Add the environment package for the templated format.

The environment package keeps track of variables defined throughout the lifecycle of a templated detector.

PiperOrigin-RevId: 870879121

Author: tooryx

common/templatedengine/environment/environment.go

@@ -0,0 +1,110 @@
+/*
+ * Copyright 2026 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+// Package environment provides the environment used by the templated engine to store and manage variables.
+package environment
+
+import (
+	"context"
+	"fmt"
+	"regexp"
+	"strings"
+	"time"
+
+	"github.com/google/goonami-scanner/core/log"
+	"github.com/google/goonami-scanner/core/net/netservice"
+
+	nspb "github.com/google/tsunami-security-scanner/proto/go/network_service_go_proto"
+)
+
+var variablePattern = regexp.MustCompile(`\{\{ ([a-zA-Z0-9_]+) \}\}`)
+
+// Environment stores variables that are used by the templated detector.
+type Environment struct {
+	vars map[string]string
+}
+
+// New creates a new environment.
+func New() *Environment {
+	return &Environment{
+		vars: make(map[string]string),
+	}
+}
+
+// InitializeFor initializes the environment for a specific network service.
+func (e *Environment) InitializeFor(ctx context.Context, service *nspb.NetworkService) {
+	e.Set("T_UTL_CURRENT_TIMESTAMP_MS", fmt.Sprintf("%d", time.Now().UnixMilli()))
+
+	webRoot, err := netservice.BuildWebRoot(service)
+	if err == nil {
+		e.Set("T_NS_BASEURL", webRoot)
+	}
+
+	e.Set("T_NS_PROTOCOL", strings.TrimSpace(service.GetTransportProtocol().String()))
+
+	endpoint := service.GetNetworkEndpoint()
+	e.Set("T_NS_HOSTNAME", strings.TrimSpace(endpoint.GetHostname().GetName()))
+	e.Set("T_NS_PORT", fmt.Sprintf("%d", endpoint.GetPort().GetPortNumber()))
+	e.Set("T_NS_IP", strings.TrimSpace(endpoint.GetIpAddress().GetAddress()))
+
+	// TODO: b/483970797 - Add callback server variables when implemented in Goonami.
+
+	for k, v := range e.vars {
+		log.DebugContextf(ctx, log.DebugLevelRequest, "environment: %s = %s", k, v)
+	}
+}
+
+// Set sets a variable in the environment.
+func (e *Environment) Set(key, value string) {
+	e.vars[key] = value
+}
+
+// Get gets a variable from the environment.
+func (e *Environment) Get(key string) (string, bool) {
+	v, ok := e.vars[key]
+	return v, ok
+}
+
+// Substitute replaces variables in a template string.
+func (e *Environment) Substitute(ctx context.Context, template string) string {
+	return variablePattern.ReplaceAllStringFunc(template, func(match string) string {
+		varName := variablePattern.FindStringSubmatch(match)[1]
+		if val, ok := e.vars[varName]; ok {
+			return val
+		}
+
+		log.WarnContextf(ctx, "substitution not found for '%s' in environment", varName)
+		return match
+	})
+}
+
+// Extract performs regexp extraction of pattern in content and stores it in varname.
+func (e *Environment) Extract(ctx context.Context, content, varname, pattern string) bool {
+	re, err := regexp.Compile(pattern)
+	if err != nil {
+		log.WarnContextf(ctx, "failed to compile regexp '%s': %v", pattern, err)
+		return false
+	}
+
+	matches := re.FindStringSubmatch(content)
+	if len(matches) < 2 {
+		log.DebugContextf(ctx, log.DebugLevelRequest, "failed to extract variable '%s' from content using pattern '%s'", varname, pattern)
+		return false
+	}
+
+	e.vars[varname] = matches[1]
+	return true
+}

