From 5f47e75ef99dd39e4fef777bc6981411da0fc1fc Mon Sep 17 00:00:00 2001 From: Caitlin Elfring Date: Wed, 21 Jul 2021 20:34:42 -0400 Subject: [PATCH] Use null terminator for masking inline ignore (#111) * Add test for wokeignore inline in the beginning of the line * Use a single byte (null terminator) character for masking inline ignore rule * Rename function to be more clear --- pkg/result/lineresult_test.go | 2 ++ pkg/rule/rule.go | 14 +++++++------- pkg/rule/rule_test.go | 6 +++--- 3 files changed, 12 insertions(+), 10 deletions(-) diff --git a/pkg/result/lineresult_test.go b/pkg/result/lineresult_test.go index 84e7b7e4..0fe612bc 100644 --- a/pkg/result/lineresult_test.go +++ b/pkg/result/lineresult_test.go @@ -22,6 +22,8 @@ func TestFindResults(t *testing.T) { // inline-ignoring is handled in Parser.generateFileFindings, not FindResults rs = FindResults(&rule.TestRule, "my/file", "this has the term whitelist #wokeignore:rule=whitelist", 1) assert.Len(t, rs, 1) + rs = FindResults(&rule.TestRule, "my/file", "/* wokeignore:rule=whitelist */ this has the term whitelist", 1) + assert.Len(t, rs, 1) } func TestLineResult_MarshalJSON(t *testing.T) { diff --git a/pkg/rule/rule.go b/pkg/rule/rule.go index 0231a272..18482917 100644 --- a/pkg/rule/rule.go +++ b/pkg/rule/rule.go @@ -4,7 +4,6 @@ import ( "fmt" "regexp" "strings" - "unicode" "github.com/get-woke/woke/pkg/util" ) @@ -34,7 +33,7 @@ func (r *Rule) FindMatchIndexes(text string) [][]int { r.SetRegexp() // Remove inline ignores from text to avoid matching against other rules - matches := r.re.FindAllStringSubmatchIndex(removeInlineIgnore(text), -1) + matches := r.re.FindAllStringSubmatchIndex(maskInlineIgnore(text), -1) if matches == nil { return [][]int(nil) } @@ -183,10 +182,10 @@ func escape(ss []string) []string { return ss } -// removeInlineIgnore removes the entire match of the ignoreRuleRegex from the line -// and replaces it with the unicode replacement character so the rule matcher won't -// attempt to find findings within -func removeInlineIgnore(line string) string { +// maskInlineIgnore removes the entire match of the ignoreRuleRegex from the line +// and replaces it with the null terminator (\x00) character so the rule matcher won't +// attempt to find findings within the inline ignore +func maskInlineIgnore(line string) string { inlineIgnoreMatch := ignoreRuleRegex.FindStringIndex(line) if inlineIgnoreMatch == nil || len(inlineIgnoreMatch) < 2 { return line @@ -198,7 +197,8 @@ func removeInlineIgnore(line string) string { end := inlineIgnoreMatch[1] for i := start; i < end; i++ { - lineWithoutIgnoreRule[i] = unicode.ReplacementChar + // use null terminator to indicate a masked character + lineWithoutIgnoreRule[i] = rune(0) } return string(lineWithoutIgnoreRule) diff --git a/pkg/rule/rule_test.go b/pkg/rule/rule_test.go index ad7bce88..a8765a5d 100644 --- a/pkg/rule/rule_test.go +++ b/pkg/rule/rule_test.go @@ -162,7 +162,7 @@ func TestRule_regexString(t *testing.T) { } } -func Test_removeInlineIgnore(t *testing.T) { +func Test_maskInlineIgnore(t *testing.T) { tests := []struct { desc string line string @@ -171,7 +171,7 @@ func Test_removeInlineIgnore(t *testing.T) { { desc: "replace wokeignore:rule", line: "wokeignore:rule=master-slave", - expected: "����������������������������", + expected: "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", }, { desc: "not replace wokeignore:rule", @@ -181,7 +181,7 @@ func Test_removeInlineIgnore(t *testing.T) { } for _, tt := range tests { t.Run(tt.desc, func(t *testing.T) { - assert.Equal(t, tt.expected, removeInlineIgnore(tt.line)) + assert.Equal(t, tt.expected, maskInlineIgnore(tt.line)) }) } }