Skip to content

Comments

Added azure COSMOSDB detector#3951

Merged
kashifkhan0771 merged 62 commits intotrufflesecurity:mainfrom
kashifkhan0771:feat/oss-123-azure-cosmosdb-detector
Apr 23, 2025
Merged

Added azure COSMOSDB detector#3951
kashifkhan0771 merged 62 commits intotrufflesecurity:mainfrom
kashifkhan0771:feat/oss-123-azure-cosmosdb-detector

Conversation

@kashifkhan0771
Copy link
Contributor

@kashifkhan0771 kashifkhan0771 commented Feb 28, 2025
edited
Loading

Description:

This PR adds a new detector for azure cosmosdb.
Note: This for now only work for documents.azure.com & table.cosmos.azure.com account urls.
Screenshot from 2025-02-28 13-12-42

Checklist:

  • Tests passing (make test-community)?
  • Lint passing (make lint this requires golangci-lint)?

@kashifkhan0771 kashifkhan0771 requested review from a team as code owners February 28, 2025 08:11
abmussani
abmussani reviewed Feb 28, 2025
View reviewed changes
pkg/detectors/azure_cosmosdb/azure_cosmosdb.go Outdated

dbKeyPattern = regexp.MustCompile(`([A-Za-z0-9+/=]{88})`)
// account name can contain only lowercase letters, numbers and the `-` character, must be between 3 and 44 characters long.
accountUrlPattern = regexp.MustCompile(`(https://[a-z0-9-]{3,44}.documents\.azure\.com:[0-9]{3})`)
Copy link
Contributor

@abmussani abmussani Feb 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@kashifkhan0771 Does Azure Cosmos db only supports 3 digits port number ? As per my knowledge, A port number can be between 0 to 65535, includes reserved and general use port numbers.

Copy link
Contributor Author

@kashifkhan0771 kashifkhan0771 Feb 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Apologies for that. The port is fixed at 443, and there doesn't seem to be an option to specify a custom port when creating a Cosmos NoSQL database. I will change this.

pkg/detectors/azure_cosmosdb/azure_cosmosdb.go Outdated
var _ detectors.Detector = (*Scanner)(nil)

func (s Scanner) Type() detectorspb.DetectorType {
return detectorspb.DetectorType_AzureCosmosDB
Copy link
Contributor

@abmussani abmussani Feb 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you check how this detector is different than already CosmosDBKey one

Copy link
Contributor Author

@kashifkhan0771 kashifkhan0771 Feb 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This one does not exist. The entry only exist in Proto file somehow.

Copy link
Contributor Author

@kashifkhan0771 kashifkhan0771 Feb 28, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Deprecated the old one.

Copy link
Contributor

@rgmz rgmz Feb 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does it make sense to create a new entry when there's an existing (unused) one?

Copy link
Contributor Author

@kashifkhan0771 kashifkhan0771 Mar 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure why this old entry was added. Was there a detector for it, or was it added by mistake? We can reuse the old entry for the new detector, but I want to deprecate it to keep a record that this key existed.

Anyway I'll update it 😃

rgmz
rgmz reviewed Feb 28, 2025
View reviewed changes
pkg/detectors/azure_cosmosdb/azure_cosmosdb.go

s1 := detectors.Result{
DetectorType: detectorspb.DetectorType_AzureCosmosDB,
Raw: []byte(key),
Copy link
Contributor

@rgmz rgmz Feb 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The URL should also be added. #3938 (comment)

abmussani
abmussani reviewed Mar 12, 2025
View reviewed changes
pkg/detectors/azure_cosmosdb/azure_cosmosdb_test.go Outdated
}{
{
name: "valid document db pattern",
input: validDocumentDBPattern,
Copy link
Contributor

@abmussani abmussani Mar 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For better code readability, can we keep the inputs inline instead of assigning them to separate variables?

abmussani
abmussani reviewed Apr 17, 2025
View reviewed changes
Copy link
Contributor

@abmussani abmussani left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added inline comment about caching.

@kashifkhan0771 kashifkhan0771 merged commit 877258d into trufflesecurity:main Apr 23, 2025
13 checks passed
@kashifkhan0771
Copy link
Contributor Author

kashifkhan0771 commented Apr 23, 2025

Finally 🥳 - Thanks @abmussani and @rgmz for detailed review.

@kashifkhan0771 kashifkhan0771 deleted the feat/oss-123-azure-cosmosdb-detector branch April 23, 2025 11:19
@blsaccess blsaccess mentioned this pull request Apr 30, 2025
Merged
@kashifkhan0771 kashifkhan0771 linked an issue Jul 9, 2025 that may be closed by this pull request
Support for Azure CosmosDB #857
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rgmz rgmz Awaiting requested review from rgmz

1 more reviewer

@abmussani abmussani abmussani approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@kashifkhan0771 kashifkhan0771

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Support for Azure CosmosDB

3 participants

@kashifkhan0771 @abmussani @rgmz