Feature/horusec cli image (#186)

* Updating horusec cli dockerfile * Adding flag to project path on host when clicking on docker image * Updating workdir with the new languages * Fixing lint * Fixing project path in print results * Adding git in docker cli image
ZupIT · Dec 9, 2020 · c26db0d · c26db0d
1 parent fb83616
commit c26db0d
Show file tree

Hide file tree

Showing 10 changed files with 86 additions and 53 deletions.
diff --git a/horusec-cli/README.md b/horusec-cli/README.md
diff --git a/horusec-cli/cmd/horusec/start/start.go b/horusec-cli/cmd/horusec/start/start.go
@@ -214,4 +214,7 @@ func (s *Start) loadFlags(cmd *cobra.Command) {
 	cmd.PersistentFlags().
 		StringVarP(&s.configs.ToolsToIgnore, "tools-ignore", "T", s.configs.GetToolsToIgnore(),
 			"Tools to ignore in the analysis. Available are: GoSec,SecurityCodeScan,Brakeman,Safety,Bandit,NpmAudit,YarnAudit,SpotBugs,HorusecKotlin,HorusecJava,HorusecLeaks,GitLeaks,TfSec,Semgrep,HorusecCsharp,HorusecNodeJS,HorusecKubernetes,Eslint,PhpCS,Flawfinder. Example: -T=\"GoSec, Brakeman\"")
+	cmd.PersistentFlags().
+		StringVarP(&s.configs.ContainerBindProjectPath, "container-bind-project-path", "P", s.configs.GetContainerBindProjectPath(),
+			"Used to pass project path in host when running horusec cli inside a container.")
 }
diff --git a/horusec-cli/config/.example-horusec-cli.json b/horusec-cli/config/.example-horusec-cli.json
@@ -18,6 +18,7 @@
   "horusecCliFalsePositiveHashes": "hash1, hash2",
   "horusecCliRiskAcceptHashes": "hash3, hash4",
   "horusecCliToolsToIgnore": "GoSec",
+  "horusecCliContainerBindProjectPath": "test",
   "horusecCliHeaders": {
     "X-Headers": "some-other-value"
   }

diff --git a/horusec-cli/config/config.go b/horusec-cli/config/config.go
@@ -155,6 +155,9 @@ const (
 	// Used send others headers on request to send in horusec-api
 	// By default is empty
 	EnvHeaders = "HORUSEC_CLI_HEADERS"
+	// Used to pass project path in host when running horusec cli inside a container
+	// By default is empty
+	EnvContainerBindProjectPath = "HORUSEC_CLI_CONTAINER_BIND_PROJECT_PATH"
 )
 
 type Config struct {
@@ -182,6 +185,7 @@ type Config struct {
 	FalsePositiveHashes             string
 	RiskAcceptHashes                string
 	ToolsToIgnore                   string
+	ContainerBindProjectPath        string
 }
 
 //nolint
@@ -211,6 +215,7 @@ func (c *Config) SetConfigsFromViper() {
 	c.SetRiskAcceptHashes(viper.GetString(c.toLowerCamel(EnvRiskAcceptHashes)))
 	c.SetToolsToIgnore(viper.GetString(c.toLowerCamel(EnvToolsToIgnore)))
 	c.SetHeaders(viper.GetStringMapString(c.toLowerCamel(EnvHeaders)))
+	c.SetContainerBindProjectPath(viper.GetString(c.toLowerCamel(EnvContainerBindProjectPath)))
 }
 
 //nolint
@@ -238,6 +243,7 @@ func (c *Config) SetConfigsFromEnvironments() {
 	c.SetRiskAcceptHashes(env.GetEnvOrDefault(EnvRiskAcceptHashes, c.RiskAcceptHashes))
 	c.SetToolsToIgnore(env.GetEnvOrDefault(EnvToolsToIgnore, c.ToolsToIgnore))
 	c.SetHeaders(env.GetEnvOrDefault(EnvHeaders, c.Headers))
+	c.SetContainerBindProjectPath(env.GetEnvOrDefault(EnvContainerBindProjectPath, c.ContainerBindProjectPath))
 }
 
