Skip to content

Added azure COSMOSDB detector #3951

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 62 commits into from
Apr 23, 2025
Merged

Added azure COSMOSDB detector #3951

merged 62 commits into from
Apr 23, 2025

Conversation

kashifkhan0771
Copy link
Contributor

@kashifkhan0771 kashifkhan0771 commented Feb 28, 2025
edited
Loading

Description:

This PR adds a new detector for azure cosmosdb.
Note: This for now only work for documents.azure.com & table.cosmos.azure.com account urls.
Screenshot from 2025-02-28 13-12-42

Checklist:

  • Tests passing (make test-community)?
  • Lint passing (make lint this requires golangci-lint)?

@kashifkhan0771 kashifkhan0771 requested review from a team as code owners February 28, 2025 08:11
abmussani
abmussani reviewed Feb 28, 2025
View reviewed changes
pkg/detectors/azure_cosmosdb/azure_cosmosdb.go Outdated

dbKeyPattern = regexp.MustCompile(`([A-Za-z0-9+/=]{88})`)
// account name can contain only lowercase letters, numbers and the `-` character, must be between 3 and 44 characters long.
accountUrlPattern = regexp.MustCompile(`(https://[a-z0-9-]{3,44}.documents\.azure\.com:[0-9]{3})`)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@kashifkhan0771 Does Azure Cosmos db only supports 3 digits port number ? As per my knowledge, A port number can be between 0 to 65535, includes reserved and general use port numbers.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Apologies for that. The port is fixed at 443, and there doesn't seem to be an option to specify a custom port when creating a Cosmos NoSQL database. I will change this.

pkg/detectors/azure_cosmosdb/azure_cosmosdb.go Outdated
var _ detectors.Detector = (*Scanner)(nil)

func (s Scanner) Type() detectorspb.DetectorType {
return detectorspb.DetectorType_AzureCosmosDB
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you check how this detector is different than already CosmosDBKey one

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This one does not exist. The entry only exist in Proto file somehow.

Copy link
Contributor Author

@kashifkhan0771 kashifkhan0771 Feb 28, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Deprecated the old one.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does it make sense to create a new entry when there's an existing (unused) one?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure why this old entry was added. Was there a detector for it, or was it added by mistake? We can reuse the old entry for the new detector, but I want to deprecate it to keep a record that this key existed.

Anyway I'll update it 😃

rgmz
rgmz reviewed Feb 28, 2025
View reviewed changes
pkg/detectors/azure_cosmosdb/azure_cosmosdb.go

s1 := detectors.Result{
DetectorType: detectorspb.DetectorType_AzureCosmosDB,
Raw: []byte(key),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The URL should also be added. #3938 (comment)

abmussani
abmussani reviewed Mar 12, 2025
View reviewed changes
pkg/detectors/azure_cosmosdb/azure_cosmosdb_test.go Outdated
}{
{
name: "valid document db pattern",
input: validDocumentDBPattern,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For better code readability, can we keep the inputs inline instead of assigning them to separate variables?

abmussani
abmussani reviewed Apr 17, 2025
View reviewed changes
Copy link
Contributor

@abmussani abmussani left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added inline comment about caching.

@kashifkhan0771 kashifkhan0771 merged commit 877258d into trufflesecurity:main Apr 23, 2025
13 checks passed
@kashifkhan0771
Copy link
Contributor Author

Finally 🥳 - Thanks @abmussani and @rgmz for detailed review.

@kashifkhan0771 kashifkhan0771 deleted the feat/oss-123-azure-cosmosdb-detector branch April 23, 2025 11:19
@blsaccess blsaccess mentioned this pull request Apr 30, 2025
Merged
@kashifkhan0771 kashifkhan0771 linked an issue Jul 9, 2025 that may be closed by this pull request
Support for Azure CosmosDB #857
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@abmussani abmussani abmussani approved these changes

@rgmz rgmz Awaiting requested review from rgmz

Assignees

@kashifkhan0771 kashifkhan0771

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Support for Azure CosmosDB
3 participants
@kashifkhan0771 @abmussani @rgmz