Added azure COSMOSDB detector #3951
Conversation
|
|
||
| dbKeyPattern = regexp.MustCompile(`([A-Za-z0-9+/=]{88})`) | ||
| // account name can contain only lowercase letters, numbers and the `-` character, must be between 3 and 44 characters long. | ||
| accountUrlPattern = regexp.MustCompile(`(https://[a-z0-9-]{3,44}.documents\.azure\.com:[0-9]{3})`) |
There was a problem hiding this comment.
@kashifkhan0771 Does Azure Cosmos db only supports 3 digits port number ? As per my knowledge, A port number can be between 0 to 65535, includes reserved and general use port numbers.
There was a problem hiding this comment.
Apologies for that. The port is fixed at 443, and there doesn't seem to be an option to specify a custom port when creating a Cosmos NoSQL database. I will change this.
| var _ detectors.Detector = (*Scanner)(nil) | ||
|
|
||
| func (s Scanner) Type() detectorspb.DetectorType { | ||
| return detectorspb.DetectorType_AzureCosmosDB |
There was a problem hiding this comment.
Can you check how this detector is different than already CosmosDBKey one
There was a problem hiding this comment.
This one does not exist. The entry only exist in Proto file somehow.
There was a problem hiding this comment.
Deprecated the old one.
There was a problem hiding this comment.
Does it make sense to create a new entry when there's an existing (unused) one?
There was a problem hiding this comment.
I'm not sure why this old entry was added. Was there a detector for it, or was it added by mistake? We can reuse the old entry for the new detector, but I want to deprecate it to keep a record that this key existed.
Anyway I'll update it 😃
| } | ||
|
|
||
| if verify { | ||
| verified, verificationErr := verifyCosmosDB(s.getClient(), accountUrl, key) |
There was a problem hiding this comment.
Nit**: If the host url is invalid or does not exists, then we should not be spending iteration to verify other keys on that. Richard has already implemented this in AzureContainerRegistry
There was a problem hiding this comment.
This is great approach ❤️ Thanks for sharing @abmussani
| return false, fmt.Errorf("failed to create request: %v", err) | ||
| } | ||
|
|
||
| dateRFC1123 := time.Now().UTC().Format("Mon, 02 Jan 2006 15:04:05 GMT") |
There was a problem hiding this comment.
nit**: time.RFC1123 already has the similar format.
There was a problem hiding this comment.
@kashifkhan0771 is this the expiry time ? it is being used in creating signature.
There was a problem hiding this comment.
I used the formation for timezone. x-ms-date header require time in GMT
Docs: https://learn.microsoft.com/en-us/rest/api/cosmos-db/common-cosmosdb-rest-request-headers
| var ( | ||
| defaultClient = common.SaneHttpClient() | ||
|
|
||
| dbKeyPattern = regexp.MustCompile(`([A-Za-z0-9+/=]{88})`) |
There was a problem hiding this comment.
Do you have any example of keys where it does not end without [a-zA-Z0-9]==? I am working on another Azure service and could not generate one (ending without [a-zA-Z0-9]== pattern)
@zricethezav @rgmz by luck, do you guyz have seen azure keys like one I mentioned above ?
There was a problem hiding this comment.
Personally, I've only seen keys like [a-zA-Z0-9]==.
|
|
||
| s1 := detectors.Result{ | ||
| DetectorType: detectorspb.DetectorType_AzureCosmosDB, | ||
| Raw: []byte(key), |
There was a problem hiding this comment.
The URL should also be added. #3938 (comment)
Description:
This PR adds a new detector for azure cosmosdb.
Note: This for now only work for
documents.azure.com&table.cosmos.azure.comaccount urls.Checklist:
make test-community)?make lintthis requires golangci-lint)?