 func (c *Config) GetHorusecAPIUri() string {
@@ -485,3 +491,11 @@ func (c *Config) SetHeaders(headers interface{}) {
 		}
 	}
 }
+
+func (c *Config) GetContainerBindProjectPath() string {
+	return c.ContainerBindProjectPath
+}
+
+func (c *Config) SetContainerBindProjectPath(containerBindProjectPath string) {
+	c.ContainerBindProjectPath = containerBindProjectPath
+}
diff --git a/horusec-cli/config/config_test.go b/horusec-cli/config/config_test.go
@@ -56,6 +56,7 @@ func TestNewHorusecConfig(t *testing.T) {
 		assert.Equal(t, 0, len(configs.GetFalsePositiveHashesList()))
 		assert.Equal(t, 0, len(configs.GetRiskAcceptHashesList()))
 		assert.Equal(t, "", configs.Headers)
+		assert.Equal(t, "", configs.ContainerBindProjectPath)
 	})
 	t.Run("Should change horusec config and return your new values", func(t *testing.T) {
 		configs := &Config{}
@@ -81,6 +82,7 @@ func TestNewHorusecConfig(t *testing.T) {
 		configs.SetRiskAcceptHashes("987654321")
 		configs.SetToolsToIgnore("HorusecLeaks")
 		configs.SetHeaders(map[string]string{"header1": "value1"})
+		configs.SetContainerBindProjectPath("test")
 		assert.NotEqual(t, configs.GetHorusecAPIUri(), "http://0.0.0.0:8000")
 		assert.NotEqual(t, configs.GetTimeoutInSecondsRequest(), int64(300))
 		assert.NotEqual(t, configs.GetTimeoutInSecondsAnalysis(), int64(600))
@@ -103,6 +105,7 @@ func TestNewHorusecConfig(t *testing.T) {
 		assert.NotEqual(t, configs.GetToolsToIgnore(), "")
 		assert.NotNil(t, configs.GetWorkDir())
 		assert.NotEmpty(t, configs.GetHeaders())
+		assert.NotEmpty(t, configs.GetContainerBindProjectPath())
 	})
 	t.Run("Should return horusec config using viper file", func(t *testing.T) {
 		path, err := os.Getwd()
@@ -134,6 +137,7 @@ func TestNewHorusecConfig(t *testing.T) {
 		assert.Equal(t, configs.FalsePositiveHashes, "hash1, hash2")
 		assert.Equal(t, configs.RiskAcceptHashes, "hash3, hash4")
 		assert.Equal(t, configs.ToolsToIgnore, "GoSec")
+		assert.Equal(t, configs.ContainerBindProjectPath, "test")
 	})
 	t.Run("Should return horusec config using viper file and override by environment", func(t *testing.T) {
 		authorization := uuid.New().String()
@@ -164,6 +168,7 @@ func TestNewHorusecConfig(t *testing.T) {
 		assert.NoError(t, os.Setenv(EnvFalsePositiveHashes, "hash1, hash2"))
 		assert.NoError(t, os.Setenv(EnvRiskAcceptHashes, "hash3, hash4"))
 		assert.NoError(t, os.Setenv(EnvToolsToIgnore, "TfSec"))
+		assert.NoError(t, os.Setenv(EnvContainerBindProjectPath, "test"))
 		headersBytes, err := json.Marshal(map[string]string{"X-other-header": "some-value"})
 		assert.NoError(t, err)
 		assert.NoError(t, os.Setenv(EnvHeaders, string(headersBytes)))
@@ -190,6 +195,7 @@ func TestNewHorusecConfig(t *testing.T) {
 		assert.Equal(t, 2, len(configs.GetRiskAcceptHashesList()))
 		assert.Equal(t, "TfSec", configs.GetToolsToIgnore())
 		assert.Equal(t, map[string]string{"X-other-header": "some-value"}, configs.GetHeaders())
+		assert.Equal(t, "test", configs.GetContainerBindProjectPath())
 	})
 }
 
@@ -217,5 +223,6 @@ func TestToLowerCamel(t *testing.T) {
 		assert.Equal(t, "horusecCliRiskAcceptHashes", configs.toLowerCamel(EnvRiskAcceptHashes))
 		assert.Equal(t, "horusecCliToolsToIgnore", configs.toLowerCamel(EnvToolsToIgnore))
 		assert.Equal(t, "horusecCliHeaders", configs.toLowerCamel(EnvHeaders))
+		assert.Equal(t, "horusecCliContainerBindProjectPath", configs.toLowerCamel(EnvContainerBindProjectPath))
 	})
 }
diff --git a/horusec-cli/deployments/Dockerfile b/horusec-cli/deployments/Dockerfile
@@ -23,13 +23,11 @@ RUN go get -t -v -d ./...
 
