From 59d54672d8989aafa07a068acc8edd620ddf4500 Mon Sep 17 00:00:00 2001 From: Julien Delange Date: Thu, 3 Apr 2025 11:17:33 -0400 Subject: [PATCH 1/4] address comments --- crates/bins/src/bin/datadog-static-analyzer.rs | 13 +++++++------ crates/cli/src/file_utils.rs | 2 +- misc/integration-test-secrets.sh | 2 +- 3 files changed, 9 insertions(+), 8 deletions(-) diff --git a/crates/bins/src/bin/datadog-static-analyzer.rs b/crates/bins/src/bin/datadog-static-analyzer.rs index 460fdf65..0bed885b 100644 --- a/crates/bins/src/bin/datadog-static-analyzer.rs +++ b/crates/bins/src/bin/datadog-static-analyzer.rs @@ -45,9 +45,10 @@ use secrets::model::secret_result::{SecretResult, SecretValidationStatus}; use secrets::scanner::{build_sds_scanner, find_secrets}; use secrets::secret_files::should_ignore_file_for_secret; use std::cell::Cell; +use std::collections::hash_map::Entry; use std::collections::HashMap; use std::io::prelude::*; -use std::path::PathBuf; +use std::path::{Path, PathBuf}; use std::process::exit; use std::sync::Arc; use std::time::{Duration, Instant, SystemTime}; @@ -771,10 +772,10 @@ fn main() -> Result<()> { .into_par_iter() .fold( || (Vec::new(), HashMap::new()), - |(_fold_results, mut path_metadata), path| { + |(_, mut path_metadata), path| { let relative_path = path .strip_prefix(directory_path) - .unwrap() + .expect("cannot strip prefix from path") .to_str() .expect("path contains non-Unicode characters"); let res = if let Ok(file_content) = fs::read_to_string(&path) { @@ -797,7 +798,7 @@ fn main() -> Result<()> { let metadata = if is_test_file( language, file_content.as_ref(), - std::path::Path::new(&cloned_path_str), + Path::new(&cloned_path_str), None, ) { Some(ArtifactClassification { is_test_file: true }) @@ -812,7 +813,7 @@ fn main() -> Result<()> { } else { // this is generally because the file is binary. if use_debug { - eprintln!("error when getting content of path {}", &path.display()); + eprintln!("error when getting content of path {}", path.display()); } vec![] }; @@ -848,7 +849,7 @@ fn main() -> Result<()> { // adding metadata from secrets for (k, v) in path_metadata { - if let std::collections::hash_map::Entry::Vacant(e) = all_path_metadata.entry(k) { + if let Entry::Vacant(e) = all_path_metadata.entry(k) { if let Some(artifact_classification) = v { e.insert(artifact_classification); } diff --git a/crates/cli/src/file_utils.rs b/crates/cli/src/file_utils.rs index fa9583e3..31cfc8c9 100644 --- a/crates/cli/src/file_utils.rs +++ b/crates/cli/src/file_utils.rs @@ -78,7 +78,7 @@ fn get_prefix_for_language(language: &Language) -> Option> { None } -/// File the language for a given file. +/// Find the language for a given file. pub fn get_language_for_file(path: &Path) -> Option { // match for extensions (myfile.c, myfile.php, etc). for (language, extensions) in FILE_EXTENSIONS_PER_LANGUAGE_LIST { diff --git a/misc/integration-test-secrets.sh b/misc/integration-test-secrets.sh index cc98776d..c89957f3 100755 --- a/misc/integration-test-secrets.sh +++ b/misc/integration-test-secrets.sh @@ -25,7 +25,7 @@ echo "Found $RES errors on first run" EXPECTING=5 if [ "$RES" -ne "$EXPECTING" ]; then - echo "incorrect number of errors found, found $RES, expecting $EXPECTING" + echo "incorrect number of errors found, found $RES, expected $EXPECTING" exit 1 fi From 69f5b1d18d134cf29e01ee6483e316419dd2ba07 Mon Sep 17 00:00:00 2001 From: Julien Delange Date: Fri, 4 Apr 2025 22:36:18 -0400 Subject: [PATCH 2/4] fix linting --- crates/bins/src/bin/datadog-static-analyzer.rs | 13 ++++--------- crates/cli/src/file_utils.rs | 2 +- 2 files changed, 5 insertions(+), 10 deletions(-) diff --git a/crates/bins/src/bin/datadog-static-analyzer.rs b/crates/bins/src/bin/datadog-static-analyzer.rs index eae0ee22..b3f6ab1d 100644 --- a/crates/bins/src/bin/datadog-static-analyzer.rs +++ b/crates/bins/src/bin/datadog-static-analyzer.rs @@ -3,13 +3,7 @@ use getopts::Options; use indicatif::ProgressBar; use itertools::Itertools; use rayon::prelude::*; -use std::collections::HashMap; -use std::io::prelude::*; use std::path::PathBuf; -use std::process::exit; -use std::sync::Arc; -use std::time::{Duration, Instant, SystemTime}; -use std::{env, fs}; use cli::config_file::get_config; use cli::constants::{ @@ -25,7 +19,7 @@ use cli::datadog_utils::{ }; use cli::file_utils::{ are_subdirectories_safe, filter_files_by_diff_aware_info, filter_files_by_size, - filter_files_for_language, get_files, read_files_from_gitignore, + filter_files_for_language, get_files, get_language_for_file, read_files_from_gitignore, }; use cli::model::cli_configuration::CliConfiguration; use cli::model::datadog_api::DiffAwareData; @@ -57,13 +51,12 @@ use std::cell::Cell; use std::collections::hash_map::Entry; use std::collections::HashMap; use std::io::prelude::*; -use std::path::{Path, PathBuf}; +use std::path::Path; use std::process::exit; use std::sync::Arc; use std::time::{Duration, Instant, SystemTime}; use std::{env, fs}; - fn print_usage(program: &str, opts: Options) { let brief = format!