded ASCII string so cannot find token for this registry", hostname)
}
envVar := fmt.Sprintf("TF_TOKEN_%s", strings.ReplaceAll(asciiHostname, ".", "_"))
token = os.Getenv(envVar)
// Dashes in the hostname can optionally be converted to double underscores
if token == "" {
envVar = strings.ReplaceAll(envVar, "-", "__")
token = os.Getenv(envVar)
}
if token == "" {
return "", fmt.Errorf("No token was found for the registry at %s", hostname)
}
return token, nil
}

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agree, added

@simar7 simar7 self-requested a review February 14, 2024 03:11
simar7
simar7 approved these changes Feb 14, 2024
View reviewed changes
Copy link
Member

@simar7 simar7 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for recreating the PR. It lgtm, just left one small comment to improve readability.

nikpivkin
nikpivkin reviewed Feb 14, 2024
View reviewed changes
pkg/iac/scanners/terraform/parser/resolvers/registry_test.go Outdated
"github.com/stretchr/testify/assert"
)

func Test_getPrivateRegistryTokenFromEnvVars(t *testing.T) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How about using a table test here? Here's an example https://github.com/aquasecurity/trivy/blob/main/pkg/licensing/classifier_test.go#L15

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done, see what you think

@simar7 simar7 mentioned this pull request Feb 21, 2024
Closed
@adam-carruthers
Copy link
Contributor Author

Sorry, was on holiday! Sorry it took me a little bit to get back to it.

@simar7 simar7 added this pull request to the merge queue Feb 23, 2024
Merged via the queue into aquasecurity:main with commit 4a9ac6d Feb 23, 2024
18 checks passed
@aqua-bot aqua-bot mentioned this pull request May 29, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@simar7 simar7 simar7 approved these changes

@knqyf263 knqyf263 Awaiting requested review from knqyf263

@nikpivkin nikpivkin Awaiting requested review from nikpivkin nikpivkin is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

feat(terraform): hyphen and non-ASCII support for domain names in credential extraction
3 participants
@adam-carruthers @simar7 @nikpivkin