 RUN env GOOS=linux GOARCH=amd64 go build -o /bin/horusec ./horusec-cli/cmd/horusec/main.go
 
-FROM docker:19-dind
+FROM docker
+
+RUN apk add git
 
 COPY --from=builder /bin/horusec /usr/local/bin
 RUN chmod +x /usr/local/bin/horusec
 
-COPY --from=builder /horusec/horusec-cli/deployments/horusec-cli.sh /usr/local/bin
-RUN chmod +x /usr/local/bin/horusec-cli.sh
-
-ENTRYPOINT [ "horusec-cli.sh" ]
 CMD [ "sh" ]
diff --git a/horusec-cli/deployments/horusec-cli.sh b/horusec-cli/deployments/horusec-cli.sh
diff --git a/horusec-cli/internal/controllers/printresults/print_results.go b/horusec-cli/internal/controllers/printresults/print_results.go
@@ -238,7 +238,7 @@ func (pr *PrintResults) printTextOutputVulnerabilityData(vulnerability *horusecE
 	fmt.Println(fmt.Sprintf("Column: %s", vulnerability.Column))
 	fmt.Println(fmt.Sprintf("SecurityTool: %s", vulnerability.SecurityTool))
 	fmt.Println(fmt.Sprintf("Confidence: %s", vulnerability.Confidence))
-	fmt.Println(fmt.Sprintf("File: %s/%s", pr.configs.GetProjectPath(), vulnerability.File))
+	fmt.Println(fmt.Sprintf("File: %s/%s", pr.getProjectPath(), vulnerability.File))
 	fmt.Println(fmt.Sprintf("Code: %s", vulnerability.Code))
 	fmt.Println(fmt.Sprintf("Details: %s", vulnerability.Details))
 	fmt.Println(fmt.Sprintf("Type: %s", vulnerability.Type))
@@ -313,3 +313,11 @@ func (pr *PrintResults) logSeparator(isToShow bool) {
 		fmt.Println(fmt.Sprintf("\n==================================================================================\n"))
 	}
 }
+
+func (pr *PrintResults) getProjectPath() string {
+	if pr.configs.GetContainerBindProjectPath() != "" {
+		return pr.configs.GetContainerBindProjectPath()
+	}
+
+	return pr.configs.GetProjectPath()
+}
diff --git a/horusec-cli/internal/entities/workdir/workdir.go b/horusec-cli/internal/entities/workdir/workdir.go
@@ -33,6 +33,9 @@ type WorkDir struct {
 	JavaScript []string `json:"javaScript"`
 	Leaks      []string `json:"leaks"`
 	HCL        []string `json:"hcl"`
+	PHP        []string `json:"php"`
+	C          []string `json:"c"`
+	Yaml       []string `json:"yaml"`
 	Generic    []string `json:"generic"`
 }
 
@@ -58,8 +61,9 @@ func (w *WorkDir) Type() string {
 	return ""
 }
 
+//nolint
 func (w *WorkDir) Map() map[languages.Language][]string {
-	cSharp := []string{}
+	var cSharp []string
 	cSharp = append(cSharp, w.NetCore...)
 	cSharp = append(cSharp, w.CSharp...)
 	return map[languages.Language][]string{
@@ -73,6 +77,9 @@ func (w *WorkDir) Map() map[languages.Language][]string {
 		languages.Leaks:      w.Leaks,
 		languages.HCL:        w.HCL,
 		languages.Generic:    w.Generic,
+		languages.PHP:        w.PHP,
+		languages.C:          w.C,
+		languages.Yaml:       w.Yaml,
 	}
 }
 

diff --git a/horusec-cli/internal/services/docker/docker_api.go b/horusec-cli/internal/services/docker/docker_api.go
@@ -273,8 +273,13 @@ func (d *API) DeleteContainersFromAPI() {
 	}
 }
 
-func (d *API) getSourceFolder() string {
-	path := fmt.Sprintf("%s/.horusec/%s", d.config.ProjectPath, d.analysisID.String())
+func (d *API) getSourceFolder() (path string) {
+	if d.config.GetContainerBindProjectPath() != "" {
+		path = fmt.Sprintf("%s/.horusec/%s", d.config.ContainerBindProjectPath, d.analysisID.String())
+	} else {
+		path = fmt.Sprintf("%s/.horusec/%s", d.config.ProjectPath, d.analysisID.String())
+	}
+
 	separator := path[1:2]
 	if separator == ":" {
 		return d.getSourceFolderFromWindows(path)