common/templatedengine/environment/environment_test.go

@@ -0,0 +1,201 @@
+/*
+ * Copyright 2026 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package environment
+
+import (
+	"context"
+	"regexp"
+	"testing"
+
+	npb "github.com/google/tsunami-security-scanner/proto/go/network_go_proto"
+	nspb "github.com/google/tsunami-security-scanner/proto/go/network_service_go_proto"
+)
+
+func TestEnvironment_InitializeFor(t *testing.T) {
+	service := nspb.NetworkService_builder{
+		NetworkEndpoint: npb.NetworkEndpoint_builder{
+			Hostname: npb.Hostname_builder{Name: "example.com"}.Build(),
+			Port:     npb.Port_builder{PortNumber: 80}.Build(),
+			IpAddress: npb.IpAddress_builder{
+				Address: "1.2.3.4",
+			}.Build(),
+		}.Build(),
+		TransportProtocol:    npb.TransportProtocol_TCP,
+		SupportedHttpMethods: []string{"GET"},
+	}.Build()
+
+	env := New()
+	env.InitializeFor(context.Background(), service)
+
+	tests := []struct {
+		key      string
+		wantVal  string
+		wantExpr *regexp.Regexp
+	}{
+		{key: "T_NS_HOSTNAME", wantVal: "example.com"},
+		{key: "T_NS_PORT", wantVal: "80"},
+		{key: "T_NS_IP", wantVal: "1.2.3.4"},
+		{key: "T_NS_PROTOCOL", wantVal: "TCP"},
+		{key: "T_NS_BASEURL", wantVal: "http://example.com:80"},
+		{key: "T_UTL_CURRENT_TIMESTAMP_MS", wantExpr: regexp.MustCompile(`^\d+$`)},
+	}
+
+	for _, tc := range tests {
+		got, ok := env.Get(tc.key)
+		if !ok {
+			t.Errorf("env.Get(%q) = _, false, want _, true", tc.key)
+			continue
+		}
+		if tc.wantVal != "" && got != tc.wantVal {
+			t.Errorf("env.Get(%q) = %q, want %q", tc.key, got, tc.wantVal)
+		}
+		if tc.wantExpr != nil && !tc.wantExpr.MatchString(got) {
+			t.Errorf("env.Get(%q) = %q, doesn't match %v", tc.key, got, tc.wantExpr)
+		}
+	}
+}
+
+func TestEnvironment_Substitute(t *testing.T) {
+	env := New()
+	env.Set("var1", "val1")
+	env.Set("var2", "val2")
+
+	tests := []struct {
+		name     string
+		template string
+		want     string
+	}{
+		{
+			name:     "when_no_variables_returns_original",
+			template: "hello world",
+			want:     "hello world",
+		},
+		{
+			name:     "when_single_variable_replaces_it",
+			template: "hello {{ var1 }}",
+			want:     "hello val1",
+		},
+		{
+			name:     "when_multiple_variables_replaces_them",
+			template: "{{ var1 }} and {{ var2 }}",
+			want:     "val1 and val2",
+		},
+		{
+			name:     "when_repeated_variable_replaces_all",
+			template: "hello {{ var1 }} {{ var1 }}",
+			want:     "hello val1 val1",
+		},
+		{
+			name:     "when_variable_not_found_leaves_it",
+			template: "hello {{ unknown }}",
+			want:     "hello {{ unknown }}",
+		},
+		{
+			name:     "when_malformed_variable_leaves_it",
+			template: "hello {{var1}}",
+			want:     "hello {{var1}}",
+		},
+	}
+
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
+			got := env.Substitute(context.Background(), tc.template)
+			if got != tc.want {
+				t.Errorf("Substitute(%q) = %q, want %q", tc.template, got, tc.want)
+			}
+		})
+	}
+}
+
+func TestEnvironment_Extract(t *testing.T) {
+	tests := []struct {
+		name     string
+		content  string
+		pattern  string
+		varname  string
+		wantOk   bool
+		wantVars map[string]string
+	}{
+		{
+			name:    "when_match_found_extracts_it",
+			content: "token: abc-123",
+			pattern: `token: ([a-z0-9-]+)`,
+			varname: "token",
+			wantOk:  true,
+			wantVars: map[string]string{
+				"token": "abc-123",
+			},
+		},
+		{
+			name:    "when_no_match_found_returns_false",
+			content: "hello world",
+			pattern: `token: ([a-z0-9-]+)`,
+			varname: "token",
+			wantOk:  false,
+			wantVars: map[string]string{
+				"token": "",
+			},
+		},
+		{
+			name:    "when_invalid_regexp_returns_false",
+			content: "hello world",
+			pattern: `(`,
+			varname: "token",
+			wantOk:  false,
+			wantVars: map[string]string{
+				"token": "",
+			},
+		},
+	}
+
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
+			env := New()
+			gotOk := env.Extract(context.Background(), tc.content, tc.varname, tc.pattern)
+			if gotOk != tc.wantOk {
+				t.Errorf("Extract() = %v, want %v", gotOk, tc.wantOk)
+			}
+
+			for k, v := range tc.wantVars {
+				val, ok := env.Get(k)
+				if v == "" {
+					if ok {
+						t.Errorf("env.Get(%q) = %q, true, want _, false", k, val)
+					}
+				} else {
+					if !ok || val != v {
+						t.Errorf("env.Get(%q) = %q, %v, want %q, true", k, val, ok, v)
+					}
+				}
+			}
+		})
+	}
+}
+
+func TestEnvironment_SetGet(t *testing.T) {
+	env := New()
+	env.Set("key", "value")
+	val, ok := env.Get("key")
+	if !ok || val != "value" {
+		t.Errorf("Get() = %q, %v, want %q, true", val, ok, "value")
+	}
+
+	_, ok = env.Get("unknown")
+	if ok {
+		t.Errorf("Get(unknown) = _, true, want _, false")
+	}
+}

core/log/color.go

@@ -0,0 +1,39 @@
+/*
+ * Copyright 2026 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package log
+
+const (
+	ansiReset      = "\033[0m"
+	ansiBoldWhite  = "\033[1;37m"
+	ansiBoldBlue   = "\033[1;34m"
+	ansiBoldYellow = "\033[1;33m"
+	ansiBoldRed    = "\033[1;31m"
+	ansiBoldGray   = "\033[1;30m"
+	ansiBoldGreen  = "\033[1;32m"
+	ansiGreen      = "\033[0;32m"
+	ansiBoldCyan   = "\033[1;36m"
+	ansiCyan       = "\033[0;36m"
+)
+
+// colorize applies the given ANSI color to the string if enabled is true.
+func colorize(s string, color string, enabled bool) string {
+	if !enabled {
+		return s
+	}
+
+	return color + s + ansiReset
+}