Merge pull request #553 from DataDog/juli1/STAL-3020-analyzer

[STAL-3020] Support validation
DataDog · Nov 13, 2024 · 2d87ae5 · 2d87ae5
2 parents 22b05ec + d6f4541
commit 2d87ae5
Show file tree

Hide file tree

Showing 11 changed files with 478 additions and 33 deletions.
diff --git a/crates/bins/src/bin/datadog-static-analyzer-git-hook.rs b/crates/bins/src/bin/datadog-static-analyzer-git-hook.rs
@@ -524,7 +524,7 @@ fn main() -> Result<()> {
             .filter(|f| !should_ignore_file_for_secret(f))
             .collect();
 
-        let sds_scanner = build_sds_scanner(&secrets_rules);
+        let sds_scanner = build_sds_scanner(&secrets_rules, use_debug);
 
         secrets_results = secrets_files
             .par_iter()

diff --git a/crates/bins/src/bin/datadog-static-analyzer.rs b/crates/bins/src/bin/datadog-static-analyzer.rs
@@ -655,7 +655,7 @@ fn main() -> Result<()> {
             None
         };
 
-        let sds_scanner = build_sds_scanner(&secrets_rules);
+        let sds_scanner = build_sds_scanner(&secrets_rules, use_debug);
 
         let nb_secrets_rules: usize = secrets_rules.len();
         let nb_secrets_files = secrets_files.len();
@@ -710,7 +710,7 @@ fn main() -> Result<()> {
         let secrets_execution_time_secs = secrets_start.elapsed().as_secs();
 
         println!(
-            "Found {} secret(s) ({} validated) in {} file(s) using {} rule(s) within {} sec(s)",
+            "Found {} secret(s) (including {} valid) in {} file(s) using {} rule(s) within {} sec(s)",
             nb_secrets_found,
             nb_secrets_validated,
             nb_secrets_files,

diff --git a/crates/cli/src/datadog_utils.rs b/crates/cli/src/datadog_utils.rs
@@ -61,18 +61,8 @@ pub fn get_secrets_rules(use_staging: bool) -> Result<Vec<SecretRule>> {
     match api_response {
         Ok(d) => Ok(d
             .data
-            .iter()
-            .map(|v| SecretRule {
-                id: v.id.clone(),
-                name: v.attributes.name.clone(),
-                description: v.attributes.description.clone(),
-                pattern: v.attributes.pattern.clone(),
-                default_included_keywords: v
-                    .attributes
-                    .default_included_keywords
-                    .clone()
-                    .unwrap_or_default(),
-            })
+            .into_iter()
+            .map(|v| v.try_into().expect("cannot convert rule"))
             .collect()),
         Err(e) => {
             eprintln!("Error when parsing the secret rules {e:?}");

diff --git a/crates/cli/src/model/cli_configuration.rs b/crates/cli/src/model/cli_configuration.rs
@@ -191,6 +191,8 @@ mod tests {
             description: "description1".to_string(),
             pattern: "pattern1".to_string(),
             default_included_keywords: vec![],
+            validators: Some(vec![]),
+            match_validation: None,
         };
 
         let secret_rule2 = SecretRule {
@@ -199,6 +201,8 @@ mod tests {
             description: "description2".to_string(),
             pattern: "pattern2".to_string(),
             default_included_keywords: vec![],
+            validators: Some(vec![]),
+            match_validation: None,
         };
 
         let cli_configuration_base = CliConfiguration {