("Usage: {} FILE [options]", program); print!("{}", opts.usage(&brief)); @@ -760,7 +753,9 @@ fn main() -> Result<()> { // Secrets detection let mut secrets_results: Vec = vec![]; if secrets_enabled { + let path_metadata; let secrets_start = Instant::now(); + let all_path_metadata_secrets = HashMap::>::new(); let secrets_files: Vec = files_to_analyze .into_iter() diff --git a/crates/cli/src/file_utils.rs b/crates/cli/src/file_utils.rs index de5fae21..df98ccb4 100644 --- a/crates/cli/src/file_utils.rs +++ b/crates/cli/src/file_utils.rs @@ -903,7 +903,7 @@ mod tests { .len() ); } - + #[test] fn test_get_language_for_file() { // extension From 42a4adea2aad6d6c4ec037fdcb450f2346fe46ca Mon Sep 17 00:00:00 2001 From: Julien Delange Date: Mon, 7 Apr 2025 14:16:04 -0400 Subject: [PATCH 3/4] address feedback --- .../bins/src/bin/datadog-static-analyzer.rs | 20 ++++++++----------- 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/crates/bins/src/bin/datadog-static-analyzer.rs b/crates/bins/src/bin/datadog-static-analyzer.rs index b3f6ab1d..8b405cee 100644 --- a/crates/bins/src/bin/datadog-static-analyzer.rs +++ b/crates/bins/src/bin/datadog-static-analyzer.rs @@ -48,7 +48,6 @@ use secrets::model::secret_result::{SecretResult, SecretValidationStatus}; use secrets::scanner::{build_sds_scanner, find_secrets}; use secrets::secret_files::should_ignore_file_for_secret; use std::cell::Cell; -use std::collections::hash_map::Entry; use std::collections::HashMap; use std::io::prelude::*; use std::path::Path; @@ -381,7 +380,7 @@ fn main() -> Result<()> { subdirectories_to_analyze.clone(), &path_config, ) - .expect("unable to get the list of files to analyze"); + .expect("unable to get the list of files to analyze"); let num_cores_requested = matches .opt_str("c") @@ -755,7 +754,6 @@ fn main() -> Result<()> { if secrets_enabled { let path_metadata; let secrets_start = Instant::now(); - let all_path_metadata_secrets = HashMap::>::new(); let secrets_files: Vec = files_to_analyze .into_iter() @@ -792,9 +790,7 @@ fn main() -> Result<()> { &analysis_options, ); - if !secrets.is_empty() - && !all_path_metadata_secrets.contains_key(relative_path) - { + if !secrets.is_empty() { let cloned_path_str = relative_path.to_string(); let language_opt = get_language_for_file(&path); @@ -853,10 +849,10 @@ fn main() -> Result<()> { // adding metadata from secrets for (k, v) in path_metadata { - if let Entry::Vacant(e) = all_path_metadata.entry(k) { - if let Some(artifact_classification) = v { - e.insert(artifact_classification); - } + if let Some(artifact_classification) = v { + all_path_metadata + .entry(k) + .or_insert(artifact_classification); } } @@ -961,7 +957,7 @@ fn main() -> Result<()> { .collect(), all_rule_results.clone(), ] - .concat(); + .concat(); serde_json::to_string(&combined_results).expect("error when getting the JSON report") } OutputFormat::Sarif => generate_sarif_file( @@ -977,7 +973,7 @@ fn main() -> Result<()> { }, &all_path_metadata, ) - .expect("cannot generate SARIF results"), + .expect("cannot generate SARIF results"), }; // write the reports From 7736712010a4233bbff547cbd838c3a2d950e3bd Mon Sep 17 00:00:00 2001 From: Julien Delange Date: Mon, 7 Apr 2025 14:18:00 -0400 Subject: [PATCH 4/4] style --- crates/bins/src/bin/datadog-static-analyzer.rs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/crates/bins/src/bin/datadog-static-analyzer.rs b/crates/bins/src/bin/datadog-static-analyzer.rs index 8b405cee..80ad443e 100644 --- a/crates/bins/src/bin/datadog-static-analyzer.rs +++ b/crates/bins/src/bin/datadog-static-analyzer.rs @@ -380,7 +380,7 @@ fn main() -> Result<()> { subdirectories_to_analyze.clone(), &path_config, ) - .expect("unable to get the list of files to analyze"); + .expect("unable to get the list of files to analyze"); let num_cores_requested = matches .opt_str("c") @@ -957,7 +957,7 @@ fn main() -> Result<()> { .collect(), all_rule_results.clone(), ] - .concat(); + .concat(); serde_json::to_string(&combined_results).expect("error when getting the JSON report") } OutputFormat::Sarif => generate_sarif_file( @@ -973,7 +973,7 @@ fn main() -> Result<()> { }, &all_path_metadata, ) - .expect("cannot generate SARIF results"), + .expect("cannot generate SARIF results"), }; // write the reports