UNPKG

dd-trace

Version:

Datadog APM tracing client for JavaScript

github.com/DataDog/dd-trace-js

DataDog/dd-trace-js

72 lines (57 loc) 1.69 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
'use strict' const Analyzer = require('./vulnerability-analyzer') const { getRelativePath } = require('../path-line') class HardcodedBaseAnalyzer extends Analyzer { constructor (type, allRules = [], valueOnlyRules = []) { super(type) this.allRules = allRules this.valueOnlyRules = valueOnlyRules } onConfigure () { this.addSub('datadog:secrets:result', (secrets) => { this.analyze(secrets) }) } analyze (secrets) { if (!secrets?.file || !secrets.literals) return const { allRules, valueOnlyRules } = this const matches = [] for (const literal of secrets.literals) { const { value, locations } = literal if (!value || !locations) continue for (const location of locations) { let match if (location.ident) { const fullValue = `${location.ident}=${value}` match = allRules.find(rule => fullValue.match(rule.regex)) } else { match = valueOnlyRules.find(rule => value.match(rule.regex)) } if (match) { matches.push({ location, ruleId: match.id }) } } } if (matches.length) { const file = getRelativePath(secrets.file) matches .forEach(match => this._report({ file, line: match.location.line, column: match.location.column, ident: match.location.ident, data: match.ruleId })) } } _getEvidence (value) { return { value: `${value.data}` } } _getLocation (value) { return { path: value.file, line: value.line, column: value.column, isInternal: false } } } module.exports = HardcodedBaseAnalyzer