github.com/google/osv-scalibr@v0.4.1/extractor/filesystem/secrets/convert/convert.go

github.com/google/osv-scalibr@v0.4.1/extractor/filesystem/secrets/convert/convert.go (about)

     1  // Copyright 2025 Google LLC
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //      http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  // Package convert provides a utility function for converting Veles plugins
    16  // (Detectors and Validators) to SCALIBR core plugins (FilesystemExtractors and Enrichers)
    17  package convert
    18  
    19  import (
    20  	"context"
    21  	"errors"
    22  
    23  	"github.com/google/osv-scalibr/extractor/filesystem"
    24  	sf "github.com/google/osv-scalibr/extractor/filesystem/secrets"
    25  	"github.com/google/osv-scalibr/inventory"
    26  	"github.com/google/osv-scalibr/plugin"
    27  	"github.com/google/osv-scalibr/veles"
    28  )
    29  
    30  // FromVelesDetector converts a Veles Detector into a SCALIBR FilesystemExtractor plugin.
    31  // This allows enabling Veles Detectors individually like regular SCALIBR plugins.
    32  // The wrapped FilesystemExtractor does not do any extraction on its own - it's a placeholder plugin
    33  // that is used to configure the Veles detection before the scan starts.
    34  func FromVelesDetector(velesDetector veles.Detector, name string, version int) func() filesystem.Extractor {
    35  	return func() filesystem.Extractor {
    36  		return &detectorWrapper{velesDetector: velesDetector, name: name, version: version}
    37  	}
    38  }
    39  
    40  // detectorWrapper is a wrapper around the veles.Detector interface that
    41  // implements the additional functions of the filesystem Extractor interface.
    42  type detectorWrapper struct {
    43  	velesDetector veles.Detector
    44  	name          string
    45  	version       int
    46  }
    47  
    48  // MaxSecretLen returns the maximum length a secret from this Detector can have.
    49  func (d *detectorWrapper) MaxSecretLen() uint32 {
    50  	return d.velesDetector.MaxSecretLen()
    51  }
    52  
    53  // Detect finds candidate secrets in the data and returns them alongside their
    54  // starting positions.
    55  func (d *detectorWrapper) Detect(data []byte) ([]veles.Secret, []int) {
    56  	return d.velesDetector.Detect(data)
    57  }
    58  
    59  // Name of the secret extractor.
    60  func (d *detectorWrapper) Name() string {
    61  	return d.name
    62  }
    63  
    64  // Version of the secret extractor.
    65  func (d *detectorWrapper) Version() int {
    66  	return d.version
    67  }
    68  
    69  // Requirements of the secret extractor.
    70  func (d *detectorWrapper) Requirements() *plugin.Capabilities {
    71  	// Veles plugins don't have any special requirements.
    72  	return &plugin.Capabilities{}
    73  }
    74  
    75  // FileRequired is a dummy function to satisfy the interface requirements.
    76  // It always returns false since wrapped secret scanner plugins all run through the
    77  // central veles FilesystemExtractor plugin.
    78  func (d *detectorWrapper) FileRequired(api filesystem.FileAPI) bool {
    79  	return false
    80  }
    81  
    82  // Extract is a dummy function to satisfy the interface requirements.
    83  // It always returns an error since wrapped secret scanner plugins all run through the
    84  // central veles FilesystemExtractor plugin.
    85  func (d *detectorWrapper) Extract(ctx context.Context, input *filesystem.ScanInput) (inventory.Inventory, error) {
    86  	return inventory.Inventory{}, errors.New("Extract not implemented - Plugin should run through the central Veles detection engine")
    87  }
    88  
    89  // Assert that detectorWrapper implements the required interfaces.
    90  var _ veles.Detector = &detectorWrapper{}
    91  var _ filesystem.Extractor = &detectorWrapper{}
    92  
    93  // SetupVelesExtractors configures the central Veles secret detection plugin using the placeholder
    94  // plugins found in the extractor list. Returns the updated extractor list.
    95  func SetupVelesExtractors(extractors []filesystem.Extractor) ([]filesystem.Extractor, error) {
    96  	result := make([]filesystem.Extractor, 0, len(extractors))
    97  	detectors := []veles.Detector{}
    98  
    99  	for _, e := range extractors {
   100  		if d, isDetector := e.(veles.Detector); isDetector {
   101  			detectors = append(detectors, d)
   102  			if _, keepExtractor := e.(extractorKeeper); keepExtractor {
   103  				result = append(result, e)
   104  			}
   105  		} else {
   106  			result = append(result, e)
   107  		}
   108  	}
   109  
   110  	// Add the veles extractor with the configured detectors.
   111  	if len(detectors) != 0 {
   112  		engine, err := veles.NewDetectionEngine(detectors)
   113  		if err != nil {
   114  			return nil, err
   115  		}
   116  		result = append(result, sf.NewWithEngine(engine))
   117  	}
   118  
   119  	return result, nil
   120  }